Malware Analysis Report

2025-01-17 21:20

Sample ID 240603-n6cbeafa22
Target 91b5cf8ac96e8c206f7970b1f7e527d2_JaffaCakes118
SHA256 4fa922a1cd0e691bc7f1ce7391644472f54c763cf175441aaf49b5bd585caba7
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

4fa922a1cd0e691bc7f1ce7391644472f54c763cf175441aaf49b5bd585caba7

Threat Level: No (potentially) malicious behavior was detected

The file 91b5cf8ac96e8c206f7970b1f7e527d2_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 12:00

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 12:00

Reported

2024-06-03 12:02

Platform

win7-20240221-en

Max time kernel

143s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91b5cf8ac96e8c206f7970b1f7e527d2_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423577877" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10076fdaadb5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D330BF71-21A0-11EF-A8CB-6EAD7206CC74} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fdd7bb851fac4c4f80b5921d6b5ebc970000000002000000000010660000000100002000000030bbbee9c07f252e28f7e99bc7c7b00c135339cfbd1d8893cdee45fc62775ea5000000000e8000000002000020000000aabed1e002780249bcc9c33607078ad166136fc9c0a5ef103b06edb540295de42000000062d717b7413bcccaf596017ae8295452b22455af7d274c26cca0f7a46d96f4e34000000013253fdedf287a1ca59b471abd0e74ba7b7a5877130294b7b71c693df8f4e31248c1a5bdabae78dd8342f9b8d63830bd2aedb52879d9f0c0d3c593db68ecd976 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fdd7bb851fac4c4f80b5921d6b5ebc97000000000200000000001066000000010000200000009fadd0b93cb617109a3f0d732d6f6b3619b85546215d64f96da44ef892bb44dc000000000e8000000002000020000000799302f81bf4d89c211effb214f2252b4a868139c9ce3898e56c84b083d5c77a9000000020ef45371870c4c4d6c1e82bf550ba2220973ede10297f67cdfd28a873bc74da6ba3c0a53af0e5d59c609d1cd82777dc1060ed94277c5eaca01175bcf4a720a05269669ceb94a3bc43185e70a7a807d22b91d7aa45ae9c3c2d6c989b8849cda55ba78e10a7a30540789b621ecec2a3901dab8505e49520ff5082593c2403c6e9908f7bd7112a2b83931135929711f9c0400000004765848de1eac66f015d4036e138253a6d925e666a8042ad1490ccfa486fb301d74f61639c06414e2c90369b0940ca4f62ee5f0b73e9d976ef97ebc51e811442 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91b5cf8ac96e8c206f7970b1f7e527d2_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 ads.smowtion.com udp
US 8.8.8.8:53 www.advpoints.com udp
US 8.8.8.8:53 www.paid-to-promote.net udp
US 8.8.8.8:53 ads.lzjl.com udp
US 8.8.8.8:53 poponclick.com udp
US 8.8.8.8:53 scripts.chitika.net udp
US 8.8.8.8:53 www.trafficrevenue.net udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 blog.dhgate.com udp
US 8.8.8.8:53 www.brightonbeautysupply.com udp
US 8.8.8.8:53 www.stylebell.com udp
US 8.8.8.8:53 www.human-wigs.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.original.si udp
US 8.8.8.8:53 www.style-hair-magazine.com udp
US 8.8.8.8:53 sharecall.info udp
US 8.8.8.8:53 www.alexandar-cosmetics.com udp
US 8.8.8.8:53 www.loopdeloophairbow.com udp
US 8.8.8.8:53 www.deviantart.com udp
US 8.8.8.8:53 www.hairxtensions.co.uk udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 inlinethumb28.webshots.com udp
US 8.8.8.8:53 i01.i.aliimg.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 lib.store.yahoo.net udp
US 8.8.8.8:53 i2.squidoocdn.com udp
US 8.8.8.8:53 www.oregoncitylink.com udp
US 8.8.8.8:53 img.tootoo.com udp
US 8.8.8.8:53 www.outdoor.com udp
US 8.8.8.8:53 www.onlineatlas.us udp
US 8.8.8.8:53 www.countymapsoregon.com udp
US 8.8.8.8:53 mapoftheunitedstates.files.wordpress.com udp
US 8.8.8.8:53 mappery.com udp
US 8.8.8.8:53 geology.com udp
US 8.8.8.8:53 www.citytowninfo.com udp
US 8.8.8.8:53 pics.city-data.com udp
US 8.8.8.8:53 www.presentationmall.com udp
US 8.8.8.8:53 www.geomart.com udp
US 8.8.8.8:53 vulcan.wr.usgs.gov udp
US 8.8.8.8:53 iloveoregon.com udp
US 8.8.8.8:53 www.bargain-properties.com udp
CA 199.21.148.89:80 ads.lzjl.com tcp
CA 199.21.148.89:80 ads.lzjl.com tcp
US 162.0.215.156:80 www.trafficrevenue.net tcp
US 162.0.215.156:80 www.trafficrevenue.net tcp
US 34.232.203.70:80 poponclick.com tcp
US 34.232.203.70:80 poponclick.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 172.67.196.38:80 www.style-hair-magazine.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 172.67.196.38:80 www.style-hair-magazine.com tcp
US 104.21.90.132:80 www.paid-to-promote.net tcp
US 104.21.90.132:80 www.paid-to-promote.net tcp
US 216.27.27.127:80 www.onlineatlas.us tcp
US 216.27.27.127:80 www.onlineatlas.us tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 172.67.74.22:80 www.alexandar-cosmetics.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 172.67.74.22:80 www.alexandar-cosmetics.com tcp
US 3.33.130.190:80 www.stylebell.com tcp
US 3.33.130.190:80 www.stylebell.com tcp
US 66.39.50.172:80 geology.com tcp
US 66.39.50.172:80 geology.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 18.165.160.71:80 scripts.chitika.net tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 18.165.160.71:80 scripts.chitika.net tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 192.0.72.29:80 mapoftheunitedstates.files.wordpress.com tcp
US 192.0.72.29:80 mapoftheunitedstates.files.wordpress.com tcp
GB 13.224.81.39:80 www.deviantart.com tcp
GB 13.224.81.39:80 www.deviantart.com tcp
DE 91.195.240.68:80 www.advpoints.com tcp
DE 91.195.240.68:80 www.advpoints.com tcp
US 137.227.233.178:80 vulcan.wr.usgs.gov tcp
US 137.227.233.178:80 vulcan.wr.usgs.gov tcp
NL 86.105.245.69:80 www.outdoor.com tcp
NL 86.105.245.69:80 www.outdoor.com tcp
GB 138.113.149.69:80 blog.dhgate.com tcp
GB 138.113.149.69:80 blog.dhgate.com tcp
CA 23.227.38.74:80 www.geomart.com tcp
CA 23.227.38.74:80 www.geomart.com tcp
US 173.255.244.72:80 mappery.com tcp
US 173.255.244.72:80 mappery.com tcp
US 34.233.201.131:80 i2.squidoocdn.com tcp
US 34.233.201.131:80 i2.squidoocdn.com tcp
US 104.21.18.55:80 www.bargain-properties.com tcp
US 104.21.18.55:80 www.bargain-properties.com tcp
US 135.148.9.28:80 pics.city-data.com tcp
US 104.18.10.22:80 www.citytowninfo.com tcp
US 135.148.9.28:80 pics.city-data.com tcp
US 104.18.10.22:80 www.citytowninfo.com tcp
US 35.212.77.40:80 www.presentationmall.com tcp
US 162.255.119.200:80 iloveoregon.com tcp
US 35.212.77.40:80 www.presentationmall.com tcp
US 162.255.119.200:80 iloveoregon.com tcp
US 34.149.87.45:80 www.original.si tcp
US 34.149.87.45:80 www.original.si tcp
US 8.8.8.8:53 www.human-wigs.com udp
US 192.0.72.29:443 mapoftheunitedstates.files.wordpress.com tcp
US 35.235.86.96:80 www.oregoncitylink.com tcp
US 35.235.86.96:80 www.oregoncitylink.com tcp
CA 23.227.38.74:80 www.geomart.com tcp
CA 23.227.38.74:80 www.geomart.com tcp
US 172.67.196.38:443 www.style-hair-magazine.com tcp
GB 18.165.160.71:443 scripts.chitika.net tcp
US 104.21.90.132:443 www.paid-to-promote.net tcp
US 104.21.18.55:443 www.bargain-properties.com tcp
GB 13.224.81.39:443 www.deviantart.com tcp
US 104.18.10.22:443 www.citytowninfo.com tcp
US 8.8.8.8:53 geomart.com udp
CA 23.227.38.74:80 www.geomart.com tcp
CA 23.227.38.74:80 www.geomart.com tcp
US 172.67.74.22:443 www.alexandar-cosmetics.com tcp
US 34.149.87.45:443 www.original.si tcp
CA 23.227.38.65:443 geomart.com tcp
CA 23.227.38.65:443 geomart.com tcp
US 8.8.8.8:53 www.countymapsoregon.com udp
GB 13.224.81.39:443 www.deviantart.com tcp
GB 18.165.160.71:443 scripts.chitika.net tcp
US 8.8.8.8:53 brightonbeautysupply.com udp
US 216.27.27.127:443 www.onlineatlas.us tcp
US 34.233.201.131:443 i2.squidoocdn.com tcp
GB 23.73.136.121:80 i01.i.aliimg.com tcp
GB 23.73.136.121:80 i01.i.aliimg.com tcp
US 34.233.201.131:443 i2.squidoocdn.com tcp
US 66.39.50.172:443 geology.com tcp
US 8.8.8.8:53 www.namecheap.com udp
US 8.8.8.8:53 hairxtensions.co.uk udp
US 69.16.230.226:80 ads.smowtion.com tcp
