Malware Analysis Report

2025-08-05 15:52

Sample ID 240529-kaak6ahb88
Target 801691b9e1ef87964bac9b19bb513aea_JaffaCakes118
SHA256 3e1941e828bca5d2f558527b03736b7d94acadfacc987afebc7589ad474240bb
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

3e1941e828bca5d2f558527b03736b7d94acadfacc987afebc7589ad474240bb

Threat Level: No (potentially) malicious behavior was detected

The file 801691b9e1ef87964bac9b19bb513aea_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-29 08:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-29 08:23

Reported

2024-05-29 08:25

Platform

win7-20240215-en

Max time kernel

142s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\801691b9e1ef87964bac9b19bb513aea_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b012488ea1b1da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000482477d4c8412341b56a98004f518b320000000002000000000010660000000100002000000012880492aaa4865610e458a830d2769540f635c7c35675627d9aa19941ce6af4000000000e80000000020000200000006f47aeec53cd928f0f0b3d36ba60490e1070da557597b05ecd561acbe24b3fbc90000000b233c66fc86ff1636fdb0763cd5512d154652d6ebe2f5eb792aafd28441ea40ab9d22de18a5b74dcc2fe672bf18e6e5ce68bc3c1b342c1b83d1cd0e675fe9d5983dcc74881ad7dcdb338d9c6d889d0a73d3f1647ca3ba98706a8cfb711c9e62b008d6d620c0295c6adf4314ff3b7dd385d43630cc4ac7eb8bd267dd48fe5e4f6b4df9bb87f070d270170a09e7602ee9840000000f21d191b10b281dfedcc661186fe56265e7c116b7fbab781b399070a988309be9fca90016e20ff74529ff75e6e775428710e797a6eb18f03ba66213535511a34 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B5B983B1-1D94-11EF-A4A3-CE86F81DDAFE} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423132869" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000482477d4c8412341b56a98004f518b3200000000020000000000106600000001000020000000c11332c2a9a78e1152cb114f87e61187ee0e724225710ca89485286b29c1993d000000000e8000000002000020000000e1179014ca71afb5894c4d813b870a48045b809f5a61f1e9ede87dda1550008b200000007956726901952ebf229cb71034b51b3c37f1f3b809b3c33f8bc28ad3382bd10040000000ec4c5d193df7d9162bc7e4ba46fe9456e9b6d8a690a3aecd5a3e188fe4b29afc307b95cc874c31e9bc4657110bb5fd488ca7d4a00af1c02a094f199df99cd38b C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\801691b9e1ef87964bac9b19bb513aea_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 greedyfoodster.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 i1.wp.com udp
US 8.8.8.8:53 i0.wp.com udp
US 8.8.8.8:53 i2.wp.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 d13pix9kaak6wt.cloudfront.net udp
US 8.8.8.8:53 pub-images.gourmetads.com udp
US 8.8.8.8:53 graph.facebook.com udp
US 8.8.8.8:53 s0.wp.com udp
US 8.8.8.8:53 s.gravatar.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 ardrone.swoop.com udp
US 192.0.77.2:80 i2.wp.com tcp
US 192.0.77.2:80 i2.wp.com tcp
US 192.0.77.2:80 i2.wp.com tcp
US 192.0.77.2:80 i2.wp.com tcp
US 192.0.77.2:80 i2.wp.com tcp
US 192.0.77.2:80 i2.wp.com tcp
US 192.0.77.2:80 i2.wp.com tcp
US 192.0.77.2:80 i2.wp.com tcp
US 192.0.77.2:80 i2.wp.com tcp
US 192.0.77.2:80 i2.wp.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 172.67.130.145:80 greedyfoodster.com tcp
US 192.0.77.32:80 s0.wp.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 172.67.130.145:80 greedyfoodster.com tcp
US 192.0.77.32:80 s0.wp.com tcp
US 192.0.73.2:80 s.gravatar.com tcp
US 192.0.76.3:80 stats.wp.com tcp
US 192.0.73.2:80 s.gravatar.com tcp
US 192.0.76.3:80 stats.wp.com tcp
GB 157.240.221.18:443 graph.facebook.com tcp
GB 157.240.221.18:443 graph.facebook.com tcp
US 172.67.130.145:80 greedyfoodster.com tcp
US 172.67.130.145:80 greedyfoodster.com tcp
US 172.67.130.145:80 greedyfoodster.com tcp
US 172.67.130.145:80 greedyfoodster.com tcp
NL 185.89.210.46:80 ib.adnxs.com tcp
NL 185.89.210.46:80 ib.adnxs.com tcp
NL 185.89.210.46:80 ib.adnxs.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
FR 18.164.55.89:80 d13pix9kaak6wt.cloudfront.net tcp
FR 18.164.55.89:80 d13pix9kaak6wt.cloudfront.net tcp
US 172.67.9.137:80 ardrone.swoop.com tcp
US 172.67.9.137:80 ardrone.swoop.com tcp
NL 2.18.121.199:80 pub-images.gourmetads.com tcp
NL 2.18.121.199:80 pub-images.gourmetads.com tcp
US 192.0.73.2:443 s.gravatar.com tcp
NL 185.89.210.46:443 ib.adnxs.com tcp
NL 185.89.210.46:443 ib.adnxs.com tcp
NL 185.89.210.46:443 ib.adnxs.com tcp
US 172.67.130.145:443 greedyfoodster.com tcp
US 172.67.130.145:443 greedyfoodster.com tcp
US 172.67.130.145:443 greedyfoodster.com tcp
US 172.67.130.145:443 greedyfoodster.com tcp
US 172.67.130.145:443 greedyfoodster.com tcp
US 172.67.130.145:443 greedyfoodster.com tcp
US 172.67.130.145:443 greedyfoodster.com tcp
US 172.67.130.145:443 greedyfoodster.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 172.67.130.145:80 greedyfoodster.com tcp
US 172.67.130.145:80 greedyfoodster.com tcp
US 172.67.130.145:80 greedyfoodster.com tcp
US 172.67.130.145:80 greedyfoodster.com tcp
US 172.67.130.145:80 greedyfoodster.com tcp
US 172.67.130.145:80 greedyfoodster.com tcp
US 172.67.130.145:443 greedyfoodster.com tcp
US 172.67.130.145:443 greedyfoodster.com tcp
US 172.67.130.145:443 greedyfoodster.com tcp
US 172.67.130.145:443 greedyfoodster.com tcp
US 172.67.130.145:443 greedyfoodster.com tcp
US 172.67.130.145:443 greedyfoodster.com tcp
US 8.8.8.8:53 www.jumida.pl udp
PL 79.96.113.212:80 www.jumida.pl tcp
PL 79.96.113.212:80 www.jumida.pl tcp
US 8.8.8.8:53 www.clickweb1978455.home.pl udp
PL 212.85.96.113:80 www.clickweb1978455.home.pl tcp
PL 212.85.96.113:80 www.clickweb1978455.home.pl tcp
US 172.67.130.145:80 greedyfoodster.com tcp
US 172.67.130.145:443 greedyfoodster.com tcp
US 8.8.8.8:53 www.facebook.com udp
FR 163.70.128.35:80 www.facebook.com tcp
FR 163.70.128.35:80 www.facebook.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 8.8.8.8:53 widgets.wp.com udp
US 192.0.77.32:80 widgets.wp.com tcp
US 192.0.77.32:80 widgets.wp.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 172.67.130.145:80 greedyfoodster.com tcp
FR 163.70.128.35:443 www.facebook.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 192.0.77.32:443 widgets.wp.com tcp
US 192.0.77.32:443 widgets.wp.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\pro[1].htm

