Malware Analysis Report

2025-04-14 03:01

Sample ID 240613-dgfmessbmb
Target a39b8bada10f23acd0ad85320f363eef_JaffaCakes118
SHA256 f385d4de7f003e5a33fc41d2253cd7013763a9e7e8174f6e5f0ad2d15285e04e
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

f385d4de7f003e5a33fc41d2253cd7013763a9e7e8174f6e5f0ad2d15285e04e

Threat Level: No (potentially) malicious behavior was detected

The file a39b8bada10f23acd0ad85320f363eef_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 02:58

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 02:58

Reported

2024-06-13 03:01

Platform

win7-20240611-en

Max time kernel

129s

Max time network

140s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a39b8bada10f23acd0ad85320f363eef_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10780" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000001b95e39d8aa747fd756b4c52796209060a1044d0dcb9b67ed36e533d862dfe1e000000000e800000000200002000000027a937c31e3ef18f98281f8da4ea759a136b2f3f82c6191af109fc376fc35869900000001ae0521d98b5c21ee11a432c46fdbf86a7bf4830d98a9df386d07af6e866716e0e377a6cc6703925ccbf41dbf9eb019afb8ebc89001586de1927b9ddce477c38dadc49c399236d3fe021cd642188bd30824960f6b860bed4347b0dcd6315cbaf4907b0ef95094c47b2d73589e7d281f6e43506d656f0c331e7509e6fc14bb795df95736f0c2ac678e8353714b10832d240000000e5f53f4ff193c22150ae25940f90550fba7c0ccdb315f79833105ef8894b6cfdbbb4cf4197612e68686dcbb8f3c75dd66dd0eb75249f6713f53d87d242ada3b3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "30179" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "29360" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9971" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "30267" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "30267" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "20571" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "39941" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10862" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "20489" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D35B1EE1-2930-11EF-B267-DE271FC37611} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10780" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10780" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "20489" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "30179" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19651" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19651" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9971" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "30261" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10862" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "30267" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "20577" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "30261" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "29360" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "20571" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "39941" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "20577" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9971" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424409383" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a39b8bada10f23acd0ad85320f363eef_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 penyimpanan-maskolis.googlecode.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 masolis-javascript.googlecode.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 copycat91.googlecode.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 static.ak.connect.facebook.com udp
US 13.248.169.48:80 yourjavascript.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
NL 142.250.102.82:80 copycat91.googlecode.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 216.58.204.74:80 ajax.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
NL 142.250.102.82:80 copycat91.googlecode.com tcp
NL 142.250.102.82:443 copycat91.googlecode.com tcp
NL 142.250.102.82:443 copycat91.googlecode.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 216.58.204.74:80 ajax.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
NL 142.250.102.82:80 copycat91.googlecode.com tcp
NL 142.250.102.82:443 copycat91.googlecode.com tcp
NL 142.250.102.82:443 copycat91.googlecode.com tcp
NL 142.250.102.82:443 copycat91.googlecode.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 172.217.16.238:443 apis.google.com tcp
NL 142.250.102.82:80 copycat91.googlecode.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 www.swfcabin.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.187.238:80 www.youtube.com tcp
GB 142.250.187.238:80 www.youtube.com tcp
GB 142.250.187.238:80 www.youtube.com tcp
GB 142.250.187.238:80 www.youtube.com tcp
NL 185.180.196.76:80 www.swfcabin.com tcp
NL 185.180.196.76:80 www.swfcabin.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
NL 185.180.196.76:80 www.swfcabin.com tcp
US 8.8.8.8:53 s10.histats.com udp
US 104.20.19.71:80 s10.histats.com tcp
US 104.20.19.71:80 s10.histats.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 w.soundcloud.com udp
CA 54.39.156.32:443 s4.histats.com tcp
CA 54.39.156.32:443 s4.histats.com tcp
FR 99.86.91.10:443 w.soundcloud.com tcp
FR 99.86.91.10:443 w.soundcloud.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 104.20.19.71:443 s10.histats.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.170:80 apps.identrust.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 99.86.91.10:443 w.soundcloud.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
NL 185.180.196.76:80 www.swfcabin.com tcp
NL 185.180.196.76:80 www.swfcabin.com tcp
NL 185.180.196.76:80 www.swfcabin.com tcp
NL 185.180.196.76:80 www.swfcabin.com tcp
CA 54.39.156.32:443 s4.histats.com tcp
CA 54.39.156.32:443 s4.histats.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f3026efa4c2a1539eb8fe447fddaed5b
SHA1 a7ed42cc78f88642d7f075ad439bad0b4eb733d1
SHA256 9218adc6733de177215485e81341dcc2179fc33766004b01060a8b6873733296
SHA512 a42bc7b76f10af21fdd778c37f7a9afdde2caebe2e92122ee8c5f132ea5d02fbef34b6be9141f3dd95e622bff6537ff0a8c9271ac81d3272c5fcb37dc1d12420

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d3049f1a4b143f13261e38abab901109
SHA1 1810917619ef7b98f40697c12f35a75575665f8f
SHA256 69df6863aa24aedecf107a7e2e0353d592c52a5905cc2833d824c2298733e9d6
SHA512 6af844057e960d6f4165f297891b676492281fc4abdd7346a220b1972124fabe2a9e0f7b3825c9f67c1ed885262cf6fb994c4dcd607c1981005291a240b6e958

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9ee2361c89fadb475a9a3580ff4b024f
SHA1 4bf12ece9011ebb24a5541f58a63e6f0a3c58a6d
SHA256 7e306d5b7808728eda0555a353042bae9919c382a418cb341ce987c5d4ba6139
SHA512 2909e782a56986b4fa2d599b9844e3c8d54e66ec726d5ce69eb5dba0d377f2f9014fd6499afc9573312accc01f058d5f2a51b9ae58d3024475bd76ee56eb2302

