Malware Analysis Report

2025-04-14 02:57

Sample ID 240613-c8xvcavgml
Target a394168ad4a679b9b4502a7da9da9a3b_JaffaCakes118
SHA256 b56bee9049f0b5f0f7a96b301385f86ad51d7e0d9d5ba770b9ef8b30725eb92f
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

b56bee9049f0b5f0f7a96b301385f86ad51d7e0d9d5ba770b9ef8b30725eb92f

Threat Level: No (potentially) malicious behavior was detected

The file a394168ad4a679b9b4502a7da9da9a3b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 02:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 02:45

Reported

2024-06-13 02:48

Platform

win7-20240611-en

Max time kernel

137s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a394168ad4a679b9b4502a7da9da9a3b_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FF7A9201-292E-11EF-B3FC-D2ACEE0A983D} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d05b15df3bbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000036938878b5261a700aa0fa2bc6d343a4e1d9220acae59a9ad15af208c76a0e72000000000e80000000020000200000000f5637c257553f5a8622d241e9cd7c305c5666a51db6dc655fd4a3a3a48ac496900000002106ac93cf05d3f1a62de6ea2aa7b04b7c65fc742c9e25946151eaa0d9f4ce4d086d420cacb502cebb790f92de89547ae81c438d14a2b1e9d3e1f2c3987d28057e7cfe5a7fe50764a7958b8ac70c801fd2a06600e2e598df4a5e4f3abd4d56206436233e2fef34392fdcb42c08d0045ed79f090539e277e5c0e1d77bea72660992a04dd68816f5895ac2af90f03696a5400000005a6c3d8a4d3104cd1923364431997be4a24ed400169014349e4508c545aa6f48bb3bbd127bf2f175c3f7d8dc9f238a03f43fc5288f93c7378dd1187c86fc808c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424408599" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000030aa49fc4996899a4bfed3f6d31c23258f92a836877445572ef0d8b38e7c5816000000000e80000000020000200000009783ac212afb9a30ceb1a8910053d2c91393cce01fe42840d51dac9610e7f54420000000ad4eb4d9fe79ea250c8066a842362a680f5eddbac932b81f54b2df11cff9224640000000ca40eaba887b502a93738c5baba5f71f1d4a8a903bd3e75b99baa9a055467d4e743caeb9ec204926f7486faa06e52ac6df6fafcb34b99dc73370086b1c5084d7 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a394168ad4a679b9b4502a7da9da9a3b_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 s3.vefire.ru udp
US 8.8.8.8:53 cdn.connect.mail.ru udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 vk.com udp
US 8.8.8.8:53 cdn.socket.io udp
US 8.8.8.8:53 userapi.com udp
US 8.8.8.8:53 p.kinopartnerka.tv udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 counter.rambler.ru udp
RU 81.19.89.18:443 counter.rambler.ru tcp
GB 142.250.200.14:443 apis.google.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
GB 142.250.200.14:443 apis.google.com tcp
RU 81.19.89.18:443 counter.rambler.ru tcp
GB 172.217.16.234:443 ajax.googleapis.com tcp
FR 13.32.145.108:443 cdn.socket.io tcp
RU 87.240.132.78:443 vk.com tcp
FR 13.32.145.108:443 cdn.socket.io tcp
GB 172.217.16.234:443 ajax.googleapis.com tcp
RU 87.240.132.78:443 vk.com tcp
RU 87.240.129.187:443 userapi.com tcp
RU 87.240.129.187:443 userapi.com tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 94.100.180.101:80 cdn.connect.mail.ru tcp
RU 94.100.180.101:80 cdn.connect.mail.ru tcp
US 8.8.8.8:53 connect.mail.ru udp
RU 94.100.180.54:80 connect.mail.ru tcp
RU 94.100.180.54:80 connect.mail.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 81.19.89.18:443 counter.rambler.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 87.240.132.78:443 vk.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
RU 87.240.129.187:443 userapi.com tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
US 8.8.8.8:53 an.yandex.ru udp
RU 87.250.250.90:443 an.yandex.ru tcp
RU 87.250.250.90:443 an.yandex.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
US 8.8.8.8:53 mg.dt00.net udp
NL 188.42.92.236:80 mg.dt00.net tcp
NL 188.42.92.236:80 mg.dt00.net tcp
US 8.8.8.8:53 jsu.dt00.net udp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
US 8.8.8.8:53 www.planeta-online.tv udp
US 8.8.8.8:53 www.facebook.com udp
RU 80.93.53.88:443 www.planeta-online.tv tcp
RU 80.93.53.88:443 www.planeta-online.tv tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
GB 142.250.200.14:443 apis.google.com tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.201.204:443 counter.yadro.ru tcp
RU 88.212.201.204:443 counter.yadro.ru tcp
US 216.239.36.178:80 www.google-analytics.com tcp
US 216.239.36.178:80 www.google-analytics.com tcp
GB 216.58.201.110:443 developers.google.com tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 80.93.53.88:443 www.planeta-online.tv tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Tar5F34.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\Cab5F33.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 762b31252e1f91b289a26e12e48f529c
SHA1 2e6c3739c4ab5b57fa995111c160ce5c1d7b288a
SHA256 623b6cc22c7a0c8d6a7291ec98736aa42a16cdb085755d69b92a5329f3bce09d
SHA512 9857ae87ae5b9b3ed3633f43c7710775028539c541610a664460763b2ceb1efd089993095ca23049b66fdeed3cf324f963f49b3ccbd995de717812ec037a6cfe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 b132bb28ea0dc6f71dd3a513335a3284
SHA1 51960523e8f75d25b8a2902118272466287b049e
SHA256 989a7ee678a34491ddf9c271e00721d99e0f22fc37157de4bac58253ac8e8227
SHA512 25ba2bc7112e6ca6ce6efec31c4566503b4a14dff0a9c1358f9a6518fcc7f9fe6d77cc6e15347651151d682d806b85d1b40af6dabdf9422a144c0a0d9d2feb7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9821b4b42fde7142d709a21ed6e720e
SHA1 301b3ce5fb5632564232230e6b169c7f1f9ad235
SHA256 e243aa01ab1e4a69f680b833b4d4fa15f040180b9985d1b2155916cce776197f
SHA512 8f8860cc312bd02a7c2bfb9dfaa88f34405a19ef1e0672e9ccdf4af7fe4b067289c81190c11872fedd27fef0d9a38afc6c92f012dfd6f7783c00bfe4d79c7702