MD5 0104c301c5e02bd6148b8703d19b3a73
SHA1 7436e0b4b1f8c222c38069890b75fa2baf9ca620
SHA256 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
SHA512 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

C:\Users\Admin\AppData\Local\Temp\Cab1E5A.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar1E6E.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab1F7C.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 347451ce03ffaf62f79c415413d80610
SHA1 e540f8c10bba586c909bfcbed168bb057cc2ab1c
SHA256 045352661a32ae13a812b1f9bbc5fba5758da4e66b2fb69aad9f831ed4ed0a3f
SHA512 946101e5060517a431c8d879d1e03dd1a4d16bccdf7b46001f11c8b211faee822f4adcb54e3b5bd171a557fefd2c4e5b1193963c491cf31b71a2f1376ca3ad5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b9a6ce2d8d958f97f33e4c90383555b0
SHA1 1dfc439a009c45eb482547d65aeee88675679279
SHA256 35c92a56b5f0f8520f27ee9b8d093c80deeb4f7599dbedfa8619559986db3c03
SHA512 0395ce6722e8663e946c8ab45bf6b28dde3d77c42ce893dd5d9174bb1c2c287b5ec4cb165ab2c606c13b39a72af14ea2d1b63bd3f21b766f8969b6d18db920f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 ae0d4e89c9da163dd5d43abb5d4b79ce
SHA1 05b42f0493f8e9285c3a0837d16e50b6b8cb0cf9
SHA256 2dd0d233cd9ba0613587c4a1cdcf56b0dda819686f04fce817f8485db9f4b542
SHA512 ed71e148a9543ddf2b168b055d356459ef147c63b309f7572e33008edaa6ca969ecab75383ea78b7a0a21b06b80cd0bd2f42b63d53c56165d0050bca13e6846d

C:\Users\Admin\AppData\Local\Temp\Tar1F91.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13fd6bbf22670116680c4b1000784594
SHA1 5da2d1b57dd4599584488c1d98cc007f153d81e4
SHA256 44834c1c2b35c5cd9af0d01fa07d9ef98d40c1f2ae969ff906f82613b5bf5d82
SHA512 d065d8a5a272fdf562efc9e63d330d74f46d9e0c4093588a6c522ca2978697ccab0f8f98036967c519f742bd1c221108c8bda465ed1dcc1dd0b61bc07d1c45c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 8202a1cd02e7d69597995cabbe881a12
SHA1 8858d9d934b7aa9330ee73de6c476acf19929ff6
SHA256 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5
SHA512 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c950977f1610d91a22d1a2e545b1e9b8
SHA1 3867679f4158d49a297cb47cd0e9867a2e1d5091
SHA256 96fd1e00770d73cb8f1524de0c6db5154bc681c3fa353cd53ebaac81a8435cc1
SHA512 cb05a35687a681e23f74fbef93ba372c4a22ea5dced6889e6a877828aaacd426c7cb48e6e97d1c85b6d499afedc206d4d2a02357e267da68df6b74b6c0b110c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d95e28971f5f95ee5db1cda99500a3f7
SHA1 67c5cc49397638663b18a9d4e70d804720a418f6
SHA256 af63734898a91e53a25fcf162a64e748ffbe80dd7c9c5da4417b549329cc2741
SHA512 58c27fe29dc265d1c63845b10566d2de4610b6f96783b3c2e30a2b1377e96f66e67749443de03f93cfb669cb78fcb73fe0cbea80826948d407547cb9830b1d89

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 951ea64feefc05cff817131140674bad
SHA1 7990e2486e6b7675d37b88bf6f004698f0cccbce
SHA256 9c1a4d14ce8e1668cc339c8be78f2a12bff11ff616af967a2b4b98f6c91890f5
SHA512 75ee72675c230a7d7079e9c207d4c152218e4b14efada43d96e57d800741782b4ba4901862c6e3c0f5e38b16ed503f5522c707badf3803ea6574ec059d0bacc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 672e24a660b2e7b20e99984bd96c0a5e
SHA1 e0f3ce7a6a965a6ba275718eb9a4187c99a56b8a
SHA256 0c59dc342ad71e0135a43f1e2509f8ece55e9522f401253a4e8426d33a9c458d
SHA512 9e540168a87548e0a003075b221080b3b0405bfd9af8d715fc4aeac4005a9aff8b0cb75224be2cb4f8b2b73f49732615f5476eca75904ef99e9a5531460fae72

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\673IEUYT\font-awesome.min[1].htm