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 0d7cb01dddf6494ecd7913a8fc233157
SHA1 8c1690c0dd47672205312edc5c314ba00ad8a7dc
SHA256 d43f3a164796538dffba7109cddfe079f3f3dea8406f902addc595be76600b8e
SHA512 d5aef508492bd53d8d796015d33f04e43ed3b8c1bde87f1a1990f5529a64399a6dce3755d8188f583bf96c057ba2342ae47ff08123e479011478d7667b16479a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 8183e2de170db1bd8dbffdb1ff8a4e45
SHA1 52ede782ba1696203bef1f80d856a49a2f5cc7c5
SHA256 672cbb5ca4f35e8794f52ac76a30a05d81ecc6b66985ae64cca4fd2975a3a40e
SHA512 a8a1f143a967df851492da994a378bb11e5a57a6cb69eddc59f41144f613465526c03e0a3a3d67044f2d089225111810079c098460fe33745971758853649c91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 85ba4601a7a66a272bec1ec1c0a6337c
SHA1 4cbc989bd8f8c4176da1ae54d95db6c25341689b
SHA256 1662a54198698b40d42b6262939ebf63a4da38fcf9eac71dfafb905a4becd09b
SHA512 610940a10ea5d5390eef0f9aa165bf314a74514ce1fac2258e886cacce5cf0a52e7aa602967345e993b2b02891603bf7ab5022ed60c7daddef207169b78bc3f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 629436aff5169d479844efeff32c46ec
SHA1 5c48306db504b6573dbedc6c7328885d384112a8
SHA256 4881414742b9f6744577f7db0df10e50b829a2c81d1a141b9eb31d4a255fe9e2
SHA512 5000a59653667503a63eae04449f98188f616b8d68e1e0e3a55fff00545f88c74d94ae6661346d2383662a56579fa959424fc84299c53bf51ceede1723fb63b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_77F8F52BA8A33DC910EC4E6A3E045107

MD5 c5b0c91019fa65025ba62b82e695ee4c
SHA1 6c20be62426d7bbcd5c4ba4a16e3fd39e361673c
SHA256 8e092473bcd1d014bc609c9bc9ed99ec2cbe4cfe7d9c23dd8e96725fc5d17f12
SHA512 60c0abea302ab20949637fe9e9fcafda4db83136dfd0538e115ebdd2687bb0f31b057d6381d65b7fb089af040a4262660e3b0f9aa719cf30a69713bf054b6b73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 1103c5517b5d69f85f74c788fde8c1e0
SHA1 ecfc234fe3bfdb5587cd0e65aeec4ac15b6a978e
SHA256 9872ffdcdf01ae16a2ada8f1d4c136309a2f81bc238853a305d68d35e1f01618
SHA512 cbb62630dc3f65b5fb04bd2cb2ae5fdfff27df56234a71ce7922d96eb5f98e7bfd713a8ddcf2d9425538c376af466f0abc4a23e77451392bb8066ca6a872efec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 38bb23556c6484d93155f37f79d966c2
SHA1 d388f6fa180d055199dd08eed31459a61a9648c5
SHA256 f2509bb755e758d3410b6cb90014e8dfcb3aacea42cf8c27b951d710b158a54c
SHA512 e4a5c14a5e98fa30b5983e845fa34125ef5aa547b10a3b324bee83290430a7be62ccfa029d524a786e9d4771fda9b64ab33653c4119649cf58e416f95ee3f42d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 a4c3e4b3f212ccf9719236eaa8f728be
SHA1 e017a18974a9969ca60ca2499ac54b464d91a2ef
SHA256 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a
SHA512 c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f

C:\Users\Admin\AppData\Local\Temp\Cab143E.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1441.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5933b375b41c00cc07991a347c06271
SHA1 be01ae5441d326a894a7a6a1a8c14d710613364c
SHA256 1b7648f973e42d6c6ce3d9f7cba7bf666ea60c0d9507cb74707d883c7e7513fd
SHA512 dc91f5800d16cb8f0ce1310bd5aee27ad6dac111cd259cc5994db55bad74f661b5e5fdc5d34c2fc815ddd0d5d2f15b0116baf818bc8ae4ef93dcd5c50893da4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 d920f957cbede511df03b82e3df7f393
SHA1 f5dad253e097c09ab42fa72d5ab40477a057761e
SHA256 4ef27c61a4f9b612a91ba9eaa5188338f434aa7f73a06169b1efb1867190b57f
SHA512 5d4d55d60f5f16806b4d4c36f276840bdcf8633e476e4305daa970c7b9cbcdc62c89c7d92a035a3f2c7b0a8620675a32a16dd752d8b449c96308b94dafa03104

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 087a913ca394f3bd179535d19005b6ea
SHA1 b9b978a2f84eecb09351eb610350ad83f4352603
SHA256 e3406a521dda55cbac91f2541d8bececa203e024c04dc871029f9b3c4363435c
SHA512 bb17262a708319606ea0f7e66d691f3fe6b2cfee32e535139cea9b0b4e2021f5f5073c07f5b1f0f9d08d49afd5519de0609d22daefd1476440d8bf4a21b1ab1c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\platform_gapi.iframes.style.common[1].js

MD5 682c26af19b240f98d2cb951721fa54d
SHA1 18e58b652c7f82a55ab4b1910693686049e25d62
SHA256 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980
SHA512 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2dd5ae54242e1c9d6b44fe89facc5842
SHA1 9fe77db501b2b32b8777c88adec2a28984103a5a
SHA256 85d43a66426ac2ce93e652d2ee214021db7ded86482dbe18558a0794060e9d7d
SHA512 d599a10eb62067c074e85e05d1e88b6e64de27125ee1df5ed8e00ade7154fcb74797262eecfe5129bf827a8d45f957ca7a7a738d5c6b2124fd9aa7783e7f456f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\cb=gapi[1].js

MD5 f9255a0dec7524a9a3e867a9f878a68b
SHA1 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b
SHA256 d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d
SHA512 d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0DW1CQS\fastbutton[2].htm

MD5 4df07581948280a6e769a24c5d99d775
SHA1 843a2c95362347eb8894a6acb607f139be65ded4
SHA256 3561b93a48d81fac116ccd6e60163bd382abb1d594c81240f5718feb1f197f73
SHA512 bfe455150379d9ec4303659ac16a5082e093ed248fa9d75276bda05287d8bd51c43aab5896826ca55ffee88dce281df359fed6d38395ac3e7cdb7b68c2d35e4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 512b34692eb8e41f944a4e702d1c93da
SHA1 df278ba880ae827fc4e3bce6085067caf900698d
SHA256 6cff513f014ce24fd917c6e3bc84a795a4585b271413dad0004cda2d6ac88102
SHA512 2ab42d0c5e19488a65d068fd0cc2e7639333989871ef08de482162a3cdaf14fe2956507707ad5b39f97c4bb1e96a015edbde5d7c13275ff6316b0e11b51ff341

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 bcd41c432e68379ebc095ab038bbe4ef
SHA1 55d7225d7acbd5367e34e4bd7c927089d3154489
SHA256 31701d674d5bd540b10ad5a7fb0a25d328c20cfff300528c37c1afaa9b525bfe
SHA512 85c93b56f76aa09d9af81433f852ed37e4396ec7402f436b58cc256a6ecd02294360d177767efe569ad95e6ad3f06738baa9e29da31343d6e7ce6d9e5c828165

