Malware Analysis Report

2024-10-19 02:44

Sample ID 240825-nw8xmasfja
Target c0acfb2adcf3114787e3fbbb57bdcced_JaffaCakes118
SHA256 862f2099b67c25eabc74c3f87d5807205dc61331ef158444e947d0c09acd71cf
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

862f2099b67c25eabc74c3f87d5807205dc61331ef158444e947d0c09acd71cf

Threat Level: Known bad

The file c0acfb2adcf3114787e3fbbb57bdcced_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Browser Information Discovery

System Location Discovery: System Language Discovery

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 11:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 11:45

Reported

2024-08-25 11:48

Platform

win7-20240705-en

Max time kernel

132s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c0acfb2adcf3114787e3fbbb57bdcced_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "27109" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18176" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9132" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9132" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7566" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f0000000002000000000010660000000100002000000035d14241ae7052aebabf1ddd13d7cfbc84d9f0c7a7267b168534235780339546000000000e80000000020000200000004a13e449352e454d2d5dca9fcf2f5f853829c3a89e78fccfecf05827005cbf9520000000ed731664d2f428095089c32f680e9498ac5616ebd558edbc5970de17ac7d2389400000000ef7066e97cade1f376e5f240b231ff762976ed30ca12589656bbcdd95b8e4bc5f759652fd156fcfed675b529405479d69d0fa086a19796b08e14b2925f58422 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7595" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "27109" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "7595" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "14874" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a00c4c77e4f6da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9132" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "18176" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "200" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "18248" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "18248" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "7507" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "200" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7507" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7566" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9142" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000364ddf6b89f220823ff1a372f09ce15134d966640e7704dd862cec15109a090e000000000e8000000002000020000000dfde2cb31fed9e6aab3bb18f4f3e710cf1fc8ae6dc45918e14a8400d0fa6c54590000000ef22b336a7fef3d5a81d9836a60d1aa2b72b8817fe086d1bfc2b76961c2cd86ecce03046a073cf0875492de58b0c59ac5307fac07e66181d9192c75a21d71e6c4be0d41614a545d58daea6bbbf8017792817df755974947edb1c50174ead10d651b5ff6abb418623d845a9adf26512a9b166f4240bfd8b8ad7bca121e86ce5fc08d052c07abe2347c98bc2ba97b9f4294000000021e9e4caf167a09e5267d4151b0df57ff51d54b7fb47f3ba9fc9b7bb3524a3290297eba048225e5cd0c6cbe256a3cb4c6577a29a521faa65cbf8e383a282a108 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "7589" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9060" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "18176" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "7507" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "14874" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "200" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9148" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c0acfb2adcf3114787e3fbbb57bdcced_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 olusegun-fapohunda-calculator.googlecode.com udp
US 8.8.8.8:53 www.247naijagossip.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 bdv.bidvertiser.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 makemoneyonlineng.com udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 www.stumbleupon.com udp
US 8.8.8.8:53 widgets.digg.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 twitterratio.com udp
US 8.8.8.8:53 twittercounter.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 resources.infolinks.com udp
US 8.8.8.8:53 static.networkedblogs.com udp
US 8.8.8.8:53 nwidget.networkedblogs.com udp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:443 4.bp.blogspot.com tcp
FR 142.250.179.97:443 4.bp.blogspot.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:443 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:443 4.bp.blogspot.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.97:443 4.bp.blogspot.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
IE 172.253.116.82:80 olusegun-fapohunda-calculator.googlecode.com tcp
IE 172.253.116.82:80 olusegun-fapohunda-calculator.googlecode.com tcp
US 104.21.6.62:80 www.247naijagossip.com tcp
US 104.21.6.62:80 www.247naijagossip.com tcp
FR 142.250.179.97:443 4.bp.blogspot.com tcp
FR 142.250.179.97:443 4.bp.blogspot.com tcp
FR 142.250.179.97:443 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
PL 93.184.220.66:80 platform.twitter.com tcp
PL 93.184.220.66:80 platform.twitter.com tcp
US 52.200.99.215:80 www.stumbleupon.com tcp
US 52.200.99.215:80 www.stumbleupon.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:443 4.bp.blogspot.com tcp
FR 142.250.179.97:443 4.bp.blogspot.com tcp
FR 142.250.179.97:443 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 104.21.26.186:80 makemoneyonlineng.com tcp
US 104.21.26.186:80 makemoneyonlineng.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.97:443 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
US 104.24.20.71:80 widgets.digg.com tcp
US 104.24.20.71:80 widgets.digg.com tcp
DE 157.240.27.27:80 connect.facebook.net tcp
DE 157.240.27.27:80 connect.facebook.net tcp
US 172.66.42.247:80 resources.infolinks.com tcp
US 172.66.42.247:80 resources.infolinks.com tcp
US 172.234.222.138:80 twittercounter.com tcp
US 172.234.222.138:80 twittercounter.com tcp
DE 157.240.27.27:443 connect.facebook.net tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 104.21.26.186:443 makemoneyonlineng.com tcp
US 104.24.20.71:443 widgets.digg.com tcp
US 172.234.222.138:80 twittercounter.com tcp
US 172.234.222.138:80 twittercounter.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 8.8.8.8:53 www.youtube.com udp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 52.200.99.215:443 www.stumbleupon.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
FR 216.58.214.166:443 static.doubleclick.net tcp
FR 216.58.214.166:443 static.doubleclick.net tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
FR 216.58.213.74:443 jnn-pa.googleapis.com tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.makemoneyonlineng.com udp
US 104.21.26.186:80 www.makemoneyonlineng.com tcp
US 104.21.26.186:80 www.makemoneyonlineng.com tcp
FR 216.58.213.74:443 jnn-pa.googleapis.com tcp
US 104.21.26.186:443 www.makemoneyonlineng.com tcp
FR 216.58.213.74:443 jnn-pa.googleapis.com tcp
FR 216.58.213.74:443 jnn-pa.googleapis.com tcp
FR 216.58.213.74:443 jnn-pa.googleapis.com tcp
FR 142.250.179.97:443 4.bp.blogspot.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
GB 143.204.67.183:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
FR 142.250.178.129:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 www.facebook.com udp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
DE 157.240.27.35:443 www.facebook.com tcp
DE 157.240.27.35:443 www.facebook.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
DE 157.240.27.27:443 scontent.xx.fbcdn.net tcp
DE 157.240.27.27:443 scontent.xx.fbcdn.net tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.80:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 1aa607fcc86dc218e04febbf0484b0c8
SHA1 04ff72f900cfca65306f61aabd4b6ea337740961
SHA256 02cf8ed5e9267c2b9658c3e07951626d85e6f5ebb3eb032e58abd347bba18199
SHA512 a2f99e445d78c1107d1c000c639fa988f71faf51ebd2a35f7ae55c8fc7160798b51c3e5de69ed99b25c5bd31c31df9508b161c31ce778b548fbdeb2aafdca1c7