MD5 fda44910deb1a460be4ac5d56d61d837
SHA1 f6d0c643351580307b2eaa6a7560e76965496bc7
SHA256 933b971c6388d594a23fa1559825db5bec8ade2db1240aa8fc9d0c684949e8c9
SHA512 57dda9aa7c29f960cd7948a4e4567844d3289fa729e9e388e7f4edcbdf16bf6a94536598b4f9ff8942849f1f96bd3c00bc24a75e748a36fbf2a145f63bf904c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a444d0b4cda76ad8a71563b4750fd682
SHA1 53ad35e7f6bfc19bf07251b51b406063adbef74f
SHA256 15094c77642dc4881e2ce4be4109e9ab357fa1cf590d5fbb6c5d027eb696817d
SHA512 d36bc18f7254a42e0d0964bf018600fd2f380efe971a0e083640646fef9e4d72cc2ef25432f370f9b483a7a70bdaabf4d94902423185d910fab6e08931b46853

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 178e05d400eb3d2e2993d488c67af399
SHA1 19d220ef8853d6f4d66b853f725d2e05fd90d505
SHA256 43350d279d906994ee88fc37e97a0e1296a43d34d166536e8760927a20dadd05
SHA512 e853d93740f28a6edce5f995d528179f99f405f74f1d14dfb3f374fd4bbe2db98afcc840e7b14a72f5ac4b949efee6396bbb0093e22514c7bf41f7bd1d73129d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19723df14e0ac3f38d74d4ff334f2ac6
SHA1 e90e2fa80d5fcda2c8f3469ddcf6e9a2b57d7d91
SHA256 ea3273883440686fd5e9380f2a0d992a3c3cbeec4a85df39503939c40ba38528
SHA512 7f3b0b797f096bd999920b5f850b3e9b4a23fea8c754ca62e327bca93b69896ee1b489e59de7819efabfe724512331a1920ba6776a92c1339f245a24b8d315ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3992f27b193086faee72102d36efdc08
SHA1 a1f77c42884723fe69d3df04b38481deba2be34a
SHA256 c1a3c34a521b41d561e47fd4cd6b15736f07782714ccfacd26212c60162306e5
SHA512 0766494503e9add645d482274e22c4b3a79e9b10a5cb79245bd3f6365de333c12d42da5487d552a0ad940938972951a307bda56928002daa697564e82d59b68a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6083acf98d521039350cbad31254dcd8
SHA1 5909001b42e650c735007e8e9320e61ed2827cb1
SHA256 04f171a8e70acc84246dbc2e87a48094f8b9493eca7455cb2ff40b490818f58c
SHA512 d81c924403df38ca58fdf896a9682547032cec4dd8d013c7584e2dcece1b87bafefee7b3c74d73b54792c3bbb42fb3fa0f05bae3c7ffa92f366b16418593f7cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a8719d499f5c3b25e3dad5a6dadc167
SHA1 73622f1b968ee1e1bab69e55f3b6c9d44aa40e6b
SHA256 46af93a5745caf0066084215a101ccc8e237712675139aa550b6ddf94a768b0a
SHA512 02a3bc410a310b5340f57a4bd035ee0d6fbf19e80b650ba0355fbedfa7c8fc8d721afdd3828c49c1d1149cc01accf3381a52066662fec93ab3c79d052e59dc20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9827ca342cd1a677a0c8c83fca76133d
SHA1 14086bccc47383214fa3671d5e38dcb835f9fd7e
SHA256 49900c751d61ee37f176b2ddaf4d332ef94170c01adfbfc3f08e95f47d8d7ed6
SHA512 36d68d39fe0a1ad40a15ad559c26073f2a61cb0248711e70b74a5ff6a8c5aea90cf1397f1f136084c0755fe47275897b08151a4d4816393efe91442dcaac1f60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7293854d4588d95509557f64dac03fd4
SHA1 e62eb9004af1559057319efe0e5cd3a313394f79
SHA256 6a80fcf163b1968e675c18f23c15cb4049997f825265ec402967b93f79fa46a4
SHA512 ca8de462dda3adc43fbe0daf0177aa28c430c1a535772a3075508e66f97ea7f23431e6a72529f49bf7060824b7c01843c34ddf9294969d39df97bf353b8ca01d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8cac1733a7ec56ac0a6fec452a3a3171
SHA1 4640d1edcac13ac6e4a44b9c5642ee621d34087a
SHA256 ced9d2b82096e1fca245d6ba9d5a51a8f234c186cbe79865c37e7b94487f78a4
SHA512 7dabb713476545c2641b9bc2f5d118978e39a5e51ee3f9b702ad13d76b18f118e7755e22f16540c3be009d14c176f8c6193852fda88f1e5f8bfa9c24f3a67fe7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 735a2f54ac910d8e95809b8da7a06fb2
SHA1 925f7cf022287bcafc9cec8ae062d5c5319d7e32
SHA256 114129bcb437dc3b5a97f74c9d7b9e2d00dd5b039346a34e1b9f67556c435b58
SHA512 01f90deeb3ab68e481961061958cad4ff876f1c6c015386e1e1b32b56bc80eb6b43039f2c48cafcb1708dcc22bcba2d90cbf6ca0b1348fb9ba2948f0a9871075

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea7e6307795625b99ecfe748175ea5e8
SHA1 9ea141806f168b383a051dcdb7c2bb4e2ed8a98a
SHA256 ff5a1025f9bfe129bf748f4cc021a0a76c46efe0bb3bd1c6ffe43242e56a91e2
SHA512 0ba368ddb2be83494f7dc333f4ca43deabef99d48e696083d6388bd998cc83c6ae6b9d525b6666e0b7b4f5225617b0f501baa90ee4e3b1347e6fcfb49e4e5172

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90816a2b468b29e07a6befc7be396a9c
SHA1 3f46364cec843923ad6f7a9145b0f7c769dfd33a
SHA256 a566d30de4893aa67cbf6db33e38ac40096a042f13f61b5703b505b95ccc6c55
SHA512 5a3ad1105910831fc7bfe8c5426269fddcd9ba2035f7b20b6d70283d7232d951a005c8452d256dff612e35ab76c700341da31eef3e528a784d1ef790da68682f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\NC69GV43.htm

