Malware Analysis Report

2024-10-23 17:22

Sample ID 240827-lld86athld
Target c4bda82f753a6914814e86a85a09df4b_JaffaCakes118
SHA256 08dd068317075bfe973b369e120e0d41267655d0f990887294caced25e9673ba
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

08dd068317075bfe973b369e120e0d41267655d0f990887294caced25e9673ba

Threat Level: Known bad

The file c4bda82f753a6914814e86a85a09df4b_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Browser Information Discovery

System Location Discovery: System Language Discovery

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-27 09:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-27 09:36

Reported

2024-08-27 09:39

Platform

win7-20240704-en

Max time kernel

145s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c4bda82f753a6914814e86a85a09df4b_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c70000000002000000000010660000000100002000000041a939d3f49ab830ab6ae064ec0df09f8b8807b21254748e12e33e496d5131aa000000000e8000000002000020000000fa0021c46aff3d5ebd26bac8e2b3cdd6761bc885482cfeea7394affdf059c227900000001bea8074dbac4d4009722e1b762eec7e40530fe5b23edee95122bfdff700f6982f6190b85de82f280062431b868a2977dae46313366ac4b9d50926a7b9ef42df7cac36346940c52da300b8632ff4f5d553f57deefb091acde80a5fcb0b65e5e211c8f9950913c3c0392bde93e88a7aee064a9bbab1e5a336656a3f0dc70493ff7db9e69984e71da383979d63027539e6400000000898bcef882175d57dd38a6642cc1c5ced941b2e13d71278d8f04d5ca4da3dcea0ba28ef6ad1166e0f37c7bf48bdd5714bacb8fe9f48b6892578a9d5c448ef17 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0baadc064f8da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430913285" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E79E0541-6457-11EF-9E2E-D692ACB8436A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c70000000002000000000010660000000100002000000013663d43d2341f86aa4f1c19bae463e93565b8a1316a4614ac9a0b3c3437ecb3000000000e8000000002000020000000cbe415ae5b7ade5d63509acf5b27b91a26959a8978753a6105de281e6a0ad67820000000ccf556292264f9dfa09583637aa7b1bf1592d7301d9086e7e5e0b9345ab6744540000000416f6fd1a81b3cde8dfe3204cc656ce617d4fcf8652492fe440828665eddcc5a7145b43e9bff41a70446e015d5351078b197c06bae4c844aa36b3120766fb25d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c4bda82f753a6914814e86a85a09df4b_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.iconeasy.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 scr.kliksaya.com udp
US 8.8.8.8:53 kumpulblogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 cuerosb.googlecode.com udp
US 8.8.8.8:53 adsensecamp.com udp
US 8.8.8.8:53 script-bamz-us.googlecode.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 dc353.4shared.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.checkpagerank.net udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 gickr.com udp
US 8.8.8.8:53 www.indonesia-blogger.com udp
US 8.8.8.8:53 lh6.ggpht.com udp
US 8.8.8.8:53 inovasimedia.com udp
US 8.8.8.8:53 api.ning.com udp
US 8.8.8.8:53 farm5.static.flickr.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 i155.photobucket.com udp
US 8.8.8.8:53 link.belati.net udp
US 8.8.8.8:53 i768.photobucket.com udp
US 8.8.8.8:53 www.morevisits.info udp
US 8.8.8.8:53 www.w3-directory.com udp
US 8.8.8.8:53 www.auto-ping.com udp
US 172.67.179.240:80 www.iconeasy.com tcp
US 172.67.179.240:80 www.iconeasy.com tcp
US 208.82.16.81:80 api.ning.com tcp
US 172.67.179.240:80 www.iconeasy.com tcp
US 172.67.179.240:80 www.iconeasy.com tcp
US 208.82.16.81:80 api.ning.com tcp
US 172.67.179.240:80 www.iconeasy.com tcp
FR 142.250.178.142:443 apis.google.com tcp
US 208.82.16.81:80 api.ning.com tcp
US 208.82.16.81:80 api.ning.com tcp
FR 142.250.178.142:443 apis.google.com tcp
US 172.67.179.240:80 www.iconeasy.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 69.195.73.201:80 kumpulblogger.com tcp
IE 172.253.116.82:80 script-bamz-us.googlecode.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 69.195.73.201:80 kumpulblogger.com tcp
IE 172.253.116.82:80 script-bamz-us.googlecode.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
IE 172.253.116.82:80 script-bamz-us.googlecode.com tcp
IE 172.253.116.82:80 script-bamz-us.googlecode.com tcp
US 199.101.134.234:80 dc353.4shared.com tcp
US 199.101.134.234:80 dc353.4shared.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
GB 216.137.44.119:80 i768.photobucket.com tcp
GB 216.137.44.119:80 i768.photobucket.com tcp
FR 216.58.213.74:80 ajax.googleapis.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 216.58.213.74:443 ajax.googleapis.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 216.58.213.74:80 ajax.googleapis.com tcp