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 5757e0af82d92304ac557a22c47b22da
SHA1 ba529c4698d1a491765838370b574f858a39b7f4
SHA256 11aad461c0197bbcfeee4ccdfaaab7f8bfb524a9113dbdf1d9ae64961b31d5ec
SHA512 d73d2a25eb9d1204eb294769e0358cf52638debdc62705577b0f9be8eb1fb6bb0cd3dd314de1999bc06462f17607b42feb100e4fbbb5191874b9e22bc196ff23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\www-embed-player[1].js

MD5 8940a491297381a0ce25360e21b39bb5
SHA1 43d7a4157e78777fc024415969c3a7bd550a4322
SHA256 afc766cb1c4a339c40d24ad926f05e8b4927eed7532b876291d0bd19adc9cf3e
SHA512 5772d7e7485db888676e69cbaf4c88af01872997338bc61e8e0344d5dba208c2909e167d54d8edcb782e17d1a2b4e9dba955baeb0ad0e43ba932b3bf25ae7dde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_ECE7F7010BB93C9A4DC5F5FA51303BE8

MD5 4511006b39317f3b1931444c5b003133
SHA1 9b98cd24d6a1fda9de79722dec599a994c154e5a
SHA256 303c317e8351d8ece90c738b550e7d4338b2743a2d1dc3f91ef498a0282de264
SHA512 9a7c9c8d82ed35127091ec642461f06f9011ce36727a443109e1cd88e83fb42b8623b4ce4b5720ed9b0d62c34f4b078e983c9b64363eb88b6fe709f103abdcd8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_ECE7F7010BB93C9A4DC5F5FA51303BE8

MD5 9f60e7ee34ca551e8d1e13a61d4dab33
SHA1 24a3f59dac5261174b69cb0abe22c099ec659821
SHA256 5411ec733c6af768ff41cc3960564b67042b850c297718382e2f7bcdaf653549
SHA512 c5ea440037897f81dec47bfa13c9bf93459a9e9bc22460b1232ec3cb2e047c1a9ddbe2be9dbea8774696a3788fee5a76dc52a46e01b5b7f590ebd6151d503568

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4f16daeca68047a75546d009f9b33b7
SHA1 695a039cc9cf3d1cbf0fd28674e4faa9ee11e403
SHA256 56be0b41933a8aaf2ebde7358ccb89f190c4e63e9810b7637f3e2befba2d64a3
SHA512 0890d03d8aae8fd39de5c138f98a43eaf46d1e6f695d908d217f66b3d7a5d1728e13286ae236db4c3f3117a7c8ce2b12708c6ea61a92bbba5d4eba550be74198

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\base[1].js

MD5 cb463df0a090cdfabc77af2691141830
SHA1 e3dde6a1f5c4803e69839154013496a781137473
SHA256 e09e2e8a3cfbcc88eea12d0b17161e1f2c8c75f1bb21100829c09f9858db3f24
SHA512 099374f7b03a4635390b94525105884fa101d93a583eed0d92def7d2de3199d2bd57fc63d885e8e9af0863db40cf521d2fb770eb09400a4c6285f7c37ad88e8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5a6216482ca2be7738695127e205460
SHA1 87aa8752cc5434a734bf3e3913067d436c50f098
SHA256 fd4091269ac86f6cf1e3aca088f8059579cf595859aee56172b04823f11a4251
SHA512 4dcd35cafe45cf22503eea7df4aeb8d873f84133dbb2b61bbf14dfc18de113578edbf7ed687bb0875cdd17fcb4bb40d478a3ba4e8036a2a36b4b2b35829184a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 50d593c219a969dc5981fda239f0857a
SHA1 3c8b5805dea7a95ccb6bdd9fccb6106fec9fc8c3
SHA256 6daf14badb5c1ef9c14810fe981654fa8901a6b81fa4748514532c8e8b6fb05b
SHA512 3a84e1b1405fa2f60971254e405ac7ffc5f9c16f128038fe517e4053e1ad06d7b5429ae57cbccc4a440ded7aa7dd5a02d02e6041f2b774c623850181d6fea476

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd29d283a839a7e72c34c11db3e98e97
SHA1 31edac6ea331a99f85fa78223d2ff2762e3a2922
SHA256 2d7ae98d382c6a3d89e8591b20852c1e16adab58d137b3604c09d951f698bdeb
SHA512 765b6fc72d4223346ea67f219338ff6ab356b887e0f3689bac37febff0ed0dafe33d789db3173fc8099873da050e935b26e032f90edbde4e7905fb7d4a1a492a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 051db0d50253ca0992efce0f91d9bd53
SHA1 c436d5b316732b6f3f2ba96038be5ba4972699dc
SHA256 28978e6cf8e5a19f790d89e5e9398fa798d9511efe71d97590b0a37819a0bcf2
SHA512 c75bb64d4743244ef2bc100541c2f2754512130255f4e341d5b8a5a76d7df071b381b9cbd5e121add2fd11344672106a76cbca4837240749c1da3f79b4c4fe3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5137e7a79d58d631102b5d722469a052
SHA1 c6b4d5caaeb836e56bb52bed0db462f9142dba05
SHA256 6922b9b99c6522358dd1d69407cefdfc0c75d0c3e54b669c67b3bb8425125779
SHA512 4e82f0beba7da3ef8c728d47af64e207b537697c801e31137a28ef617334e90ff002e6516647643019f81b1b36fa55390af4108b58624a4c034d585682a2e319

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6cfb4f365d48f51366bd255081d94ca8
SHA1 48b66d67bab82872c1e1f864e842d4e86a295d39
SHA256 f4bd7e9364edc7c8ec0368c1bae514298d836918576d9de6d31e50865225bc2e
SHA512 e0fd3bf7cf91b1f1759fe8dd202b2ae0280591db8ae93a1c287d3d4418972f291aa8b3faa4f8d998b195e3634edb31b07ffe1492952288b04689261a208020ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e5e5e507a24cbc18e72e506871f320b
SHA1 3184d0075304e8310e43c9b068d58b98851aa188
SHA256 ea966179ba608a0390fe2c8b9752ff1b65e8fde258944f98f167b9ac9492fe16
SHA512 13c58f4c23ae4fbf525aedb1eae60829ac81802a3fe1a5d8be0e89752e4521221a9b08d536df95c38468976f96fc8244445663d77fa6513ce1bd4ac2e72d5776