C:\Users\Admin\AppData\Local\Temp\Cab81EE.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNGGU6NJ\www-embed-player[1].js

MD5 4841d7c0dc8687067a5c67940f823387
SHA1 e050231d82ac5d32046fe9c07c1524fcb85b81d3
SHA256 5a087880cd4c7ed70516c480f29206db256642795dfe0880fe346d394f4d088b
SHA512 1a2c8a0e541ebba3f37dce4b9c4d62b310faf6bd8fa1138502c07cebf033a88499e6e745ff049df52419ea2b06bac9451be9cbfeb609239ea4d4ebd1c8785d32

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNGGU6NJ\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNGGU6NJ\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNGGU6NJ\base[1].js

MD5 d7ab337b769d56f2c9bd297d5ec43470
SHA1 e2d570c11052e235217e8b3cdec95a9c1ffd7431
SHA256 ffe4a2763153d6edc9ddee2d6dcc83adc31f859b20ab7ebd5efb1d422593dbd5
SHA512 a78e7eac541f402136a00c9840ca8b8f80112516038586377397405e8ae248a04cdc0f6fda71791565870d75d87943cb4b157b5d7fdd7b02b2ae433d158898df

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Temp\Tar9275.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c68a392e7e2b531e6e56f0402b3f5e9f
SHA1 337e5755cb0348034ad42fef4a30874705896f7f
SHA256 fce86d63dd9229f20f1348da89ebf9d01a981cc0a3a9a97e376a359bae5a8476
SHA512 869eccc7850273298ec91966eb72afd5766090d0985a4318446ddb9146c523d793d986332476589fe08f671fa49cdea5f5884c8500c60a35bda92257b1597465

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db5f2e517f6b6f55509f6b6f9716f38e
SHA1 23485bfee923f360e53a9ed16517d8c37479605e
SHA256 b2f13c1a42690f9c6e2259c9685a6fa5211d77cd9b5b30e2314a1a82053e7f6f
SHA512 b85aad1a662b7ed240f7df3f0ae2d14916e81d3e71b59599f8610bc815fedc10a86ba0da0157d1cd4dab14164c0a825ce6aca73b6b863312721ffdf61a95f39d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 708a3589fb418e838ea3eb1e5ea170c9
SHA1 8df5fa0f171a4f7a1edc7e734877ccc19adbc65e
SHA256 fd9c6c9e1d8126698b954ccc0e110e82431788fd363c4f20b23492f63fab5674
SHA512 34a7a0dcc32baeced35cfed4f20a950c58972ef5af49893703f8c7f790a5de11972746d945b1a9bd88a1ea352339b1a458738a9f6f22585cdbd067ea28f556f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c2b056a38698873a7d1ed4b85a9ece4
SHA1 490d0b976ca14ddc9300f8f89d21a75ba2d48942
SHA256 fed9179f82ee407bac09c08ad2528c69b8e864fd9bd041b34764fa38865ba00b
SHA512 f1c36627cd1ba542034926850178a0ba269869544b9c0cb2037584282268335fee4ddc482f03e868fa2cac4dbbc43b6f27fc938ebb66c9ee0e124d1ac3047134

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 72131ef1a2720975e2eab940714eea96
SHA1 1a9abd5c773cfb6a257e475dcbb9511512a40150
SHA256 efd71ee8dd5e27edd250884ac79d0cf5a0b538bf64304a21ce047e705868feeb
SHA512 eedb4fad924e27c3d88ec2c612a048bf83984454edbf014845da252317c5e71544827bebc20e986aa35af1714b68da63abd6a72e870dc9eace93901a70c95530

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 019c47dae3ff1c7846d4b788a87d94ee
SHA1 15d4fab82708d60059fadc1d6ad5c23c02897bed
SHA256 4c4c2db6c9ca7c70c690eb4666ff9d02b572081de0b2bd2144887875c3304656
SHA512 ae1ad3d97956815ca900c1e247d7415008bf137f37e41effcedae65f278c895060fde397609779ad5000768012fe1287f0ce0aaf1e242f0ca0a4347c34e369ab