US 172.67.131.14:80 gickr.com tcp
US 172.67.131.14:80 gickr.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 172.67.131.14:80 gickr.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 172.67.131.14:80 gickr.com tcp
US 172.67.131.14:80 gickr.com tcp
US 172.67.131.14:80 gickr.com tcp
FR 77.87.110.40:80 www.w3-directory.com tcp
FR 77.87.110.40:80 www.w3-directory.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
US 3.33.152.147:80 www.indonesia-blogger.com tcp
US 3.33.152.147:80 www.indonesia-blogger.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
US 104.21.50.72:80 www.morevisits.info tcp
US 104.21.50.72:80 www.morevisits.info tcp
DE 94.130.218.80:80 www.auto-ping.com tcp
DE 94.130.218.80:80 www.auto-ping.com tcp
GB 216.137.44.17:80 i768.photobucket.com tcp
GB 216.137.44.17:80 i768.photobucket.com tcp
GB 18.245.160.68:80 farm5.static.flickr.com tcp
GB 18.245.160.68:80 farm5.static.flickr.com tcp
FR 134.119.176.25:80 scr.kliksaya.com tcp
FR 134.119.176.25:80 scr.kliksaya.com tcp
FR 134.119.176.25:80 scr.kliksaya.com tcp
FR 134.119.176.25:80 scr.kliksaya.com tcp
FR 134.119.176.25:80 scr.kliksaya.com tcp
FR 134.119.176.25:80 scr.kliksaya.com tcp
GB 216.137.44.119:443 i768.photobucket.com tcp
GB 18.245.160.68:443 farm5.static.flickr.com tcp
US 104.21.50.72:443 www.morevisits.info tcp
FR 134.119.176.25:80 scr.kliksaya.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 96.30.9.108:80 www.checkpagerank.net tcp
US 96.30.9.108:80 www.checkpagerank.net tcp
US 8.8.8.8:53 www.ning.com udp
US 208.82.16.81:443 www.ning.com tcp
US 208.82.16.81:443 www.ning.com tcp
US 208.82.16.81:443 www.ning.com tcp
US 208.82.16.81:443 www.ning.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
ID 45.126.43.27:80 inovasimedia.com tcp
ID 45.126.43.27:80 inovasimedia.com tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 96.30.9.108:443 www.checkpagerank.net tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
ID 103.30.145.12:443 adsensecamp.com tcp
US 8.8.8.8:53 lh5.ggpht.com udp
FR 142.250.179.97:80 lh5.ggpht.com tcp
FR 142.250.179.97:80 lh5.ggpht.com tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 173.222.211.43:80 r11.o.lencr.org tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 s10.histats.com udp
FR 157.240.195.35:80 www.facebook.com tcp
FR 157.240.195.35:80 www.facebook.com tcp
US 172.66.132.114:80 s10.histats.com tcp
US 172.66.132.114:80 s10.histats.com tcp
US 8.8.8.8:53 accounts.google.com udp
FR 157.240.195.35:443 www.facebook.com tcp
FR 157.240.195.35:443 www.facebook.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 developers.google.com udp
CA 149.56.240.130:443 s4.histats.com tcp
CA 149.56.240.130:443 s4.histats.com tcp
FR 142.250.179.110:80 developers.google.com tcp
FR 142.250.179.110:80 developers.google.com tcp
FR 142.250.179.110:443 developers.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 173.222.211.43:80 r11.o.lencr.org tcp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 172.66.132.114:443 s10.histats.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
DK 157.240.200.14:443 static.xx.fbcdn.net tcp
DK 157.240.200.14:443 static.xx.fbcdn.net tcp
DK 157.240.200.14:443 static.xx.fbcdn.net tcp
DK 157.240.200.14:443 static.xx.fbcdn.net tcp
DK 157.240.200.14:443 static.xx.fbcdn.net tcp
DK 157.240.200.14:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
DK 157.240.200.14:443 scontent.xx.fbcdn.net tcp
DK 157.240.200.14:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 goo.gl udp
US 8.8.8.8:53 raxterblog.googlecode.com udp
FR 216.58.215.46:80 goo.gl tcp
FR 216.58.215.46:80 goo.gl tcp
IE 172.253.116.82:80 raxterblog.googlecode.com tcp
IE 172.253.116.82:80 raxterblog.googlecode.com tcp
FR 216.58.215.46:443 goo.gl tcp
FR 216.58.215.46:443 goo.gl tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.71:80 crl.microsoft.com tcp
CA 149.56.240.130:443 s4.histats.com tcp
CA 149.56.240.130:443 s4.histats.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 7c4928dfe992fa99e7875f2a19a6aace
SHA1 075212e707953989d4f7c08c62994b18b527e43e
SHA256 843cd385ee5f720466c17e33f738537fb8b299d8a7a911a45b17d3b0151b691a
SHA512 75543d06ebddabd6f92c2e149559697b863efc075e497e365093ed865877e8cf5e0eb09abcfb249cb0b33912f22851ce3c07d67472dffbe2bf0adc47a66ae02d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 826ae42dac5c7468d2c4d89f86ca9dfb
SHA1 9045174e71dc34fbdd941a6a36cf8c248070f97c
SHA256 4f1e949c21a13e54f6d6938ee262c69df224feb4513c0ac344ffc30da2762814
SHA512 e6ac5e8467f93af629a687472d78fbd31741e6120c0f03162c93e93cb433cc559ead5ea73a03d56f51f08bc108db97d017bd2c96fec079966a2518517e616178