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07f1fd1d1aac6c2ac226f11334fb5576
SHA1 fea94a2fe5b8b704174f511b7721ecc57f55bbb9
SHA256 ea567c9afaa58de5444969ecf672432e251f282c4d84dfe5c4cdcde4f169598b
SHA512 be6475d36dea6f44e07db92bbd73f67e9b6e1894b5dae2e6436679a1e1e53a62dee49dbdb44681eba265e36b4149cad8d5aeab95b95e3e71d9841ed16982de2e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KL93S6WK\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca530dcc9502b08946f8b3ce8c1d1ef7
SHA1 c49b33e718ac5f9ebce111cc0052108251064d35
SHA256 a08bc4eb514372ed310cb7e81ede088db63eeca9631f659ee219669fdb8bdb0a
SHA512 e0b1683ef7b7b0ddb8c1cd9e5f9042151a5183f48fc87cc1130f0692fcdd2771adde1adb9cf0c3c7464add30324fe714df67e5bf5dd51785e8e1216aaa8670e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d9f6bd75f86d35a19f3b1c10fdf3f46
SHA1 a22f4169818da099922463cbaf41dd825df77ef5
SHA256 1567ccee436b5f5d0c227e9cfea3d926b3c3435e3ff3c8dec93f0c2675029730
SHA512 458ffe9fd91424e2dcbd74db0de0f936ae16f496527cce4116118e1c925fe7d579798d89991186951b8582c0664808472fa55582913b5dbec09493fcc3c1d32b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef44733fdf0596cde0e3f881c34c4851
SHA1 6273fb5baf8ff99cdcc736302185d70da892b4b8
SHA256 c4da731c64bb7cddb64f44cf9ccb7348756c5bc3e8fc6c65ac805c07b1632e60
SHA512 70efa8619aa1eb86d6ea23bbbb3b08a694031fbf774e36db45ecbf81d05f3800e4157fd582193de5e8100a284b9dfdc6b819087455b60524437cdd44d36bbd07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 863a297eff1e76528c9432c2be153ee6
SHA1 0096b24c390bf04c506e5c558b8d925afc49ace1
SHA256 19c857f5b5289c029a6cf730408f0ea13d44fcb73eab6c2c445c31627f2dc57b
SHA512 d7eef656cfefe5dfd9e5858189424e22486dc8297f3dd9994400b5be8a2e4e5e7118dfb13701404b80375dbe12ae7bf59d953eabe8fdb90181fef2dd67d0371b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KL93S6WK\www.youtube[1].xml

MD5 3d28fb532fc06496862d49e579c4c340
SHA1 20f5d9ae0a4d96cfa33c0457a8102b6c9370d7a5
SHA256 1f92916e3b7887e6ed98917c36138fc54638ae8228f09ba03114d228882acc53
SHA512 99f5829137060cb9ac60fbc99c2743c07dd705fc55dd39ee14ddfe386a07f9f47f6db59d5d09b27b79d78a551e15ec85d14ce2ed796a6cbc59181cfc4ed57eaa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KL93S6WK\www.youtube[1].xml

MD5 3715820a42453cf7e0a98a720ce3baad
SHA1 11564099bc5a3223e076f11e85e84299f4948fa8
SHA256 db1bce5d52ad6a0ab0323294673ea2774b8e68f88a54be8f7fe4c85568f7f0a1
SHA512 6010a2e33166faf6852928d1ed70378c177f0f0829554e513f1318d66f6daa9a7ce2b0e8f373cab9e01bb812ed464c5db42f1059bcbc4250967c454aa01451e8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0DW1CQS\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KL93S6WK\www.youtube[1].xml

MD5 a3ad4f0df2ffbfbf829ff57775406d80
SHA1 9654539188074d670229260df20c9078fe6725cb
SHA256 3d2cec32cd93ee883ca862cd2a51fb7acee241ba50d3dce305de1592799f3de5
SHA512 cc4f7ab83e9fb7fcd6418f7c424e95ec65fc239c1e9de112cfca1f0c8fc85fecab7e89ff6102c93965dd1159dbf45fcdc4306d2399695e3942b94775a5f33763

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\embed[2].js

MD5 14d69fc9da4a63c8ad5013b3d3781842
SHA1 e0272f8403d95fd27df22dff5fc014e2ab5d8a3d
SHA256 e2a5632fec9da56d272ccdea5ecfa7000dc70659673c52a11966802e37a2140e
SHA512 0f85c67ae8969570f6cfa4d265013da7d4820ea11349b11b886d480d7d78df5c6aa1e7484724d6b21421db18678d22bae6d478d3d0e35506673fd609805d1976

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KL93S6WK\www.youtube[1].xml

MD5 5240264339f70680ab7f389466c058b8
SHA1 674523f9e21b6376775fc0a019063fb693d77e4e
SHA256 e09d209601d3ce23c0c083b8ea30df8bded00330588674a521adbada9fde5071
SHA512 bfdc6ca1fd08b47c13ccd8c7cd54dec3529d84c86cd977162fbd29b035bb4bcc9c6f7267fdac49b160f29dba4c6cf353f09c24d70895b82a754b31b0477e4ee7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\TD7MFXFE.htm

MD5 3d48c9926f7b9015cbba625ddc6f7932
SHA1 00f343a3e467de4d9967c58adc279fcbf9e3b5cb
SHA256 a1eb68bbaf896c66bb7705839d169b4815b193824e2e6f8020dd2d4441f5954d
SHA512 a17b4b7d23ee865bc5f49c1799c5673a060e438c60c1c476f3190503075da56461f1a9e735805e781949443c5ae0eb1b03c6a2592fd6fc418f6577a8e0ea91c3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\forbidframing[1]

MD5 5cd4ca3d0f819a2f671983a0692c6ddd
SHA1 bbd2807010e5ba10f26da2bfa0123944d9521c53
SHA256 916e48d15e96253e73408f0c85925463f3ee6da0c5600cb42dba50545c50133b
SHA512 4420b522cbe8931bba82b4b6f7e78737f3bb98fc61496826acb69cfff266d1ac911b84cb0aeeadd05bd893a5d85d52d51777ed3f62512c4786593689bf2df7f0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\errorPageStrings[1]

MD5 e3e4a98353f119b80b323302f26b78fa
SHA1 20ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA256 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512 d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0DW1CQS\httpErrorPagesScripts[1]