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVY7RUMW\embed[1].js

MD5 dcda3db9fe4534651fca1debf672bf26
SHA1 cc55669fca772346c54eed31fd61c08c4c6d7c4d
SHA256 521516edbb1c5a9222b3702cbe053a4602623780a49f4d8d3c5f2fe9c66ec273
SHA512 7b99c1b615484a73f8b5281286138e07b6cf2b1912c8bdc33eca4d8cfdf94307f320b42633f04c6423840cda814ee74128fc01db79b58ff00053d1918a646557

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 0ef19f8f7701681b4c70479595475e27
SHA1 9fc18bbc41b4a34359fde57d118993b0e199c5b0
SHA256 48d434b69445cb90b5ab7b1a89389efc0aad6b1d1b24ecf77c16d20855d714de
SHA512 9d7b68d5cf1e025e52e63cea834c938a7cbabcbf0d0427bc0053f58485659861396436822f91062b932d7d3163633b76f6c189c69bba08ff389444d38a2d84ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 c8043060ec5c028c2725b1d5f43c2bcc
SHA1 6e4d80217b567fb4ebefb823d9856882961b276c
SHA256 4ab6c75ec8fabfcff8ab92fc3c4dc9c5802573c64cdb5d1f8975800eea0650ff
SHA512 58446d9249c121ef44a8f187de3e63a0f47d3bafdfb29b584827c580d2d399aac1ec0e1079aee6e464a14fbbeb67326e01258c989190f699b300873c76db8edc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 47180e894d430d088a14f7c008c05d17
SHA1 9f820aedea948c4eb8220374191b791a565c82ad
SHA256 6c359cecfea81aa1920b6adf8aa17b0bbd28ba71d86a29a87a5726cf496c983d
SHA512 57b71b8227bcaedce6d42133317dfc3869b28ed3a9809195f697ed72d6ab1fb1aa54bff40686d31bdd10d478eb0ef51bf3a56553fa7f5ccf4b10af1f240d383f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 6887500f253bd7fbd0a262d55e1f39ee
SHA1 c340ec1d98395c91ab3b370a8a1543a077bde97b
SHA256 240b4ca36301aaa437ff87212427145f85a5e23caa954ce0af2ba78925024820
SHA512 a2012b8cc8b9d3c84b8316a37df286873e6656d7eb630d5710e7433749224220bb673f5fd895cc2d770e210c7d39902d5a6ce0445ada00ea4a95818a9854eeb5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VX38S3F\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 39d70f6d13313b99523e18bfdd8b4e93
SHA1 50b3af88ad87b9626b67b954fefb5e0eb13a6dbb
SHA256 057afa2c504490eef3156b2c9851bc2d8d9413fe146aecca3a3ba3a5333d5cdc
SHA512 2d67f7ab1ee201d900f1f82246bb71eaf24ea89e030d75d888ed715a41e466ac9a1ceec5ace011c3e484ed8618dc21b56566915910bc088f662ccf87edb4c92a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 4b3e80b8bbb66c1ded58523f3d78090b
SHA1 74245a5ac0b53275e0959ce4f7177f0008f94f34
SHA256 76e12170308f1bd6738d17faa3a610f96b23966777c551210e5ca4db37a4a30b
SHA512 74f31d34f3381b16324e2ac5fc262153759dce3676c728cb716f7c601faa55b6fde52785167ecabf7d940322bc22691addd37cbd6c7e1abc3342d257fa751fad

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 8f7f736702b1eca6a0399b01cdab1936
SHA1 3d32ac11cbb3cc03f5b29dfb4890cce4343f49c4
SHA256 744fff557871e1cb1e740990b2b52a97c8e1249949adda12a14fc4100ef23842
SHA512 f1326b9903bc7d1a22c78e49a4d20d5babe37550f5f0e11d059ac43a75d34bfa5c372ece3f24b225468c40cf0645919ed3f3477bb4a8afac2168354d3d2929be

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 34045f301a6e306309aa5d3808b97e7f
SHA1 0d7a2c3a00363529766b80babcf56afdf7b43645
SHA256 312afb73fa6fe72268f1377ca46b324b836fb5805092cdf23d1f3fd3f670009c
SHA512 f0300736c8e69d6c2cc05d66e7e331ee0408935f01c8d5ffe490749401ba5cd1c473bc188064d2fc525647e38eb94f3e9d3cae91a17b34227a92721a2669d0f7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 2ce55f5bf8a76000895ebea89e482daf
SHA1 771e5528bd599df80c0711529e725380555270ad
SHA256 e65d28d9defa99faa08d0cbcc6bf1df2416d88c8169a2035f980debe13a5fad7
SHA512 b65ef0d0581b8e6071a510b6a4be3012ad431eed8906a74de59e7b82be2244edc9b190c44e97acd46173c1ba67df8ce707d3d37ce4288e07b46526cd0a8edaaf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 8002ada07893d4822757a3b5c45fa0f9
SHA1 044213b49b666f11a9957047a1ee91057c6ec845
SHA256 44b2b19b172f67d830d62d92c046b3378c095d131b1b473947cfa04b86185bda
SHA512 076175988c726c8bcf23c826c519f9859be5e49183bf902ffe65369a74473d61c4e8deb9ad1f4545d77791a4167e6ffcf0b04e2431116fbedb9e8f619c6b4a6b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 1c60c221ee667323927cac2955602042
SHA1 1abf662075d4e41820f080d4edf15e0173d1c594
SHA256 7a70d3f5a4076337494cf268ced824f0cd3bba44ad02a6bf37a87356e13b63a2
SHA512 25c54cae4c456d03e8a510f809ece2f9204b0d0997a25b71d1d58d7cc8f844ff1b90fb8ea1838167d4b4d411302600c1891d84bc88f811541995dda27f00b731