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

MD5 c6d21ccf6fecf86dfcc0c1950bb517c6
SHA1 ecac54bbb7b68df2a2e361980693aa6f18583af2
SHA256 955d160783565613b66a02b794afc10edc38c9811dd18609daeb18371182c8af
SHA512 9a6782f3d4cc3dbbde5960d0f1ae32a5cf84f0455628cef3440dd1fc015609edb3c00674d949f625a8e6aed50f578a4e8cfebc49aa53b8a658e0013da841e718

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

MD5 72bde6d1c35fedc47a854d0764f02719
SHA1 148144084bfda73a05c0dcdd7319188b2ccfe710
SHA256 c0992afdf2a1b91920cbc3f207bb5013437f8ecf8af00cdf22dcdd5dba916774
SHA512 71262c425eb8d1aab973778720fe489931d0abd2b3bf3de0169e0c90afb47ee522ad749c2472440f228e4a707887aba78a46a2245bc4b5a9339a0609de169570

C:\Users\Admin\AppData\Local\Temp\CabABBD.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarABBE.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f816451cb4bfd45e30965aa3ea95ad0
SHA1 069377399b85204d23e430bb829b1e1f02b1f3e0
SHA256 2396da3f88297e3afe0129da2983ebf6a15a3fb67baf623f8c3d09492c49c08d
SHA512 e20806dc10b0dc911123482b872d8b59c767de3e4911ce78e59732fb816c8423f9962a9d1572236659f46cfeaa5baa6e40976242fbe3b3132dd064e4820dc014

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e79d7dc140f8c97f61d043db198b7139
SHA1 6f520f8853a7fbe260f54d3f06f35d72ab0789f5
SHA256 a30b195bf2f75acac3c970da296a9a1f95b2088c1477fc2b048750fc6cbec4d0
SHA512 98645d82a09a860660ea0792e934d60569bdbfd88afb25e31b39bc0aabae8db71a2ba926d8a9109f8ebff6ea4ca14f8ca0cc125ab9e5ba29d8b775eca2a206fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8bc3761bbdff1636b4f80f20890e3e39
SHA1 2446bd472e61f079b435759bbeec31284166f59f
SHA256 6b2f4624600eda27b5d0955df83c7b211301c813732097d9a1745273a7466f94
SHA512 d7c839f65d7ec8ba7542d338af25300a3f3e89904b9ac1c271f6cba495e8ee75ecc1f6f8aed54d819cec9ffaab3df4d0bd54cb23ae59ed0a9ca4ab6be390035d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dca26e112e5ab0e199b8edbe34097af9
SHA1 0b876b6c54a25f307ada421d851d9aa2e4d140a7
SHA256 0d19cee39f58b63208d936b421e8897e34298a9ce098d12b3593a7e155db23ab
SHA512 974f6018131fc29acab07732b32ded5c984648b4d22531150609b1c45facda41e4f7c5e77e35c5489871e655721c00d47ee884fe3f8c118a0bedb8ed60a55180