MD5 59245c8ddeced1eddb1d213b43bb1283
SHA1 d0d1bab209239b21a8a667a390d4c17a315a0295
SHA256 bb20ae8ecaf5f2f364e1e113760d21d8fc4feb34ff4b977d74e5a6fdaf165519
SHA512 5709d774f62eab74aa3d159ca236d7f599c320c29499fb45d960230448f26711109df623ea6b5774b541ef1fe0adfd38a0d07b779d695d5173dadf8c62bb254a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e18a1552733fc7f7947fb637632833e9
SHA1 765d6e8e78f47915507f07dcb652d94e99493bfa
SHA256 77ff1753dc366eac66490a0c91925a8bb88454039e9d25ac95006a3acbd22156
SHA512 9319934f04cdf0c2ecf79944d24755aaca897eefcafa13be6d8dbeb14a2d10af7aa6fddfe076ce160ab746a068a8f67c029f16cadd5d7deb0c24571c058aee0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b10b54363d56b39f72eae21863f6fc60
SHA1 9f3a434a7121231406fb3d917de08bee326cbd90
SHA256 fd15c31ac1d2a88b65412b7991401621591801896238ac5c88d7f7d4e3f69de7
SHA512 63f5ca042b56e20aa298546b79cf2cbb2737736d3e0c2cfb406af53be5f6fc051602e99bd3ac57571c8fb27d7d8dacea352efc3e4ae609cd68329ec886f3e556

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4634f236197c7b79b19026879a991566
SHA1 123bfb68f099869fae52b5cffe47226892328fe7
SHA256 1289170885a80a773272d6fdec8c98b8ca76bd5b43c8874a34f3dd47a9323ff2
SHA512 3a00f28e498deb6decd287650791812e6d782a46b5c09c911701e08325d7870374537581e7d3cc3838c936f5b1b06f97e0d77b376683c10e26f5c29568c52d61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce334fa90c80645e4adf8416e7453100
SHA1 1dd4880f55eccb47bb4d31fe3fc9a961c35210b1
SHA256 6c0860d02b7ddb4006f58821881cd9dde969ab34139794d1a8b08f45ab9d22bc
SHA512 3278c08cfd380dc71ec2ff3cf6ac7d2dbb949209029a396bcf33f5c63c490fa8a1d27426453421ebe1160ac6d24089c32ae4b30ef3ec21081aaa3620d619c4f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 def1821597206d127e3506ab80aad9c0
SHA1 1c86fad997bcde01687c462b5db6c4efbde46b48
SHA256 25150a50b7a1267e7ab1fb401148724cd23515b831768e386bf9a93761c7c1ac
SHA512 5de96992c6c16595032d847cea60372a31f4906d69d1055c9cd2604537057e05ab9963c6579e72dfc5dad48785489438fe8989e131258c3715fd0abdca2af11c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6870e63f9d743964bb625673a54dcd69
SHA1 8b9f520a32c65bf2b52e85cc5fadfad68590b0ae
SHA256 681756b72b96902c85a97b47face4d298aed36304d59dec415a5780b0d29a2ea
SHA512 90375d05ade53a652934d9b6a1d40d21916159bb4e4dc7e54fbaa27c130f21748a82c4a1080a2a6cec93591bf03d9c2491ee9e9db5dd01d9e0ebd4726e5a114a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e58aadedc13438670ed3b08e00a7b3f
SHA1 fe3e0a6d45b1b63d4f9629f5714f09224011d6ae
SHA256 fdd50e4f21cb6f031a03f3b6a87c58af919bd28a33fb5b7b43c1cb7d5c912671
SHA512 0770831e6ff8b938f788d4fb47f50c324878e66581e8f7bad21947a511516b036187f0725a472047c85587656ced879c4f3dff11e3ee1781482f050f89dab25b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18a92feaee349fd629e697f0147ceaad
SHA1 0bc0f31f5ce54532b187b5e134e086fdd2f7ac96
SHA256 279522b1dc7f7e5a5ef8ec0aa9d2b7c6f341f4aa53b78754f2f60ed42ccd3c3e
SHA512 013fd1e2a9e9495bed87f5db3236d9d423050a030fb878bedd531419af1f652922e9ee3727ab8ccc20caf3b053d1cd93cbfe1d902c42624c33a9dd86f7ddf7e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 9fc63b739a68a790d314ffc2781f30eb
SHA1 12767151a4b3865a277b7fbb5f2bd56fbafa29b2
SHA256 9f7ac510eb8846493f2deb3f5a306589b76a4e131928e20abcc2e56f4f604742
SHA512 c7f806138c99cd18a5cdf608dc831101c1ec67798bd0f539d18d1dc80c7d3d46bc7f97da337e284ab9eb6ff5eda22982b712bf08c8a20d40c585fb69b029944a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97b135c1c6cc6f7c07d8f6a976ace0cf
SHA1 70f5db3395e6b7623f380e5d06a5cb259107eafb
SHA256 538e3ecf7c701e96b2f0519c038e38170fa84243a63f4c080fa39087974e21af
SHA512 aacc1e479992cb0bda3e59f39b988b5c51b31aff3a69118a1c036e81ae93f514dead52089c4d48e2918687347fdc4c72cbca07a2a1723b15a688dc60a937d1a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7cd5584b467ef13429c07c03c0043def
SHA1 e76a809be9826a5cfcb195d082cd5ab6f498904e
SHA256 eb4ffe195d09eec2025a66cd7085b1dbc195bdd371a2eceb02b2542fa0e17964
SHA512 f74aa8b0ee07bf7b8660224c5cab744f1ba1a105a0226d02ad6e5b81841ccc13f9539e3f67cd594e44fae93e055e374b520a09f57aad16a80a21209c823263f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1d47965da9076cc0f3728f2da0fd65f
SHA1 33a68c03c5bfe8b0ff13d38dff4e5bea2d34d8b6
SHA256 f3f8770a5f1797759b77ce293b5d93f245d5a17869fa0f62434bcbb6dc87979c
SHA512 5734cd11a43a8f2d18d3a1680769aa0b332b057a4cfc94b775e4839e27ddcaec67ab0674af446a0201a7e8315cf7994d93accab4e67619b0e4abffbd4906e0fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f45355d03e823b528cb3878f61bc75f
SHA1 c57a13f0c3c07c44b9c9892239bfab54c9939d05
SHA256 293ecd8c87d9e4d1ae6f02027cd7b7fb9a444e4606d42e7cd20ba97fcac2fd59
SHA512 1a35815f1d5109ae94e0e82e9912b0e0f4150f1a073bafc7217679f8d4602960fa5c875c5ec126f69195e5e93dc1110b142620087aedb5eaa03a9371b6b4a2a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 811263c13f455ee6ceb4243091ce5eda
SHA1 3eb6834a8bb027292c5a0762343458a74f2c1b53
SHA256 450445e3726a319bdf5bfb7940560e316a3e7d2fb26da39dc7fe17d5c268c6e2
SHA512 94771fc2ecbf4762b728d1185891816b645f8e684f175392343df9fc3afb6f09be9b01c225e00cf99168f48fc7a8b32d1ab06e8a0c4c29d95de10d9c60c47957