US 69.16.230.226:80 ads.smowtion.com tcp
CA 23.227.38.32:443 brightonbeautysupply.com tcp
CA 23.227.38.32:443 brightonbeautysupply.com tcp
US 8.8.8.8:53 www.blogblog.com udp
GB 18.165.160.71:443 scripts.chitika.net tcp
US 104.16.100.56:443 www.namecheap.com tcp
US 104.16.100.56:443 www.namecheap.com tcp
GB 13.224.81.39:443 www.deviantart.com tcp
US 162.0.215.156:443 www.trafficrevenue.net tcp
GB 142.250.178.9:80 www.blogblog.com tcp
GB 142.250.178.9:80 www.blogblog.com tcp
US 8.8.8.8:53 www.mappery.com udp
US 137.227.233.178:443 vulcan.wr.usgs.gov tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
GB 18.165.160.71:443 scripts.chitika.net tcp
CA 23.227.38.65:443 hairxtensions.co.uk tcp
CA 23.227.38.65:443 hairxtensions.co.uk tcp
US 173.255.244.72:80 www.mappery.com tcp
US 173.255.244.72:80 www.mappery.com tcp
GB 13.224.81.39:443 www.deviantart.com tcp
NL 23.63.101.153:80 apps.identrust.com tcp
NL 23.63.101.153:80 apps.identrust.com tcp
NL 23.63.101.152:80 apps.identrust.com tcp
US 35.235.86.96:443 www.oregoncitylink.com tcp
NL 23.63.101.153:80 apps.identrust.com tcp
GB 138.113.149.69:443 blog.dhgate.com tcp
US 69.16.230.226:80 ads.smowtion.com tcp
US 69.16.230.226:80 ads.smowtion.com tcp
US 137.227.233.178:443 vulcan.wr.usgs.gov tcp
US 8.8.8.8:53 ocsp.digicert.cn udp
US 163.181.154.235:80 ocsp.digicert.cn tcp
US 8.8.8.8:53 www.777seo.com udp
US 8.8.8.8:53 www.besthitsnow.com udp
US 8.8.8.8:53 my.blueadvertise.com udp
US 103.224.182.251:80 my.blueadvertise.com tcp
US 103.224.182.251:80 my.blueadvertise.com tcp
US 137.227.233.178:443 vulcan.wr.usgs.gov tcp
NL 95.211.219.65:80 www.besthitsnow.com tcp
NL 95.211.219.65:80 www.besthitsnow.com tcp
US 103.224.182.251:80 my.blueadvertise.com tcp
US 103.224.182.251:80 my.blueadvertise.com tcp
US 137.227.233.178:443 vulcan.wr.usgs.gov tcp
US 8.8.8.8:53 mapoftheunitedstates.wordpress.com udp
US 192.0.78.12:443 mapoftheunitedstates.wordpress.com tcp
US 192.0.78.12:443 mapoftheunitedstates.wordpress.com tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
GB 18.172.96.64:80 ocsp.r2m01.amazontrust.com tcp
GB 18.172.96.64:80 ocsp.r2m01.amazontrust.com tcp
CA 199.21.148.89:80 ads.lzjl.com tcp
US 35.212.77.40:80 www.presentationmall.com tcp
CA 199.21.148.89:80 ads.lzjl.com tcp
US 35.212.77.40:80 www.presentationmall.com tcp
US 8.8.8.8:53 www.fedstats.gov udp
GB 18.165.160.71:443 scripts.chitika.net tcp
US 8.8.8.8:53 www.virtualunatics.com udp
US 8.8.8.8:53 webspace.webring.com udp
US 8.8.8.8:53 www.elec-intro.com udp
US 8.8.8.8:53 www.wackystock.com udp
US 8.8.8.8:53 lordofdesign.com udp
US 8.8.8.8:53 www.suppanen.com udp
US 8.8.8.8:53 www.quarryvillelibrary.org udp
US 8.8.8.8:53 www.openclipart.org udp
US 8.8.8.8:53 www.presentermedia.com udp
US 8.8.8.8:53 www.jesterartsillustrations.com udp
US 8.8.8.8:53 www.clker.com udp
US 8.8.8.8:53 www.zimbio.com udp
US 8.8.8.8:53 wwp.greenwichmeantime.com udp
US 8.8.8.8:53 www.clear-internet.com udp
US 8.8.8.8:53 www.best-of-web.com udp
US 8.8.8.8:53 dclips.fundraw.com udp
US 8.8.8.8:53 www.wpclipart.com udp
US 8.8.8.8:53 www.clipartheaven.com udp
US 8.8.8.8:53 graphicsfactory.graphicsfactory.netdna-cdn.com udp
US 8.8.8.8:53 www.magicwandcompany.com udp
US 8.8.8.8:53 www.arthursclipart.org udp
US 8.8.8.8:53 i155.photobucket.com udp
US 8.8.8.8:53 www.illustrationsof.com udp
US 141.193.213.10:80 www.quarryvillelibrary.org tcp
US 141.193.213.10:80 www.quarryvillelibrary.org tcp
US 72.52.178.23:80 dclips.fundraw.com tcp
US 72.52.178.23:80 dclips.fundraw.com tcp
US 107.167.237.4:80 www.wpclipart.com tcp
US 216.46.53.194:80 www.presentermedia.com tcp
US 107.167.237.4:80 www.wpclipart.com tcp
US 216.46.53.194:80 www.presentermedia.com tcp
US 172.66.43.19:80 wwp.greenwichmeantime.com tcp
US 172.66.43.19:80 wwp.greenwichmeantime.com tcp
GB 3.162.20.109:80 i155.photobucket.com tcp
GB 3.162.20.109:80 i155.photobucket.com tcp
US 45.79.168.40:80 www.openclipart.org tcp
US 104.26.4.114:80 www.magicwandcompany.com tcp
US 45.79.168.40:80 www.openclipart.org tcp
US 104.26.4.114:80 www.magicwandcompany.com tcp
US 172.67.153.124:80 webspace.webring.com tcp
US 172.67.153.124:80 webspace.webring.com tcp
NL 37.48.65.145:80 www.arthursclipart.org tcp
NL 37.48.65.145:80 www.arthursclipart.org tcp
US 69.64.51.72:80 www.clipartheaven.com tcp
US 69.64.51.72:80 www.clipartheaven.com tcp
US 13.248.169.48:80 lordofdesign.com tcp
US 13.248.169.48:80 lordofdesign.com tcp
US 50.87.176.114:80 www.virtualunatics.com tcp
US 50.87.176.114:80 www.virtualunatics.com tcp
FI 5.44.245.31:80 www.suppanen.com tcp
FI 5.44.245.31:80 www.suppanen.com tcp
GB 18.165.160.71:443 scripts.chitika.net tcp
US 66.39.50.172:443 geology.com tcp
GB 3.162.20.109:443 i155.photobucket.com tcp
US 64.98.135.115:80 www.clear-internet.com tcp
US 64.98.135.115:80 www.clear-internet.com tcp
US 8.8.8.8:53 quarryvillelibrary.org udp
US 172.66.43.19:443 wwp.greenwichmeantime.com tcp
US 23.92.79.106:80 www.illustrationsof.com tcp
US 23.92.79.106:80 www.illustrationsof.com tcp
US 8.8.8.8:53 webring.com udp
US 23.92.79.106:80 www.illustrationsof.com tcp
US 23.92.79.106:80 www.illustrationsof.com tcp
US 45.79.93.41:80 www.clker.com tcp
US 45.79.93.41:80 www.clker.com tcp
US 104.26.4.114:443 www.magicwandcompany.com tcp
US 104.21.3.96:443 webring.com tcp
US 104.21.3.96:443 webring.com tcp
US 8.8.8.8:53 suppanen.com udp
US 8.8.8.8:53 openclipart.org udp
US 141.193.213.11:80 quarryvillelibrary.org tcp
US 141.193.213.11:80 quarryvillelibrary.org tcp
US 107.167.237.4:443 www.wpclipart.com tcp
US 107.167.237.4:443 www.wpclipart.com tcp
FI 5.44.245.31:80 suppanen.com tcp
FI 5.44.245.31:80 suppanen.com tcp
US 45.79.168.40:443 openclipart.org tcp
US 45.79.168.40:443 openclipart.org tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 internetservices.com udp
US 72.52.178.23:80 dclips.fundraw.com tcp
US 72.52.178.23:80 dclips.fundraw.com tcp
US 76.76.21.21:443 internetservices.com tcp
US 76.76.21.21:443 internetservices.com tcp
GB 18.165.160.71:443 scripts.chitika.net tcp
US 107.167.237.4:443 www.wpclipart.com tcp
FI 5.44.245.31:443 suppanen.com tcp
US 76.76.21.21:443 internetservices.com tcp
US 76.76.21.21:443 internetservices.com tcp
US 76.76.21.21:443 internetservices.com tcp
US 76.76.21.21:443 internetservices.com tcp
FI 5.44.245.31:443 suppanen.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 76.76.21.21:443 internetservices.com tcp
US 76.76.21.21:443 internetservices.com tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
FI 5.44.245.31:443 suppanen.com tcp
US 8.8.8.8:53 greenwichmeantime.com udp
US 107.167.237.4:443 www.wpclipart.com tcp
US 72.52.178.23:80 dclips.fundraw.com tcp
US 72.52.178.23:80 dclips.fundraw.com tcp
US 172.66.40.237:443 greenwichmeantime.com tcp
US 172.66.40.237:443 greenwichmeantime.com tcp
FI 5.44.245.31:443 suppanen.com tcp
US 107.167.237.4:443 www.wpclipart.com tcp
GB 18.165.160.71:443 scripts.chitika.net tcp
US 72.52.178.23:80 dclips.fundraw.com tcp
US 72.52.178.23:80 dclips.fundraw.com tcp
US 107.167.237.4:443 www.wpclipart.com tcp
US 107.167.237.4:443 www.wpclipart.com tcp
US 107.167.237.4:443 www.wpclipart.com tcp
US 8.8.8.8:53 www.best-of-web.com udp
US 8.8.8.8:53 www.zimbio.com udp
US 69.64.51.72:80 www.clipartheaven.com tcp
US 69.64.51.72:80 www.clipartheaven.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab236A.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar238D.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df7ac02594afc83403dba749ab227901
SHA1 87c7b7edb3ea8591b6159ace79c1a5b18365e8f0
SHA256 bead2ed226d6e77255b3ed40fd8e00e36d68bd6440a02096bf9d3d4e553e34ae
SHA512 17c64983856da8d2a750985dde4ba31004a25fe1cf752693b91c641e6dd684abb9e8831a1f78e6bc6022a2a49b2aefab762d3a3dc40e698d145f1b5c6697b348