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 943bba15f0f7af73c9dba908c53e3cf2
SHA1 2ddbce9bf02119ea69423ade8f5c02707c6ceffe
SHA256 17882fd407b3244053edfd1193c12deb1a9aa76c04c480ffddf4ae76b23936eb
SHA512 71b79d35f5d3091b13143768394f18e435fc31e341a888797cda4d88225acf6c0c58e0a5eaf6a3bb2aebf0367175cb946ee4a84017439e8e6ceb44d502adefae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 e65f69161cd8bd626b94af9e5281a5a3
SHA1 a9daf3dc5a39048d2640ce3f8c83d1e083877aa3
SHA256 0c22ba4d48ead3a176559c9f62873337dcea255ee84a5bd192ba31724999540f
SHA512 0e18829808379f1f9c27bd11cf8f9a4fd69c9ed2f022636265166e499a7517ce82f565e4ad520369fd513475c798f3e490c3d62663bc45f956f93f9852237284

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59e5080110237325790043e35c59f783
SHA1 8162f8cc3470deb8565bc294d44113f1e03ddace
SHA256 48b974c4cdcbd2beb8d2ec749937e3bb185fd57d34beee506f615201554d9023
SHA512 fde760dcf9a32c102dc0b9d077684a68c419f81adb200a8d1992c411277c642a374e1941033c46796d272270ce6666730270cdf5c43c69b65e83134d74444948

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0f6eaf6df20c53284ac78a22d61d669
SHA1 6552d3769bc5a8b59d128cb180cb15ad034a82bc
SHA256 87d73d288a1cf1aa5aa0d978e75ba860c05f716cfb044baa64bb4cdcbd4d50c8
SHA512 16275d054a9d67c86d12c627438dfcc5279f121f707008225b64e1f8c5d71c0cd6b0a62085e590884790f21af29ee5fdb4afe7f834457e74af074899123db34d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1366efde980ae8fa62c5fe8bf2087312
SHA1 f738a06bf468973ddfd5999bdda4454fe26980e1
SHA256 b0cf24d4e042e4f2709d6f48c54547d9e0d2855516c001775996dd6155e743ad
SHA512 af72daaa2c0c4543b8e34c3664c8e25ec31aa6dc36dd29a49e99b9060f1e55af663b166b979b994625507aff165071e59f246d14be588aa2006282fccd84d98b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c321c677d9f5d0b23454abe828dc8d4e
SHA1 023e90a0e8ed53709c4010c8cea41f5f3c9b065f
SHA256 776bbdf9fe41b2a119b73da5ddaac88d1a8e2d37d47eb8d2e42c36696ae938e9
SHA512 e654a08b7d362254fe39527224c960aea39f2b15f9f1f3402aa4af026f8c6d55f57a56c53800b6ceb2692242a0a6516cde6d9a20457e10107efe200ab09fc4cf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GA43GQEJ\plusone[1].js

MD5 65d165a4d38bfc0c83b38d98e488f063
SHA1 1c4ed17c5598a07358f88018a4872aa37ae8bc07
SHA256 b1320e0dda0858c87971f7baa0d53063ad2a429d232fd06b0067bda8b9eeb0ec
SHA512 abf4c755d88193e7e05398b6f934fc561d8e2adbee7d2170af399e145e54a4a8a93988e4af4e28d6240c0bd1bda7035ae97f67a85a471088820baae8d89f3d41

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GA43GQEJ\Y7Y-iHUxgoM[1].js

MD5 91d373d9e94c9c1c208fa3f8c10e73ef
SHA1 440526adde5b894418ff6bc5f08530189a9011ed
SHA256 af8dca6770325e5723816da2fac1c8b260dc42efb11666361b251a00e601ed02
SHA512 248c7a37a05eed4fbcafe891e9e27e9f7e790cf1b7f0d88db2b6303f42fdc1fc10430f3d12e5b6791e58016d27ffa0bfa0e9fd73951db3e2197c3876c51f4da4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNZH54VQ\dXk5exdOVhk[1].js