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 e8894808957587c7cbf1ef3de21bbea5
SHA1 f197cc4b1e98b926a24402cf4a417b5ea7d7ba96
SHA256 4436a31226b51d28fb7f3be731e32a8207a41317544bccc01ed128fa3d2070fc
SHA512 8983d3d96f5d7060e94bbf0991ce88670dc2e22b2aec22081376a6146bae9182e3504d26d288eac8af6108cd3ade9267359d05b77cdc0e1ce922122f505975f2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 fc66f0ed485ec7fd76f0822a2d037396
SHA1 e9bf44dcf1a403b664c23db65614cb74dbdbc219
SHA256 b0fa07982d08567ec97e833473c03d898fdd787518c9a6138f1d0c8bd6e46ff4
SHA512 a70df601ad76522e0fdefca1608dcf8b133e62f910df933a4e902506dc345889293186541726319bcab0b8143463922562da2998719fc6d1419553625adbd47a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 65f304bb23b3d33efd6947b36c11c5b1
SHA1 41f6c4dd8ce9f768d1cc8994f8baa7336cf1a28d
SHA256 d5dd7ff35fc63f309dac41fa57ca4f65eb07532f0a9e9c9615117d8e9603a179
SHA512 48dc173ea9a887acac00bfac8e0b1dbb52204d1e6b9e5b756060c119e8fe02bfc2ac445bbab10a0bb54f0c73eb44dc6da58ed65a0182b2a98f3fbe44f792d534

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 c767ca6ec9f2abd7002e2c4653f84ecd
SHA1 60c88bb10fabcf38a79ba35732f1a43085212a9d
SHA256 073d95b4d295b34ec5335df91a481c115f210ec51b27ff33d6be6b545247e817
SHA512 d64d48b471bc78892f7686844acee4121ad5dbc16831c156619dccc527f6fc1e1b115aebbcd21362719b36849759edf425e57665afc82936a8548cc3c75e0f5b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 00cdbc9033c3bcc0556ed26e7a15e545
SHA1 6f73ba673c49cfa3165144d94abe281fdf7e6bcc
SHA256 de82908c79750da1a19cebcdef2cb39cb286e6956b88ebd3b99d1d2b6132fa8e
SHA512 600dc68ca041196c997589a0ecdf5b215c0e7c0cec61e859484efbf6fbdf71a41673737f517c8c6656a4f0a486862bc2e4f294818059eb9b0a0cbad30285aa80

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 97c966ee443ca30bb92c8cf1443d0db6
SHA1 f2350f466ab88caf10b498d81e78afc2170f689d
SHA256 10d9add4b5c3c9f48639b8eb73d52eaa7051abca0cb68c92ecaca8903619a491
SHA512 60b84c0c772211c24bf20c1aa9bd169019c4805f1e2019b3f9b076e1e43b54cd86aa284076dd4e812a98b51646a382a5b8086e0d76882d2e248053b5409a6bb4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 91512a7d241e5bdcdb7b0e6a03d8bb63
SHA1 3a9898ec1694af0ad6f50afe71a7ee3235692557
SHA256 311cafebcba10e0725f2b9640806dfc7d2625b56ea2ce5137c60a4a65113eb6a
SHA512 f4cd89dc2dcf443a0301b780e81293cd2941d876c598eb0cdedcb6c7026e744d96cbe54ee9ee3829ee5f19e5f17e036b22ee16d937746ee3fba97b8739cdc13c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 78a09ab0bb00bab483c6b22e74644a0b
SHA1 fb8986556016437d82bfcea72854f74f7445b5b4
SHA256 daa8bac6be013ed73450436a65fbfd79f69be9b4d7c1ae170910470d9db23a37
SHA512 2a5ac869d72d9029538fe1aebc4574ef12a8efe97b6c0c209d1c520e729879ebdcf6a13361832f648106a0cae945a39b7895af62b32337db481eaf05a1b48a25

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 31d16d6b5ac93ee6676f4dc9112d3206
SHA1 82f3893290de5a9ddc68855d371fadf640f747da
SHA256 7cc2ba1548e2678ed11f042b6654d3b0b9f5108a0fed79d55be903363d371ffe
SHA512 d7c20c4ae0b08309b6b89a45724e80f8213e8902c050d6640661fa0b6eaa2e349ae17d600ce461026d7a941010355509a16e27551957b820df545d491a1c4ec0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 1b1feddd22edb5d9657e1baa10280d57
SHA1 18a13abc661636ff1fdffa8263b697cca9f89538
SHA256 055eebf2cfce84b3fad080f3f45df9c2cfbc9517085294a9510af65d9ff790d1
SHA512 15af6adab2155adb719e3b22fa78823f70c43b72f33c2058e3395bb5e5c72b756d619249c414f5c40b018cd02159d1756b26653505697f8e0fba68381b559255

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 19fc25a7aa466ef6d04be776a7b08643
SHA1 211de44ab457cb19563f3d5e0f2ecfcea0825623
SHA256 8263444d06890dfa7c9580af622e9d19f5b6679db67560de8194fd4ac4493050
SHA512 5ba79997d6b1252bfc30a5ee60b687a279429a2e95ef4758c3594bb2f79f1ceaa85451efb82c856a595392bd0b00f709695095e574323aadbecc51abe80b9671

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 ac806ce3f149dc221fa5335111e16205
SHA1 fea3442f592ef23f8a50c6285e7373f641b4f527
SHA256 14273937d5526ec270e926c9c7c679d7efebc5a06986111bbfc229448942abd4
SHA512 8ea4af0b85951144cdc35d4fbf602b8226ac88a979ea7897d165d79c4235655962ea19946ece7e353cc8396fdf722af46ab63a19fb29ca3387b3e1824d917e23