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c078c2c50b785dc4521e9b85433b7906
SHA1 9af9642176ef4e4294448c54785d8451b115048b
SHA256 a53278888d3d4b61ae6d8558724bced4880a6af5a209972a8656343f336e24f7
SHA512 ae4374d86f9c24df8295e9fc723b55deef27bbb5205b6b27a608a079e6afd69cbcc0037ae1cbe9a24031589ba2819eb56934d56621cf3d5a3745064f6b9cd8e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 343d71b31f9802ae08669d6f9d2d2cce
SHA1 2af5caa8cff040627a16bf2e64457d3fd62ca8bd
SHA256 2c9adeb5d787d5b12a88686903bf6e355d5e963eaf17032ead87c783bae56028
SHA512 acd58012a3c8db339f4ef483f33bc22ee4742c9734c62d4c54e63349aa0cce21e268f19d91d834ce2cf03f90202217e876c5cd71d2fa1a7dca7c8d656446954f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c495115c3e295765b751c4824f6f02bb
SHA1 2e3c4c57b387e9b1aeb4d0d29465b97103359f15
SHA256 cfd4f9303198f1df4e328011933b611f782f34af833b7f5c545a43fd9459bf21
SHA512 ca319c69bad6e5407e729fcf6d9d5fbd90b321636f6c0abf4c7c13241d5a6b02d3d3ad997bed3583e0ec416dbd9e1bd78794b95898d1dbe9e652b696be7058a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64112cc7a18b8a9f5e63dc78bbcdd6da
SHA1 7f2d6dd9ed58aeda4993567841dc9609bfcad220
SHA256 4d5e68b057e3a9d6f6a217b24867769673d33fa65517e2c9ceff7cfc9753a6e9
SHA512 81c3e30cae57a6fc28c31df8f6e25c81a4751652643004778a45e87b35769a914621f1c368d98e276c2a9d3fa1329373d99a3bb1f3e6cab18bbdd154dbfffafc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 888a8fe791825b50c811284326e69aa3
SHA1 f1a21dc462e48f036d49151a82179d88f792112b
SHA256 f3ba32e7f4586282325398a46ce6ceb82917a5c7e193ce7a4c225205441a4684
SHA512 7fb71160b61d321c9e2d2689c23255998e1c35035772489e047c205dd489b2b134fb450b2c803740d21214d735dd9f7dcaf3df31ec437ea6291b2b30171ced6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cad45cde7acaa9ffd9f239e1421c7424
SHA1 dfb99d09bd04b1eb00fec65881db2303b11310b6
SHA256 c60ceabf145698bb1c87edabc7e72896ee536f72c7e07716d46746e62d9ea6a1
SHA512 585389fd4c2a2dff5a474ae3b466b571784e17d77247cfbff7bf117ae7f37113b927271fb4c46811790021abffc073e415f061767e8502f18208ac11350cdd89

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83905aa7da78ca31be2f867011cc363a
SHA1 6369b523be32bd719037a4f7d3e39c44f974516b
SHA256 48a39ffc93df191449b6a19ae8f0c742be8fe2cd960a56b6ec5facd6968a5a1a
SHA512 6578bf4211b9a89b7c5eb7466e06f7302ab4dc2429dd8c2bf529fd347185a8500245a522023192358f9fc448e7714dfab407a4ca85f50e51b21a4cdcf869ef7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8714b5d5107fe32c09179313dc858f6
SHA1 04907f35eda4bb8ea671ffd359c7257ced7b61de
SHA256 24a5eb496b59a842c00a4f91ced22f337132945e482fc4be6a1a47f6a2c9f7b2
SHA512 8ccc719bdda02f09a84c6ef1dd0f00b22a164840eb1f2b15b6ff31f8ce3609aa937071ecedd3f8da818becd25d3ada5c26bcb458d01080935fceb7c265c9d740

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 071cc50687ee57c9e795b7fd78b8cc44
SHA1 387470542af0d0445b15083154b3043d9574aebe
SHA256 378b393e447dd49cdc141facdbf8845fd507b2250d9fab67cd8674aa64723931
SHA512 2ccf140202f1f12393f6b87ba01eb9eebb31a854debce2a89d8e6e890611eb2d5d2e40155071e05453e1304677fcab3fd44084d3480a2f160dfbfbfdf5279d70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 707c2efccaacf2042c1e5a695c34b724
SHA1 3ea2de76cb70243643d78432a9d6f4e4543f052b
SHA256 d3080417b9590f6afbd41ecfa9c70acb4563b1a92cf22fb5e2b2f2ffa693c804
SHA512 72ed8f2b684bc97e20365910ce53eea699e177aaa8c90c489c938679b894ce0c46b561b097b4ac47c0c2c4836186200a6ef2be14151edd32dff7a0e9b6e154b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c15523dacedaff8a147d58ed48ce7a3
SHA1 51b2e43b2e45e2fefc0c547773bd8be3ff87bb65
SHA256 91148e7c9869ad06933288a12e2c4a105ff078d63efcf43d6e9ba180c5c8aad4
SHA512 2b7a1be9757047e0ef29b0111e141263999e1b9caccc6bce8fab6f445f7792f7e5b055b4bef3e727aea4a17cb69e93476279d0a500ccd4dbd53ce7879a7f35da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e55fe7fa70c9e51a85f6b10462096f17
SHA1 d87aff8b261dc0661c48dd447b799a5b4c95ee96
SHA256 6eb8a31669c1ff503422cd4d87efad25fbd5d89b0797b8e8ebeb44b837dcb1a9
SHA512 be619d7c5564d36988f38ca5c6e282244fee2749b741ce7bb75b46ecf73fe0b4e2062a12a9897854c12b99e27aca167308a57d99f285f5841b71c9d2f42f174e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de903b03b713fe9196cdae9890cf479b
SHA1 2babd9a15c9bc7b7fb19915e71511bccb4406887
SHA256 5448d6421f1f5fde527323cfefb974c395e7640989c7d6977540d3899a6efbf0
SHA512 507e84392aad4330714952a90768c00093bbb97a51e2994c769eafc47dcbdc0c24b5f3ac4d821930eed375a5d3c64ca0ef91fc61ce4a1d70f0a7f1595853d416