MD5 3f57b781cb3ef114dd0b665151571b7b
SHA1 ce6a63f996df3a1cccb81720e21204b825e0238c
SHA256 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
SHA512 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79a1d4da1051f686175949c3575ed11a
SHA1 bc2cd76ad689de4683be60eb634037de4c1f24cc
SHA256 56bcdb789aa190b851d67e82f5373f478a1d9700090e89c48ad6709fa235a46d
SHA512 59ef51a8b35dce69019ec8c3d65bcb8ff0f0038902d2466f26b9c43a0c883df7b3c2af47ed9ad180e3f4686398aa098d6916ea920d79b98e1427d6fd9c2d24fb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KL93S6WK\www.youtube[1].xml

MD5 78581f905869e64641e563d507739d73
SHA1 91ea998b46ba84e85c27e1a801bf23b2aedda525
SHA256 26197c77f5fcefb24bfa77962a1633950767a5b64fdf61e1aeecbaa02f965f20
SHA512 522597506bf7a781f33b4dd19f9d519ea97d19965fbef451045cd5541860a1773137721ae2da5f283c238f756a072f8db761f5e3e1e86d33e3a2ecaed22df514

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KL93S6WK\www.youtube[1].xml

MD5 d36ddd1167b8c885fcc76d78d9764fc7
SHA1 db4a334236a22ecdec4f367c5dfed55d8deedd01
SHA256 1ad728f815c3088b23d0c00f67c9aa1fcc07e3b047732cf3e5f19ed5e12cc867
SHA512 6b53d3423f08072286eebe15f02dc273c74c8a4320ebef365e33f4ab2af7fb31f77f7a8d76774f9195ad3e11cbd20cf76fa4d7d5a3ce23e486ffc97f44dabee8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KL93S6WK\www.youtube[1].xml

MD5 73edae5893b3c66d75b255dbc2489ca2
SHA1 ce0e179849fa3623bfffd471e6cefa6844fd08aa
SHA256 d1858f7fdbc7169851f0a2c132fe9af1b3cdcba01617f1447ea3a44ebec27f65
SHA512 c18a58c814c691e5fd1a04bc4dc547db9326caf1666912542147be5964ec81aa2959b808164d56d647e9cf1e12f199f6de1a0646f33c41a3d7394cfa75cec863

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KL93S6WK\www.youtube[1].xml

MD5 88f7378036013d3c2061210c0e162fe2
SHA1 3970b38f3622753e423447a915aad72b201b1e3d
SHA256 d0fe4ebe3ea5eb0957f8d989c41058cae9d9e104557b1eedf762198fa340d84b
SHA512 44470079772cbd0d9ff92870af09fabc0de45fd4693e8d8e4ef7e96246148db8d4adc6202d32f0776d44b6cd0188797b87a0f558dc82642a21e8e47407c7a261

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KL93S6WK\www.youtube[1].xml

MD5 ea90cfd2facb2208233cd969efe58159
SHA1 ba6400accc8c5bb98ea7dd221426b98faaa51a77
SHA256 33d87253f3ee80a169c101cc171dc94578a33aaa321a8a68c84346f24905e995
SHA512 c3013386b33a7c2137f678b9880b6ebdf430053d85c60d256ced042ba200ad080ed3c6a7c3a7d6f5ab0dcb83ab6a40453645ceb8e464a3a6afca4a3257445c05

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KL93S6WK\www.youtube[1].xml

MD5 de663dfc537aab20bb196074af38aca7
SHA1 97ef5eab137e69ad6e3120c15c4dc37d2989910e
SHA256 fad69b44661abed6f2a142f07c32b0e4a3c102eb2189619598eecc31d83073bf
SHA512 d3b153726c7cdc9bb5ff401294dce02c7a86c71f0738db2dc4ba8f16b9fc4a3f1630b7b73fb742fcb8471769eabb18070ebc64262372a18fcc23ed87b609e62e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KL93S6WK\www.youtube[1].xml

MD5 0811ab11b104b528460d33739597ddcd
SHA1 b9960c603a3373abc5c9d6363b8b65672580195c
SHA256 7cc068d42a847c3c8f2f2c2609944a01ba86f50b7b23717a3c36e162880a20f8
SHA512 2b7bd3ce35d2ff3381a2694f47dccecd744470eaf5c1a51b97235a5eb4333f9426f31a8f3f9ba6d4d81976b88a509df05430aa880baaf8e950c3dc27d0d286b5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KL93S6WK\www.youtube[1].xml

MD5 13c7cbe1c4f4d6ea8dc3e4e9cf16fdf3
SHA1 7030ae5cc9e636701e50c63104562b6b354e1bcf
SHA256 8bab7269f4654cf316798b740b6971ec3c8116c3b69d393d99a20dce0bb61bc4
SHA512 5741b2a8f171c91bdaea685cb7da0de8b4e4b7c6f7029c3cb6db3b734567329608808d67eac56eec884cf1ce9e677008fc3142ba53c8401da83eb25bf4e7650e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KL93S6WK\www.youtube[1].xml

MD5 f4c8de8723dbeb6f842f43d67817e8fe
SHA1 69d6c2490477c3fefa134c5565a9f61a42abe8de
SHA256 59e6b5a0cecc56acfab9bd1c2da94191c4a9108f3b270f2391b8b970ee63fceb
SHA512 48bf1a6c758e66ed94f823bfac5710d4f595e884f57dc299a7656fb6cd5f83cff158784bbe5e71e4e167fa305b798e90bbaeaf9f1da90bb5a849c3299344bcb3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KL93S6WK\www.youtube[1].xml

MD5 d9bb8f5ac734bed7ceb1ad06bfc47456
SHA1 d97a5853bb47c779649451b6dde506452aa5ad9a
SHA256 f9b43d9bb0225ecf8c1a5bc35c2456e674b23c712d0c7cdc15e2d013eef65fe2
SHA512 027bab62a381d4071058564f339fb3b9c1bfcccf6e4b8f744eda145a69c2979af69dab84eba7f4b7cd147757d82547e1b293032523017832aa443c5cb09acea3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KL93S6WK\www.youtube[1].xml

MD5 49cf3f462a3956e6d2905ef02af4fab1
SHA1 96c5a4d4f1d9372e48307fe9240c04e6b7df148b
SHA256 c0de2946af12b16d9209a7002d9220587b428d51a1c5a43339a369427646d36f
SHA512 d744876e109b43b9a7e6490e71ef8c4111fad714f9327036e2bbf44ae5e86fa567fd24149eb60bd5de506500136745cc39e5f223aad617d6c38c7f313da941e0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\rpc_shindig_random[1].js

