Malware Analysis Report

2024-10-23 17:23

Sample ID 240827-clvfpsxemb
Target c4316d3f6d8496b977f4a99d5be2057a_JaffaCakes118
SHA256 93253db54cdd2e76fa0195f87e72df8c0398c107dc55014b9ce96f0b218b1f49
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

93253db54cdd2e76fa0195f87e72df8c0398c107dc55014b9ce96f0b218b1f49

Threat Level: Known bad

The file c4316d3f6d8496b977f4a99d5be2057a_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-27 02:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-27 02:10

Reported

2024-08-27 02:12

Platform

win7-20240729-en

Max time kernel

143s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c4316d3f6d8496b977f4a99d5be2057a_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c9200000000020000000000106600000001000020000000af02b7e4f700c63657ab2057bb76094c629d5c66e29590ceb6f5c88f3cbd5013000000000e80000000020000200000000907343e0b79432496e63f01b7186a2ab1d45a63a9bcb8d2b9fbaa86e96563cb20000000b244fe1b3acf233f3d84441b565d355ccf5ce1ecece419ba89540172f0cbea87400000008a4115db431cfba02494b18c98dc11dceb4b2e859ad9a620b4ecb4a7f980a749b10afe971603001e09c96153c8190bdd8da29d8040c086c0f5b98684f772b329 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{823729E1-6419-11EF-8641-D681211CE335} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430886494" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 203c2c6326f8da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c9200000000020000000000106600000001000020000000f005790e224d80e456e64e899f3d354a302d552d77b67ae6f2b4194920e35abc000000000e8000000002000020000000a2cd83fb4cd400380c34f0d747dddd719940887ef7d3dacf2bd41614e8fc53c7900000006a7168190852295522b8aa81b1e1d6efbe5f096e75f601ba8aa2419218b0eb8e860cdd7a4f8139b3e79bd4dfd50fcba070d33e3e2de08f35708c3d49f6f5f6553157f70463223d42a28493b29d157c3515ec64cb91cbf8f588bda09b356fa57e475dbb304410910fe2b1005c91665c76cb5de9db55ccf88acbe6271f0d20823a46f6530679d51ffbe03181a61082ed5740000000d257567b04f5d109d3a6a64cf15348d262fa4bdab5ca651a6287147951e5d8848363a0fedfb407c7dd397fa105d1cbfd3b40500bd2f1ef57d83b4b830479946a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c4316d3f6d8496b977f4a99d5be2057a_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2388 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 draft.blogger.com udp
US 8.8.8.8:53 ads.clicksor.com udp
US 8.8.8.8:53 farm2.staticflickr.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 apis.google.com udp
FR 142.250.179.105:443 img2.blogblog.com tcp
FR 142.250.179.105:443 img2.blogblog.com tcp
FR 142.250.75.234:80 fonts.googleapis.com tcp
FR 142.250.75.234:80 fonts.googleapis.com tcp
FR 142.250.75.234:80 fonts.googleapis.com tcp
FR 142.250.75.234:80 fonts.googleapis.com tcp
FR 142.250.179.105:443 img2.blogblog.com tcp
FR 142.250.75.234:80 fonts.googleapis.com tcp
FR 142.250.75.234:80 fonts.googleapis.com tcp
FR 142.250.201.170:443 ajax.googleapis.com tcp
FR 142.250.201.170:443 ajax.googleapis.com tcp
GB 18.245.160.68:80 farm2.staticflickr.com tcp
GB 18.245.160.68:80 farm2.staticflickr.com tcp
GB 18.245.160.68:80 farm2.staticflickr.com tcp
FR 142.250.179.105:443 img2.blogblog.com tcp
FR 142.250.179.105:443 img2.blogblog.com tcp
FR 172.217.20.194:80 pagead2.googlesyndication.com tcp
FR 172.217.20.194:80 pagead2.googlesyndication.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.179.105:80 img2.blogblog.com tcp
FR 142.250.179.105:80 img2.blogblog.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
GB 18.245.160.68:443 farm2.staticflickr.com tcp
GB 18.245.160.68:443 farm2.staticflickr.com tcp
GB 18.245.160.68:443 farm2.staticflickr.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.178.131:80 fonts.gstatic.com tcp
FR 142.250.178.131:80 fonts.gstatic.com tcp
US 8.8.8.8:53 s10.histats.com udp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 172.66.132.114:80 s10.histats.com tcp
