Analysis Overview
SHA256
a34d281ce2d2a5ca78425def875d50e6a87636fc5b1db140978621781d747910
Threat Level: Shows suspicious behavior
The file a5cdd0a1f4a69a5aa796de1fc51df8d3_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Enumerates connected drives
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:32
Reported
2024-06-13 13:35
Platform
win7-20240611-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Enumerates connected drives
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{61F80FC1-2989-11EF-BEBB-767D26DA5D32} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000001b1e821497771ee10d188a8d069ed4e9c4201de9f6a1b3f538e9d28c89894585000000000e8000000002000020000000ed7cfb2ddd9228a47963b74437677f2c6732cb55f305ac4ce63ad5e732ef78949000000009ad6c135da50fbde9a65920bc63c502385d71c7e002e4857e1e91e8a80686143b4e5bff753c836d127954081df966a4615a2d0126e6091cbd9529df4b490162d105df663e8df88be9f844e2285fe2e718a2e33278ed1388610b8d9f168aa9a54359857541410853f2d15b93111e704eb3feae816e9cd63f6d13cc551991d28bfd6816e2860be07fcbcbf73f69fc8d084000000073b3aa86cf428a0d40edcd3c024f707ff21eb8cec327a04e8c53b5b3c8ef5bfeab70dd60983cc3b4a21c9d90db5598e4ae5bd0a1a84156201b74d4c28743168a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447418" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000002a25bcc7abe10dc3d569852ff88f8ee50cbf246629984b40c69117b66c6abe42000000000e80000000020000200000005c1efec7b0147a9e8b85995c9d17da186f831cfdf591fa74214dd3d72dccf50a20000000061205c30c8cbd9790b475208671fbe1354cd7f0424e4a6218212996bafe1353400000001d0c9d61d16f6a8d669fa95453681e30b60a63702373ed78094d57ab72cfc453a1a5beaac9dff6382c0a395a82b4ecc1007ed17ec0239cb9645ef4da0ca62912 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b024083996bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3044 wrote to memory of 2760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3044 wrote to memory of 2760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3044 wrote to memory of 2760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3044 wrote to memory of 2760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5cdd0a1f4a69a5aa796de1fc51df8d3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dl.dropbox.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | h2.flashvortex.com | udp |
| US | 8.8.8.8:53 | h1.flashvortex.com | udp |
| US | 8.8.8.8:53 | noticias.gospelmais.com.br | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | bloggercomment.com | udp |
| US | 8.8.8.8:53 | assets.gospelmais.com.br | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | widgets.twimg.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| BR | 45.152.44.151:80 | bloggercomment.com | tcp |
| BR | 45.152.44.151:80 | bloggercomment.com | tcp |
| US | 199.232.192.193:80 | i.imgur.com | tcp |
| US | 199.232.192.193:80 | i.imgur.com | tcp |
| GB | 142.250.178.9:80 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:80 | img1.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.226:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.226:80 | pagead2.googlesyndication.com | tcp |
| GB | 172.217.16.225:80 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | lh5.googleusercontent.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 104.18.26.155:80 | assets.gospelmais.com.br | tcp |
| US | 104.18.26.155:80 | assets.gospelmais.com.br | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| US | 104.18.26.155:443 | assets.gospelmais.com.br | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| BR | 45.152.44.151:443 | bloggercomment.com | tcp |