MD5 b4be83a21f6e0d40b752cdddee19103f
SHA1 3b0b9b0b023ea84a328e9b3b0af8635e631efc27
SHA256 25901136ab2bc54ec7e5603010b853c78fb36efb401f2045bb399c060b64292b
SHA512 1ea3bed440a81b42be9b1678af522c3a2cdda42d4d042d2bf355d43c61c1e6eb767f0333938b08af8d71fd3a354e35369cd2e083ff851bbe9964d5e54100f0cb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7H6XY0V\p55HfXW__mM[1].js

MD5 759df6e181340ef0a76a1bab457ebb22
SHA1 2afdfa1808428e97f7f8faea0624c8402956b04e
SHA256 9e57fedb96b3686621bccd5521f43a2037a823c74f062176952890b179b3955b
SHA512 2e20c1b3b445dd0b143dc636eac9421454b1615a6ce0be63afa012e7571385f346f456b9ff25545fd90ae11dd08b23f03f36f2242c817855d26578fc9f5c94ba

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GA43GQEJ\_eawcKGGOQC[1].js

MD5 5680c16b5521193389bcc4fc8fb87a36
SHA1 a60878cb1c3ba72de75d1437509bdfbb136a7c1d
SHA256 b36b8a2ca78ad22f099b7141b16b218243eb91a3f1e8ee81f8724d35ff3ee624
SHA512 d54a7964d8a4e70c296c20476f21b2618e7dd4481d906b1c1f71d79670b7ce4b9e3f1756a18ae4b4833b6137d3404d3097a8de7eda3a66d5cfc5ee7cce724cb7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCY0HBA7\Glud--w-qOK[1].js

MD5 0952dda588932eb8b8b8d3602dc7c3c4
SHA1 c5cd78580b6f2ca4401ef40af6a2d473c800d089
SHA256 43c3791795edc73fbeb3f175d09638775bb9aecc245a0c584c216aa11eafa7c2
SHA512 219f0313ba14297a40a82c9798b0a78821fa54df0c0e31302b6b779a065902f2c7cbf2a039f094ed759efbec3300fb3774e18c2d3d6767dcd3204a6fa6fbebb5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCY0HBA7\GGJYiuJ569H[1].js

MD5 339c6fa44cff45b3722e6ef45081328d
SHA1 39b9d41abc9a57c7ec174d2ba32c6f05249092bf
SHA256 3a692866c38c22b53b42635bd0996b3bafbec5770d493311b676677991aa9392
SHA512 1e9f877246f6cf5d23a3167146310cf87edd375aec926c9789e6d4833cea9ce7662b6ef88658e941f56cb9495ed98f600b228d6192abcc938427672e7d085cec

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCY0HBA7\4Dr55_uVn75[1].js

MD5 820ba80d765b35d376bbffe71c1b1927
SHA1 64f6376d7f3a2cdf75e0271dae8d6950b9f02bf4
SHA256 e2080a7fc91931fb0622e35a4ac3df8ed1fb9945dfe75a9b4a0689dce5e3d3dc
SHA512 5086ace89e9fe000cb529fc77e69dcbe801d165844bad16e098e6587ea8a858dfd2662a17ae061da6f54fff518f70036537b61a5c1ca9d7d67f9252c55530225

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNZH54VQ\o1ndYS2og_B[1].js

MD5 e9afd3c9b16db4bac91630d7066a5e1d
SHA1 b4f92d1ebe74ab6801ad7440447b4147a1455806
SHA256 ebcadee37045943d04569e67311374057c3b0816ac58c34bacc6f5b324fbb540
SHA512 02b60393f4d6d52f22900513de31b9302ebe3998681e06baafce5adb03477bdeba517fb6e9386c4dcb3deb34b4268ec76ec1143ea62a857c3bf9a78b29bd706c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNZH54VQ\YnyA8SYgYgp[1].js

MD5 3664e519426dd00f7afa8690abc3c432
SHA1 913e7e217dbecc3748c49f7eefca685c45eb0f75
SHA256 d0a3dbdc70a62741624d81377d6362a60ccdf1e7ea1d7257727bdc5977b6e90c
SHA512 6c584e33ee274bfc0ffa64b5efa2dce446b835a65b2597238a49fe43f1ef648656c2ef822b4fca522cad002894f98145ed55ce618938285b0c00ebb8dfeaebd6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCY0HBA7\MEtExguyptz[1].css