US 172.66.132.114:80 s10.histats.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 infoforextrading-advise.blogspot.com udp
CA 149.56.240.131:443 s4.histats.com tcp
CA 149.56.240.131:443 s4.histats.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
FR 142.250.75.225:80 infoforextrading-advise.blogspot.com tcp
FR 142.250.75.225:80 infoforextrading-advise.blogspot.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 forex.webhostinpakistan.com udp
FR 172.217.20.179:80 forex.webhostinpakistan.com tcp
FR 172.217.20.179:80 forex.webhostinpakistan.com tcp
FR 142.250.179.105:80 img2.blogblog.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.135.105:80 r11.o.lencr.org tcp
GB 88.221.135.105:80 r11.o.lencr.org tcp
US 8.8.8.8:53 translate.google.com udp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.179.105:80 img2.blogblog.com tcp
US 8.8.8.8:53 xslt.alexa.com udp
FR 172.217.20.206:80 translate.google.com tcp
FR 172.217.20.206:80 translate.google.com tcp
FR 172.217.20.206:443 translate.google.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 translate.googleapis.com udp
FR 216.58.214.170:443 translate.googleapis.com tcp
FR 216.58.214.170:443 translate.googleapis.com tcp
US 8.8.8.8:53 fashion.webhostinpakistan.com udp
US 8.8.8.8:53 ftsignals.blogspot.com udp
US 8.8.8.8:53 ras55.com udp
FR 142.250.75.225:80 ftsignals.blogspot.com tcp
FR 142.250.75.225:80 ftsignals.blogspot.com tcp
FR 172.217.20.179:80 fashion.webhostinpakistan.com tcp
FR 172.217.20.179:80 fashion.webhostinpakistan.com tcp
US 8.8.8.8:53 blogger-related-posts.googlecode.com udp
FR 142.250.201.170:80 ajax.googleapis.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 blogger.googleusercontent.com udp
FR 142.250.178.129:443 blogger.googleusercontent.com tcp
FR 142.250.178.129:443 blogger.googleusercontent.com tcp
CA 149.56.240.131:443 s4.histats.com tcp
CA 149.56.240.131:443 s4.histats.com tcp
CA 149.56.240.131:443 s4.histats.com tcp
CA 149.56.240.131:443 s4.histats.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
FR 216.58.214.66:443 ep1.adtrafficquality.google tcp
FR 216.58.214.66:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
FR 142.250.179.97:443 ep2.adtrafficquality.google tcp
FR 142.250.179.97:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
CA 149.56.240.131:443 s4.histats.com tcp
CA 149.56.240.131:443 s4.histats.com tcp
CA 149.56.240.131:443 s4.histats.com tcp
CA 149.56.240.131:443 s4.histats.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 4103c21cede21cf344955d79f5f87220
SHA1 27a810c177f163fbf28668bee674c0e865057b0d
SHA256 d10ee069105b107056114cbd3c1a25feeb99c0cfb59f4e6a9d7105dc943a0f58
SHA512 d890a2aaf627e858959825e9c1c14435a8deeff7d1c2c84670067a4f086a5d4ee1f29e3ab8b72c32ec4234cb13fcb9eb0f4cc91a5af4cceb577d91e4ea9f1fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 65d7f992d9340eab8857bd38b16cb5bc
SHA1 c977d2d8bd998a4b7ac8cc57d3de5782886247d0
SHA256 81806398f9c2d476a35ce8b1efed67a4f26856bf2df8a98c580069e5ba377fad
SHA512 a9d30faf26028ec91933a8a8dfab715d842a4b32090a669bf0c03a30e4aadf91f61e2c492c62e444c2b68a1fba2607331dff3a97e824ee825c8bf0a6153447bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 26909311341d6e02d76488b0cf793170
SHA1 ac9b55c382ccedb9c5f3cfe6c63863e2a0a85193
SHA256 ce71dd5f82cca1e3e1bca74df72bd2ccbc081decfb8edd096876a5bca4fc3b2b
SHA512 9099552cc08d9649a998665d03f84d8080cb46d182c7a823238a9e5a02b77042bbebbfcb689836b0b3b74b4d6b3ebdc51e0774d30f7bab5dfc312651749e172c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 161ca5f3dc36e376ea33727f26216d88
SHA1 c11a6c9ce76c2716a6b2bfb9642763902c7af907
SHA256 c316f65b45de569be158bf7651d6d6786b14b8925a0bb04a2674b52e98595aab
SHA512 6a6d088621b1004bf53795b122eae0a0be5c2929550c9d9909bcc59662a7df579c7a96afa018e65f7db4792440de95303f5881b0229ba7b20de0b5d56c4ffdb1