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4297a5dea015c51cbe863e74419f8382
SHA1 969c712e4001a2453f8e01fa75d8e23235f671d9
SHA256 5a22677f8946780c775fe24401723604a925b9eaf732f34070cc92bb2da26cae
SHA512 48301f547a8bfb27ed3f538150be02179a4e6b8435ded3540d088825fc2d64b100816eb40436a7bb583a27c28a0c17187e8aa9296ea25a875e2639b66a902aa3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27da780a64d353a8ef0d1af8d1b26a2d
SHA1 21c8ce1d8d1207d121bcabf97f993915d70e52a9
SHA256 c78695f99acc2929fec483b8aeac7242678056dd297806a642347e554ec59f7c
SHA512 3c60b4d73ca4a93e024de51e7d871d145101dc91b7907e7213bbd8b56747ae02fbc43231ac93e2da1c13e7f80bd4c4fcd3d1690e0d6c72fb5d135e895fbd1b17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0140b56f563e7e86db7acebc0e865ef7
SHA1 89eec790601ed5b8dc39f17eb5dd6b4a10b61257
SHA256 80bc56703de68ce4e95aec0e6da125bd177e66a3f00fe4c4b653fe45d40b89c2
SHA512 49aec95937cb35850216e9da930c19f30a4f05ec62efbff660472d90925ba1cfaa0e8adbe7e11fbad298dfd0814714946d862bff93dcbddc917ba09ee07e5b36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8167d82a210abea41a463de8f380e22
SHA1 183f0e844bfead669f6d8fe07d7835ceda38d0ab
SHA256 7a4c7e2e587db640251bf2dbb5c18beee211bf196a99a1077b7a786d959b085b
SHA512 257fa289cee9ec6fefa79598debc6162c3a0798708f12295ddea3246aa6e29f391ff73c67308fe47b0f89858f6e4387db8bb29c9988ef2dd84c0cede5b9640a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2939153485c29569f79971bb4f5a50e0
SHA1 02569c23e5aea233dc349a9d60fdcba2866689ae
SHA256 d6a55bfc2013991b956f836bf79eaaccb9d29d9a7fbb6dd420927d0adb1b2176
SHA512 c4c4478bd2c16e6335a94b86fc12245540a01c34a53a76716844135a84a4f236a7be4366febdd482cb8cd500684e16e693e229a2f5ce120bdd0c434ff1cd7366

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8386a08fc12b25e1d39b26d13a72c323
SHA1 39846ab7527b3d077131958adf539c9ba8f0357c
SHA256 9c40225482524393d86589324c96c6d5b3d476025fb8df3cb3f3d829cd2cb2e8
SHA512 0d26c010731cdf9b3d6d6269a4fb0a7dcc2f08327cfea509938222e802627c91c5d295df36a05d7e7982d32d7453aa4f0d4ed249cdadb66f66fc7dad7dba2628

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78d52096661e7388310e50a2815b297a
SHA1 70776781b16ae997b88c3be38adda70e9743baba
SHA256 e2e9cacf5afebc8575aa47266a0daed615f2f38c7ffcf64b4227280649dbde1e
SHA512 8a0acf4d7e77b167240d181482e3a3400777c1fd3c8e7679dfcc05c10479269ff2089e3e2ed8d5a3576d5163b582507b60c43cd053a675f841d0c1d952bbd9cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 baa1a80701e1c179bb825327e7f909cc
SHA1 3fb8f3d36341cf5976fa7952a0da35dbfe15f239
SHA256 80b8375b6ce1a4fd14bdf13b1e4bdb9bb166058ed7dfc9c750023e91c1e1bf6c
SHA512 8ccf8129ad87180dd69279c05241eac6d3949ecacb524a51121e98a307d5fffbcca21b730e97c9bb44954b900685922c7b8da707fa405288e3a86395a1f40236

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1f8895dca12b10733bae49218f43129
SHA1 ca7e9a0363c1c2700164e1eca84f94cbd0b23a31
SHA256 6f5abab6f4a2922b12192ae1015ef26fffdb32db57fe7ea5406fe84972338ab9
SHA512 b577b5ca460f89d53e1ad171aacc9e23b4ce845bffa00bacf1e0e50e4d70be5b286d9501424aee33ba72785cd1009049eb084fc92d5574c994b2fad0d4a64c1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1277370c2ca664cbcf9d77a4bbf6daba
SHA1 8e9b6321e4669674ae8c6bd163c7a46501393b08
SHA256 09d97f87956681d52820205400109ea2efc9c72d6d6133af7e591250b3937ba8
SHA512 5fcf05b2fac0997d76f4d8884e98bd89e9f29313f6db06fcdb6b3293b058c0ecc64c97122ef7414f4903a349f8eb4f99646597dd90a393fb39e9f69df4c44dea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 791e9341b73e29de7d23eefa5f31f052
SHA1 62e3906ef2829aa83fdc0cfb6c8e658c68bcc38e
SHA256 b9357293a5709b2f9384cc9494fca0499069907b482d45b9628678ddc7af0eff
SHA512 d96308bc98cc1747f4e9e04251fb129d0c35a667ccdef62ec4ce347a86ede689934217a58bedbd279d1071416c36b2864cc7ec98b8241533fe44aa6e20222f83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 272c7cffe8a4261622ce29655ea01b95
SHA1 224b59a7e6dbe1b74ec800e2ec13b3a4b5c5fae7
SHA256 7eb9e540458cd703b853a933809d0ab1d162dc8bdcf172d757b865f9ee3edc77
SHA512 e0612c38b1245cd109c000e3d0df2aafa19f5bb297d20b8c9f077914a221cf45284b8b1d47bbf7650b65b1fee94e54dcdfc994b0f0e85d6a3d47000b6e668bc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9674a7de3f632f37149f5c5586d31def
SHA1 dfe23f1a589e298bbb6d56bc683a9bf6666085d3
SHA256 235b420a1251026f905d93b3395c15ebdeab8274586aaac4e5cb55f79f05dcf2
SHA512 2dbf2ae54f4d42364a5046030214e66651ea84c655a75e7ccfe08f68c5577061a53e8300e3e72d8f203ff6052990e8b592bad19e2be47c9d2f839640ebc99009