C:\Users\Admin\AppData\Local\Temp\Cab248B.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6854e77f511af2ef8464a22fff4e944e
SHA1 6df01b1d5ed9d47e826c16f318663c7553acdd3f
SHA256 d010caff1c4fda24daa8d8d631a69b87b4c9417cdb539ddd61ed6b81a55aa4dc
SHA512 e7011f5521ce0fa7ef0d2e5bbb065a30a46fad91b094bba98b5c244282533db36fcb896f3e5fddb628d44339e78191456aa3935ec1a2da633f3230757232bb3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 4ef3bb472cfb7b22263cc5c723d55271
SHA1 3f40e52bff0fb2b2e5638ed0f457ae9177741a26
SHA256 34966dc5589bf5be06940f120e486b8a376d8b86abb6af3ae7454ca1bf3fab5d
SHA512 0553dda46d8370e35cf829d3400fb3d85ec9e2c1cf33f0c5a76ba3fe70b41a50577fb757c36ad4dfbaa232f0a8bf8a45cf993ceb9b8924db160b94887589887e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA512 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

C:\Users\Admin\AppData\Local\Temp\Tar24A1.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3391a3f2dd1e2a78b4132471021842f
SHA1 82722db36b633083e68a8a62c0abf235975ff288
SHA256 1de5ad3663273261a557b65c8492e632c25dfd9ccd4add53d8623ed9352ed038
SHA512 5b100a8d963ccd71a178844a5e7df0b76c76e179189ff90b83e4cb67de011cee5dbb8e63eaaea85d4c8f0364abaf6c30eeef05682004c57761babf1b9bdff78f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01bf3b349b993b2e986ca0bced961d90
SHA1 d230089721d9e639dd99da3914202647876f305c
SHA256 6db233d3fda1a095a4d95112d7ce346c786ee53a2bcafc4165c23d7dd49ae0d3
SHA512 e49a6802ac967730e583062ba8df1f69f11963e524445c3ef8e56f4849824d63dca07459b4d9c294451f20cc5497e25405c453f3e064f15b3ca82e7dc4e3c243

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b9e56937de30b051d6c4d1c089b3cb1
SHA1 ecd0e5cff1eced14eac636b6026622a9e46337d5
SHA256 9235244f04d72cf9a9675ce00be066941271f0222e049ccaa61d9049c91bbd47
SHA512 b8461f25117b8de2bff4a7b03840ef7b4204d0cc95d0e4a21cef6c078ac5f544c9d3d18d02d952c4e0d3246982bde47d9928ed8b9cbc363c980fce668106f9b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 580369ea9aa6f1ba5358cd04fd2ade4e
SHA1 e363cd0f6e9e7d4ae7e18ec4627e662dac3057f4
SHA256 9e546dc1afad91aeb6f46b0bfcd8aa701b59aa584bf81280ceccd88b339848ac
SHA512 79781c16911a71750739e1f93a02c128e6f6ea26782037944153ac07685d7637976bdc927edf94830a09160ac65ff8b8c86881087e6f13fcbb8850a22032b563