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0039c13953f3f7956340e222eae450be
SHA1 2bfc77bb1e15d75e0cc95714f903da61d8f5f351
SHA256 dbc11f3a0017c5307647de50e8e950b92ab228c0babb591c83dddae85880bf60
SHA512 395c1d7bc4ed24efebc2def01eaa2c06be7c4c0ce4eb8e8a6bcfb535b6cc365e1ccc79fbaf5aaa322f174bbd0ec5231a8969c9582295c71664249ada3eb66df5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fae7fef204ab9601f03733bf1fc48043
SHA1 7e50e411e6d4a48fa39b06343b12144dade97a12
SHA256 2cafa04516614f7c0733c4d02a8c2c9f5c30661878eef80f43ce12c3d390cac6
SHA512 0eb7a3dd4e12c609a41a0c0d968d656a5ad5bbd45002dac52d266369ab28e151888738335dcfa60bbebf9dd7c804a636371f7dd5312fa8d5387b869d33a44e80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3200b0704534f3c154d971dec6ad496
SHA1 628563a9c47420f04f8cd2a0e4c10a30ede72d80
SHA256 9105cef3f841ac66030f2e9fc4c2be4134614c05cdb45bc9a95f988e23206141
SHA512 5de2abe099bfedd9e0cb591ff3252bc96c5c975411652ff1e3f4fe9aef0f05348e001df418c5d74ea73c86631a8146e9a23fb7df720767a0923fcda62bbefa95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c0919f511c496425bbecb4419ec7acc
SHA1 15fcf586781a5c12dff48d9bbe8503a354748274
SHA256 fbb43dedcba71edc363a12716fd74383403e43adff95892287f3ff938e9be0f4
SHA512 de74a5ad3e3788881f3b22d626253c60236ceccdf3dfb5a4afe6de91c18efa829117f7afee1bc1e36fef87a0fe7ade49e139689207fff14a59474c152543d02f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 9ceb14096e03d22637f68dcf0e54081f
SHA1 3dec501325e79bfa8f1a83b3794992f71c8940c3
SHA256 c0f11bd9c06f882f10fc3eebd590c0898f9675332e3c6575051263b759f46670
SHA512 7f009a45f3362e4fbb03e34e090d53338a3485f5d000deb8dfd4f1626d9d1c452fce2920ee7c21582a8780ea1ac722a52aad9285133644cb6fdcabcdd23c41c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae5716c8bcb81703b98928b30808be2e
SHA1 7322bbd784fbc9a5acb248074e5404f13edc1326
SHA256 c5140d334fe347a2c81a91aa4b09a372fac97ccefba130606981aa70793a24cd
SHA512 2fc164a6da165d6973ebb8e0f812cd1d9b514b0db50604c1dbf754c740205bc8baccbb342bb2ec469a0083dc6d39b9197208a21d2e79c984304351f5bd1804b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fed4b3d4ff7cc59320e78f746bdaf578
SHA1 f8c3e6b10ed04c63ddfc9b313da27bbd8e2378cb
SHA256 c37e2119b2d2b03d61f65f135f7d3915dec046b5ffe74583b20d81c73942f087
SHA512 c3ff0dd339eb298728990bcb837ab882157a275fb221a6dd4de18d948f921a5fca85794710871384c7ed2a8c75d0d63211e8b4afde0b93613ab7b701f47dcd0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8befc28718c54fa5c3a1b3cbc1bde421
SHA1 3863fb0a9cace596ba564da8bf2caced116b64ae
SHA256 2eef405129f84fb5b510be8ad62e39590194d0c1945b13793aa318793e2faa1e
SHA512 8fae6d1234a2062e844fc841f90d2cc210db5f35f71bc0266b017e1f6658b637d72711371e20dd0fd12bea2a0d808c04b1f7aaecc8e0c1f75353d85da92c422e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f93d5b7852757ef4d59d99a5a90852fb
SHA1 a33d01e53da9a5e8e31c36760ba5b296fd7cd87c
SHA256 fd9051755c071776f205afff2dd486c2be7f54cbbce952983ee51b9673eb2f05
SHA512 d4a5fb0a6c86971a0a0d731dd457aa4a1e6e3382ef768fc6974e22ee8d72662811ca0f7c0b0dd581b1deecedf2e7130cb1d82c438106916b39afd96211334cee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f399da10735f510366d879ec3794a2a5
SHA1 7240bf05f77d1db2c307d9f549cf92b330905acc
SHA256 8d893f0c0c8d3ce7caf4f1e6fd40c31c3065a0f80f49916e93032f2ddedbd669
SHA512 66351188fbec6d6b2d0c5bc87197e75b22b99a16c878dbdaea1e043be069d727b38807862f649bfaac0271e96fc85ed62cec8c6a022b01175a89bf75702fcf53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 81da60e958d12fe135202388b3591ef8
SHA1 f26d6c0d95ba2e6d1294240a709b9bb901c6a29e
SHA256 0fe6e718a0407d5d19f6a0ee4a2398d2877d366ba8d38d8a9a01e376a9aa53ca
SHA512 5ba3468e99ab95c232b3debd65c9e6c9f0b67cacfc35aed0ede6fd447fb297d6fb9ebd923132fb65b5fcef2a82df3bb63e10ee2451542deec71e574e5c91c0d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1921ecf6410b16a8cd0d2b5cb056a229
SHA1 185e2ba1be3747a74cc7b110398e6ad18f15a4f8
SHA256 6b1f1fcf92cfb6a0920f6fe102bab1a02dc7fd6599a13545933360d5784d702c
SHA512 c24638272ef322528048a99641b75f6602b91bec05c9628b73b18aee90464affed00f6cda490cd02c51fde0113b7cb249591edf881c82e47c98e011f59f85bb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b264492d3aed8c3a0a121ca14efdf57f
SHA1 1cbdfd87eebece9bfd474713c814ee254b028e7c
SHA256 b65e6289a1ae2c60eb7951a9abfb8ddfb9424343f6b52d239a732b074b4635ea
SHA512 e0e04021084c7b71fa1b35eaa7bd27ed34306c7fec3c1a9e27b571f93946c2b61bcf5d6dbe2cb29b7aa52245efb2664526364294b6bf08621563ecbccd320b56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 167df8b5ecce7b9e7a610eee063d4915
SHA1 12c1919638a776702eb72a7f9906bce429f79a5a
SHA256 70dff2e92b06f91782372fbfe9c67f315c6eb8cdff5fa6ff6b9dff9f44385822
SHA512 79d1ed5b0c730773a612e3d8025ba1ddf97ab5c66a6199d84805757b13c3a6252d989a1e7e37c72953b9b9f820faba346fc3da9383a62a81df1011f15de2ad5d