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 82a12ce9e9fa937417ff77b8167ed147
SHA1 2fd286cd57a4812ed329259d711e7d75a83e6748
SHA256 28b2c4b75ad9a7d83785a95bfc5cc781cbd75c07710dc9bfe1a017d4c98369ff
SHA512 adda5cbe4d8f7ce96a173ce09faae79ddc8586fbd9f23e2311e4163cddcf1c11b4a60dab7e3dd7a00e7a22fd5bddeebf2ee83cd2224fcdc453050c9750bcca40

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S9JW4FTT\www.youtube[1].xml

MD5 243857a10b3bd47652bccd6a921d4bd8
SHA1 05c607f748a7ff0827469fda80e22d7533988190
SHA256 2745bcf855d4a898c2474a1d1698e08842104f377878d9e9b5f949080d89280e
SHA512 3af7c05a6937b790bc29e4ff3be255509a239cf094e9aff56f4a73e9cbff2560aa05ec6cd739521c32e5f553d268a8b08218730ab28a78c4cf6e960330cc2e21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 491381be288b8b5696c46d90d7fb5b26
SHA1 a0327aca86e2f2cefa42e494081b17ec55d19f2d
SHA256 e878688b0a5211fab6e32699a43cd1fb9e9a75f63b952f27de9d9a188196bb1b
SHA512 19d958f445b380f737816de88a8954a9135077a10cba0bb9a3e5510b80b6b14b281be7609d81b4ea2104e5843bf98bc837586e2d0bfa78156daf925e14b018e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 699bb1fa1492520cdc0fe2cb33ec6b31
SHA1 d1cd548f6590f058eb329a03539dfdf03344df2d
SHA256 4c1ac5c336efcb3d69c6c27c042d8faaf83ce393485e5407735bc1550e105fb8
SHA512 e952ddcafd048bcdf58fe4d7375db041cb025036995286c7ef19c78ab09185c71632bb3f5b058e19e387eb595b476c0349918bdbd52d01a258ce97b327155492

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c77698f66b7c49a43b2908c0dfc9a3e6
SHA1 f6762de22fecead73be13b6e922f6e04cb64a17d
SHA256 d959ca4cde485e62f807eb565101d58fe413340b46d081e8abb20ae3d787727b
SHA512 6551fad69935d6e5c395e8a651a4d433bf34e2d22509f716bed10b6e331bf22a4acae2621da7beca20f3ee481451475c3c2598a9858c2a3e7a90a7616194fb49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81a43bde0d330dc391cac881ce8f94d4
SHA1 a50aabcbf72ddb0c8995a64a153365f7a7996ff4
SHA256 ac5560094dcc5e382ea8946fed96554cbe9b4fa54a26016a50d2b151763ffedf
SHA512 3f72a7ebd514832939954ea16bf66f86ba144288ac00b6fc71e2245e141ae7422a875d9d4414701b37883ed7b04f9ed1354f3d575f29228469930d0f6719092f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e799740ce32ca4d73864bc3a45116b7
SHA1 5b0f04b1dd6a4b1cabf44e41f2003a32084aed99
SHA256 7f90e33b6572e78755d36e49c5f18196d5d9fbca6180364588837d22bfb52c21
SHA512 5ead45f048e18d9c1c196d8ab67acf55c448f6d59c3a9d405eb0396a340f79645a423a1212502d2415a3690492934792f1f2ba3bae495d3ef0d805ba5d583ed8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73516d1cff97aedfa29e060bd6d51b62
SHA1 c757a545742ed68b41ae494aa087a7bd724b9375
SHA256 64c6f0748c64e31d79bc40dd0faed3cdaeea8d05e524ca24395a06f1670ea42d
SHA512 8b9a9a18dcaa75ef1d1fc3fe2be9206527308a56243213ad7dc459e6b21d76add8c9885b8b64c7cfdeba751a814346f58db909b75d0e4f894d35c12dced1ce16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 846b7c2ccf056bb2f89c1b77714bc1d0
SHA1 2b68d4f4b951b5989de7565ea6f34d0027fd4f28
SHA256 f84de9cdf3ccebf4c0920e4bd84a6d2dee1f0d14a8920637ac7d5b49ee5ec6f8
SHA512 bdc2f18007ef906388e0f6881624ec21fc071f2b52c4349f2908001f8c3da2f8bb17d381ef61453b1c8d03aff79ce695f48be5d6f3c00a0730f93bc43df90bb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7c2df5557f3a88fccc6defcfd21fdc5
SHA1 b91fb99bb2eebe95aaecdd66094799b9f38f7b1a
SHA256 167fa24aac513ffa356da2594e9bdb08bc8246648288145445f39afabd0f39bd
SHA512 e1be45b576e873db10e4af289dcbff23431a7a4deda492b5c311dd8c9a8e2c7e216a2fc99d576bf8971284f9e1e0f4da17e18270c2994b57879a29cb75e2e9ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ec4c5ebd4bc001648bcd113eb5770ae
SHA1 3714ad29aa298aecbdbde9a57b339ae30cd6fad1
SHA256 802b990ec912dd632691c08079093df237f91fa238cbe2f6c4fa8bd6d394fd73
SHA512 d590b0c68eac52aa015fcc0d56ba91cc78b8817a7a5260bfaaa1961d42b1335bdd44ab6a7bb889ce2401e07a180bb05b06da87badc9d9ddb346ff1422a1f4cce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c42f40ae1cd4991eaadeada218ac7a4d
SHA1 d3ee57c255837c7baa4f029e463e4e9e2c886692
SHA256 891fee29316b9f2789323c3274dd8c9e707ab7cd922253dc8d3d66de97e9590c
SHA512 86baed304e121a8ee5ee21bcf7092e65ab8237be9f67bbc7960c5982fc965656c17d43f6bc4b929030ffa05a03d06dbe54ccb4d5034067373423b9a1802a22d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 490ca1128269baf535bd17864240a6ef
SHA1 eec7853e65c4f9f8d25d88d5f5fa177bb3d8997d
SHA256 744095c0eb970b695d32c203701d318c8fbdbbb061144fbf9e2f029290a2e8c6
SHA512 d97d37dcdf5005e0aed1a34ad8090cf8288a7301b97f26e1d82b4fb0fbda72127ab03a0126db4f8dde0e0cecc939f00ec801a347df94a79c494ea5db857e7eb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db76f8a757346fc8c813330d965072a2
SHA1 0887903fde6f27a3640c8d290f4281f11851edcd
SHA256 9e5fbd03bb4c48a6e49332b4c9406fd121e5704b437419b1f72db44006191d08
SHA512 9245e690ad5f081cbdf0a64db0be6fe8b9ace28abb73290e8aeb962e9bb131595634ea93ac7a45624bc41c5c898d46739eab1fe1f8be6975bff35a2dadf08175