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19b8fb15fd8757f6727a3e4463a9db3d
SHA1 c07cedaa4b0cc642eae5f67199e187d284aedef1
SHA256 3fdd79ac6f730c6dc3c18aaad94fde03d342635bdb8940f67edecd5dda040c48
SHA512 6ff6570111ba1728016a6cd378a71b4828e253085af360d8b0a9f6409e839807e5bfe4293d55092fd011797ee1eb761dc55056ef955148bf38749373fb94280b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b3c0762b6431ce917f7ede43f8d2ab9
SHA1 cba899cd0cb893e21a09a6c36048cfa821d02641
SHA256 88a674f92af83f0625ff596e9ddd06bd0ccbc038d1dcb5d80e9a4471dc9aff7b
SHA512 985b7e5e436486763e91d2ed99df53e9dfb5f0ba7b246d4197d8d0a4d674361c34efd15b9ddd11dced0b962c42d819b1b64f4330262ef26b01c5bc098df70a7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3216db6ce386217a264cf344d09d56b0
SHA1 63506dbfe667c0083fbaa4d85318019e9fe58808
SHA256 a213e51a7e66222b0bbc38bbdcfad57237abd8ded2e04e82a6e18adc17d8e0d5
SHA512 3433f47e32f17ab52b5ebd05a9a4f884fbf0da20fbf1a4d4d8fc67e5cce6501016c0f5495da0786cd2464411a25e4bbfae9c17e6b91e78e949f2ca856e20120e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42801e74002529aee5a000dce526cc5e
SHA1 b786f2be440f201551e33fc31418e37c4eae9c4a
SHA256 a3be7de9458da22182bdbd1aeec3c25351669bfc8794e9d3065589c47e92e98e
SHA512 8bb5803a47ba11283a4c12d9f8bbe9142b767b0d0bec00c062a72050733bc31c2e062cefefa1c60452c5de44184e2a3be6d9c22cb91fc079a1f4ab98bf6db6cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9075ac1eb3180ad05195cd087bb6a9d
SHA1 234e76dfa4b9febd1831282372b58a4e97162d70
SHA256 dbd5bab752a7c9cf04948166cfd70b03c2daf675d416dea032b91ca17a8883bc
SHA512 393487c40220accf559df0cebf0c2c95eebe6635f94722c724b050aeb05320da79fbcd528de33874b67950ffd4d1f6c949912daeba4c24d809ab8478d218387b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9104f0a81ba85ea065ef1b2d648c71dd
SHA1 46f9d870ff735a2810dda909708b4ea0822f80fd
SHA256 80f88f073e3d476008e52077638fd1dc56494dab3731e9ac998557a670bd849f
SHA512 a6402403a3a7a44e5c2e7b645ee8a445b438fd9f6bd0b0871985dfca996ac3d717a0161315ddaeeab1ad7fbf73035f75ca6a010da00c4023396b0d18a50418f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 408e1eed7095ac12bf2cbbf6bd8636d7
SHA1 9fba2579a073640a5dcb8399feff937470c6eec1
SHA256 0fb0e12f703873dbd0c43247a051205b2ece6d889cf24ddeb14c4b7b67b8cf13
SHA512 5ccbe5c0fd4126066120367b0b8321a24a88af60e8b9b4a1a81c22ed64a8e4522d4c1565f02a8ad853ca2e6afff9940c9c8b64283da83caf57f733403678a217

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 270a4ea03d65786895714b4450cf1de1
SHA1 5bc030d02fc9271b3817b34dd73d569d650dc44c
SHA256 113997482d4ad3e7d380a36ccad8d1cf8a567578f00dabd8402653fa6336c655
SHA512 322591c8d6f3fba8eb2e600d84fb418adf7d0baedf111e38c25a403e123ffbbc827df85b5ceaa8c5f38acea3da1da81298c1a6aeec9ed7d794af9bcc173b7d78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f51e290a5093a50a712c90a58e98e174
SHA1 73f6bdd3cde49c4198cc439f383d902777a49d48
SHA256 6cc9fcf16ed18b907d11d25f8c6f2828cdbbe7baef496e5bbd8e85995ecc9c36
SHA512 99bfea633bcaafc793c650f60581fccd3f87fc2674e9333410766cc193b0ec181fd7073ad14a85390330e2f2384a517911d6551f3aea59d92ffdb526332179f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e30f4861dcaf280f2b93d997b3d6e41
SHA1 a1b570491fdb3ea7aa25643f4d5201af293440f6
SHA256 9d90cfb95cd0bd15773a9870019d3691b30fc8a9890f048d80d9d772701d5043
SHA512 cfb250e35d479f3ec5d416aa1cc6700a8e414ec8808ed0c49e41010b268741b0d9536f0d7118742697d874beb088bcd74f0369aa1936e5f684ccf79a39604705

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c81ab2f3b2224cd5e058f76ed6d86d01
SHA1 6f22e647900132be857a6b9dd0ef10eb7c939411
SHA256 f3f31d993e686e3eb649a0fffd804b64735b893a806418671ac59302164c16ef
SHA512 e37330ce0f8e74987cabca763a19d8b884ffa310741cb4f762b1496b7fc7171711d4b931ae26daa47c030b1ca9fd3e7b2fb2df643f26a3f05ccccc1c30406f03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05e9705f2b7596e3439de58602efef52
SHA1 b54c5fe4880ecfb1d12292c6c4a4140d32b08364
SHA256 1441819d5b399d7efeb31a3cbb1794383247f1d5c836388ddbaafad69186174c
SHA512 00a364fb006c1a96eb5349c6cea8cdc7ca00a75e441aadd03e0136eb2d0a39e168402445ffdcd0aa4abcd4d911b7a805046a6c242df96bab4b7d9700439acd43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a855ae1c86cc2de632052ff32adf377
SHA1 90b81639bd5f48481cb763c57173b70f55eccc13
SHA256 d371eca71e96e67bb3b205267c5ff246402672031ad14f0366578653e3a39dac
SHA512 238697b0da6a3261a93d5d917018cbb11dcd99a67ed717ac83eb3185516bbab6b42ec6684846c674a05eba5ea8355668024d2819960a64046df4f634d98b3176