MD5 ed49e364f92076f052724bf274e62705
SHA1 23770b3f7401dba26a32c37187fe1ea7c0b69e87
SHA256 fcf70567eccf23a433ea35f45e89d9051c24439e7ecca2544f232195d1a8aa74
SHA512 cac8cb74314daff4e8290bc36270852face11eb8cf76f33bd970c7d093aac39a831f29a7a6d2445c96093b438ecc0b7918b5068c0aa16bbe9d6434e0c905b3c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2114c520aa843e3ca6fcc5c34d1bd704
SHA1 f0f57d1cb5ac0f4947872ba6febb4b24c3bc5a3a
SHA256 86e42f75a978c9114d4b3c90de443f3d5c76bceb910b882a9a2b91c0aac41592
SHA512 6c59a6f0b16453b4b39d968cd5a6cbd989805a2ed3b188f81cbd6a3841f3b429bab9390eabda7b2fdfdc18b626041e75a6e1121fae28ff52d5a092cda77e82e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cde316efd8e7f884310446294c75aea7
SHA1 d28b1e91fe2be9488fffd0049ddd4ae447e0d354
SHA256 5f2dc84c07299c3fca2454f04a29a177551f327f187c5267334c7c2c1cbf30e1
SHA512 144fd8272020eeb7298e024bf2ba1c1cf3f0d2d77932d85e03de4c6bcf9a47bf75aeb325d06d704dfa84f4f3e94ef8aef1f1bb4d651ee26aec50be6b27259463

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20e58482e239beea112d682cbe6e3bd0
SHA1 65795f4f0338e5f52b0479c5fddce716a40f4486
SHA256 c39e215bbb887e1497bed243baa67087ab02e6e4222365f9c67b38bb9620b9c5
SHA512 893960759bef5e6994f7d01cb26cd1d303d08249acc74aa14c4724817cd2bfd7a1af68bf5b709c6f205c5c752f445b1bffd79c6f9ab158fccf681c5895e17674

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 682018478ee6944295517524fe9fbc98
SHA1 cb59b95dbdccbafa38f39ef45a81549433b79817
SHA256 6182b2b739ad7fbc32e09583b4c1c1abc9a6102a49bcc49baee53447fe6cf100
SHA512 36da0e74178f937b1277b050296cd8c33df4bb60b8a13ba5836eaefd5d691d0dfcd12422600affe82c364cd9ffe58de900c1a88c73fde099bada9bc976a5e360

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 841d0778daba9f09dba142c1ae4e2d56
SHA1 a8457e9209fa67cc0941a3f0fae0f082138f0b51
SHA256 2b05f15b001a324fcddd8b1992132be3ab65d6b3ef1b87e8c360b25a3476ad93
SHA512 9cee3f4ce5787012ab8565752592f6ac60ead049a253d30b7aa0c9cb190bbd981afc551b605f48d0bc967499678c1f85f872b0984c99dcb3ca5169c71abc6fd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b077b394583f367b58666899c632702
SHA1 53f25380fa8aec61346a73384ae97096e5d1ca04
SHA256 2db5db5a3c613b27c5cc09227cab420744d38e2140fcf743b2f55b5cb98f86e5
SHA512 0aa11cd30cb743a6b7c0f266bff4bb68809b0e9c1889ac6bf9c1a3fce106150d3fddd8910bd31f6c51f67821d0e616cc69d13b137b3c56c8d9190c0a99f83267

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0b9b6c7d718b9b52092e8da390adc90
SHA1 0388b244c281d5ad8aa89eed277978404342c96a
SHA256 36987cc158878887d6c67afd087618de0a85ceeb2ed987997a6d0cd060853555
SHA512 3a9e552f630db68a77c140715a10a6cbd36fae2fa0f3752b725fd9be00715cd99a212a81f1df2eb7383f5f068441fb884ce6d38c06c12978a1a1f65f50d47ee2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04b961ef3629a7e5b7b20f561bb15ebb
SHA1 ef8ed6512be1fdcf18b1a0dc6c2e298e2342ef49
SHA256 79181c4a407c2da61e0a0d32a40ffb5ed934c6a0196704e5bf99de6217f010af
SHA512 bf92da9a286fb28b9b1f6d640da5d5e18bad7c1b1506968fe3b71976996c2d3f1b9c8303b64ae5dd3e1712b5fb8d27a96157415f84b1d5bb905e01aefe3d8274