C:\Users\Admin\AppData\Local\Temp\Tar86D1.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\Cab86CF.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9f5490d90728e38ee8b3a72afcd81d49
SHA1 2eb8d3dd2e8cda9662f3fdcbfd1d81244d58a305
SHA256 fc55451396d50a43ae1160a2513ef61fbadae6bf59d7e82c7330d52fdad73962
SHA512 38471b94ac1cfbd34f7025598f24157a851efeb9bbe35913c8a2ee477c5d3eb9b7da4a030709b8e87d29bd1d51fb91511101bdf9f797aeb360ffed6685177ece

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0403360faaeb2d546bfe680f75bd7ece
SHA1 ac0ac659fb35aa44a1a5e5ca0a7d8c927c1d8dc0
SHA256 06fa9e5598cc0a0b532b515fa53286c9dcc744dc7f0d7553c14ced8eba2167f8
SHA512 4e569f476ec2e3b2c9c5f9ae0e68c1a5cdc87880fa8e6708470260f62e1dbedaffeff477923883f1c1c3c4389facbe20c7ff95876bcf9f17c024b92dbdded44f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 dbf0f4e3d1ef6997506107f2ed8f7a75
SHA1 1dc65259cb3a173127508d7fe8f18d519959e021
SHA256 c54a7f987b9acc33d1ca7f8c6e77ed30915e00ac8dfde8b9520708dfd909644e
SHA512 341448c721f2918f9506aa4fef41dca40fdc5c7077b67299228082f76f20cce30cbd1e116c3616e75b09bdf2525b39948ac9bc8d168329b825d09d7d7f1d1d12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 864b23791dcfea4160d7f7277eea6ab5
SHA1 000141bd313936f5e2cb83f3889646248cb60824
SHA256 0698fd59be01d727b6ff2ff12d313f86b4b61aad6744a290170947c1dc82bd46
SHA512 3a3b4d944aecbe540eb1f1ee40351ce8fcaf4740c50289214d126d7365fd3b9adf90ed398297c959a476f3289368a8e7d4a78d59a72dd948885123bbb957707f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

MD5 72bde6d1c35fedc47a854d0764f02719
SHA1 148144084bfda73a05c0dcdd7319188b2ccfe710
SHA256 c0992afdf2a1b91920cbc3f207bb5013437f8ecf8af00cdf22dcdd5dba916774
SHA512 71262c425eb8d1aab973778720fe489931d0abd2b3bf3de0169e0c90afb47ee522ad749c2472440f228e4a707887aba78a46a2245bc4b5a9339a0609de169570

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_9CE832D646FBAFC5C4ACFC523FDD84AD

MD5 25ff816875925209ca21f4a821201a15
SHA1 59b7598e939a1f24ba081a0f51117dcd07c7717b
SHA256 2cd47c97c646e4ced6e2f14d4dca928b44afa9cb9b7c9b4955dcaf7f21709929
SHA512 8780279cc3521b6f0abb551bea8f2269ca2fc6aa1d9fecd697f31e040877cde7daec01a57395020a4561f3ac2f4e0e83f8e66aead9145dfa89b84897f16d6bab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_9CE832D646FBAFC5C4ACFC523FDD84AD

MD5 450dc0bbf8e07f9a8b110401eaed4678
SHA1 5e65fcebc3491e4b8ffaa466ff2a70d691a963ab
SHA256 aab791856f85cae786db8a8dd89d1f3b9964a7251f44941ad3133bebc8167622
SHA512 efbe3eb4290addcb52df1c718984042b3472362587c02de591bab64019bc0989e0090cd77b257acaf2544408e038164ea65427916bfd1019bd0da2cbac810d23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