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9807e706c3dad98af372934eebcc358
SHA1 4382c5e7fae0bfc657cad6f7f0439a81eef495ee
SHA256 d4a759606507d6bb17f3e7c89e6440f0e970849b31965a5a9753a2b58f04fd3f
SHA512 f03cc523568ba26891d183455fe4b484ae45a41844d581138125c3dfa357f5ac93019907c8084f63cdb5d2f3786bbd06602ada94c488d3ed15967b6c454ab0d0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\context[1].js

MD5 3b49e0efe9d9e522f9b05c59bc831379
SHA1 dff7fbd79c7e6c0cb768f9e4aaad53aa08c22924
SHA256 b7b522f1d88eb6e61604a0d09a5005d6b64d04a46d1083b2641dfdd0a745fd80
SHA512 1e60959a0f763265f74763bcb45a8e369ef4be15bb1e917bddd15f79dc1063015872c3b347411b1f89b7d80f06536643d0995a44f2ed499d5bca8e91fb977e32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1333d5b8151056f63d8003002a688c72
SHA1 b8b1b8717b5f651c58795cb61609a8b80b8531eb
SHA256 d986984a62dfcce42148415db1256eb6d86b3649f620961e857554ee5d266ef0
SHA512 382b1281eda24f1d7fbbea3cbbd69c91699fb801bc81d60148d76a340fe88b86398f7b899b1ff920170e6003a547717d05444e81fdb6e1b2b68dc1dcbd375dd5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd2d95c6756c201e89e2f006dea76475
SHA1 55953cffc3d609fcfaf3f95e98946861bf4fae15
SHA256 19ec76a90f4cd5c1c20f1fcce5782135255ec950aa34c9898e0ebe678b982dbe
SHA512 effe7b5c85796ad70937f5dd19f279feed4723f74f7fd04a95560183d5b7c77475eaf9791b358f2a6789ad18cead120dec0b0dcad47772a6d67740d9ecda69a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 595a7341b426b5ba90b21a31ebf5461c
SHA1 3578cb9f0d5b56594e35d169b2060cf32d47244e
SHA256 a3eda645f11ed86b0a24c2d788d748d94c501a19e7a4f9550231bfd140f64cca
SHA512 71d5a93c71be5ede4f4b1bbeff9618b189eca522be3c519e00876c2b96c71732c833747f429572f84796a05d3afeedc48cb2e0e039a97c4749d273d18d3def46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b35b1fef0fbc0a96f72135c1925e7ddb
SHA1 9f527864df08990fda32ea71bfea17311d329f44
SHA256 66a9bca1a3ab5ea7a30ca3fb81c46fa58427ca0c0042892c9282d898189fbb16
SHA512 ac047ab44a99fb0362e71f057f951896f8d7967765533d15f90ba705cd6ad3083339fe55aa3caa8f384b895e37c5a30750305c544e38307f0f722fcdf3e43485

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b438acad35f530981121a4ee2a175bac
SHA1 e95a1ef9eb11180300a248caf16dd05b81879375
SHA256 95190d73853835d3330f78a10b0becbedea297153455df76e38d7022d84bd861
SHA512 67c56f05c86a9a5c8827a531d621e8e247a93fb6de1b814a96c967170fc2e9f0f40279f3f3fbe1c53430056495191d4e8d96988c9a19c9bcb70b36a331b92dc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b58c8f1ea10ea50e3588dd71000fe75
SHA1 18b087e4a0aebe734dd2ddd353c3a9f4fe738d0f
SHA256 43db51e37e3e8522fd1e4e006e66497cf0203977c1b064dbe709dd28f1b1344c
SHA512 612614e7c274a823fa8e56908a0f5b2bf9df60a691b25080e19f2f3ccdcc528095cb38af3d6b7b8796cf89ff5c215a6d00e378b2e082e1f60fbbb7f724c844d3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\cb=gapi[3].js

MD5 0fe383a7ddb9bbaefc3105b3297f5583
SHA1 f80c9d789f251909c7560bd91a9e1b9a10c26362
SHA256 d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683
SHA512 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76ab982c7c359e40e67f0574574b7d59
SHA1 9619e16a0db5a8715359c8fba6f5f12c5e963e5d
SHA256 a1612182d8f231542af8fdd112dc92b0db96f93c418eeab036f2970645dfdb5f
SHA512 7386fc55490cb22227a49819c917a15078a721d5d06871e2045f5ceecfa786a12663fd7085dee48468b2c1adcbd888810b779983849c8ee7412f458b57b310cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81cdfc1929c2f4c762cdda6f4f464ba1
SHA1 1a1094dbebf6a20fd445fabe99399fd8cc5084b0
SHA256 3c6d9e526bdce888a1e0850d670eecf614dbebbde0c3876286561f117dd2ec73
SHA512 9188aff631b60406de9115663350b924a7496493b47319fa3fdd1bfdaee6b82b430617ce64a78abea0711dad1044e6f046554d9fdb562814f5b1666e94388f10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7bfe844c2594d84cfa7975cd0b1bc969
SHA1 8de8f3941c2b0d986bc37841e3f4f516e8ac38e5
SHA256 684ea4509ba5f4dae89879c506eb04d6b32f178b8bb3d0ec228a1b80a33d319f
SHA512 d4a74f16b2915846f0b8abd8eed18fdf2497a4c5cf07cc1407c0fb6fcfd0bed46bb6b09f8ab8e8676d9fcbefe70c8076dbd963d3352d0c21d166630f4abd061f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a43289e6024a7da0b9eac230d19986b4
SHA1 db20ff90cd5486e4aad442cf6489bf48ee6a54ec
SHA256 712ceb514c1169e32acf6ba65ac202467f476eff5dfcb33031c5133d285e8690
SHA512 6f4fb845c2de5c54e6ee63015f787b14131b77285b27887f5e2268eeee1ec663ead4b565abf3cb1f32f8321c8d7f4115c71667b4e4fbb29c667bac23f25e6859