| US | 104.18.27.155:80 | assets.gospelmais.com.br | tcp |
| US | 104.18.27.155:80 | assets.gospelmais.com.br | tcp |
| US | 104.18.27.155:443 | assets.gospelmais.com.br | tcp |
| US | 8.8.8.8:53 | zadafacil.com | udp |
| US | 103.224.212.214:80 | zadafacil.com | tcp |
| US | 103.224.212.214:80 | zadafacil.com | tcp |
| US | 8.8.8.8:53 | search-blogger.com | udp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| US | 8.8.8.8:53 | ww25.zadafacil.com | udp |
| US | 216.239.38.21:80 | search-blogger.com | tcp |
| US | 216.239.38.21:80 | search-blogger.com | tcp |
| US | 199.59.243.226:80 | ww25.zadafacil.com | tcp |
| US | 199.59.243.226:80 | ww25.zadafacil.com | tcp |
| US | 8.8.8.8:53 | www.search-blogger.com | udp |
| US | 8.8.8.8:53 | paraisowebgospelplayer.blogspot.com.br | udp |
| US | 8.8.8.8:53 | mural.codigofonte.net | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 142.250.200.1:80 | paraisowebgospelplayer.blogspot.com.br | tcp |
| GB | 142.250.200.1:80 | paraisowebgospelplayer.blogspot.com.br | tcp |
| US | 188.114.97.2:80 | mural.codigofonte.net | tcp |
| US | 188.114.97.2:80 | mural.codigofonte.net | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | paraisowebgospelplayer.blogspot.com | udp |
| GB | 142.250.179.243:80 | www.search-blogger.com | tcp |
| GB | 142.250.179.243:80 | www.search-blogger.com | tcp |
| GB | 142.250.200.1:80 | paraisowebgospelplayer.blogspot.com | tcp |
| GB | 142.250.200.1:80 | paraisowebgospelplayer.blogspot.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 142.250.179.243:443 | www.search-blogger.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | hosted.muses.org | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 209.126.106.184:443 | hosted.muses.org | tcp |
| US | 209.126.106.184:443 | hosted.muses.org | tcp |
| GB | 142.250.179.243:443 | www.search-blogger.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 172.217.169.67:80 | o.pki.goog | tcp |
| GB | 172.217.169.67:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 104.22.74.171:443 | whos.amung.us | tcp |
| US | 104.22.74.171:443 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.22.75.171:443 | widgets.amung.us | tcp |
| US | 104.22.75.171:443 | widgets.amung.us | tcp |
| US | 209.126.106.184:80 | hosted.muses.org | tcp |
| US | 8.8.8.8:53 | stm2.xcast.com.br | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 209.126.106.184:80 | hosted.muses.org | tcp |
| US | 209.126.106.184:80 | hosted.muses.org | tcp |
| US | 209.126.106.184:80 | hosted.muses.org | tcp |
| US | 209.126.106.184:80 | hosted.muses.org | tcp |
| US | 209.126.106.184:80 | hosted.muses.org | tcp |
| US | 8.8.8.8:53 | www.muses.org | udp |
| US | 209.126.106.184:443 | www.muses.org | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab193D.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e643498e2574b80dacac12a782b2e64c |
| SHA1 | 0b65a4b26cbe1b6eb1dc8944d9c1808c1be13282 |
| SHA256 | a6529d8bd0c5c306db905518b9931463e95e90bfead060ee439869a1833db1e6 |
| SHA512 | 617c2d35de5f0b3ab526654aa11cceb59f70c0acffdccea7f0a44b1bb6ba63964f3f10941b43799ea88c9e58887e3d71a5e9b5ec9cdb8a12afb6795a859937ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | f6f80b4d5e7d14d63f2e5d139249e8a7 |
| SHA1 | 2c777670331cc8d06b4a9e56508de5ea45995d60 |