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16317d2af55bfe2ab3460c79cf78f618
SHA1 91ae31d296ab5fd7a8d02c9cff755e5831a9287c
SHA256 153dd9d3278065a77c27c603d79d71f55a622ad9302c7ce289151cf67aa571cc
SHA512 5141fbf53e0e82caa42ea7df45b44ec024236cd867fb9c51f6fad3e8970cea2c8441075336fc1734ba27f82f20172881dba0bc5018692f0fe169d4d5606be6c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1baa30e0803d1c0cb915b38ab4cefcbe
SHA1 c9bb83abd8fef17b5cc5da07ad1b23d0168eb4fe
SHA256 0da1fa856d5a3d1c4ae5a51381a8f85d66da99246bbe00f30f377a20870d3341
SHA512 1a43f2b59a87c419c4b48debb92eb3b324cca52ec165d5daa96b1c639c7fd645bfe12aa8640c2673e779c4a5dcdf1443e9baff782efd0decee9b455c200f4f55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25bf5c38ce03bf5effcdbad85c1341aa
SHA1 7e8160a395bd216ca153458b18650626973eeddf
SHA256 16d050f85cecf676a4972910a027a2cd4d9a9a2cad7b15fed7065bfab3d16bb6
SHA512 750ca62ba914065927a27aba42eda46cc73d051e31bce19e9e8f9212d051216ded075b36bb371861965a32358ed7ed6accbe280e73c94641aa0c5882a944cb02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a662720a2203cdb19699a9b75c919e14
SHA1 3f624a824903f33dd25baaa8919edbb88928ea3d
SHA256 5271d45bf3c90d7a5aad208fa3d690ecfc4cdb19e6a4c68fa01ab32e1bf91d52
SHA512 7b1c805611418fd5b44e76d993d90807f212e6f9106c2ef82ee2cd2af5cd11f9caf4d0e01876147dd8abcec6028b29de2dc4d70eb6a954e2be86057ecbd4e551

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cad1a6815d72c7f3720ea46fb8211f58
SHA1 1d0621781492634fbdf77f4d7447e3e5f84afc7c
SHA256 7a34ed89aec3ef31167200b3b05db5bd52bb93f5c02060cc9ecb146e2a6467a9
SHA512 0e241af4684d6fd0849982572914919da16a330ff01100a5c948719fde444cb44c4816f594a4b78d05b967163be6d423d09029281958da1ecba8914a82c0949c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b9438d405b2fa5c77ea6d7e73b15d29
SHA1 49373fcf6f7ea73964fbba04de8612d57be19dde
SHA256 a4308c5917d75b4b83d9979693be35e220e7583b938478854a4db7731c1a4909
SHA512 beaaee8a4b245e8da22c10d2e2362e71e616173535e0ef97aebb91958d44d67244fca3029d8fdad26ea4b65d508327d31d1580a0947ef28f4e09bcc703d5c003

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08e59a12694145c8c6aae36547d09579
SHA1 f933a28f05fecbe118d3c531b382e188b828f2a2
SHA256 92176b811451495385f6496d9167fc8432ff6c7da67c9a4f7b1be47153f09ec1
SHA512 7617e466b2a811d18437f23777c06e595971bb23688c7dbb1780a6b351802e78f8e7fcc205413d2a1950f3ce23dd2f55ad3db3b538ed765fa8754919dbce880e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\iife.min[1].js

MD5 63f9fd621d1fbd53b7c5856e58c11ccd
SHA1 a46973c2fbdbfeb159e0d717a90f88307e274012
SHA256 c6bc28686490aba34a53ab3b709afa1fd73c21e60feb25608b09f23efe170089
SHA512 d4df433c7368ec078fbc473398a4ab21e6da20950ac4db34338623296887db40320b05b9bde6130e43d2b55c82b81a56b60bab0d6a4c97df54a0cb7a8f09325b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6dbff1a0c11dbf14681f0e36cebb350
SHA1 80db3448f3184a6cca3b8030caeb785d6b90bcc6
SHA256 f10ee730f738f2e111149f3c4c13294047344a1ba3d196f8ac03f70146bf571f
SHA512 010e92321080caeb2ee2e4156d0c3140295d030176e0587017ca81df89c827457245579bb8ba651aa2e8b1e6c87697630f6a11a48bede9c2711c06231d8ef7b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1ef8a05fd3b9f951f720eb28f64917e
SHA1 9494a90026efaaf61f46ed9313048ff044f0a77e
SHA256 2ac3b7808f11409d744194e55461d8f98b443dc8d8a3f4b682dee91b8797d23d
SHA512 0b8817633b9bcdaf4dc1d82fb4ba5c25092c561c61df59a3628168a800ecdac95f9cde3b9b5412f1d3ca604217f70f1bc00fcafd440875b35fe2c0ca7a25be86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f5940e49826e5cf42a83b7279ba250a
SHA1 39ed6b7ceb8f01cd052a1d5301dd192f8f08b834
SHA256 f1894c901e9245aaf229a5037efa2f94300181607ebbc706be32b59d341b3887
SHA512 a9a1f8b7dd82e6ba7f498d09d515a584cd302f585a4e3fa676b5d292ce309f28b5e683cdc85503e07878c13483956c033f8bc78ec97d4bdb7c1a60339757cfdd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\oregon[1].htm

MD5 0104c301c5e02bd6148b8703d19b3a73
SHA1 7436e0b4b1f8c222c38069890b75fa2baf9ca620
SHA256 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
SHA512 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\johnny_automatic_seaweed[1].htm

MD5 4f8e702cc244ec5d4de32740c0ecbd97
SHA1 3adb1f02d5b6054de0046e367c1d687b6cdf7aff
SHA256 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
SHA512 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6860adfcc94c871740dc6e877820a26
SHA1 c72fa5851467e8f9a577b97770d33d767c610209
SHA256 87356b614793cbb8638b28db8ea6f50aa4383d38bf7730470dca6c4b02ed3701
SHA512 d61a1c0226b56a5b0f6762501a7805cbe66c485e3f45512e307ef2651168a30ab204fc6abba62586deefc7d60df3c448737137b28fd153968309c1eb62ebf70d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 f44d4458b238e62ff02f63fc0b3d74cc
SHA1 dd8a7c129bd89b3dabb564c3853320442eb76372
SHA256 6e444712e66a82a5c747eab7468518feed616fbea9eaf07bc57f683428ed2ceb
SHA512 d44c3ca887488507cd70313e1bb0f4dcc30caf089f948f63273166e3d77306e95abf86f6bc04750ae32e40ee6dbca7f9f07734a399f123f43ada527f9e4cf236