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7e86c6db1ae421f5591470ac58e9b1e
SHA1 756fa883fb00d8e634ebf1cec078bb30e6ba7484
SHA256 b01411d5d2f94fa7299e13dd9da457b2ad4dec18a991573252f55ee07b1fb89a
SHA512 cf40bc61664f233e5b9033d4e2caa9b049433d6b2761a139021cd8190f163a811eb5e403b409ff54e08bd62fdf23be9cb44bee12d42c83541120e8465e3e8441

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5e13555928fef1e12bf2731ca7a113b
SHA1 f28af3ca65b73100659ed7497ca5e329c871ef7f
SHA256 89c14ba4c4ca635ad7563fb0d84ed0331c093de059a32cf77decd3610a6b6db1
SHA512 ef5dcaee4b65dd7f631dd5b398521f5046c0845f2dd590dbfaa24431fec76ed4fc8ccfd6f06da6b435caa0032113d8116b5a91429281266f1a7fe0c4526dc6eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39c3470be23894ae3d9f192233d5b109
SHA1 79dc954780867ca26572ca04de1319b5830fcdf0
SHA256 741fe3dca0b846adb89f60d0294de860a9e79f319baa3064825cb51ab5ffcd0d
SHA512 7f8ccdaeddedb4f052f8e7fc0f14f6c5dabc11732922217ede6ec85a66468f7226d44d4a7e28ed5d2f373f771f6b01532224f9b7ba4df5adb3c1f4592be2da56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8194e383c17c7c412e87a82a51c99bc6
SHA1 be4ec2a9a2afcb6f1b1ac352c35db59a09c76be8
SHA256 320ad1d1f943ea679d5e08c3e9762ad70a06ef6063af70f2c54e892c2f7213d9
SHA512 228736090dfc627c6db3182f8e11173c5e5662c0e13e0bc971f1302d82c6f16bf1b797fd4b4474f8266392b8432c6dd222bdae18d738e370b5e1fbe2b00322c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8782ca8a580b4432a294f40712d760fe
SHA1 9f478ec9dbf0b93d473c4b88dca463a8d7b40f3d
SHA256 0e59221301df228e0ed26fdcff2db851d9dd6a117961bdb0c62c05db4e8ba11c
SHA512 f7c4dedbdb5111534d439a4b3c84ee21cc88be639bf78a977b57e93d37447a10435f788befbc6ea2a986c4714329a85bf2569b6d45e15c972148de546c200013

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b5ea261f14cdae665022f3681ccc356
SHA1 abc5afa0a34e99b065f03f10baffee1a61416623
SHA256 5b78b8f62b4cc58c4a5dd66e4b3471d035683997a3e0f3eb1c9323685bb87e06
SHA512 4d89232dc2ec6f0c5e0d4289af7fd48d24a14927fb146271dfb20ebe41188b87281cf82628efe8972c2351d13cebaf7bb2f6134a300876685a7eef4137d74650

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41381e0f9db0e01740410931c6e88f68
SHA1 6db0f0c5b9d292e06d9002ec917106655b4421bb
SHA256 1b23f79a705675eefcf4700b6315e9521c1db580e88a37b3fcf7482d854b0174
SHA512 8e7c63c331118e695dac1b0aa35b7195b686b740dbc8d371557f908ff298e6cdc03346fe8f89480680ba0803f1707d101ee474c2a09803e810d48bd9a36de764

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81cc6f4c7e5676aca4404747f11b94d4
SHA1 90b6efe8c565885135fd0056a7d7e77590a81447
SHA256 4d318dfed3a673cfd67f5aa9f362364f4b7222083d0229311a8e5180ca9b0711
SHA512 2ab4b1b3a237566ef554fe7f20ba438939daa62ffcfc1c25e911f3ac840bb469efe8a68d5f24a155097a76ad8b121716b8706179cd7741d662d4ac8919f37347

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33f330518fe10f385a529c86be52b251
SHA1 6505f0a1d20d79db0480e3a34aef2e0f15d91b2a
SHA256 d23adcfac2997008f5310d1bbbe5512b2ae0f9dc6eb8f05fb8cbf1457e80f460
SHA512 5867db7323a885596dd44efd1bcb29990968474d32c8fc1fdef9bbe922dd231b53969cf20474b5c7d187f54e785b42f81e207c288c5715efa3e409e1951c047a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13256f1ce5deb03e5857399b9999105f
SHA1 30b5b2b38bcad4a61e3f45ead0cca0d2306b9a91
SHA256 1a0c97ba64b617aa725b633c929c85372d6dd0003204f42657329e1971bd98d7
SHA512 bf7e00d4a3c18dd34e9487a9386b9af4cb9627a7bf2e31bbe851c5aedda66f8ef9e7a801b7ea1147950fa385b891dc9f4490c52607fb4798a5679592a3669fac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c48655e3665046b095ad48e8b9972414
SHA1 32cba560b9cd889cee186f429354088c6b91b05a
SHA256 cd6ca4f9cceeb40b824e8ac3a478f35ef445522ca07f741cb7c72fc7f4c2a7f4
SHA512 2dce05e91bb1cdded8e0d76330b0955877aced532bc45a031788bb9445ab873f52dc56d37bf1ac3d8e47dbefb52a3e4358db85742b69438c68341f523a5136cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb0b41d496574d453fca65214088182a
SHA1 022ccd4fefc9c00bb4d024a89f4f59a6e29d30d0
SHA256 87a2a55ae7b311ed8b47e1339770998425e2d2b390f297c02f3bc6ccc52f6198
SHA512 8db7cfaa3a908f977623745b48062f60470fe39afe6352831eb9bbb4505be0b9d18df394db6bab60a8b7ba4f58705d898f6ec5b4bd7a006634d877957ca161c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 824d5c1b32116b4c04a001013b28ddc4
SHA1 3970b1aa08e3cce18034358564528346d3015040
SHA256 bd90aaa1bf713d253a75a6b97ad3c0b9a2e896579807d62607830e028b8de587
SHA512 47bb69f0ad7c637a7cb7e875f6a5ffa10b6f5a92055214b89b064a4c788bb5f1b4cd34ac274c315e31729893cbbe01987345543175a50fea9a7840eb9bde5c08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7eee5ac5591e4b7aa078740680f3ca8f
SHA1 fe307671533b84cfa7ad7d0b6108c14fec4d143d
SHA256 2f459e289147ae8108b7487d0586a56d6ecd26518eba02de4f874779e514624d
SHA512 61ef2281a4aa8ffe97caca1d668ff2a3e01c3ea99a4313aa8ad97db027c5cdd4a6797dcae41e1c8197aba368a18431b40d2c13229b1b22ceeb4bffa08620d4db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fe2716933d000d496d4241ba2775dd4
SHA1 707f98b7f237d44029256e79bcdcbf69509caaf1
SHA256 b95505a9b72c3a4c7461a26d33417c65a79a8dc58139be24df99b08408c94148
SHA512 7ad5995b2e5d78484908e1eaf9ea1ec07f66b9226907856801fd7103645c5b58867ae7f5efead222659793f2272ee1651278e44b8922a281b9a8994a2cd428c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a31b0e914be066bb542be99910f0df44
SHA1 c28b39e152c11947803aee2e0e5caab08fedfaae
SHA256 e6741285b8c40351a9934cc5a0e01f3f2ce7f47d189999ec4f22a95e2e692454
SHA512 f9dfc808cd65e1750d7ed609db8d684f17913bcee9fc185e4f515da0508ff388d920f6a464d61d89f9bcffe1191dadf4e8da2f1d9108a645c0aea60b71267db2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9ad5a50afb521f3ca04b7afbaf8cfd2
SHA1 5c43ee2d302d00699ab06838114dda15c5b4137e
SHA256 6f3afc94a192b66c9ce5be3d80715760b1a74f95194dc93b8d19f3230453ffe4
SHA512 1aadc725732e9c29fea57667e0a663f35f3b0d8d96b47293547eb0f22785a049a36f087ea51e1b803488784a4ce7b0ef78fc1d6cb401e040daf6d4ab728c9810