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68d89d03c9d0ac433d44777a251396c4
SHA1 563f8227dd4cf14134f6cdc8b0543670e69185a2
SHA256 f67ab9e85e04d91e5f24dd61b207b61832ec16041928523ad1217c508bdd48ec
SHA512 fdb99cb634a3f130f9baf4e16e241f60431ff21f09c85588d7422cc888c66d849291db3996b143ee6473d726cef44ac06b4db9398925fbb01fa99aa58482a93d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 251f4b216f5971230705986ad31479d1
SHA1 8028b437da0de9aeb9df6cfd906b2b8fca04cd07
SHA256 c6bfd3d951ee2c1b568c3cbd8fafc9320b6f58222f607b01a5bcd074f4d89dc5
SHA512 3c7a8044d45667e4333d3f2af26636f43a8d7704df0a78739db1571303b33cdece73d8dafce7ffd39ba41d90298fbb62c7dd1b10ac0a8bd8e0d89090a6d8aff9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4d2a20ed3c3ab79bc03a2d283881fa5
SHA1 c8b2dd7a0011dd50cfdc4d8c2727fb0f9542b5c0
SHA256 253164495d165ae83d545d0751ddc59376587e00f9357cb70103653c856fcfda
SHA512 4bad964fb706d86a6a1af28934eba90fab6c1c04f7c692595b6391bf8d99e92ee107a484b3d8ff7c4a48ddcaecc65ea4df70e0b8111deaf6a8ad6ef277be189b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 70ffab61a55854dd254e01a85f92182b
SHA1 e8db0c1fb0db362d6698553c061471274f5e13ed
SHA256 91a6016540fdaac2bfc9b61f65aeee5a2361551714dc6bcfbbe2154e1e129006
SHA512 f30821db12620a4c710f58563568c7c7c3fe123d78309390fc8197e6393510061a48ae995c312961d8bc1c213167c716ed927856cd18ce1c0232fe14a2638c2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2aafaff6f74dad969740abcec8822edf
SHA1 1ad52a234d2abf6d423840c8f9da8933fa18f01d
SHA256 e443abfe223554c97a327c3976f56996a2cbcc0c3f1e45a474fa796dadfb987f
SHA512 73bd999a3b08f1395bf23d7bdc73b24eb3a8ca64b3b9b20100083e17dfe40281a3477ad8aa0f1e33d3003dacabbed7a5736323f515f76bece8b2794e2c5ba4d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d834f0c0284906d6851e8d27fbdb4928
SHA1 fe26c5740f42784f91eee0937f508d132d73cb9c
SHA256 08bb4412c82ec9c5ba6be394205a8823e1fd182912143b1970a7c5f573df2c3a
SHA512 a42e6ac15f475e992aad90fe00896c605f69657e074bb78dcc84fac562719670cbaa997377aac4caf745932deab84cd4eed190739f6605019ad7e32e64ab5cfa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e58cc044360fce921f2bf417bdf3acd
SHA1 3d15dcf8653967021f935a4ca0890e2440e77c55
SHA256 98d71f1fa5713ee66922cfdb83179e1622250f2b7824ed3d8346c02f1a0a4725
SHA512 4bb417223db169d18e7895511c287b3851f40d4ce21b289454a2de9fa17040e55bdf38c2c8bd8e2033434572d6332360512f09139be7989eca75ca37ef4236f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87451f4e06700883b48e518db8f25557
SHA1 d853611c7129520f78695d20785556f71a7c516c
SHA256 8bced34784a44bea36f6bfdcca8eb8a69e8e2ff159867273ca6ee165b37ced73
SHA512 33f0b5c5a42122ec0467362ea2aafbe32174323d4896691146a0ad0a60b97c89b60723a7fc364c1bdfb41cf99797eac8c0d3b5c5c6cb68ce8f8113337df5d47f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b0611e1b5662a2308733f0eeea79452
SHA1 c7a0a0f89e8ed4ef1058e35a2b9e6d9f179cd7a9
SHA256 36b15e3b1dc0cfa0c526bc4c1905a7bb1f290a9a3977ecc1021bc5efe154e2f7
SHA512 84a82982444d3f62621af694e90a910146f958f4f8b6c7c86b782ae02f709cdba1b65526144be8869a793fb0c9ea8a8309938161db6a27585441abeeac9170c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 52c513577078f5c8c80a725d4b317c0c
SHA1 bc9bdaa7712f9c08dcc21cc33c2f0373993cffa5
SHA256 0f9962cca9a1b17dff86813cd4d7d2890ccb89793e2a075e7a4e79758e7eb208
SHA512 e17c20ff795d2a3250a7ba899d83d9e535f49e4f571fc6f72f33c5727c8aa1b74ec2f46e46ca677848c68677d93a6b7f586fd699b678ba323003ec0dc90647c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ec6e701c4be3989c174674c6c817edb
SHA1 22e31487106bfda26d942f0c06a6e8d9831df064
SHA256 eff7884e343b45df2ca8f42cabfbc217a8c6ce62b06d86f1b3b744912c32e49f
SHA512 247e5c37dd39e6e3aa5bec86268dc51897e07a51c011b3bd9c284070300182c26be95d7bb035b6e474c3cabe29bbb6be84a01c22752c08bb35ee490f2e6aa1a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c6be3a29a5209846ce678a62e6fc33b
SHA1 2ff951339b513a5f2e23cad7f28bb7c518f03738
SHA256 e31df9bc8df79397d1df6c68843df220f1ee8b8b80c603c61a92a997fb02289a
SHA512 3ea47e051a3dc049549456c07caa708f417595365120728289e99f6e3b53d4d8cf8c3c35c20c412c69338d687efabca77229de50fc2ad10abc2c78247ec8b6c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae5ff6d3793a710bcb98f6b0156cfcdf
SHA1 8f0e64935cfc58fd5751bf00e79a9ec4f51da0bd
SHA256 14d7052ba015bd420300f0bcde6b08a397bdf127956e53a72f113f0f19831c11
SHA512 2480b0f12d2d7556687ed01776cb833f0aba190417d1d6b7933347ff6192053a3de20a8d4eef68a58cf350e1d61f98d0ea4e8c8afab5d661c217eb7096eaff80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7e657d33009a958caec0924a281292d
SHA1 6bc8ad46b874571aa84b6134a8e9a6f23f122923
SHA256 67b0167acc43383fdd3b8b983c99eefc4196dbb490fbc2fb3515f842515c62b1
SHA512 c54c754377330d533cd8f03ac67b01f4fbe2839350effa12a208a1c09b10e50026d5245ac280ca71e661996d4858ac84ad139990e993602c3947e5b352e005a4