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 4b5b499723741e68d97e74affeeb8fb0
SHA1 e61a77790ee2779d4ec910d53a88ec5f6203f73b
SHA256 4a48785ee1674664bf1f76572b001d806724f2fe0b019e21a3c0f34d7d928b70
SHA512 7c4cb9e8239932954caa984cb3f80bd264b4221942a055309621623623257e973228c09605d1f298f8c02dc60e8834e9049bde9b61c90e8a379206f5519b7af3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3525e8482ba3b12a72143d978ed2d26
SHA1 052fb6740c4dbce7cfb70e01c38e319d01ee676f
SHA256 ca5d266c625c8e91cbbd81ed9c505fcfde622dfca5f9f6911a5637d54c73d935
SHA512 e7441ed4dc572c7753229002b762fa2e2648b91454a4c3921fdefc69c1aa34e09d642b2791479bd563e995028192b0909c62b3ce080207e418111978a0cef838

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e045d2a57e4844676fbf723c5f8ad32
SHA1 d54e42d09ad63701652fe798976ee466a32baedb
SHA256 7386acb5e0369d0358af881a4a6d547588e15528f90628735e60ec81ca5e5239
SHA512 0de521a00018779c9375b5d5636203e4369049e91272725911be236deb955b3fabc49712297719c7f911615c0cb3b5aa39f91e0a3178275c7e64ab8665f6545e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63c762271edb3419e67db9a8b2728c76
SHA1 733944f5f9fcfde3a7e665179739c3efad86b3c6
SHA256 cb33ceaf98f50bf02a8545c8d8210e4305e9da8ef7a28c275beb64af9c0403e5
SHA512 52f694b70d4861574a195528f44c954d4e65a850969e092facc1f70fef757facca45f7089efa55df54467ad61f8a1e7c05dff466f88e64516dddba10dca9555e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b7802797812f74bd1021577920f7be0
SHA1 dca86b22f99d5e75e5c717d682e81de4841c29f3
SHA256 04438caa0327733a0058144fcfdce4553f1e47f28181c5fa14c637af261ce878
SHA512 87922c95adaecf7c5b00e9eaea65a3b89b9c049523e68128d9fa843ee19818a46f9fc74eead1df8851aa0aa9fe1c7ebb8f0caab255b6727d0d98580c314b3bbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac8feb749e8e7b314b252931d5bd1482
SHA1 6d8fd76fdd7943dd8652162f5e0892c695f1090b
SHA256 44109321a7902add44e146208d532d80be3b7a0ef7ab38d21ee13436329c13a6
SHA512 bc4147797fca6ec47d83f0e6c08ac8ca4dcd6556820e9396c5439c2a657f633bdc0a4eb70462fcff6df037e220465c12bb2350ba6179debf06047f4fc63f1cea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76d1902f10a2e83016a5d0d726e6f814
SHA1 8b8bb79cea3411557ce658756df96f40a2d1c392
SHA256 b0134500ece634c99aa4fc91ec9583aa845e4e4246430be55f09974c8671a8e2
SHA512 be75834ed259c25d8480708f91e90107f5ea3d669958e7aea957d1d0770526bc7ee1c558f88adea125344bcfff4af576b602c935a051400ed5f13091ccd42a30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 84d032bd5567a3166cfc38d1955f2d03
SHA1 8d886479f027db0814b0b72bba8fe11c9ab1d7b3
SHA256 8d3f2cca84399d949edaa6da6777b533a540c7704e3ae0e722ab9309cf7c07d4
SHA512 1c26370a52039b43f84d130f5413be377870aceb77b6c029cc7b6b3834e7de61aa95d10c58f893ef8bb3ac50094358c423d752b7091a54f57a4c21424e735648

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53df52b4d14a2ceec83eb94ba45d25c9
SHA1 0139606d6efc7bbc11398efe577f1a02f6d7d37b
SHA256 276f822ac14b298cef172e1d9ba4dd86ae5edf7d00a9c01dacdad9913e2deb56
SHA512 17bb1ea8b3e9a171d0fec597b67e0a31005e79bebeba5d2c97a7fb2969dc1d02436ef15f0d318f6196c3fe6d3e2d7eefb7bda112cd09201d9b1e50db6345ee6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07caae2867cac21fc9efebcdf1aa9cfd
SHA1 3261f2a74f9ca631c6e5f55151bfe3fa83fd6a10
SHA256 8dab6a3abba0b02170667de0733bfc0fa09e222fbe39edceb58e0226b3e1c575
SHA512 ebd169915fa3d20d36bf2b864d64244975ff0fe044a6d2601b222c5575aa07fa97085c60b62b3c763ebb234aa592ba25eb58c10fc98bab32ad260a00c6bd3c28