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\plusone[1].js

MD5 53e032294d7b74dc7c3e47b03a045d1a
SHA1 f462da8a8f40b78d570a665668ba8d1a834960c2
SHA256 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2
SHA512 fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d91f3baaeb4f309dc52729e1eeaf1bc
SHA1 fd1c394c2987a907d93094ca4fc6b47b8547d872
SHA256 a475137770a55cb9cc87200b42699980e530facbab856cf30b0069f4aa70f443
SHA512 94e6bf6fb161244cc8ed73630db0bbbddb0617ce6a82b7b6c50494045e2d68335f43066bf09ef16b41fe6a041fe10cfac85f0d66d9235503e0eecf413110a9e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0b2fc5fd84971cd4572990520c41a9f
SHA1 1e5ddfe24a92fc2043f00c9b95c5e074660de90c
SHA256 6fd070ea6431470f14a5486507ea33b6c4e1a18157b5dbb972921a67a756ec5a
SHA512 c3f22e7d6087f6f6e9c6cbc9c5fbc0fdfa1560f5f46a805ca06f4eeae815b9c91699a9f318942160065d352962095ec3051fae01f5e730b22865e7323194eb0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee7b1cafefe78b621747f7f9f8a7839a
SHA1 f51b393a4282d57c49c5215eb609754e3d74fa9b
SHA256 6f414cc61e640f23b19a0ff8411452f4a89cb192f446e892452f90081bc3c1cc
SHA512 c1df1e94bd9073394bc6b3ed1169f14269f873e6b19fe5925858cf4096b8474fe3011747b65edb5629ae3e97077cc691f235cd1455610ada288ec495050fed35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4c8a87b553331ceea57106ad0738bac
SHA1 97d78674d90a223da03aedac93ddbdb57d23f148
SHA256 6d921086e6f14ec88e4bc02da12d979c186ced6e07bc866a4000d292f783fc9e
SHA512 1f7843e2ba94083bbc1dd0d5318d48c32706bc2c3f1054782247c41ca1e127524062f09e087ec4bd7e47319625de98a31f20a5dd5d660ba6bd4f9358c4d911b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77289bd76f2ca28870ec590b29db241f
SHA1 0d45f6be3a2d44f68bfd447b4d57f08571d38005
SHA256 08fdea44c555c6ab9c36cc01cd6631dd8dac0b1ffa2fa53d8e46923a6e858ecd
SHA512 58440c3a1ca84249b4b1a3ef08946c0ecd04f676b382cd9c10c8f62fd944629519e81b8f453086d46cef6ba1c0b522be075683bfc96b850392a4eb5a2ef723cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f80dfb3c39299c793de58535c1748328
SHA1 3c0b141d8d0887b0c9225f2c715769b77e5edf3f
SHA256 ce423f040761a09f8d982805a8e16c51dcbcd185ac4396c5c650880bf5d0acf4
SHA512 fd22a5e691a5d7659871abf40173f3d15bff294e21e80bfc26baa7af72fdbc0cc47614cadcae3eea19c0ad4f52c1f22f205c63fc2e98cd4c64b96fe9951b4232

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36cfe8a16bc882cad1615b55e7930c00
SHA1 89262ab091d7856d19e4d0cf68fce54723c3eca1
SHA256 e2efbbd8bb417b07e2d217d60dd77466fbad8900e72bfb7cd706898cd671383a
SHA512 edf58020be3d37d941d7b1f2d4bc515d3310780666389e7bf160fcf6dc89c22c96d91309052a7fe79cc717541e697f83e46a001002c99f851eccceabd6794bee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5ca62869397e7e4e9fdfb3cf7505397
SHA1 5685fe08f66bbb4edd399b701c0ee528a2440012
SHA256 9faf2836c2ad8eb452541c4553da8d3bdddc5f7d59abcbb77049e1b6398884ab
SHA512 ae2769c05d8b781cfa404839ec00d45486835eee515a0d0b80994492740bcbce3a0fadf4a75a02a8192173f7b9c51441aaf85e9060b08d80accd0dd4395d193d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 f4feabfab40fece0bbbe8f8ab26a6609
SHA1 6442669375fb10ec9fdb59b67f40e6b4c58a164d
SHA256 187e39a36511e2620e08e3b07403622c7568692da1fd042d7b67614f027c8250
SHA512 458c86312a0d2a91f68cf895faba9f8e5c847788b48ae6424f9e873b08c48946abfee3a7fbc81287b918048c96cfe87f6ea3934b476f5c40ff3fde5c33b07ad9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 190125215d07fa5528bc0136eda616ee
SHA1 e755cc1be7b00e68f374466821099eb90ed21515
SHA256 c8e25b82a49d1f35657d0618a7b1c50bac9ce47163937b5de0469798b23fe806
SHA512 db3c433c501634c4e61cb9a7da9aade6a83e5277167e2ded9fa94d447f59f6b5b0dcdb747ea8832808faeacd4b36c69518581ff8a8fcdc029ea621d259f294a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 594ba2ee148d239ef82f50a5dea030d4
SHA1 1c1c5c776edc93341358d79f77464271e8e053db
SHA256 213acf7c66f6ba8af508e2595f6addcefac00c64a64c971528ba8d5b70fee1c9
SHA512 1af8536c0ce07cf39b3fad4845f6776c3136e2b10255fe3619a394f4c17e89964e7040195f84cb6f6ab0220bb71e7ceee2e00bedb4ee377101a48639d46c2660

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91fc33e98887de085426f100931c82e3
SHA1 86802e0ecc520d023b3aa22dfeaff778c39f13b7
SHA256 98d4b6838077bcf9321dd41fa3eaa5517eae5f748d6f2a1191d3c6b11478a515
SHA512 78733dbe02484aae1d9552f440d8acf71b25b4661a00cd7fdd29c5a8344b86eaf6cb951f976c344fb201862b76f63754d2cbc51393e25aca7d12d2b4c3b362de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9d0ce465718556ef274da44c858cc05
SHA1 cc67175224ee075353ec3041f7ec7ca13fd9363b
SHA256 4c9ea09d530295aaf078656ea9b28bc1b67728e48c9702f14d7c249ea7ce092b
SHA512 9ad6de3fe36a9f92bc26cc30bb7f3793a55ae07b2a7f93744f9b51a37d2c45870dfb2e95f221c111a9589ae0ebe235cd2a491197bcd92c6c372b4f3e70cbbba4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df83e517753bfbcf895a3d670aaf5bcd
SHA1 a722e0fce73fbcff44e99555adbc0b35754e39b9
SHA256 e89030aecdaca99fa927975dafbe5e882d315939bc37560fec023c4a3d873951
SHA512 3038ddcf32396622ec6b9f38e092caa90b788e5d02ef82bc7fa97db9b7aeae80eb7b0159de71c9db77fca0eb643f4a57426ea59ae2f157eb199b16bc957663b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7078130eddac137df6f8d173d2a1bee
SHA1 d8f6e581873af9b37510c5979e788af453c7c55b
SHA256 68d796d68fd25dd7ffe6a6dd3f6fa479f3049b84081da4ce00f4cf48899acb04
SHA512 524b45f4dd1793b7dbfa82a0af20907d37bc8571b01cf4096886b734a65085af91f30524c65005b76658a748b68a7537f0fcb605338420ce14e09a3629bea066

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b3e1142b902d7ea463cbff38ec4539a
SHA1 aae23deb2ff3d8d2059b2b95b32f4ff26e2b2a3e
SHA256 1db086dcc15efcfbfbe5e7a7907e45ff6b4535ae11db180c223485b4d46fc496
SHA512 8b8c3ff6373217c2d3072a33d70ec0cf7925b68d0f4e372500e5f7fa0d17920ce74bc98fed15fe4e7b288798aa43095ef191be88e7d6bcda1a79a104caea240f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4d964634ed4c7c531b9a1dbac67775b
SHA1 5acf1673d528c18bf07caf230784c02d7e19280b
SHA256 7a57555897322f11ea91e63e70f9ac35634de01149089c33e7c4bb32b3a2bded
SHA512 37d4ecbad3cc3a904d2cdf888397ee327d21943376beb74a5ff6aca4e937e1f0e9eabd3dd6fa163f45affefdfb05f0652fe0f36dae871d34748c28d32aee8604