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-29 08:23

Reported

2024-05-29 08:25

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\801691b9e1ef87964bac9b19bb513aea_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1340 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\801691b9e1ef87964bac9b19bb513aea_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5eb246f8,0x7ffd5eb24708,0x7ffd5eb24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,9630862907447989413,3017017401955425969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,9630862907447989413,3017017401955425969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,9630862907447989413,3017017401955425969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,9630862907447989413,3017017401955425969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,9630862907447989413,3017017401955425969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,9630862907447989413,3017017401955425969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,9630862907447989413,3017017401955425969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,9630862907447989413,3017017401955425969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,9630862907447989413,3017017401955425969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,9630862907447989413,3017017401955425969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,9630862907447989413,3017017401955425969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,9630862907447989413,3017017401955425969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,9630862907447989413,3017017401955425969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,9630862907447989413,3017017401955425969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,9630862907447989413,3017017401955425969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,9630862907447989413,3017017401955425969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,9630862907447989413,3017017401955425969,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6152 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
FR 216.58.215.42:445 fonts.googleapis.com tcp
US 8.8.8.8:53 greedyfoodster.com udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 172.67.130.145:80 greedyfoodster.com tcp
US 172.67.130.145:80 greedyfoodster.com tcp
US 172.67.130.145:80 greedyfoodster.com tcp
US 172.67.130.145:80 greedyfoodster.com tcp
US 172.67.130.145:80 greedyfoodster.com tcp
US 172.67.130.145:80 greedyfoodster.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 172.67.130.145:443 greedyfoodster.com tcp
US 172.67.130.145:443 greedyfoodster.com tcp
US 172.67.130.145:443 greedyfoodster.com tcp
US 172.67.130.145:443 greedyfoodster.com tcp
US 172.67.130.145:443 greedyfoodster.com tcp
US 172.67.130.145:443 greedyfoodster.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 145.130.67.172.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
FR 216.58.215.42:139 fonts.googleapis.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
NL 23.62.61.147:443 www.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 147.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ib.adnxs.com udp
DE 37.252.173.215:80 ib.adnxs.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
US 8.8.8.8:53 215.173.252.37.in-addr.arpa udp
US 8.8.8.8:53 s0.wp.com udp
US 192.0.77.32:80 s0.wp.com tcp
US 8.8.8.8:53 s.gravatar.com udp
US 192.0.73.2:80 s.gravatar.com tcp
US 192.0.73.2:443 s.gravatar.com tcp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
US 8.8.8.8:53 32.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 ardrone.swoop.com udp
US 104.22.63.101:80 ardrone.swoop.com tcp
US 8.8.8.8:53 i1.wp.com udp
US 192.0.77.2:80 i1.wp.com tcp
US 8.8.8.8:53 i0.wp.com udp
US 192.0.77.2:80 i0.wp.com tcp
US 8.8.8.8:53 i2.wp.com udp
US 192.0.77.2:80 i2.wp.com tcp
US 8.8.8.8:53 101.63.22.104.in-addr.arpa udp
US 8.8.8.8:53 2.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 d13pix9kaak6wt.cloudfront.net udp
FR 18.164.55.199:80 d13pix9kaak6wt.cloudfront.net tcp
US 8.8.8.8:53 pub-images.gourmetads.com udp
US 8.8.8.8:53 graph.facebook.com udp
NL 2.18.121.91:80 pub-images.gourmetads.com tcp
GB 163.70.151.23:443 graph.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:443 platform.twitter.com tcp
US 8.8.8.8:53 stats.wp.com udp
US 192.0.76.3:80 stats.wp.com tcp
US 8.8.8.8:53 23.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 199.55.164.18.in-addr.arpa udp
US 8.8.8.8:53 91.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 66.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 scontent.cdninstagram.com udp
US 8.8.8.8:53 www.jumida.pl udp
US 8.8.8.8:53 1.gravatar.com udp
US 8.8.8.8:53 0.gravatar.com udp
US 8.8.8.8:53 2.gravatar.com udp
GB 163.70.151.63:445 scontent.cdninstagram.com tcp
PL 79.96.113.212:80 www.jumida.pl tcp
US 8.8.8.8:53 jetpack.wordpress.com udp
US 8.8.8.8:53 public-api.wordpress.com udp
US 8.8.8.8:53 s1.wp.com udp
US 8.8.8.8:53 s2.wp.com udp
US 8.8.8.8:53 v0.wordpress.com udp
US 8.8.8.8:53 widgets.wp.com udp
US 8.8.8.8:53 www.clickweb1978455.home.pl udp
PL 212.85.96.113:80 www.clickweb1978455.home.pl tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