| SHA256 | d3b95e76fdbfb2a03cdd04d397b0e455905de1981a1b4d468c61f39a1a6b0221 |
| SHA512 | db430493fb15256afbaf95e149934bb2123275dc066086093ab4ad4b33574faae627912ef33f99c48ea72eb34ecd0f3607612d2d809fa41c6f33fdd9a3e29eca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 61a51e10aa9de789b1db913a02fc966b |
| SHA1 | cffa172b16c723beeea71f897eab0afb4be2f9ba |
| SHA256 | 668a44b92f005be5852e8e2cf718fec5d04d323cc530309dffd1072b251d0137 |
| SHA512 | 791602da3f11a90c4a66c41585744f393d8dcae9884bf7f33f4af3015d6033a866892489b6d14ed95ed3a8382bebfe27e6451d9be592e9c7003d1b351e33c4bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 2cd637068e317a9801252482d5d9c3f6 |
| SHA1 | b1e69d2cd5c0f25bb611474a3c612a71d3d3d5eb |
| SHA256 | d17558dec91dd95cf5dae9b8cb01e0c52727c806dc6b8a32151d34372cd0f716 |
| SHA512 | c8f957a54ac8b7fadaa7289c8800a57953cbf9e21cd9bf0943c2453536102c84b78bef24724ff37b4a8f08cf137abba476b58499c077273369c534ecbce0ead7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\Local\Temp\Tar1973.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9127ddfeed586c5945670fdf03e4eded |
| SHA1 | 0716d9f368cf676df3af80849dcc009a9e666f00 |
| SHA256 | 628f489cc471f2b4997106149754b7759aa3ddb03a90d19a1f9434cb18521ade |
| SHA512 | 09124721f438f70a320afd3c37b3c715522aa488901b0c2a1f63019272ee7a1091c00ba1844bba97c9d039ac3b2f0908baca9115d3f5229ca38c42141d52d8f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 9558f6333063dc6367cbf1b6f7ce6268 |
| SHA1 | 794221381461b1e56451fdf5924a896d61063723 |
| SHA256 | cf8f197ed2c3e3dc61146940cbdbeb9cc4b4941d50ee3dc87397fc5c7ff17827 |
| SHA512 | 2adcc6002e9d61a3e27b8f8e3ff1c6aff875476c09cd77e1e72ca9d520546b577be1eeb5eb84a410c54cc8e21a9cab1917a7c54c86ebbb272b526137230c76e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_95776108E5303B05527E9B63C6628F47
| MD5 | 31c72108356bcbb5569409aa463923e3 |
| SHA1 | 647712555d187d6763bdafc3e9c2ee9645bae56a |
| SHA256 | 16c8fd04d2e7f175e0092f4e468aaa9b762e79720e99683c787e4ed130404cdb |
| SHA512 | 4768ecbf85c6c15bad385b1c5b6937e4243aa4bdd0163ef49bf219047b6d9920a535a860cb29cc02dd5a427f170ff43d4e6e7fb5b3505233d24d671e84205e60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | daf6d8081f90ecf893a51e4edc9dd09b |
| SHA1 | 296bf05e3ed8bf35f19c4269a5a0e0cb842162fb |
| SHA256 | 508d7bd6819c8cd9c7299e259ef62a34c7b41f9c57aa5790dfdb78037ff64ba0 |
| SHA512 | 32cbe45852c6e3a17958c29d5be1b7f6c5bcee8a80b3f49934747572b0eeb81247a50e29f660f73708b2667df0e218495ee86733c8fd93bdfaf8e26bbef02076 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\platform_gapi.iframes.style.common[1].js
| MD5 | 682c26af19b240f98d2cb951721fa54d |
| SHA1 | 18e58b652c7f82a55ab4b1910693686049e25d62 |
| SHA256 | 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980 |
| SHA512 | 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\cb=gapi[1].js
| MD5 | f9255a0dec7524a9a3e867a9f878a68b |
| SHA1 | 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b |
| SHA256 | d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d |
| SHA512 | d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\3566091532-css_bundle_v2[1].css
| MD5 | 1e32420a7b6ddbdcb7def8b3141c4d1e |
| SHA1 | a1be54d42ff1f95244c9653539f90318f5bc0580 |
| SHA256 | a9ca837900b6ae007386d400f659c233120b8af7d93407fd6475c9180d9e83d2 |
| SHA512 | 1357d702a78ffa97f5aba313bcd1f94d7d80fb6dd15d293ff36acc4fb063ffdad6d9f7e8d911b1bbe696c7ad1cde4c3d52fb2db2a0fcf6ff8ef154824e013c6d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\mrp[1].js