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e6454da88ac44eebd15337fae5c2017
SHA1 6371ffdea5b8083fc2fe09ff7d029707d6605d7b
SHA256 294f5933cb1c6b6c98536bc35308e0ad56423b968af2dd13d5dcabf5136a6dff
SHA512 2a1913d7fd2d29dac6e9644a0dced58e86a7b9ca3b7c78beb460a293ad0919c08233e62ad26a88cc157f2eb36fe6fe7094f1536ca176a17f24ec23f1893f4a71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8913960a2185c213d179678a6c64b926
SHA1 c32ad5772707e66cee4b62230e6eb4b005d418d8
SHA256 2136c98fe2c9b0884dc6ff504ddce263b69ead04f934e159e2d5b5909abf6b12
SHA512 87c4aa9c80eda94278d3eb10606d0082ae089d0f07045d2bfa3264a32fdf7d467073981f3d82b3b5cbe17eabaca867b15d67da6803784af02a47314d64e9a94a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3af825e54d117c3d64552111e794e9b
SHA1 4ce1194bf72344d79c1441542c38df5e3e1bdb93
SHA256 71dd63e0a3bdd003dd3a8a3029ff8decd52f0299d43b64a2494dc0a7451de547
SHA512 872b1e3fc32876f1bd86ee9c9f42c18525c7bf87b31b4b31a5430cd6dc87efa6d53eb73c1edca9597994859c81e3518e6141b713279cfdf9e9a48431d4627515

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f7d5ac4d902fc618e9155f4d2671526
SHA1 25989279d168f699fb85abd630cc289f93cc33bf
SHA256 35b1f3d84c1d95c7a27db58263dedb2d987a314c4decd4ee2dab01e2c7c7a7b0
SHA512 b2a6c33730e0cd65fe44cca86ee13d0b981f31b42ab393c8c6a4b7a7181771057ed3b7d2d7e3ba430b264bf16bc5e147d6fcc8439f3c93e94a21264a217b9953