US 8.8.8.8:53 212.113.96.79.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 192.0.77.32:80 widgets.wp.com tcp
US 8.8.8.8:53 scontent.cdninstagram.com udp
US 104.22.63.101:443 ardrone.swoop.com tcp
US 8.8.8.8:53 www.swpsvc.com udp
US 8.8.8.8:53 client-deploy.swpcld.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 34.120.133.55:443 api.rlcdn.com tcp
US 172.67.71.95:443 client-deploy.swpcld.com tcp
US 104.22.1.203:443 www.swpsvc.com tcp
GB 163.70.151.63:139 scontent.cdninstagram.com tcp
US 8.8.8.8:53 apps.identrust.com udp
PL 93.184.220.66:443 platform.twitter.com tcp
US 192.0.77.32:443 widgets.wp.com tcp
US 192.0.77.32:443 widgets.wp.com tcp
NL 23.63.101.170:80 apps.identrust.com tcp
NL 23.63.101.170:80 apps.identrust.com tcp
US 104.22.1.203:443 www.swpsvc.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
FR 142.250.179.74:443 ajax.googleapis.com tcp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.136:443 syndication.twitter.com tcp
US 104.244.42.136:443 syndication.twitter.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 cdn.syndication.twimg.com udp
PL 93.184.220.70:443 cdn.syndication.twimg.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 8.8.8.8:53 113.96.85.212.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 95.71.67.172.in-addr.arpa udp
US 8.8.8.8:53 203.1.22.104.in-addr.arpa udp
US 8.8.8.8:53 170.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 74.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 136.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 70.220.184.93.in-addr.arpa udp
US 192.0.78.23:443 public-api.wordpress.com tcp
US 8.8.8.8:53 23.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 142.144.22.2.in-addr.arpa udp
FR 216.58.214.66:445 pagead2.googlesyndication.com tcp
FR 216.58.215.34:139 pagead2.googlesyndication.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 pixel.wp.com udp
US 192.0.76.3:445 pixel.wp.com tcp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 30.73.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_1340_YIZIDGPESUDLJHNM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 886773aa1fd2e9feb1db3899c81b51b3
SHA1 c29fd391f248b766b0c8dd0a53d9ab8ea26eda24
SHA256 9be8cc58bf52a58e623eda7ef2decddc39e659303201309938631b136f6d8b7b
SHA512 c382e100c26c447feb5649d000348f586eac480667e8a502622839fc21542dbb44ae590f4f8430420fffecabd097a43660f4c6e80a2b8091c99aa673385d5c4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0ddb5dc3886bd652d998855633c83cc3
SHA1 b3b37bebce3bed0545b9cc997342f2031c4ef5d6
SHA256 d8ce4224cb34d6eb24b431c539f50fd1098ca38389fde35b3e7d0060bfc72540
SHA512 bfa9e1b15b0f5178c8885ab9d39c75b73dce8a5a884186881e18f73dd071e0fc3dfd8eb7745f0494e43033d5bb591d6d5e67a364f137a2ce746d41c95b88ee83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ef0245cd9f68bb7f42baf29cb58d572e
SHA1 9cc55894f82ee226379c2767b8118769e40df469
SHA256 9500492412947afd1feda8584472c4416ef3b8f7121b1afe587471082a86d6e5
SHA512 09385752dfc49f75c9238e59b2d69a3139ef07206a0f45ae028bdcb529481dd81a279a9cbc888f4bc28ac44cee1bf465425f39fcf12dfb212e939555228e95d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 388d81b137f4f94295a70697f0c5dbe3
SHA1 091314f771990c2e076f847f3dc6a5f7a3f4efcf
SHA256 21dd44c127ec5afb51ad68bfa59fa48e5b53428e82be45c1ea6176c5f9388b80
SHA512 f83888ce5dec310a65b71f5cfdc48bcf16051cb48ee1ca6d691a50b1c0df0e0b8f0a03db2bffb485b94f5f3dd35610514809a16c2c96a02764aa6a1197bc3a60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dfb7b6071b6678a7fbfa01e112c6b757
SHA1 541e94d272eedcd6c39e8b8ed77b265bf60e1c57
SHA256 f87f606bbff825711cfe8e5d8f97dbf2623a55dd69a7bd116495be632cee1f2e
SHA512 e0f255e8c7dfa27fff9d7f20c72c1ac28296f88606aad49d5655a507602dab339bc75d71fb0899a81909c00e7240e08281a858d8741463ef45dc0c5c07997d71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 92e1977301cfd68ccd0f3bd10da2825d
SHA1 28595450bc4129ba03052f97eb2b1debea31b5c3
SHA256 abe55d876dc0610222512aefedbd11fb0a8c9fd632d73c7f6d8288339501ffed
SHA512 2b936f3304d0aa8056bef29b0c3522c3429a8e7e1ad8aaa6bf47a9cc47fc4073875457e2715cba91c631d344566fa7ef3283cd08774b8527c2b8ec01a4f58930

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 23b7027bb295c4078f7f33f8f89b1148
SHA1 585fabb6dc06b6d685909a77950caa23e3b0f6d4
SHA256 156f0f313fc6a7626efcb3b285823bd303553fc17a95416fd390e4078daa931d
SHA512 58590462b255fd4e9372b52f88db9b78586063d1ce3882b01f20a402df27f2d119238ab317c6b45475b98044cd223318955467cbb66498f650b98c62ab0ae829

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b6bd678d0c21ed1c4be42af5b9d8023b
SHA1 8d3a66c342144af14a241c0f7e3ec7a17ddc7677
SHA256 bc22cc66b9f7af8e8136f9a72cd99cb949135b7febfb1e20312defd0e869326b
SHA512 1a552613df24346527e9fa83f46be4614ab3f8dfaa6e87c3bbbb164ea33510de1368a4da24d81e225dbefc8c3f5a54add59303546939a2a9d00baced9f4adc07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3ba56220e0df5ece6a59f6ca417191b4
SHA1 6e0ad52cded04c1c42dd6d52f13dee66715281d8
SHA256 b133770f5a25ef18363ba55da6b4e91263a6c9a4e29838c9b4f061184c593a74
SHA512 5ff02335ee523dda6b3c8e883ea3b037b074f961d3b7c63050a9da1791503db7519f04bda7ce1d790e2f49557eec366f427042b50d8ffb4020e4c2ed522ea597