| MD5 | f65f1fc567f664b69f07b132a4568f38 |
| SHA1 | 537acdef72daf5ec42057a829e5998f7646571da |
| SHA256 | 8662fae93778c4706cf756a3ca3847dd55add6c88bdb3984b6d2ac1b538ef7d0 |
| SHA512 | ded91f6a5701b14fbaf6eb7cab099b0e54c0703a39eef32552f67b950009adba364f602733d6838f5b5f91709d43dbd01f9af81778ec01ba3e85735eff0872f6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\922809059-widgets[1].js
| MD5 | 302781801e83c8b2206545a0bd58daac |
| SHA1 | a8b0ecc855e5c39356448055057792c09978bebf |
| SHA256 | 2f01fba3e1dafae4a7904fe01df2289a84f0678f18b3bf281f2f2efedce547f5 |
| SHA512 | fdd113acd632880e1984e478d52cbd59a7ff7c644275f0beeeb591e7548f49ae9a3b8e43b44561566c45d66dbf8d724bd98ca96c83d7ad080304d15e8ff1d9e0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\v7vy2rkjwnBS7GaGPCj4lDHg7-uqoQBgCnu8qUCxaM0[1].js
| MD5 | bf735e758a2d6f078e2cf03e6da174f0 |
| SHA1 | ebf369b18285533679ea285fa27223dad500c83d |
| SHA256 | bfbbf2dab923c27052ec66863c28f89431e0efebaaa100600a7bbca940b168cd |
| SHA512 | 7517b019d5846adf2f8003f43083e93e6e2a8b71cd5b02f8e3ecb693a43b3905c2f30e820936703205f993d464e8840f64196d9cc09f9614dbdb2dec45a03615 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34131f7d72b745cb50c320722046e8c6 |
| SHA1 | 9bf2eb33dbbe06422cb7951abf74d310d8bee11c |
| SHA256 | 8a312d635bfff03a25321168b43ec017b78702bd0aa9247defda0820cef11254 |
| SHA512 | 07c385133e7e0aed5bd80c3447cf1ab885476d6f3b533a65de42a8052341769f0d2b95b6212286c66d6ea3f15588517fe5d18bef871588dfb5b801e2a1715e83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecc2319ac83e35ee2b78c00550bb3519 |
| SHA1 | d68996f97f9a35f07bdd72e839bb9ddf910dfb20 |
| SHA256 | 8c7f326626eb306baaf1790b6c8bb1642126b9eefa03c106d334c443a00dd956 |
| SHA512 | cd3fb4ff9b4a4c9790fffe5978a4ce342fd62be8694bf0f4bad084353457b8010c114188a23dffa9fc93ea3dd94b6ad9cce6557f352d0e6712fa5ac21765cd69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aaf8e929e1269a22816f905480d82625 |
| SHA1 | ef0494846b16199f81e7134efda60987db3b5e32 |
| SHA256 | 3b30cbff6ac353fc419cfbad421cb5ad61b15a8fef863e6a44cbf543be8499de |
| SHA512 | 51ab7636214928bf346232d510d755fd0774d080195507bb6cd1e3795e7d5e435da70f5b949985d0155af329ff6bd6ddd2047a25e0d531b5bae1cf3ee1453ff5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1ffeb3bb705b47bb7ac30ba2be0bcb3 |
| SHA1 | e60382c56600b8bd393475279608e6cf2cb87eac |
| SHA256 | 77c46cea03546f40a7daf782bb11e2674b673475a925438b256bad3292bd8ec5 |
| SHA512 | 69c59d37aed40f1ae5eae25d1568cf86a4d3da9da8a14600802f18dc58599435bb839d8113a9824a9ccf8aaefa438c39450a7e95480bfa2b4723d900e12deb0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af1619be077f4806d972794e5c1c5907 |
| SHA1 | 72abc1ccfdcbf21e84179df308af1d2716e92c32 |
| SHA256 | 614ffbbb488262558156a01f4af4ca765cb48f4ec4322ebd93b88699b4c5ef6a |
| SHA512 | a44ada4501cc93a24b5f9c7908634cae89d7e9e34e563a0b88071ce1d3e22d8afde9344a86604ebee3253c99601a3adaad60c591cfface277891adab4ccacd8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44674dcfa71f92e9a1a3d6724a09f6a1 |
| SHA1 | 170afd5149ac8e3a75962d84647a5d3cf27e07ee |
| SHA256 | fc6cd44e7d826871b54338c4c40d17fd9767be99e01b6a790b5e5f527796751c |
| SHA512 | 3ab7f4dbfae7f1f685c7f659c4d46c7b3d1e8141b641fc5cee8ee7f54a0c1e08704c2abbe8fb9e85f1ff428842ca77a5c41751cf383f7acb0ac3d7920c297259 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f005c2db8997c3330b82ebfd6bce971c |
| SHA1 | bddc1123699426e51b09cce22f5bdc5bcbfdb0a4 |
| SHA256 | e600c45b4a18a127673b170f8b6f7fba1e61307809e7c97bfe70e2a0e241db69 |