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c6c2ea3e565e9714159a05b6cf683c3
SHA1 1f8c71c4fa4742a06e27cba4a4eef064b57e004a
SHA256 37d345a9bd14da8eca463ed07456e22ccc8099a2b84e26a78596d78e3aa87efe
SHA512 3035ebeeba9793335817e85a1edd08f3a2a701185631a811b1409a6f1948dfda335a2c0e031da4ec6e998f0935f00d56a5bcb144c888b640f62a1df5a07e736c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7285d2ecd5852c012fc156becd2049dd
SHA1 1ca2ef92ce61deb730c9dba8ba2a56569f59967b
SHA256 d4c9dbeb13b0e6b7b26bc3bcc3597a9188c478511d3fb12400c640e8c3fb9298
SHA512 80a26ec2e47af83f301f30a1e47920055f0a924665f9b0df1c18d51e663b106374f627fe23858feeb216daf30511c736e0066e50e0d63ecd3f032679e888969f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5cd3d13dedccde3c7858a0f2b271335
SHA1 973c48912a3668de5d9b0154cb12185d313999c0
SHA256 2165bad6a4c9c4cc94f174238e6e20097a3983dcd96ae23d25fc0fc0c5693727
SHA512 489c08bf514b9ba9d20360c663fccaa6bb160e1123e50101183f0c3a5169384d5e796d040b72863abf243829ecd6bda68460221cab3a28d8d08040755a78c335

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b6693a73e75f5f4a6ebf681b1d31f1a
SHA1 1849f62025c9b50ab8243c4eb46c05aa130c25ea
SHA256 93af54773a7b1b5cdf34f75f3c4bf4490b8b8d3b28308b36d9ea6914df5646ad
SHA512 cc8869c036350d84511fd5ac445e3429cfa746d8945b4f249812e965df29d5406073cd1e6f93d95732b695d7d4c130e4addd2bbdea409eca82c915f4ff6608cc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\rpc_shindig_random[1].js

MD5 6a90a8e611705b6e5953757cc549ce8c
SHA1 3e7416db7afe4cfdf3980daba308df560b4bede6
SHA256 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679
SHA512 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 02:45

Reported

2024-06-13 02:47

Platform

win10v2004-20240611-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a394168ad4a679b9b4502a7da9da9a3b_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3428 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a394168ad4a679b9b4502a7da9da9a3b_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffee9746f8,0x7fffee974708,0x7fffee974718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10065693388184121167,11197145503620122428,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10065693388184121167,11197145503620122428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,10065693388184121167,11197145503620122428,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10065693388184121167,11197145503620122428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10065693388184121167,11197145503620122428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10065693388184121167,11197145503620122428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10065693388184121167,11197145503620122428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10065693388184121167,11197145503620122428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10065693388184121167,11197145503620122428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10065693388184121167,11197145503620122428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10065693388184121167,11197145503620122428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,10065693388184121167,11197145503620122428,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5856 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4fc 0x2d0