MD5 e6e305b192467b2803304438890e3414
SHA1 05f0d476d24ba7b42a6984d2a70ded45383ad33a
SHA256 efc0f12382a43ec501ed46dc6d7c94a48b815346a8f599cdbcf704d60d4c81dc
SHA512 445d9ca0a6d190960a92d515b530c5a6482f666adf9b5724ea68d125a2618aa7b7401d8ac0c854e19a507cd3f3d559104c9bdc507b7a11027288677b928a43be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_9CE832D646FBAFC5C4ACFC523FDD84AD

MD5 43d3a6058af45b34a28b9251282dddb1
SHA1 1ad9881badf5efa78e8faa63ce2d309fd969d4ce
SHA256 3208ca3478a145e532f626f0707a086ecf0d8ae9aee5297bcf5b5c150d87e9e2
SHA512 d2a8c210916b04832f413869c3aeb569910d1a7fb56f7d51c3909e5f5c157e9ffe7eec697aeb2573f04b465fe7471ef082a3276f6095c8566ccf5f0014bdeec2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_9CE832D646FBAFC5C4ACFC523FDD84AD

MD5 a893d234d585a12703fe918448035b86
SHA1 3585a799bab0aec0ea4fdf9066da9d2ca8b56168
SHA256 3d95cbcab138c90d08dcfff42fb9ca1f698b46c4f7d27916d125b19581b77abe
SHA512 13225601ce100c68a3e5d0fc31281ce952ca24a67a67da1ffce83e078fcd9fa35de92470d9bf67f24304cc2a3de97a8b29bb1f545829c8b6901a1d89952a22dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f46c4f6cca5cff4c99db78df46b6826d
SHA1 a767003753c15c459bf17523ba6d5c5159389d1b
SHA256 12c7ccf897d9ffb19886021715b906d64e3f825409aed21cfacbb401ec976dff
SHA512 cadab173824245a6c600dc4f8135156f8c2dfe13c00abe3322e392a87187d35da6673b260f195fd47d8d15d13cc475559bf1e00b8b6e3eaa92a39971d8e933f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1ed2d5c18f8f31275bb314b083c0f37
SHA1 80d2ec9f3e4dac413b869e448a6253f71e3ea93f
SHA256 0ec4904c3639b5307abc7a4b885c94a057b6b0ecd44f973e5d427591117b54f7
SHA512 d0de9876a6b90ae06e2a0df48a5d8f8723d1063f7b5f2c1086662d1d12b8cfa3f7077289880f29ca7ee4914b0d45828b54e70e5ede61555569bcebbaff43c131

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 d1bd663d3f9e6c08e140ebcae04e9f4c
SHA1 a005a66f093f36c5769c77fb6916fe6c99927c53
SHA256 3d13b90400e54aec1f64082730a0ed503a6d315e83184c797171d19062cdcc9d
SHA512 9e5c22c8c0a25e0fe78983f3d5e284bb5f30d57b29be97879c23bf2353ea1f8eb7810451448600c417128eede11424bc4a8c8d6173fe072f2a16013daa45ce13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f85a21783d7924d55782fb5b95012d89
SHA1 4ac40128bc8f407f896563bb64d26ce2820ee016
SHA256 5b1c52289cf266876f5773e76bb84ecb9a6b15ef52366bdab65f5e7be2d2d890
SHA512 f6a879a169e9212308aa559d8392a20ed2d0bbbdac086ac2fefb1d241c8255372691d619b359a25d76b92c6ef22af0632afd368d77603eac62daa9b74f31fb0a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6GL24G53\55013136-widget_css_bundle[1].css

MD5 e3f09df1bc175f411d1ec3dfb5afb17b
SHA1 3994ec3efe3c2447e7bbfdd97bb7e190dd1658f9
SHA256 1a2eca9e492e3a21e02dd77ad44d7af45c4091d35ede79e948b7a3f23e5b3617
SHA512 16164d66d452d7d343b1902fe5b864ffdee42811ee90952cbfe9efa9847c58c0403f944c8e29db2bc2384ccd516b629cb8765e5e51de37da6efd75962cf82530

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4VBOHSO\f[1].txt

MD5 11e43126754b46faec3233cf61646b70
SHA1 ca2edbaba7ebda4c31aea5b85368d0f7092edc41
SHA256 2d4c2bd4a118aec88608dd50c912907b89359ddba1badc8672c3554e4304efd4
SHA512 584ff5473f15dc7e512ba4ba53e34bc7321e6349554ce687d380b9e31772fa3c00052fcc81ef9bcdc7ba3b7c85b18cbcfabddbbfb7c1d7d8cc010c1686d2b95f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6GL24G53\cb=gapi[1].js