| SHA512 | d21043f2ab2142189660addebd97cd1bb4674345d6b38fe21af6bf3a72fec5af6dec70e764399384939993f4704806169fa4cf26c056ef67e0b30f37e116194f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7b2c88269a389c2b0d5933dbbb6e296 |
| SHA1 | 57c853093d2cdef704da7a746d01356723f6bea1 |
| SHA256 | f8df9f533a580efe0b4b9937bd422ee553145799668261ea9aeb6d2f83d5caf4 |
| SHA512 | d465a7772337074d8bf41e8592c7cffc2eb5a54ca4fa38d041e4a8352550eb7bb975d98989f2f1284d865087c37d4f92a89d82d94f9dd7c6289f57ea270a9af0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c523e792b54079e1a9d2780d3584cc4 |
| SHA1 | 6f789fd2beee172713abc4cf0b293577c55d1e79 |
| SHA256 | 1684efe6858e9d994ca7de673c1e5487ce26dc4f318005da38524841b06c4cca |
| SHA512 | f6ac601e5552fdc7f281132825aaa8fff9b54dd92fbce2a9db094010411ffc41abc078af3baadb06e71027b2e6f10dcad2b09075e158b7b73153debf6e3bc64f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6f04c8778aafa29e9bc5a84339e7b61 |
| SHA1 | e8a02441052512c21dbb974d69339c49c7fed1f6 |
| SHA256 | 53bfd11684e7e47b663278cb3030557351c1d9c0c0603268937990bd3ce0fd07 |
| SHA512 | a26f1cbf1d50e09b619e8b93ce693b476782af47f1ed012087061c7b8f37f08d3852b541d581a03ef6baa1357bf66032b0e01e00b311b49a49835cb1eb5e0e59 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\collect[1].gif
| MD5 | 28d6814f309ea289f847c69cf91194c6 |
| SHA1 | 0f4e929dd5bb2564f7ab9c76338e04e292a42ace |
| SHA256 | 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 |
| SHA512 | 1d68b92e8d822fe82dc7563edd7b37f3418a02a89f1a9f0454cca664c2fc2565235e0d85540ff9be0b20175be3f5b7b4eae1175067465d5cca13486aab4c582c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3423b73a07c5ac81dd82a8daa7b7d236 |
| SHA1 | 23fdbfb4a69d1673aa01240ff7965df68dbcc20f |
| SHA256 | 668781451acc4a23ff833c2233b5e06cfb46990723472d459aef2a65475c0eea |
| SHA512 | d22fd413e967b96399f627191ecdf4284ee4c4d0c63273d889f746748ea423d9b3fe2b0cd0e52390adacf250395b31683ecaf6d2b0a79eac48b1d3cf8f73f423 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c803ac4b6e58f7d698a4b4517f3eaa16 |
| SHA1 | 2a469d7e483aa0a0bdac3c0b88d7ac44ac78b7be |
| SHA256 | 2ab4aeaa33878f92320c292a551b6b615d09b93acd303b6427b0a6460f158287 |
| SHA512 | 308d367018ba177dcc61755866a4fddefdd77da96b144e1bf79ab147dfa7ffb4f2792746869aaf27fb38c149e210b0936816b4931f3c514ee71f5390c94a40f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f90739227ae55d02499c046c683fb2b3 |
| SHA1 | 3aa478bb050c8582933d2d7e5dd6ab034ca2d07f |
| SHA256 | bddcb90900bf9a05a83042433802bb843222f5cbc899fe6d86eb5bbb98c28a17 |
| SHA512 | a0d200257657658cecfdc9d0c15c25d3ea4e62dfc0900abc7d881a4dcab63c6416e656f325ab779f2a2ba34a9cdf1aeb52f30003498901ee2b1d49d5e52ad17f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df7041bc8f7f0650e92870e13c304917 |
| SHA1 | baf7974f2fcff59a985e997adcc85c6e15a50419 |
| SHA256 | 9edec97c614e3301e0ad55c98c7dd7042f9b70dbe7751180baba3988412701b0 |
| SHA512 | 8bb593a195a22aaf9e2f76555c5f050f6d57dd9545cd5e4f03ca69672a4bfb48de3ea87a22033f9edda069787ca1cc4d9a1b6f8ca88285d9298fbb1e7353f759 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e697bc7a73ab1ede78c0d01046431d3 |
| SHA1 | 70ad68227b45f96a871bdfc48bb04fdb1b927838 |
| SHA256 | f00376cbfc88204075f9f893f8e92e1a787ca5c6107fce7a49948883d10b2bc9 |
| SHA512 | dfe75c4de94effad127614bca5d7438fd031ec5a3547befbea28cdf5a4b9880beb63bd19d446e4ef0614fe51ce0fdc7c3539aa3e0ede1b6c4814071d5ccb60b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2abab435efe06af93a0d9622351b68e7 |