MD5 6a90a8e611705b6e5953757cc549ce8c
SHA1 3e7416db7afe4cfdf3980daba308df560b4bede6
SHA256 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679
SHA512 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52c1da093de70d422f78931bc1739478
SHA1 7116d4aa53e26e6a15c150ab2df6ee8244170807
SHA256 44e12ebc55d54209e198d6f30d76b98b0458f814b75544d033a8cf516d06cb2f
SHA512 f3720ed4d85a6d0b61e557cd96610cd124234d2a4a87eb15742c52972e5fd0b2c8b824536fdedc91045da349564bde9322f39d302d0642920f61ec3cb14ba2fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e09bc2c91d7a8d6f440afe68b4bfe85
SHA1 75eb87ba61f18a509adb7b74e0f9a4d5281c6888
SHA256 2531ec3278567a227d3ec7f6e00a5a87109c97dfa92765740a4276bcb4675791
SHA512 6170b22bbab233694f566f3916333baa54be78c9a24d9fb370bfaab37e7fe081030609a9b9d45b6cf99569777683cf05b0b48abc2aef91f00d63314668d5c66a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c67b7a39adc19ec8770a01a47ac987f9
SHA1 f8f40f31eb41a710d194cafd6589506bde52bec7
SHA256 e3db082792d17e7211f1590362fee8e01eb454b24a998cf797edd8e4d096be72
SHA512 1255df9d66d216006b3668b856e7e1a49b558514b520583c02939f4dd84a6850f2f8381b619469c8bf20be373702ce82d59bc6a518c3026a2524015007452bad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72e41055cf83303e06a5c20462727d0e
SHA1 a24dbc765a44a427b8f32662639a4ab8a0c315f1
SHA256 8b82526b961be8fe6e8bcc26d12ba97764784fd27e6db156fc2e24f28231f712
SHA512 0e33386add30b71d3558c4329b3a039a16ec829629177100181dbe1b83102f36bd3f137e501af32348b68f191f3211519fdd3a3f0fbadaee53db9afc965b65cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86eaa037dd1e9b60c455aae68d6859b4
SHA1 45846a3d5322a92b80b00830b643329ce3c50410
SHA256 4958718d9c6b9ae9d89b79b1517de42c289a2c8b6e3a999d4b856edbbf8ae1a5
SHA512 60516c8629c2db7cbf1ba4aea4a8b42106335b750cde554b97078187891e94ace4348c30e97124ea967d49853c16fccd6bc86e6650cd30512dd30fa1f06a3ce2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6343b9878cad50785020ca3331a23dcb
SHA1 d43c2dba09d63ba50864b0ae915657a5c1a6b2cc
SHA256 f4619c9e8f81eaf4442dd3f79ec33ab57f8607d7e513c900b6fab2519ed483ff
SHA512 8f4d8fbce8e4464a7346fbde625359eae2437d9c137a5c9d12a4d7c12523709591fb67d334c3c562c9b3c65919c7a6d04f380c0f3b4b56e57e25abc7c0fdf0de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf90161c3c907f704b2629ed51ebb17e
SHA1 cbb2dc0d51d3bb99464e56a67fc17961f13b1c47
SHA256 05ea68a5a3dd31f9815270c29ff54f4fb69534c9b5d8df141667684301831de0
SHA512 fcafb0a49a3534fc6eea796dd34a54a864c43fc8711b873765864f89d5793768c74f3444cbdef8701f62ed4ceeba3fc4d57374ac82d193b92869e04894c01686

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e4d48e08d920192807084c2fc54a804
SHA1 1a87e8941b258cedddeb86f28e333fff719b2917
SHA256 25485f19dfd0cd11ccb4cc2ddf1d208f6248262eeca632d798e177550c9ad1a7
SHA512 f9f2669d3999658df086dfe64d150c8eef59d4c44425863c28a146eb20bf09d0519d3c305e1d2b2c2212e021766e3c3718bcb134e6e6d3904142bade53f5070e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e94290fc46b3c7fb5b8d6504307a27d2
SHA1 0b825ceecb9f102583d3194b2d790584b2c96b2c
SHA256 9fe1931c336e1f9049dc2fc7109ac4cead91cbe4229408c4844c4d4c69dab8f2
SHA512 3f753054d6cd756536b194475c7e138440fb82b7473485ea4fe0a264bbddb7444641da6be2b557d71288d618cabaaebe0dd2659c9572568381422c3cabb0fc37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc56c56c4ed54e7cd39320e3d68d0f14
SHA1 11be9d03a859b4b44cf890cafddf5fefaa6f3ce3
SHA256 b46ae69a39159aa63260d576a3c5a8cc9dd7b2e5dde6b79636689bfff464390d
SHA512 3b0f32ecdb974713474a7f8f2b74001e8d4b854edf018fde61184f0ba2c829d7ecbd89714decb7a9c5f33d001fb92ba51cee7b8ee455c610153f7f47aa415067

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79da86220a598790ea3f8328ba13b698
SHA1 2efa1ca2d622f44a5706a0ad34e2a72ef3a14649
SHA256 c60596872304142f59c2856cebbc2a626dcbddd5f30776d0356b1b1de0d8bae0
SHA512 0f32fc4ef122a329b9c38851149aa0a36812b06d3788eba72dd1a748d1718e1fe1c963821ec9995dbbba9eb59469461f2a6fae56334d83c43d43881a2c5e149b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0b3941f0233e3bc638388955e511f9e
SHA1 c124ee77d06cd92dabfa31f1c13955b0a3c45190
SHA256 2c05a64c3285ae93e78f21ebfc2f20b2d22f6c668c0bc0e8bbed254e410ce097
SHA512 2759ca0b48301440f4dfb17269169754061e2f13afb297fe2e1532f5c89a20611e449486c265dd613bdf3e539aa7961ab876c6dc1c8fdb9431afe6d7a126b8f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 597c8317bad43465fa1d9380851f8d4c
SHA1 e41f7a69f1d5cbaa93bfdd3d8c9da89b06cd2a11
SHA256 44cf35a84fcc3ba7cd0818e67935d4c816489353b182974d1936bc31d5ee277d
SHA512 10a47474fe8c15e1858a4b5e07a7ca65eecf1c49e1376e820fae01d0c30dae3cf91f6e02eef8fb43197607b51d37d82ecdeffd2c1c837c20202832caf2d5609c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ca37517be0df66ce95918ac34e98cb8
SHA1 7fd4c673196c0741c69ae5f9f0da8a6c69cda76d
SHA256 8367422ba8246a7f30c836d20f1c77f472156875a83c7b19e6b9bebddd0c0b39
SHA512 3d0489637cb1961e2ddfe275ee0d19ff9b17c58f51d2257c02dbb17ceb4605c52c9a3dc9a11474bfc30faa673122591c363e490386adec43232efee9c329b401