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 12:00

Reported

2024-06-03 12:02

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91b5cf8ac96e8c206f7970b1f7e527d2_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2012 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91b5cf8ac96e8c206f7970b1f7e527d2_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbcb3246f8,0x7ffbcb324708,0x7ffbcb324718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6944 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6944 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17753440215798817300,7235849196608735824,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3124 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 ads.smowtion.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 69.16.230.226:80 ads.smowtion.com tcp
GB 142.250.178.9:443 www.blogger.com udp
US 8.8.8.8:53 www.advpoints.com udp
US 8.8.8.8:53 ads.lzjl.com udp
US 8.8.8.8:53 poponclick.com udp
US 8.8.8.8:53 scripts.chitika.net udp
US 8.8.8.8:53 www.brightonbeautysupply.com udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.200.14:443 apis.google.com udp
US 34.232.203.70:80 poponclick.com tcp
US 8.8.8.8:53 www.trafficrevenue.net udp
US 8.8.8.8:53 www.paid-to-promote.net udp
US 8.8.8.8:53 blog.dhgate.com udp
US 8.8.8.8:53 www.blogblog.com udp
GB 18.165.160.43:80 scripts.chitika.net tcp
CA 199.21.148.89:80 ads.lzjl.com tcp
DE 91.195.240.68:80 www.advpoints.com tcp
DE 91.195.240.68:80 www.advpoints.com tcp
GB 142.250.178.9:443 www.blogblog.com tcp
US 162.0.215.156:80 www.trafficrevenue.net tcp
US 8.8.8.8:53 www.777seo.com udp
GB 216.58.201.98:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.besthitsnow.com udp
US 172.67.200.168:80 www.paid-to-promote.net tcp
GB 142.250.178.9:80 www.blogblog.com tcp
US 8.8.8.8:53 my.blueadvertise.com udp
GB 138.113.149.69:80 blog.dhgate.com tcp
GB 142.250.178.9:80 www.blogblog.com tcp
US 8.8.8.8:53 www.stylebell.com udp
CA 23.227.38.74:80 www.brightonbeautysupply.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 18.165.160.43:443 scripts.chitika.net tcp
US 3.33.130.190:80 www.stylebell.com tcp
US 172.67.200.168:443 www.paid-to-promote.net tcp
US 8.8.8.8:53 www.human-wigs.com udp
US 8.8.8.8:53 www.original.si udp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
CA 199.21.148.89:80 ads.lzjl.com tcp
US 162.0.215.156:80 www.trafficrevenue.net tcp
US 34.149.87.45:80 www.original.si tcp
US 8.8.8.8:53 www.style-hair-magazine.com udp
NL 95.211.219.65:80 www.besthitsnow.com tcp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 103.224.182.251:80 my.blueadvertise.com tcp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.230.16.69.in-addr.arpa udp
US 8.8.8.8:53 70.203.232.34.in-addr.arpa udp
US 8.8.8.8:53 68.240.195.91.in-addr.arpa udp
US 8.8.8.8:53 43.160.165.18.in-addr.arpa udp
US 34.149.87.45:443 www.original.si tcp
US 104.21.60.120:80 www.style-hair-magazine.com tcp
US 8.8.8.8:53 brightonbeautysupply.com udp
US 8.8.8.8:53 sharecall.info udp
US 8.8.8.8:53 www.alexandar-cosmetics.com udp
US 8.8.8.8:53 www.loopdeloophairbow.com udp
US 103.224.182.251:80 my.blueadvertise.com tcp
US 103.224.182.251:80 my.blueadvertise.com tcp
US 103.224.182.251:80 my.blueadvertise.com tcp
CA 23.227.38.32:443 brightonbeautysupply.com tcp
US 104.26.10.141:80 www.alexandar-cosmetics.com tcp
US 8.8.8.8:53 www.deviantart.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 13.224.81.39:80 www.deviantart.com tcp
US 104.21.60.120:443 www.style-hair-magazine.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 162.0.215.156:443 www.trafficrevenue.net tcp
US 104.26.10.141:443 www.alexandar-cosmetics.com tcp
US 8.8.8.8:53 www.hairxtensions.co.uk udp
GB 13.224.81.39:443 www.deviantart.com tcp
GB 142.250.178.9:443 www.blogblog.com udp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.152:80 apps.identrust.com tcp
CA 23.227.38.74:80 www.hairxtensions.co.uk tcp
GB 138.113.149.69:443 blog.dhgate.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 inlinethumb28.webshots.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 i01.i.aliimg.com udp
US 8.8.8.8:53 hairxtensions.co.uk udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 23.73.136.121:80 i01.i.aliimg.com tcp
CA 23.227.38.65:443 hairxtensions.co.uk tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 lib.store.yahoo.net udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 i2.squidoocdn.com udp
US 34.233.201.131:80 i2.squidoocdn.com tcp
US 34.233.201.131:80 i2.squidoocdn.com tcp
US 8.8.8.8:53 img.tootoo.com udp
US 8.8.8.8:53 www.oregoncitylink.com udp
US 8.8.8.8:53 168.200.67.172.in-addr.arpa udp
US 8.8.8.8:53 69.149.113.138.in-addr.arpa udp
US 8.8.8.8:53 74.38.227.23.in-addr.arpa udp
US 8.8.8.8:53 190.130.33.3.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 156.215.0.162.in-addr.arpa udp
US 8.8.8.8:53 45.87.149.34.in-addr.arpa udp
US 8.8.8.8:53 65.219.211.95.in-addr.arpa udp
US 8.8.8.8:53 120.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 32.38.227.23.in-addr.arpa udp
US 8.8.8.8:53 141.10.26.104.in-addr.arpa udp
US 8.8.8.8:53 251.182.224.103.in-addr.arpa udp
US 8.8.8.8:53 39.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 152.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 115.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 65.38.227.23.in-addr.arpa udp
US 8.8.8.8:53 121.136.73.23.in-addr.arpa udp
US 8.8.8.8:53 131.201.233.34.in-addr.arpa udp
US 34.233.201.131:443 i2.squidoocdn.com tcp
US 34.233.201.131:443 i2.squidoocdn.com tcp
US 8.8.8.8:53 www.outdoor.com udp
US 35.235.86.96:80 www.oregoncitylink.com tcp
NL 86.105.245.69:80 www.outdoor.com tcp
US 8.8.8.8:53 www.onlineatlas.us udp
US 8.8.8.8:53 www.countymapsoregon.com udp
GB 142.250.180.2:139 pagead2.googlesyndication.com tcp
US 35.235.86.96:80 www.oregoncitylink.com tcp
US 103.224.182.251:80 my.blueadvertise.com tcp
US 8.8.8.8:53 mapoftheunitedstates.files.wordpress.com udp
US 8.8.8.8:53 mappery.com udp
US 192.0.72.29:80 mapoftheunitedstates.files.wordpress.com tcp
US 8.8.8.8:53 www.citytowninfo.com udp
US 8.8.8.8:53 geology.com udp
US 8.8.8.8:53 pics.city-data.com udp
US 66.39.50.172:80 geology.com tcp
US 104.18.11.22:80 www.citytowninfo.com tcp
US 173.255.244.72:80 mappery.com tcp
US 135.148.9.28:80 pics.city-data.com tcp
US 192.0.72.29:443 mapoftheunitedstates.files.wordpress.com tcp
US 8.8.8.8:53 www.presentationmall.com udp
US 104.18.11.22:443 www.citytowninfo.com tcp
US 216.27.27.127:80 www.onlineatlas.us tcp
US 35.235.86.96:443 www.oregoncitylink.com tcp
US 35.212.77.40:80 www.presentationmall.com tcp
US 216.27.27.127:80 www.onlineatlas.us tcp
US 8.8.8.8:53 mapoftheunitedstates.wordpress.com udp
US 192.0.78.13:443 mapoftheunitedstates.wordpress.com tcp
US 103.224.182.251:80 my.blueadvertise.com tcp
US 66.39.50.172:443 geology.com tcp
US 216.27.27.127:443 www.onlineatlas.us tcp
US 35.212.77.40:80 www.presentationmall.com tcp
US 173.255.244.72:80 mappery.com tcp
US 8.8.8.8:53 www.mappery.com udp
US 8.8.8.8:53 vulcan.wr.usgs.gov udp
US 173.255.244.72:80 www.mappery.com tcp
US 137.227.233.178:80 vulcan.wr.usgs.gov tcp
US 8.8.8.8:53 ww17.my.blueadvertise.com udp
US 173.255.244.72:80 www.mappery.com tcp
US 8.8.8.8:53 www.geomart.com udp
CA 23.227.38.74:80 www.geomart.com tcp
US 173.255.244.72:80 www.mappery.com tcp
US 8.8.8.8:53 iloveoregon.com udp
US 8.8.8.8:53 geomart.com udp
US 162.255.119.200:80 iloveoregon.com tcp
CA 23.227.38.65:443 geomart.com tcp
US 8.8.8.8:53 www.bargain-properties.com udp
US 199.191.50.72:80 ww17.my.blueadvertise.com tcp
US 104.21.18.55:80 www.bargain-properties.com tcp
US 137.227.233.178:443 vulcan.wr.usgs.gov tcp
US 199.191.50.72:80 ww17.my.blueadvertise.com tcp
US 8.8.8.8:53 69.245.105.86.in-addr.arpa udp
US 8.8.8.8:53 96.86.235.35.in-addr.arpa udp
US 8.8.8.8:53 22.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 29.72.0.192.in-addr.arpa udp
US 8.8.8.8:53 172.50.39.66.in-addr.arpa udp
US 8.8.8.8:53 28.9.148.135.in-addr.arpa udp
US 8.8.8.8:53 127.27.27.216.in-addr.arpa udp
US 8.8.8.8:53 72.244.255.173.in-addr.arpa udp
US 8.8.8.8:53 13.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 178.233.227.137.in-addr.arpa udp
US 8.8.8.8:53 www.fedstats.gov udp
US 103.224.182.251:80 my.blueadvertise.com tcp
US 104.21.18.55:443 www.bargain-properties.com tcp
US 8.8.8.8:53 www.namecheap.com udp
US 103.224.182.251:80 my.blueadvertise.com tcp
US 104.16.99.56:443 www.namecheap.com tcp
US 8.8.8.8:53 www.virtualunatics.com udp
US 50.87.176.114:80 www.virtualunatics.com tcp
US 8.8.8.8:53 crl.comodoca.com udp
US 172.64.149.23:80 crl.comodoca.com tcp
US 8.8.8.8:53 wwp.greenwichmeantime.com udp
US 8.8.8.8:53 www.clear-internet.com udp
US 172.66.43.19:80 wwp.greenwichmeantime.com tcp
US 172.66.43.19:443 wwp.greenwichmeantime.com tcp
US 64.98.135.115:80 www.clear-internet.com tcp
US 8.8.8.8:53 ww38.777seo.com udp
US 75.2.11.242:80 ww38.777seo.com tcp
US 8.8.8.8:53 greenwichmeantime.com udp
US 8.8.8.8:53 www.best-of-web.com udp
US 8.8.8.8:53 dclips.fundraw.com udp
US 8.8.8.8:53 volcanoes.usgs.gov udp
US 64.98.135.115:80 www.clear-internet.com tcp
US 137.227.239.158:443 volcanoes.usgs.gov tcp
US 72.52.178.23:80 dclips.fundraw.com tcp
US 8.8.8.8:53 www.elec-intro.com udp
US 8.8.8.8:53 webspace.webring.com udp
US 188.114.97.2:80 webspace.webring.com tcp
US 8.8.8.8:53 c.parkingcrew.net udp
US 8.8.8.8:53 internetservices.com udp
DE 185.53.178.30:80 c.parkingcrew.net tcp
US 76.76.21.21:443 internetservices.com tcp
US 8.8.8.8:53 webring.com udp
US 8.8.8.8:53 www.illustrationsof.com udp
US 23.92.79.106:80 www.illustrationsof.com tcp
US 188.114.97.2:443 webring.com tcp
US 8.8.8.8:53 www.wackystock.com udp
US 8.8.8.8:53 www.internetservices.com udp
US 8.8.8.8:53 www.wpclipart.com udp
US 8.8.8.8:53 www.above.com udp
US 8.8.8.8:53 www.google.com udp
US 76.76.21.9:443 www.internetservices.com tcp
US 8.8.8.8:53 lordofdesign.com udp
GB 142.250.187.196:80 www.google.com tcp
US 107.167.237.4:80 www.wpclipart.com tcp
US 13.248.169.48:80 lordofdesign.com tcp
US 23.92.79.106:80 www.wackystock.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.suppanen.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
FI 5.44.245.31:80 www.suppanen.com tcp
US 8.8.8.8:53 www.quarryvillelibrary.org udp
US 8.8.8.8:53 200.119.255.162.in-addr.arpa udp
US 8.8.8.8:53 72.50.191.199.in-addr.arpa udp
US 8.8.8.8:53 56.99.16.104.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 19.43.66.172.in-addr.arpa udp
US 8.8.8.8:53 114.176.87.50.in-addr.arpa udp
US 8.8.8.8:53 242.11.2.75.in-addr.arpa udp
US 8.8.8.8:53 115.135.98.64.in-addr.arpa udp
US 8.8.8.8:53 23.178.52.72.in-addr.arpa udp
US 8.8.8.8:53 2.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 158.239.227.137.in-addr.arpa udp
US 8.8.8.8:53 30.178.53.185.in-addr.arpa udp
US 8.8.8.8:53 21.21.76.76.in-addr.arpa udp
US 8.8.8.8:53 9.21.76.76.in-addr.arpa udp
US 8.8.8.8:53 55.18.21.104.in-addr.arpa udp
US 8.8.8.8:53 106.79.92.23.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.clipartheaven.com udp
US 8.8.8.8:53 suppanen.com udp
US 8.8.8.8:53 www.openclipart.org udp
US 69.64.51.72:80 www.clipartheaven.com tcp
US 141.193.213.10:80 www.quarryvillelibrary.org tcp
US 107.167.237.4:443 www.wpclipart.com tcp
US 45.79.168.40:80 www.openclipart.org tcp
FI 5.44.245.31:80 suppanen.com tcp
US 107.167.237.4:443 www.wpclipart.com tcp
US 69.64.51.72:80 www.clipartheaven.com tcp
US 8.8.8.8:53 openclipart.org udp
US 8.8.8.8:53 quarryvillelibrary.org udp
US 45.79.168.40:443 openclipart.org tcp
US 8.8.8.8:53 graphicsfactory.graphicsfactory.netdna-cdn.com udp
FI 5.44.245.31:443 suppanen.com tcp
US 141.193.213.11:80 quarryvillelibrary.org tcp
US 8.8.8.8:53 www.magicwandcompany.com udp
US 8.8.8.8:53 www.presentermedia.com udp
US 216.46.53.194:80 www.presentermedia.com tcp
US 104.26.5.114:80 www.magicwandcompany.com tcp
US 104.26.5.114:443 www.magicwandcompany.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 www.jesterartsillustrations.com udp
US 8.8.8.8:53 www.clker.com udp
US 8.8.8.8:53 www.arthursclipart.org udp
US 45.79.93.41:80 www.clker.com tcp
NL 37.48.65.154:80 www.arthursclipart.org tcp
US 8.8.8.8:53 www.zimbio.com udp
US 8.8.8.8:53 i155.photobucket.com udp
GB 3.162.20.115:80 i155.photobucket.com tcp
GB 3.162.20.115:443 i155.photobucket.com tcp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 4.237.167.107.in-addr.arpa udp
US 8.8.8.8:53 31.245.44.5.in-addr.arpa udp
US 8.8.8.8:53 40.168.79.45.in-addr.arpa udp
US 8.8.8.8:53 11.213.193.141.in-addr.arpa udp
US 8.8.8.8:53 10.213.193.141.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 194.53.46.216.in-addr.arpa udp
US 8.8.8.8:53 114.5.26.104.in-addr.arpa udp
US 8.8.8.8:53 154.65.48.37.in-addr.arpa udp
US 8.8.8.8:53 115.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 41.93.79.45.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 162.0.215.156:443 www.trafficrevenue.net tcp
US 69.16.230.226:80 ads.smowtion.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 mayamalazurd.blogspot.com udp
GB 142.250.200.1:80 mayamalazurd.blogspot.com tcp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 87f7abeb82600e1e640b843ad50fe0a1
SHA1 045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256 b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512 ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1 df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