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10065693388184121167,11197145503620122428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7232 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10065693388184121167,11197145503620122428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7232 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10065693388184121167,11197145503620122428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10065693388184121167,11197145503620122428,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10065693388184121167,11197145503620122428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10065693388184121167,11197145503620122428,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10065693388184121167,11197145503620122428,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 cdn.socket.io udp
US 8.8.8.8:53 vk.com udp
US 8.8.8.8:53 userapi.com udp
RU 87.240.132.78:443 vk.com tcp
RU 87.240.190.64:443 userapi.com tcp
FR 13.32.145.26:443 cdn.socket.io tcp
GB 142.250.180.10:443 ajax.googleapis.com tcp
GB 142.250.180.10:443 ajax.googleapis.com tcp
US 8.8.8.8:53 cdn.connect.mail.ru udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.145.32.13.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.132.240.87.in-addr.arpa udp
US 8.8.8.8:53 64.190.240.87.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 50.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 counter.rambler.ru udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 s3.vefire.ru udp
US 8.8.8.8:53 p.kinopartnerka.tv udp
US 151.101.188.157:443 platform.twitter.com tcp
RU 81.19.89.16:443 counter.rambler.ru tcp
RU 94.100.180.100:80 cdn.connect.mail.ru tcp
GB 142.250.200.14:443 apis.google.com tcp
RU 94.100.180.100:80 cdn.connect.mail.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
US 8.8.8.8:53 connect.mail.ru udp
RU 94.100.180.54:80 connect.mail.ru tcp
US 8.8.8.8:53 my2.imgsmail.ru udp
US 8.8.8.8:53 my.mail.ru udp
US 8.8.8.8:53 an.yandex.ru udp
RU 94.100.180.38:80 my.mail.ru tcp
RU 213.180.193.90:443 an.yandex.ru tcp
RU 185.5.137.202:80 my2.imgsmail.ru tcp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 157.188.101.151.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 16.89.19.81.in-addr.arpa udp
US 8.8.8.8:53 54.180.100.94.in-addr.arpa udp
US 8.8.8.8:53 100.180.100.94.in-addr.arpa udp
RU 185.5.137.202:80 my2.imgsmail.ru tcp
RU 94.100.180.38:80 my.mail.ru tcp
RU 213.180.193.90:443 an.yandex.ru tcp
RU 94.100.180.54:443 connect.mail.ru tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 avatars.mds.yandex.net udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 mg.dt00.net udp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 87.250.247.183:443 avatars.mds.yandex.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
US 8.8.8.8:53 ads.adfox.ru udp
NL 188.42.92.236:80 mg.dt00.net tcp
RU 77.88.21.179:443 ads.adfox.ru tcp
US 8.8.8.8:53 my1.imgsmail.ru udp
US 8.8.8.8:53 jsu.dt00.net udp
US 8.8.8.8:53 an.yandex.ru udp
RU 185.5.137.203:443 my1.imgsmail.ru tcp
RU 185.5.137.203:443 my1.imgsmail.ru tcp
RU 185.5.137.203:443 my1.imgsmail.ru tcp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 38.180.100.94.in-addr.arpa udp
US 8.8.8.8:53 202.137.5.185.in-addr.arpa udp
US 8.8.8.8:53 90.193.180.213.in-addr.arpa udp
US 8.8.8.8:53 217.131.154.178.in-addr.arpa udp
US 8.8.8.8:53 236.92.42.188.in-addr.arpa udp
US 8.8.8.8:53 183.247.250.87.in-addr.arpa udp
US 8.8.8.8:53 119.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 179.21.88.77.in-addr.arpa udp
RU 87.250.250.90:445 an.yandex.ru tcp
RU 94.100.180.38:443 my.mail.ru tcp
US 8.8.8.8:53 rs.mail.ru udp
RU 95.163.41.56:443 rs.mail.ru tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 203.137.5.185.in-addr.arpa udp
US 8.8.8.8:53 56.41.163.95.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
RU 213.180.204.90:445 an.yandex.ru tcp
RU 213.180.193.90:445 an.yandex.ru tcp
RU 77.88.21.90:445 an.yandex.ru tcp
RU 93.158.134.90:445 an.yandex.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
N/A 224.0.0.251:5353 udp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
RU 77.222.33.74:80 s3.vefire.ru tcp
US 8.8.8.8:53 www.planeta-online.tv udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 vk.com udp
GB 142.250.200.14:443 apis.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
RU 87.240.132.78:445 vk.com tcp
RU 80.93.53.88:443 www.planeta-online.tv tcp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
US 8.8.8.8:53 kraken.rambler.ru udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.201.110:443 developers.google.com tcp
RU 88.212.201.198:443 counter.yadro.ru tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 syndication.twitter.com udp
DE 93.171.230.8:443 cdn.planeta-online.tv tcp
DE 93.171.230.8:443 cdn.planeta-online.tv tcp
DE 93.171.230.8:443 cdn.planeta-online.tv tcp
DE 93.171.230.8:443 cdn.planeta-online.tv tcp
US 104.244.42.72:443 syndication.twitter.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
RU 77.88.21.179:443 ads.adfox.ru tcp
US 8.8.8.8:53 yandex.ru udp
RU 77.88.21.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 zero.planeta-online.tv udp
US 8.8.8.8:53 twitter.com udp
RU 5.255.255.77:443 yandex.ru tcp
RU 176.58.48.48:443 zero.planeta-online.tv tcp
RU 176.58.48.48:443 zero.planeta-online.tv tcp
US 8.8.8.8:53 88.53.93.80.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 198.201.212.88.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 8.230.171.93.in-addr.arpa udp
US 8.8.8.8:53 72.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 77.255.255.5.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 tornado.zero.planeta-online.tv udp
RU 176.58.38.67:443 tornado.zero.planeta-online.tv tcp
RU 176.58.38.67:443 tornado.zero.planeta-online.tv tcp
RU 87.240.129.133:445 vk.com tcp
RU 87.240.132.67:445 vk.com tcp
RU 87.240.132.72:445 vk.com tcp
RU 93.186.225.194:445 vk.com tcp
RU 87.240.137.164:445 vk.com tcp
US 8.8.8.8:53 67.38.58.176.in-addr.arpa udp
US 8.8.8.8:53 48.48.58.176.in-addr.arpa udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
FR 18.155.129.121:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 121.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 api.planeta-online.tv udp
RU 80.93.53.88:443 api.planeta-online.tv tcp
US 8.8.8.8:53 cdn.planeta-online.tv udp
DE 93.171.230.8:443 cdn.planeta-online.tv tcp
NL 142.250.27.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b704c9ca0493bd4548ac9c69dc4a4f27
SHA1 a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA256 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA512 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