MD5 cb98a2420cd89f7b7b25807f75543061
SHA1 b9bc2a7430debbe52bce03aa3c7916bedfd12e44
SHA256 bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4
SHA512 49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3JH4PQP\js15[1].js

MD5 4beb0b1c8bbca69316e6eadcd83b1bf0
SHA1 602491c5f60960bf4ba7c3d2e600681a06ffcaa1
SHA256 429e7004f3f8fbe42cacb984c36a9cda33efdacc100a276b12e82c6ab78bf7ec
SHA512 3bc8560d56f39ba09da8a3582587b9ca727dd9fa60582892a2a8a2d7de42fa0fa057b28986a0975b84589d8e9ef320f976b3731a19ea17c83388c1309041b8f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q98GZSGI\0[1].htm

MD5 2c9607dc3ba6ce7f822ec1000adc9a9d
SHA1 97643aa7b1f5d1692463334bdf1bbce57ba5d010
SHA256 0ec1bcb240a53aa0a9652b960b56db9e79d1b380f7e8ecb67be7522462798a85
SHA512 bc0227247b7e473bb5df64c46e1157ebce3f09598a7f04b9857619d113982ef30fa86ab80591235e0c657bd06de6aabaaa940ca377e7bea813c9e2ed8ed993ad

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4VBOHSO\authorization[1].css

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3JH4PQP\cookienotice[1].js

MD5 a705132a2174f88e196ec3610d68faa8
SHA1 3bad57a48d973a678fec600d45933010f6edc659
SHA256 068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
SHA512 e947d33e0e9c5e6516f05e0ea696406e4e09b458f85021bc3a217071ae14879b2251e65aec5d1935ca9af2433d023356298321564e1a41119d41be7c2b2d36d5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6GL24G53\element[1].js

MD5 97fc95d78da9f36bef35058e2b7ab73c
SHA1 2e2bd4e9a9155b7183db8e45f28ee622a1764b98
SHA256 a43cc09915fd16ff64789b08fa0dc3fa81c1bdcaaa4b352159216355c94d80cb
SHA512 cc5431e08007478f9afa279630100a5435e02566858ba78f0e16f2e9afcdc6c2275798d8cf31cf97683366e825f832fcc46b76a93a9d3e42932924352224f4a0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6GL24G53\m=el_main[1].js

MD5 989f9c5a8dcf28324c56d891eaa29d05
SHA1 cf67d57282207f5fd43834c3cb943805dcfa3d3b
SHA256 d219f28d683e530c4085057f45ada38c5dab9d81983d6c65eea7a149ca0f85bb
SHA512 05886e3f43bda60eb82061c2496022108b062361e54d83ccf305bd066788af257af898fe2630d3b03c54fa18d2c192d2963c38cf48594d2b200c3ce00e55d553

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4VBOHSO\3618731732-widgets[1].js

MD5 2f03eb183c84a977c14e9e2b57b9e89f
SHA1 55a186e6ffbebc43c5c7addf0e320f9250310725
SHA256 70b7f058dd01599c07fc1141c6e197849e2dd18d82c12faed0dbcc151bc5acb0
SHA512 449f0607cccb521a1734d21f177e3d444ccb8517a77d85f91a5f3bcd47e9872f99de2254f873850eb5d7eea88f3934b2161ec8ae7b6b57272ff7d7cfd1befdf9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q98GZSGI\css[1].css

MD5 4169d4a8701b5c253cfb2178415997f1
SHA1 24cf6f697756068ab04519c74ca82ce0abb5f9a8
SHA256 e2ee45552145cf81c35e596d9b6cb6cf60d768675a1e4521ad265d41b9cc7cf5
SHA512 03c1aa85db284040fecfc9f40f5e04342b7d203e3a87d7c4f1c904d5a6e27bc095ab86c0d2ca286afdffd78294727d810f4763fe06e2e701342a61208c0044a2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q98GZSGI\css[2].css