| SHA1 | 653346d0004e365224f959a790254ade73656a53 |
| SHA256 | 2ede4e20a84573adce2ffc75e68ae3d89c5c8505ce0c71f4f96e2b9db2a2b4cb |
| SHA512 | a734ec5dfa142d0546a41ee29ba15eae83d1949861d8ba1c1921c2b3c8e4b97643ae7750d42e1adf2b77b7faede09037b7112c2ff8d5c2dd42603dc07290f3b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e3369d2b74bf871156f313266732bcc |
| SHA1 | 74e2a60d6e9d4112491f1d424c4a05cfbbcd6ae3 |
| SHA256 | d551572e48b818748c988a3b6635d76fe09e33d3da052a1af00bf4db7b073cfd |
| SHA512 | dc8b2ff397720d79e53f80a4481866080bc63fcbac0e6f2077448b6550e68b73f95f73ebc8f9152946684ac2e559b21c06782b19e212785736eac230c683bfcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87ebafe6fd3c6d25018264a6f8937f72 |
| SHA1 | d1e6ab26c559f60220f3081f7ea04d48540a6b92 |
| SHA256 | 9c143685cd21e93137dfa8b13a8b2d0f29ba7ba7735b4835264f3e3675f3156f |
| SHA512 | cc0849222bee275f132b20d398ce3da187414913e9218c3a623d6d5b0b5b356a693fb56bdb43a22f2a622dd187381bc344501175c28bd9620c1e952ae60433b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2abc2508b8987400e7ecd4b1976a1661 |
| SHA1 | 0328a020143a3d72714b9906be630603f5304a72 |
| SHA256 | 3ec47cd93e69a6a0952541557bf1ea8dea233880aa319aebf52ceffe21936a4f |
| SHA512 | 308560e120e52640261c25778c0a4083619eb2db79d55035b6ccdbca056d08064e2554121a2eaa31399d6ca5b34e4f82b58ae303b46d9845bd141b18a6832899 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2927326b7847b647d05dc89cb6824bf |
| SHA1 | 241a5b1130e2455b1598d3a8c63785b4529c7b36 |
| SHA256 | 67918d3d8f4876ad0b1ef39977f4c33c8bb4bc021f559c134f7f0b476c6c0819 |
| SHA512 | 8f5d5771b0c8359b8ea1307b1304980fcaa3375c6aff024a52b36923cbcad6d41923366ce72538eaf275e5216146ceea47f810f5842e4cd4c93715e1ea133fb8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:32
Reported
2024-06-13 13:35
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5cdd0a1f4a69a5aa796de1fc51df8d3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf5cf46f8,0x7ffbf5cf4708,0x7ffbf5cf4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,3922684001125955821,13275516217802517174,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3156 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | zadafacil.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | dl.dropbox.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | h1.flashvortex.com | udp |
| US | 8.8.8.8:53 | h2.flashvortex.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | noticias.gospelmais.com.br | udp |
| US | 8.8.8.8:53 | bloggercomment.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| GB | 142.250.178.9:80 | img1.blogblog.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 104.18.27.155:80 | noticias.gospelmais.com.br | tcp |
| GB | 216.58.201.98:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | assets.gospelmais.com.br | udp |
| US | 8.8.8.8:53 | widgets.twimg.com | udp |
| US | 103.224.212.214:80 | zadafacil.com | tcp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| US | 104.18.26.155:80 | assets.gospelmais.com.br | tcp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| US | 104.18.27.155:443 | assets.gospelmais.com.br | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 103.224.212.214:80 | zadafacil.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| BR | 45.152.44.151:80 | bloggercomment.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| GB | 172.217.16.225:80 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 172.217.16.225:80 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | lh5.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.27.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.26.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.212.224.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | ww25.zadafacil.com | udp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| US | 199.59.243.226:80 | ww25.zadafacil.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | udp |