\??\pipe\LOCAL\crashpad_3428_FQAVFOLSDYEUTNZO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 477462b6ad8eaaf8d38f5e3a4daf17b0
SHA1 86174e670c44767c08a39cc2a53c09c318326201
SHA256 e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512 a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d70c3fd9460177affd4534d410c87a80
SHA1 bb350bcb5451f663f5fa7b71e6cfb723d670d0dc
SHA256 0517e156676c804b745d87414c2b5c76c89a01f1d5a6fe8633a55ea4682f9b55
SHA512 5a8426b80314c8bc7dfb523719e5af937122d11e1c0a07fb560fa7b3d1ea2c38cdd6435e86eedebbf09dbbbc4865b795dcce636e13ec68a746ea22e9953c68ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 016d5a13516b5a62f523dd358f330962
SHA1 f0f0ae589e27fc93d435289855144cb8efee4180
SHA256 6a0ed619b5e8ae9e29f207705ce1e895d9bcfb8fbc56edb7f2cb7e7827a2620d
SHA512 e23f53625b8b89477efbca634f12492a080c4aa683f73aa48f3f3e99a55822cc6464b2092ca9004ca32c71f4c549cf571f47d80e8ede83e7191960783d0b4e3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6b92d1e3691ba4eba8a05c34f139d7fe
SHA1 e5c324819ab8092396ad018832e81779c9b92010
SHA256 1b41d175aec1d69ce7ffcaf92f20996176c9108bca1af9db15a9cb5a61deb504
SHA512 8e2ff7e094d4a2bfdd4d41ab31aea136934d8be50c258d97a7176ecc5ae2ca0ecf85fbaa6d3410a4151ab3c1276f00438bc14161b1270156fc85d29f3c75ca67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5f14e1bb6d247b974b019e822ad50df5
SHA1 4efe53d4f75688250e8af4465a814a639cc62c67
SHA256 5029bc59e0e6e4e38b7362da5671162e09f6c845b132337a1f4368a38ca0d92b
SHA512 1d9a344f9436bcfb3339f85e27c83f32d59035bb87f0a06b1dcf33aefb7eba36e23d69bb1ad854b5f1b4de23a0f97ab969dbcda263c185980e8bae4512ed5f8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 b1a073fc5be2fe0c68371f5c1010469f
SHA1 6b46e8697aa4a8e9db0649da0f123762e5140256
SHA256 e8827b423bd4127593724bd54dab35706d78491d4c79826249f15cd335aa308c
SHA512 fe6df9b09717f4237082b5ae008da9cd867e6d18ff1657dca1eb2e9e38c41cf44c402aa018bb24add4d0e6c11402fd874bf80ed42c6d4edf50a83129c63d10c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 722be61b3142598d267c2b656fe15003
SHA1 12b5d1672fd4eb660372ff08086f40ca660feb32
SHA256 7dc7be18edb50fd55d8038a2d6dc2b1ddb7f9dece248284db59c5fcb0424c6cf
SHA512 2dddd623b563f770cfcc675edb27ffe959e4f97ff789510e767881ac2bd7b2da42e1ec31387e94f03550a4ae71f644df19f916e6b82bceaf5e5209940226de51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1c61a66368a39d378293de0a368f66df
SHA1 2c7ffefbf95a011b8e11d19d2ac3c90055631175
SHA256 07c71727e72ee921cb3187b850f18a786b6b10a4f31d2dac0da954049dcbe2dd
SHA512 f42039f5e8fffcfdf34b637ff9f29842459cb2bf734035e7f9834706c7bd2575b7453e4be4a6bb79e5ea5cc4bbe2b0a5a7e04da708ee8e952dcc55f621402e37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c227.TMP

MD5 ef5bb21812375b5eb6c96f0bf5dad7d2
SHA1 6669d1edb0c7a2fa2b7103174eaf91538c495c0c
SHA256 7cdbc0250a5c0f6a083ea25ce4456ca08e4ba976f83899c77c42a5d07a89365d
SHA512 aff21ea27f738861de23c4e8aa4cf19eccec04b77fee49c34d9254b89d6a7065bde1455150b18c981eab82b9e38f51b6623e22034ee8409eb9a5667df7b8b7e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 52fd3a8682a3c9f12a4b1fdd7b95f895
SHA1 b2d0b594db22425865989e998c45ed1e8f5c36e8
SHA256 d63877601b5f36f4a8c21877f6ac68256671394f41421caa3511e7a571dc35b9
SHA512 2cdeef22c76664b8232b83d2f92caaf9080ca76491c30e23b1b81f796e141cecaf041ab651ea93d0a20b2dd9f58cdfe90cfe5f1b323e0e2cdd8cd50f9365532c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 48e026d54ddd64ff1fbaa1dd4136633b
SHA1 7d5e5d44364527a1c3ac91a27e7cb67db0d7cdba
SHA256 d68af4a5c4f8761cbbc5141229f225116e2f3e7bc0198cf12d7501a834afe450
SHA512 f9c90eae38c24d496fd6266a61a817ff2869ded98e6948217691e4e47436a2784518093e827631bebefddaa3ca33453bd2f910edbdbc340fa160e759cd06fc50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7a1bb142227be834552df54704a608f5
SHA1 6f642317bd6e31f4f643946358a92fcd3cbed4f2
SHA256 b212b6c247cc266a29dc8a7d5f051de62f1a98d2169b6c9886b9fd50d725e1c2
SHA512 e65ac2d03e9864ef7522d5c5de7942fffa54ec97aa349e95ceb5f36d38c27972ef35f1f460fe1c704753064b8c6888b75d28cb7802d154c3511a592f005397f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 e1c71f7c04be834f5587230db2ad24b3
SHA1 f3bab9cb99d9f343bf7ed3981aaa7450515d2424
SHA256 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899
SHA512 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 756cc509529cab977012112e64823b37
SHA1 5c0133bd221efa500b93e3b37c4bc24d9f47da5a
SHA256 d51c44353f5fb88bb469454f1186c64fd82d7f3ad24ec3cc88672b8daaa2ddd1
SHA512 92d282a389749aa0ba3337f1782345fe7ed3ff433361e65df957053541498cab4634df15d01ac7b15526fd7f4dc5b2c3874b10bb35e41995766d0f9dc58280fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ba5298e0a7399d7dc4b010711a30bad8
SHA1 d35a3abfeaf8dc4a3de904b96e5b6fb9639aac7e
SHA256 f7325d933e737220088dddcdfe0a7dc0bf75cd36baf55d253dcce00f00b911ad
SHA512 6bbe4526cb36ca6e8370d423f0597480093ae0a38522583c9fed426a61207a21dfb594e755c86d9e079e5e11b9d8eaa3f48497dd7449fde5a3afc4584e040f69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7947eb3633d78bba200e09ad664a38d2
SHA1 1262bef4e707d3bcb6e12c4feff7416608578053
SHA256 e6ff23bb046b29abfbfdce83996099ad2f95e403cca909ab8751d468469f8721
SHA512 9b2c8412e50fbd2c4d7ef61222d8a823bbe8df6f570e7daa70b5335f9d73d98602b880074ec739659e36266b90757e9db5e8389ed0af378b5826401769b97ec8