MD5 a8aa26addf3c87d9f58374f6ea73308c
SHA1 32e6214b33a369b8d766e6cac55f757e0f7776f9
SHA256 5f76b4459b4391e5a30677a87065c7775d9b085b6b3652e1146b03f1b6b8c306
SHA512 c358b2cb834a9f417357168683463a1ddbac13555cbffb4bb0255761c6e12632ac4ad95bccca24be20bbda2cc21593629d57ddde7cecd01b98c18511c31558df

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q98GZSGI\0[2].htm

MD5 0de2c9e44ae13bda023966ef2fb3928a
SHA1 a7cae6e8f174ebbb3e70c5a7466a32a9e6d76531
SHA256 d8f2e856c8d7729204f78731e51c1901df0ef7e5266c562ddccb40564cc3d91e
SHA512 c50f9958bee3d74fe927355b5024c51528ddb1250988c53fe12de7cd37de0584fe686ee1fe38897cb6692dd2cd8fad908d99207cabfb6d58b9b593613b7c4d56

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q98GZSGI\dnserrordiagoff[1]

MD5 47f581b112d58eda23ea8b2e08cf0ff0
SHA1 6ec1df5eaec1439573aef0fb96dabfc953305e5b
SHA256 b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928
SHA512 187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q98GZSGI\errorPageStrings[1]

MD5 e3e4a98353f119b80b323302f26b78fa
SHA1 20ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA256 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512 d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q98GZSGI\httpErrorPagesScripts[1]

MD5 3f57b781cb3ef114dd0b665151571b7b
SHA1 ce6a63f996df3a1cccb81720e21204b825e0238c
SHA256 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
SHA512 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b1e096aab516b408f1f5d13f049b512
SHA1 e0510f13108e0e3a2d7757061dccf0a5d02fac62
SHA256 1d3b6808f32361fb62c915c365991a4fd3f22a859a704ccdc37a8bcbba89019f
SHA512 88f4da62cd6daa06f8ebecfcddec7b651e55de20d42bd688af1be90c06cb5be221a5437154b7a0b56f09d996b9c18b790ca3095bd9fab1e6809bc7017085e90c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d8a20da4d2ed5a6de45397d6f0ac116
SHA1 64703eca385677a44ea3af97aaf397098831f0ec
SHA256 a67112c3e16c5dc69198ecc2875a23d32dccec1921d06645746e42e515b6d665
SHA512 c0700c7b7b98d50c68e0711e009b2d66f8c78363c2e439e7f21acc0ec55f3e6f78ee15bb6bb62ef2c2817bd691bae04b75e4e82847b07444cd8cd96bb6f81e71

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3JH4PQP\e[1].htm

MD5 6c9fcaae9f204d3fbdc498c8e897142b
SHA1 08744da6568aa66865b7dc089fb5a6c0ec59943b
SHA256 8a5ee74a0b0652d311ddd54c2c6847c2d38b6db8fbfa55da5d029b3c2185873e
SHA512 7dad025ccd87f91f8affb1949fcd8e86cb1f44bfa70749ab3300d07eed2d6e44f330224fe8f8d61568bc290003daf947ee5982b331debd69a1e6927f8332a77a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 1bd6b212e181021b31a805815bd9b40b
SHA1 063b874f6fbfdcf18c150441e71cd58538ca8c26
SHA256 63ff9942449a23be19d2597cf9939454db2f21ec63e8a8f4adf3ef7bd748f6cf
SHA512 ca6c7e77532df58061a1054729020841eed609c2ad62888cb18935aa36630d5719c011dcb5a39b7c80e5059fb4c5aa2fe6cc0e11e50f57253264b909d9b5cfd5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 7fad1cd72339a48ccdb882723bc9d927
SHA1 bf312e2a6323eece57fab96549652b6050b47b5c
SHA256 fae3ad92d5b4ef7e72821982e2d7b63bdb64b630dd9d66417faee3e2732e127c
SHA512 5313758aaf1e3301b8610f012173e257bf66e88f9c8bdce7aad631d425321feaed136c36a140c1af60becb2f8b54fbc76c5a810b34f85a47db7de78db95a3956