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-25 11:45

Reported

2024-08-25 11:48

Platform

win10v2004-20240802-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c0acfb2adcf3114787e3fbbb57bdcced_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 208 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c0acfb2adcf3114787e3fbbb57bdcced_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd70fd46f8,0x7ffd70fd4708,0x7ffd70fd4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1268 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 eclkspbn.com udp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
US 67.228.194.247:445 eclkspbn.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 olusegun-fapohunda-calculator.googlecode.com udp
FR 142.250.179.105:443 www.blogger.com udp
FR 142.250.178.142:443 apis.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.247naijagossip.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 bdv.bidvertiser.com udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 www.linkwithin.com udp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
US 8.8.8.8:53 www.stumbleupon.com udp
US 8.8.8.8:53 platform.twitter.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 widgets.digg.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 34.204.184.247:80 www.stumbleupon.com tcp
NL 192.229.233.25:80 platform.twitter.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 25.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 twittercounter.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 resources.infolinks.com udp
US 8.8.8.8:53 nwidget.networkedblogs.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 172.234.222.138:80 twittercounter.com tcp
US 172.66.42.247:80 resources.infolinks.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 34.204.184.247:443 www.stumbleupon.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 8.8.8.8:53 accounts.google.com udp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 172.234.222.138:80 twittercounter.com tcp
US 8.8.8.8:53 ww99.twittercounter.com udp
IE 172.253.116.82:80 olusegun-fapohunda-calculator.googlecode.com tcp
FR 142.250.74.238:443 www.youtube.com tcp
FR 142.250.74.238:443 www.youtube.com tcp
FR 142.250.74.238:443 www.youtube.com tcp
FR 142.250.74.238:443 www.youtube.com tcp
FR 142.250.74.238:443 www.youtube.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
US 104.24.20.71:80 widgets.digg.com tcp
US 8.8.8.8:53 109.51.241.54.in-addr.arpa udp
US 8.8.8.8:53 247.184.204.34.in-addr.arpa udp
US 8.8.8.8:53 247.42.66.172.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 138.222.234.172.in-addr.arpa udp
US 8.8.8.8:53 43.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 82.116.253.172.in-addr.arpa udp
US 104.24.20.71:443 widgets.digg.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.74.238:443 www.youtube.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 i.ytimg.com udp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 172.217.20.182:443 i.ytimg.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 makemoneyonlineng.com udp
US 8.8.8.8:53 eclkspbn.com udp
US 8.8.8.8:53 twitterratio.com udp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
DE 157.240.27.27:80 connect.facebook.net tcp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
US 8.8.8.8:53 71.20.24.104.in-addr.arpa udp
US 8.8.8.8:53 238.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 182.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 27.27.240.157.in-addr.arpa udp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
FR 142.250.179.97:443 1.bp.blogspot.com udp
DE 157.240.27.27:443 connect.facebook.net tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
US 72.52.179.174:80 ww99.twittercounter.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 172.67.138.90:80 makemoneyonlineng.com tcp
FR 216.58.214.162:443 googleads.g.doubleclick.net tcp
US 172.67.138.90:443 makemoneyonlineng.com tcp
US 8.8.8.8:53 static.networkedblogs.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 174.179.52.72.in-addr.arpa udp
US 8.8.8.8:53 90.138.67.172.in-addr.arpa udp
US 8.8.8.8:53 162.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.makemoneyonlineng.com udp
FR 216.58.214.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 104.21.26.186:80 www.makemoneyonlineng.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 216.58.214.166:443 static.doubleclick.net tcp
US 8.8.8.8:53 ww7.twittercounter.com udp
FR 142.250.179.106:443 jnn-pa.googleapis.com tcp
FR 142.250.179.106:443 jnn-pa.googleapis.com tcp
FR 142.250.179.106:443 jnn-pa.googleapis.com tcp
FR 142.250.179.106:443 jnn-pa.googleapis.com tcp
FR 142.250.179.106:443 jnn-pa.googleapis.com tcp
US 199.59.243.226:80 ww7.twittercounter.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
FR 142.250.179.106:443 jnn-pa.googleapis.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.21.6.62:80 www.247naijagossip.com tcp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 186.26.21.104.in-addr.arpa udp
US 8.8.8.8:53 166.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 106.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.243.59.199.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 62.6.21.104.in-addr.arpa udp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com udp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
FR 142.250.179.66:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 bdv.bidvertiser.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 54.241.51.109:445 bdv.bidvertiser.com tcp
IE 74.125.193.84:443 accounts.google.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
NL 192.229.233.25:443 platform.twitter.com tcp
US 8.8.8.8:53 www.facebook.com udp
DE 157.240.27.35:80 www.facebook.com tcp
FR 142.250.201.162:139 pagead2.googlesyndication.com tcp
DE 157.240.27.35:443 www.facebook.com tcp
US 8.8.8.8:53 router.infolinks.com udp
US 172.66.42.247:443 router.infolinks.com tcp
NL 192.229.233.25:443 platform.twitter.com tcp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.8:443 syndication.twitter.com tcp
US 104.244.42.8:443 syndication.twitter.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.27.240.157.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 8.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 54.241.51.109:139 bdv.bidvertiser.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 themes.googleusercontent.com udp
FR 142.250.178.129:445 themes.googleusercontent.com tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
FR 142.250.178.129:139 themes.googleusercontent.com tcp
US 8.8.8.8:53 www.blogblog.com udp
FR 142.250.179.105:445 www.blogblog.com tcp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
FR 172.217.20.174:445 www.google-analytics.com tcp
IE 52.111.236.23:443 tcp
FR 172.217.20.174:139 www.google-analytics.com tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
NL 192.229.233.25:445 platform.twitter.com tcp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:139 platform.twitter.com tcp
US 8.8.8.8:53 bdv.bidvertiser.com udp
US 54.241.51.109:445 bdv.bidvertiser.com tcp
US 8.8.8.8:53 bdv.bidvertiser.com udp
FR 216.58.214.162:443 googleads.g.doubleclick.net udp
US 54.241.51.109:139 bdv.bidvertiser.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b9569e123772ae290f9bac07e0d31748
SHA1 5806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA256 20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512 cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