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33b942207204aac5d6c9b08348bac9e8
SHA1 02408ed8ddc3f4605c3f6d0a85b9070a9817acb2
SHA256 56de961f8f1c2784f01b25c7567d87defbb66bef96d077c2786a5813bad900e9
SHA512 971aa6f45ddc1de2ca7184c1455bf256cd67a3d9cef65219fab7f5eebbd80f18161001343122aadc7d5fbcfa9f9953e41176a82dd277a41dffbdbfd5b73bf745

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe553bc811660809f8aebf24b2ffb299
SHA1 dc2a7bf0d6168457c21236a88d866b5b07c1bcd1
SHA256 496bcab07a91593dfdb427aee07035bb17670471901caf659dcd0e2261d422f3
SHA512 ae192e355574cb54309215edc6af6e50079eb35267bf07909adab2a46734f290f883aafed8be10396eb714494f8cd689991b9608339f4bc75d0b94fb3d0dacf3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f389ab9335bc36e168f58b6292c2ac2
SHA1 93aae40be3f9224086b20c8eedeafde1ccd819c6
SHA256 8f879f5fa59db7da8bf2d537f772ee645809e0e2298dce8d3d4b77b9860ed385
SHA512 2a2d1be5bfd648d95e61661abcc6fae8f399293fe0f81126a2a12d4e227bb901771e36cf88f8197bd3632a2b0b9db77a3beb4c501626e0bf7f0359fc5ccaa92b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7aa40c0fe6edb92a77c11e29bb30a42d
SHA1 478b7df24b077e3b11ea46a08f270ea84224a9ce
SHA256 7c6a44148a038bf4bbfdbc055a0365932386f81c255379b6e39fab5440d994ca
SHA512 f42231f643c3c5bb8fd8c2b583695230b8022146c3746d3404c6cc8eff71db7f8538d7b20b2f052efb9cf9ee557fca0e44470f05163b15bc983e93536259cd76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd4b2bf3029ba1ab0b7db8811ca4aa26
SHA1 86c02f7013a1aa1e45622a3b8e7a6d0bcb5ed865
SHA256 ab8167500e9c4742cbf8d1f792f389200372c7acf74e76ef3dd899912963826d
SHA512 0ff60ebaf1a21254dab6641584334821732b7103d188f2ddbddb261e6af45a610098689c91724257be6febcc90600ac545b37ae24125ab449b159a4715755297

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da17d8bed512e19d061b1d7e38617f01
SHA1 ec3b9f9c94e3f265a90736dde172c896755536ca
SHA256 0a845d2ee4fe7c600053443dd099817418c546df11152d41d78e119c9d335ed0
SHA512 f0ada972d210f7b0e40b7d70dce9abfb1bec16dae756ca4ddc06d006764ebe13b0a9090097566991c34d7cd5c3de3aeac36e5e80b77b979f964602894c39e5d8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 02:58

Reported

2024-06-13 03:01

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a39b8bada10f23acd0ad85320f363eef_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3908 wrote to memory of 4424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a39b8bada10f23acd0ad85320f363eef_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb084646f8,0x7ffb08464708,0x7ffb08464718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2284,8277562917843714919,15217544361578905536,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2284,8277562917843714919,15217544361578905536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2284,8277562917843714919,15217544361578905536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,8277562917843714919,15217544361578905536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,8277562917843714919,15217544361578905536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,8277562917843714919,15217544361578905536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,8277562917843714919,15217544361578905536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,8277562917843714919,15217544361578905536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,8277562917843714919,15217544361578905536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,8277562917843714919,15217544361578905536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,8277562917843714919,15217544361578905536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,8277562917843714919,15217544361578905536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2284,8277562917843714919,15217544361578905536,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4912 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3fc 0x490