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-27 02:10

Reported

2024-08-27 02:12

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c4316d3f6d8496b977f4a99d5be2057a_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4780 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4780 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c4316d3f6d8496b977f4a99d5be2057a_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7fdc46f8,0x7ffe7fdc4708,0x7ffe7fdc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7384 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7384 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,858275639706211959,1268362648551105004,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1288 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 ads.clicksor.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
FR 142.250.75.234:80 fonts.googleapis.com tcp
FR 142.250.75.234:80 fonts.googleapis.com tcp
FR 142.250.75.234:80 fonts.googleapis.com tcp
FR 142.250.75.234:80 fonts.googleapis.com tcp
FR 142.250.75.234:80 fonts.googleapis.com tcp
FR 142.250.75.234:80 fonts.googleapis.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.178.138:443 ajax.googleapis.com tcp
FR 142.250.178.131:80 fonts.gstatic.com tcp
FR 142.250.179.105:443 www.blogger.com udp
FR 172.217.20.194:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 apis.google.com udp
FR 142.250.178.142:443 apis.google.com tcp
US 8.8.8.8:53 draft.blogger.com udp
US 8.8.8.8:53 farm2.staticflickr.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
FR 142.250.178.131:80 fonts.gstatic.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 18.245.160.68:80 farm2.staticflickr.com tcp
GB 18.245.160.68:80 farm2.staticflickr.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 18.245.160.68:80 farm2.staticflickr.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 s10.histats.com udp
FR 142.250.179.105:80 img2.blogblog.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
US 172.66.132.118:80 s10.histats.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
GB 18.245.160.68:443 farm2.staticflickr.com tcp
GB 18.245.160.68:443 farm2.staticflickr.com tcp
GB 18.245.160.68:443 farm2.staticflickr.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.facebook.com udp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 s4.histats.com udp
GB 157.240.221.35:443 www.facebook.com tcp
FR 142.250.178.142:443 apis.google.com udp
US 8.8.8.8:53 infoforextrading-advise.blogspot.com udp
CA 54.39.128.117:443 s4.histats.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.75.225:80 infoforextrading-advise.blogspot.com tcp
FR 142.250.75.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 68.160.245.18.in-addr.arpa udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 118.132.66.172.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 6.39.156.108.in-addr.arpa udp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 forex.webhostinpakistan.com udp
FR 172.217.20.179:80 forex.webhostinpakistan.com tcp
IE 74.125.193.84:443 accounts.google.com udp
FR 142.250.179.105:80 img2.blogblog.com tcp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 8.8.8.8:53 225.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 117.128.39.54.in-addr.arpa udp
US 8.8.8.8:53 226.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 179.20.217.172.in-addr.arpa udp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 translate.google.com udp
FR 172.217.20.206:80 translate.google.com tcp
FR 142.250.179.105:80 resources.blogblog.com tcp
US 8.8.8.8:53 xslt.alexa.com udp
FR 172.217.20.206:443 translate.google.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 fashion.webhostinpakistan.com udp
US 8.8.8.8:53 webhostinpakistan.com udp
FR 142.250.75.234:443 translate.googleapis.com tcp
US 8.8.8.8:53 www.alexa.com udp
US 8.8.8.8:53 ftsignals.blogspot.com udp
FR 172.217.20.179:80 fashion.webhostinpakistan.com tcp
US 8.8.8.8:53 ras55.com udp
FR 142.250.75.225:80 ftsignals.blogspot.com tcp
CA 54.39.128.117:443 s4.histats.com tcp
US 8.8.8.8:53 www.histats.com udp
US 8.8.8.8:53 206.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 blogger-related-posts.googlecode.com udp
FR 142.250.178.138:80 ajax.googleapis.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.68:443 www.google.com udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 172.217.20.206:443 translate.google.com udp
US 8.8.8.8:53 blogger.googleusercontent.com udp
CA 54.39.128.117:443 s4.histats.com tcp
FR 142.250.179.74:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 82.116.253.172.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 74.179.250.142.in-addr.arpa udp
FR 172.217.20.206:80 translate.google.com tcp
CA 54.39.128.117:443 s4.histats.com tcp
CA 54.39.128.117:443 s4.histats.com tcp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
CA 54.39.128.117:443 s4.histats.com tcp
CA 54.39.128.117:443 s4.histats.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 top-sexy-girls-models.blogspot.com udp
FR 142.250.75.225:80 top-sexy-girls-models.blogspot.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
FR 142.250.179.97:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 www.webhostinpakistan.com udp
US 209.159.148.130:80 www.webhostinpakistan.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 130.148.159.209.in-addr.arpa udp
FR 142.250.75.234:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0446fcdd21b016db1f468971fb82a488
SHA1 726b91562bb75f80981f381e3c69d7d832c87c9d
SHA256 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA512 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