| BR | 45.152.44.151:443 | bloggercomment.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | search-blogger.com | udp |
| GB | 142.250.178.9:443 | img1.blogblog.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.194:445 | pagead2.googlesyndication.com | tcp |
| US | 216.239.34.21:80 | search-blogger.com | tcp |
| US | 8.8.8.8:53 | www.search-blogger.com | udp |
| US | 199.232.192.193:80 | i.imgur.com | tcp |
| US | 199.232.192.193:80 | i.imgur.com | tcp |
| US | 8.8.8.8:53 | 151.44.152.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.243.59.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.34.239.216.in-addr.arpa | udp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| GB | 142.250.179.243:80 | www.search-blogger.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | paraisowebgospelplayer.blogspot.com.br | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | mural.codigofonte.net | udp |
| GB | 142.250.200.1:80 | paraisowebgospelplayer.blogspot.com.br | tcp |
| GB | 142.250.179.243:443 | www.search-blogger.com | tcp |
| US | 172.67.205.76:80 | mural.codigofonte.net | tcp |
| US | 8.8.8.8:53 | paraisowebgospelplayer.blogspot.com | udp |
| GB | 142.250.200.1:80 | paraisowebgospelplayer.blogspot.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 193.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.205.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hosted.muses.org | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 209.126.106.184:443 | hosted.muses.org | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 142.250.178.9:443 | img1.blogblog.com | udp |
| US | 172.67.8.141:443 | whos.amung.us | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 216.58.201.98:139 | pagead2.googlesyndication.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | 141.8.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.106.126.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| US | 209.126.106.184:80 | hosted.muses.org | tcp |
| US | 8.8.8.8:53 | www.muses.org | udp |
| US | 8.8.8.8:53 | stm2.xcast.com.br | udp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 172.82.129.81:7494 | stm2.xcast.com.br | tcp |
| US | 209.126.106.184:80 | www.muses.org | tcp |
| US | 209.126.106.184:80 | www.muses.org | tcp |
| US | 209.126.106.184:80 | www.muses.org | tcp |
| US | 209.126.106.184:80 | www.muses.org | tcp |
| US | 209.126.106.184:80 | www.muses.org | tcp |
| US | 209.126.106.184:80 | www.muses.org | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| BE | 23.41.178.41:443 | www.bing.com | tcp |
| BE | 23.41.178.41:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| BE | 23.41.178.41:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 41.178.41.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 209.197.17.2.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 13.179.89.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_4436_ULMTSIRZXIDJZTUQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ca3183b3a6dbf4457ed30d6dfa83c7a1 |