\??\pipe\LOCAL\crashpad_2012_ORTQUVSGCOJADZPR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 11d90afed8b77ab3769011a2384a9055
SHA1 f5727f4beff3be03d7b07d01b888cf880c007068
SHA256 fa6033c65d2134ee2d999876c862c7dcfcc67ee30db019bc5e57277cce10da17
SHA512 026cc2da20285e0830976293d1bd74fb89727942905cc9bd5ec9d5a029b7694e74aaa191c3f92285a8b5bb9032d5e29aa1e6dd5d552c3293020c51e2f938bdd7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 86e437ee8aca4f82b547db4118d53ca2
SHA1 c4b3a8cf8e527581dadfef74ed8826c796d8ade6
SHA256 ba2732c97fc32998944cd5c6af97c8406c83fd0294ff8e5c850c60bef18384d5
SHA512 93d40107e29877963f9bcb3cb74ccf89ed683f48fdecb843a17db922b0693eb7a4afa35ae4cc788cbd8b84f51b0a1c044d0fbbb74b51d8138f8c3741aa7cba86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 9ea750857e35b08a552bde6a4b2017ef
SHA1 f9b96e27b0c1ec46418280f1e322a361a240a624
SHA256 0d7020194a5ae975cd4acc76bcf69d7cdb28c209e20332e6253a59ab4111254a
SHA512 0f2764ba69af79b6a34f6945c7009f9b4c23e99bb66e3bc784269cc427c5d430eefb6c57bfd35bbcca34eb32068ad966beb705bd2a91ca1071b0ace696dcc582

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 437c78259aa18648adf155de331a3656
SHA1 f4915688655df677b87fdea702b56ae464f062a9
SHA256 d3ba41a9dfa6dd54bde0e6d98867284d938e79565b5202f6219071ab1dedfbac
SHA512 9f825f88f6fb860716f13cc00886aef8c0157adef1001c3c572c82ef43633cac0857243d29be1e75f8e218e780c5189edb00987e446ef0b7bb7773669e32490b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA512 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 72dc025e5e2a7009a4cad8e133d19d3b
SHA1 9b81de8040be3649d190693de844440ca6abbeb3
SHA256 00d12ea8f5707bf144f313648c23743742930c8be860baef7b9b10e8cb418b06
SHA512 45243f607168e60633f7d4d8910cab1b2fec2b276ce94d2dd7d66477162afad12cf1d8e2eda2b7b31162cc7635098e48ba511a6c693b0b5d299048f563f49bd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8107e12cdd384f43cf81f28bd2181f3d
SHA1 19e5dbe6f406b1508030019991375a521f1fffc2
SHA256 a5735e3829919d5dd72d52dae6a5e1c5dfc61eb89870a9f36bf2b233cc353971
SHA512 dc42abbe878e21fe4cf246d6b8238c644258b7919c46d61252b3403442d02542731b686a6dec01ce65868a4454ca2e7dcd2f6b77d1e03c8ee944f980529756fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 23536ccfe05b737ae639fe63ee4cc435
SHA1 6d2e9822835dc3e6117a4d2addfc8f241fbdbc82
SHA256 6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce
SHA512 f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e32dfe22d6f9929b76588b1069c17431
SHA1 3f7bd9a9e51215cd9e5430002e9a747466b080e9
SHA256 e2b40ae2a725789be3f4d80fc00c10599b5850bcdfc511d00d0eaed66f2e3a0a
SHA512 aa9923199c1c8e94376fe4ad067806330aff4bbcfaefba9cd87f77f2b5fb246ffbe33ef6f6b8f98f6996300021e6a96cedd5eb44994ea5c9bd2717a82e37a065

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bcd8.TMP

MD5 afd251067188103c2c3ca391c87b7cb8
SHA1 3a4f7004e13efe44567ece5bc7950256dde13a69
SHA256 9956f65e6c41369a63916701b3af6246ef07ef116bb020cd1c4568bfb6d9f491
SHA512 33a369d9df6989c6bb94d60ce296abed9a7ec1242a0ef74f3e074bbb56d9eededfe4c77c824fef69c6d9701b62d913a425d7f12fb34b9a5c5efc00c99a28076d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0f4eecc9e8e8db1455c8c3cd68bf2c4d
SHA1 b15b4c2794b592cc92e5db6853377bbbc96e871e
SHA256 cdb8d5ebaba8607a4bf04477294b9fe0fbaf81c5cad9f33c520e1b968a5e547e
SHA512 1c51f0ccefd7d04fed0d676c315015de536f6b4e9121353b5f4691bd68e75e53dbe63fe3a2e428160688a1f6f604e6f957635833b443358d7c18274c86eaa637

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 41c810b22c9e2e60e9662d237f4f59ef
SHA1 3ac6c1d204996b1b4bb20acdd55f787371dda2b0
SHA256 3b094500da0eee1c2fd02b56fe4b6500f558a5530fd945a20bf9178b3fbab92a
SHA512 ac3f4cff2b0ea3b03dfab100920c34b5d6cc0a9d9dac47d25412ddcaeb57e2a9029a16b42b176a0b6b5fc4603eb159e1adfa244cb770ea9b0929e07014c7d2a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2a5dfef686938976ed6daaf816455087
SHA1 6d0871cfa589b2a4b8348067e032a0b59813229d
SHA256 02c423cf1a5246c5902b58d49ac4d4bf29cce7587ec04231a0d3743b5570e819
SHA512 b15ef2618c198dd5371241e70ef72a8a100702a0dcac5f141b1bec9941b0b4b3e4dc7d3d8910cd8a4c6e20576f779f879fd69cbe70068f570ab2d31b6451806e