\??\pipe\LOCAL\crashpad_4780_CZZQQSJCANVDUWOM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9b008261dda31857d68792b46af6dd6d
SHA1 e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA256 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA512 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4a1e8a01aa9eddb3c50301d1ddc3dba7
SHA1 15ce5a9b5caa6b0cd0094b8e898dd4cfcfcee4aa
SHA256 925265a90aa2bdab6b98f577cc6c9fc413cdc41cc17c416187529109aefb1603
SHA512 47a6efe6d7df58988b6b921e072fd39da9869e646e103d5fa4e1f23452cfba8206a07b52ecf3df33e8b7cc66b358b9a7febd3b9eb1cf2ecfaebb0a97cb1e8b62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 e3f09df1bc175f411d1ec3dfb5afb17b
SHA1 3994ec3efe3c2447e7bbfdd97bb7e190dd1658f9
SHA256 1a2eca9e492e3a21e02dd77ad44d7af45c4091d35ede79e948b7a3f23e5b3617
SHA512 16164d66d452d7d343b1902fe5b864ffdee42811ee90952cbfe9efa9847c58c0403f944c8e29db2bc2384ccd516b629cb8765e5e51de37da6efd75962cf82530

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 2f03eb183c84a977c14e9e2b57b9e89f
SHA1 55a186e6ffbebc43c5c7addf0e320f9250310725
SHA256 70b7f058dd01599c07fc1141c6e197849e2dd18d82c12faed0dbcc151bc5acb0
SHA512 449f0607cccb521a1734d21f177e3d444ccb8517a77d85f91a5f3bcd47e9872f99de2254f873850eb5d7eea88f3934b2161ec8ae7b6b57272ff7d7cfd1befdf9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 8da65dd6e50b9ef72cda55d9fd1a165c
SHA1 eeecd39c1791af50dd31f13a0e4690b6aabe436e
SHA256 49987ef89c76396545bf199f5aaa680e770178c4c876cd524204c72d7da9a6dc
SHA512 5d8f02576775437d5103727bc32ed9313e52a556a70e7d6d485e0165764891d25c70e1bd023a88cb24f9c247689fd407578b5e5729330d81e4951e9188d6ecb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 88079703703fd0dbcc8429195c2f42b3
SHA1 02bd4a7ccd08b8aef80812d5439956ae71ebeb1f
SHA256 b2a948c5bfbf5296dfde3f7072fe139bf16e95cd1cbebb988bf8dc01d1d1c903
SHA512 53b37d766ad7a9a714c259fd42b4b9a6ce8df3c225110af3f4350296c2188b8b5612065aa2a5eca32e3b7ff32d79090742b842b254a6315115dc690ba3b5fcba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f565b570548e91e5e07c63192fb28770
SHA1 a42f3bb87d7842aa882d49dd82e82d72dad83ed0
SHA256 97165f16b954df1e081ac6a9c47c484b94da6a0546296874971c0c2164fc20aa
SHA512 d98b628cee74a7f22d65aeefbfe40e1637440acd3003010091fa91bb20a4b080d97d798258da480afdc97ce0888fa255840b87886e806eb6713394f6064d897c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 163312276138a315d3fbe5e7683d598e
SHA1 174a7afe9f9c4ee0a1a97fb13a8a79107bb81586
SHA256 69696277e967dc5ab9fad7273599a85d5bab8557eb8b9fe661812b1ee965f155
SHA512 bab14be528ed183c9536f047079df021899e9d915f37a051c3ba3cacf15844301e2af73141fcbaf60e6e02e07a02223181976d36f407960a36f09756ae926f6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2d4bdfe470de9b527445cce5027efcdb
SHA1 0006279fbd5f7e6aeb4bc470c4f5d469346625a2
SHA256 efc1dcf8be617e45051f44884de19ced6c2bf40a50f8cf0d792136c38ad520e2
SHA512 4cc7a09e02acd6da9fa8fdadf75c8c8c41f1431d08a2d82bcdc23bd89d9161832a4776ae23149f74579f0ea2107b8c41c5038830e67cda5f5304dc3d2fcfefc1