| SHA1 | 8e2f2287f024de064c9203aac3bb67b6bad3acb4 |
| SHA256 | ea97d6139e9fd19f2efbd3d1e5936abd18879981668277bdfd3f17a67b09bb9e |
| SHA512 | f185a2f22dff281f56221b549393fd2eb337108db0824e8e1f3d6ff5e4b1475007dd88cd77868587d9720e6f1f042310a36342789a5110f73bb00206320bafd2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 7bfd82ce71aeb85023d4e59a441da916 |
| SHA1 | fd6be3c264cac8aef008eff3c74a7cdf3bc4a42a |
| SHA256 | 90175e0d4c5e92bc761823c3a38399801ffe90e1a9a4937793269c476799fe83 |
| SHA512 | 9b770c06daaefcb2801089ff9e0866f43d649f44b236027efb62e110434bfd8d30bd18af470caae4fe077603daf46314415f57d1703df162518f52f23b0e3951 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | e1c71f7c04be834f5587230db2ad24b3 |
| SHA1 | f3bab9cb99d9f343bf7ed3981aaa7450515d2424 |
| SHA256 | 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899 |
| SHA512 | 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 02422dd4fbfd3c96db7ea70010178124 |
| SHA1 | 95abbd6675324aafd9a70a0faafdf80ddd8e3106 |
| SHA256 | 2c4774d4dd6684367116a8144f51f3ca606dd2eb061b94408c647c8a7e5ade74 |
| SHA512 | b5e1c90cab104e8ef7b381cc4c6448e193c917898e98f4d88b9422fa361b7f301ee90ae9b642256d570ca0b45e3659e351d212269c36052d09374a7551ededed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e5cc3ec4f44396c1cdf961f2c4864e6a |
| SHA1 | 4146cc4e54790c82d52f0130205d610478ec5c8b |
| SHA256 | 465981674f5e114ed53e499728f5ec69fa4aa05a2a971541f5129cb7399f2768 |
| SHA512 | fbb938a1871310b78ce877e52f89246544cc7781d58d356d5a7afbc880f4e2b31583329d0f423d0c5bd20f4742f5e8a7ba380880101908275f25f09f78778bdf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 97185dba0b7a9f01f9771fc8821e4afb |
| SHA1 | 2feae3db95dc73ecb0f3b00cf20b90e7152711a9 |
| SHA256 | 4943baee6b62567fd8ce08e873ea715e24d593e2d02dd7e414dd49820b24e244 |
| SHA512 | 904071da94aa71802339ae46582343d5c3c3283fcc5245281dfa983f60b4fb846b5b965c8ebe571371a98f931500aabaae445da8165689f1fff22dcfc454e4a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | be292fac00261198c93f0d68afe05fb2 |
| SHA1 | c39f3b5ce5f942aeee50c47d4e7b62a4727dc3bf |
| SHA256 | 5bb74ba684edbba49c4a0224ed3dfb13acf342318edd240e37ce106bd8e08c77 |
| SHA512 | d5feb8c66373c0c7ab981e067cdcd0e929e555854176a0d8ffc39b2dfd9059be966ef02ad75dc309abc83c296e6103bc709eb4740717f5e3a497e131153ca307 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e26d0fa2d19788bd9b6e55362280990f |
| SHA1 | bd8c54a9f4abf3c5f6a68ea79aa4ca660cc02924 |
| SHA256 | ca452f8588dee1a6df9f7bc1a7a57892f3e6769e6323378919dedabbcbb9348c |
| SHA512 | 57d8c9a0def2b2892db60978acd8c30741850fcf0a9e1d4b62a74b2221547599bc08762019b54469a7cf39a496ed7fb64ae54284c1046bb192516699e1028fdf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e10b00071531a7d95ce8c002e2da947d |
| SHA1 | 12744fd7d13f97fa50dca0b36a253427d22e7654 |
| SHA256 | d8455aa8d6eb37822d316048d89ac70e704099d9fc37adb7876445b8056f78c1 |
| SHA512 | b92adf90d7adade016a26ff1efd953cc43db738b3e34dd0d156de85c8d065f8e6e2906c15faf98e7c5b1b3982bde2856e5ed51e3670ed6b19187e44ad30c0a4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5eb8650f1885fe9df6552ef4d8f4c7dd |
| SHA1 | 213004c147051b770dc458a215fd24e04bcaff48 |
| SHA256 | a49413832c7521de2ad72d74116150136190b4dc053a57acf84fe93be30ea6fe |
| SHA512 | 6bfd112986fc2a0434561f323a14340db971e2b39f76cd80a9d31212e8abe7dd079f1fe2fb7603f75aeb4bdedc9be993280bcb89ebc3ee33960cd2deb407c0bf |