\??\pipe\LOCAL\crashpad_208_UKJRNUWUUPNYYXEK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eeaa8087eba2f63f31e599f6a7b46ef4
SHA1 f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA256 50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512 eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b3c8e75896091bdc44955e67ea67698a
SHA1 07797d3556b8081518d1d264725ee30e7fac518f
SHA256 f27c75ece35097c56c83752924aa3b2036180be7c0ae6f2940c87cc6c8872d8d
SHA512 4c5d86a4e609718c8f924addf252662c65b7d0946ccc9bc12b356904c834b7901c2a4fbf9a92553116d5b9c3c86413fb27ab95fd053e1b03187c867277d4061f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 86af7aed07b1955b661c921ffdaa9d5a
SHA1 d0f52c911c76cdf7bcdf0f726890174ff30fb61f
SHA256 cec1871f3267f21d8649a80f134e99ff547ba2799e5a0b7d5c5926ec9a708c9d
SHA512 a8f55812ba1ef3103072a9961b07fbe42b5bbf69e46db0524a17c5cc2feb5426f3d8a1fa8f977da6b34c929f847467be9dee0667ce950bc64cc8f161756e09a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 93fa5988ae277a4dcae78a3f4745bc11
SHA1 d6dcb79facf0475f428a0b72a6176d3dc14da776
SHA256 1061d58b2cf3550d71132746d0e964f5c510020799b730c3f6ef4c5cd2cd80bf
SHA512 04ad8c28aad26b6c43547cfad37ee252b8b0e3408b7b2eaf013a3f7a98c512303f796516ed04a80f12fde9216d2dd3f22f2d93fa293934b13aab78d2fa9fcffb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c0e7e7d1f56a51ffb59c3dd90a401342
SHA1 db93f3c05b43e90fd91052a8b20bcaf6436f3636
SHA256 07a4bd88289883fc8f270e7aa2441f315439cb40e28a5356014a76b8e87df2f5
SHA512 d71eff3a387d299ddb61561461694a86c3c600c1559d60ab402c2c85677161dd02d0df8f9c6406977ff0158ba9984c6c0967c69f5f64ecd952c6090f850a602b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ea50.TMP

MD5 d879e3478d34927f0137dbd6b84af86d
SHA1 cc640612396ffdb2acb35b94789f6693297d5921
SHA256 61a9bcf88521c182393c7bc2981b26cd20b84d94a6eac2e26fd973e108045ab4
SHA512 4aca628e7eacd56632b7a31f69a144d7ccdc407d4bf1f0ebb2e401e42148a52ddc1bbe6b1a03d4cfaf440434c0a95a57e2d57696bb8fa4388659b396e487145b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c9d49436ac45a913ac3e6f30a1b41508
SHA1 24be9fbdbb2f3fc1af5d4c906774a2ae42253a6e
SHA256 d218a32ec094267d852da09b19bf732b5a336441a9afcd44962044b94ff70a9c
SHA512 1ab541f537c131a99efe9629aba9f5cbb201cff61c1d9bef8e83c699d75c6182ee7a0d035b780b2be5cf7291db89f54613618ad440cc1e9053d7e94ee9f946c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2533b9874438575993e33ceaab96ad2a
SHA1 53a8575973e9e3010434934c9fb01ec09a13e4b2
SHA256 ad4cb969350024b532729bb2337558c7b57824bc4239abde65b186a54d4824ac
SHA512 e36fa11fa9c526d86278990a87c5236de06c714b051f3aadee26d20a9d7162cda4685a4b74c82e8204875b8c848db176c0bff76b0bb3a4c79d4bb3927d61e11e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fbf5b50e15b19c8229452d1caf434e71
SHA1 006ee50ad6ede488d6ae58ed00805bd2b578ae4c
SHA256 91a7fe2060545b6e74e92d5b43cc732d649f0b151b48c94b0eb249874d3c8ee3
SHA512 251afc40f21cdbb0092135d8307a1c6b5fca5acc04e5bed7f235ccdc9ffc7dcd0c444d78dd466e1807b6f12977e3f6125438e05fee6678f9f25cf699f677f9f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 dd40ce324c113334dfe74fd3e604b931
SHA1 e1266e8813ca79e8d97114cc360a8c644f4ddda9
SHA256 8aaedb944edc9459fafa8ab5f93905c9033ae8323e76a33079a32def1d0060d0
SHA512 71e7145a10932894b965d7be83ce53fd1fe4e01df8570c61a345c977a22de1205c2e9e83a71f5a98ed2f9c94511817155a3cc002053339f67ef12dc6481e52e1