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2284,8277562917843714919,15217544361578905536,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2284,8277562917843714919,15217544361578905536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7248 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2284,8277562917843714919,15217544361578905536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7248 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,8277562917843714919,15217544361578905536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,8277562917843714919,15217544361578905536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,8277562917843714919,15217544361578905536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,8277562917843714919,15217544361578905536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 penyimpanan-maskolis.googlecode.com udp
US 8.8.8.8:53 masolis-javascript.googlecode.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 copycat91.googlecode.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 13.248.169.48:80 yourjavascript.com tcp
GB 172.217.16.238:443 apis.google.com tcp
NL 142.250.102.82:80 copycat91.googlecode.com tcp
NL 142.250.102.82:443 copycat91.googlecode.com tcp
NL 142.250.102.82:443 copycat91.googlecode.com tcp
NL 142.250.102.82:443 copycat91.googlecode.com tcp
NL 142.250.102.82:443 copycat91.googlecode.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
NL 142.250.102.82:80 copycat91.googlecode.com tcp
GB 142.250.200.42:80 ajax.googleapis.com tcp
GB 142.250.200.42:80 ajax.googleapis.com tcp
GB 172.217.16.225:445 lh4.googleusercontent.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
NL 142.250.102.82:443 copycat91.googlecode.com udp
US 8.8.8.8:53 static.ak.connect.facebook.com udp
GB 142.250.178.9:443 www.blogger.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 82.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 172.217.16.238:443 apis.google.com udp
NL 142.250.102.82:80 copycat91.googlecode.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:139 lh5.googleusercontent.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.194:445 pagead2.googlesyndication.com tcp
GB 172.217.16.226:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:139 connect.facebook.net tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
GB 216.58.201.99:445 fonts.gstatic.com tcp
GB 216.58.201.99:139 fonts.gstatic.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.187.238:80 www.youtube.com tcp
GB 142.250.187.238:80 www.youtube.com tcp
GB 142.250.187.238:80 www.youtube.com tcp
GB 142.250.187.238:80 www.youtube.com tcp
NL 142.250.102.82:443 copycat91.googlecode.com udp
GB 142.250.178.9:443 www.blogger.com udp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 s10.histats.com udp
GB 142.250.187.196:445 www.google.com tcp
US 104.20.19.71:80 s10.histats.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 w.soundcloud.com udp
GB 216.58.201.118:443 i.ytimg.com tcp
US 8.8.8.8:53 s4.histats.com udp
GB 172.217.16.238:443 www.youtube.com udp
CA 149.56.240.128:443 s4.histats.com tcp
US 8.8.8.8:53 developers.google.com udp
FR 99.86.91.24:443 w.soundcloud.com tcp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 71.19.20.104.in-addr.arpa udp
US 8.8.8.8:53 118.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 24.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 128.240.56.149.in-addr.arpa udp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 static.ak.connect.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 104.20.19.71:443 s10.histats.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.201.110:443 developers.google.com udp
US 8.8.8.8:53 widget.sndcdn.com udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 i1.sndcdn.com udp
US 8.8.8.8:53 api.soundcloud.com udp
US 8.8.8.8:53 api-widget.soundcloud.com udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 153.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 i2.sndcdn.com udp
FR 18.155.129.90:443 widget.sndcdn.com tcp
FR 18.155.129.90:443 widget.sndcdn.com tcp
FR 18.155.129.90:443 widget.sndcdn.com tcp
US 8.8.8.8:53 i3.sndcdn.com udp
US 8.8.8.8:53 i4.sndcdn.com udp
GB 142.250.178.9:80 www.blogger.com tcp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 style.sndcdn.com udp
US 8.8.8.8:53 va.sndcdn.com udp
US 8.8.8.8:53 w1.sndcdn.com udp
US 8.8.8.8:53 wis.sndcdn.com udp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com udp
FR 18.155.129.90:443 widget.sndcdn.com tcp
FR 52.222.201.118:443 api-widget.soundcloud.com tcp
US 8.8.8.8:53 90.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 118.201.222.52.in-addr.arpa udp
US 3.164.163.111:443 i4.sndcdn.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 wave.sndcdn.com udp
US 8.8.8.8:53 cf-hls-media.sndcdn.com udp
FR 18.164.52.33:443 wave.sndcdn.com tcp
US 18.245.199.77:443 cf-hls-media.sndcdn.com tcp
US 8.8.8.8:53 111.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 a1.sndcdn.com udp
FR 52.222.169.5:443 a1.sndcdn.com tcp
US 8.8.8.8:53 33.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 77.199.245.18.in-addr.arpa udp
US 8.8.8.8:53 5.169.222.52.in-addr.arpa udp
US 8.8.8.8:53 e.dtscout.com udp
DE 141.101.120.11:445 e.dtscout.com tcp
DE 141.101.120.10:445 e.dtscout.com tcp
US 8.8.8.8:53 e.dtscout.com udp
GB 142.250.178.9:443 www.blogger.com udp
US 8.8.8.8:53 dlisenkulon.blogspot.com udp
GB 142.250.200.1:80 dlisenkulon.blogspot.com tcp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c39b3aa574c0c938c80eb263bb450311
SHA1 f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA256 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512 eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

\??\pipe\LOCAL\crashpad_3908_WOYLSSDDCSGPMZPG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dabfafd78687947a9de64dd5b776d25f
SHA1 16084c74980dbad713f9d332091985808b436dea
SHA256 c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512 dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5950adc9a982f434bbd027fd54fe1707
SHA1 aa95ee0b669f55e2da442dbf87449551471b6f63
SHA256 e89a43cd907c5ab3a06cfdce197e279877ee0a613522e360245808932da7cb94
SHA512 7000aeb61f8c6a78bf805dd349296e7632e11a9f890cff748d8b7fb17a4f04ac1aaf12a6b4c13032cddb1972ff3cd12f2bd1bd029c009997157ca84772d73320

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 583a112893c752b91d386a10a1a4349b
SHA1 516f8f5dd87138a36860a5516597d757c1da6c61
SHA256 81b1f82bf9c9230d58b0530989d5cf3aefccacf67b61d6994e7da03675011012
SHA512 4375c4d68686312e5d5cca40476823fe203fbe467dfe9ee3041c6b3f364e3d0eef171775b454d8478980cb42a542e374c9d7e0b9fc2499c415b0b1fb36878633

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2555bb2d2e9fd715e9e0cb1653a8cb3d
SHA1 0a2f5330034291f25ddb426d95fb0caf4a11ad86
SHA256 f4e3d311c40fcee07d1a4e7f7644800d10bf89df4992c3b77a45eae63618ce8e
SHA512 b26be22963f66dd06bfd1889d5a33678af08279bc97bf5092ffaedbad9e67a18c0a555896ba986e7e7eb5f91ae75f8c61d610baf6b4650d9f6c570076d287360

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ea2a9d630a7b28ae815f2abd25a78560
SHA1 af0a526101a4dd36b5632d53d196b0d2abe79a9c
SHA256 1b9f57dfb829ef431782809b0ef42e234e47396df0522b26a458806a40c7af75
SHA512 9561cb80a2ff413518db3cb72a0c8522198a223b99a5345f7c67ed481af05aa9d584f193a46c06911a5862b06bdd35a4a685b455fedaf26dc62ab562e9ca785e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b8e5e37a2e0fa475a69a94f13d70d5ac
SHA1 2aebc39c7283bba7a2af359d415c1212a6e6ccfd
SHA256 2d5c4462f50e2ca4c3ee4e5ac4d7dc2616c1ad0bfadfaa5bba18140b41ab6826
SHA512 60eef71f9e630463747fdc3704f5583d5b7bf88109536c43f72271a6000dd62b8d8ece675f2abd2c3dad507ca1ecb531a91f8d94b44542b8114b4ff27ca05f32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 e1c71f7c04be834f5587230db2ad24b3
SHA1 f3bab9cb99d9f343bf7ed3981aaa7450515d2424
SHA256 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899
SHA512 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e6feea5f7342bbf12acc07678440b0c2
SHA1 c68de530e162353cc875ba9374f3208f63b00d22
SHA256 6135ade854c7b062f0b1d5de550d680399316cce9419bd12a3d60b43f89d05a2
SHA512 4f1791049d0b2b643b2bea9ccdbb576d3cdca669e31a327e760cdbe19c3e7341c8888e53eab4eb0152c85a62f0c6aa41c7ef8e3481fcda8cc8838f75edf020fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 47860b71d4f7b0adc7637d42888f24f3
SHA1 ed02d294119cc3f977452bd28623edfa71d2b95c
SHA256 531f45271da10872ba2add108e51d4792526c842f8fc87f7691fc26604138ced
SHA512 15625d6e2b7fc78e23fe956c5bdc3d40065b2b3d960877ae1b0785bea8c7955e7a5c00b325d79ccb24f4c5be7672c372ca1b7de426f39bd68afd53b43d78b5e4