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-27 09:36

Reported

2024-08-27 09:39

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c4bda82f753a6914814e86a85a09df4b_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 928 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 2356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 928 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c4bda82f753a6914814e86a85a09df4b_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff7d446f8,0x7ffff7d44708,0x7ffff7d44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17138266359200830744,610591478021039621,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,17138266359200830744,610591478021039621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,17138266359200830744,610591478021039621,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17138266359200830744,610591478021039621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17138266359200830744,610591478021039621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17138266359200830744,610591478021039621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17138266359200830744,610591478021039621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17138266359200830744,610591478021039621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17138266359200830744,610591478021039621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,17138266359200830744,610591478021039621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,17138266359200830744,610591478021039621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17138266359200830744,610591478021039621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17138266359200830744,610591478021039621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17138266359200830744,610591478021039621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17138266359200830744,610591478021039621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17138266359200830744,610591478021039621,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 script-bamz-us.googlecode.com udp
US 8.8.8.8:53 scr.kliksaya.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 cuerosb.googlecode.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 adsensecamp.com udp
IE 172.253.116.82:80 cuerosb.googlecode.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
IE 172.253.116.82:80 cuerosb.googlecode.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 172.217.18.202:80 ajax.googleapis.com tcp
FR 172.217.18.202:443 ajax.googleapis.com tcp
FR 172.217.18.202:80 ajax.googleapis.com tcp
FR 134.119.176.25:80 scr.kliksaya.com tcp
FR 134.119.176.25:80 scr.kliksaya.com tcp
FR 134.119.176.25:80 scr.kliksaya.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
US 8.8.8.8:53 18.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 82.116.253.172.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 25.176.119.134.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 12.145.30.103.in-addr.arpa udp
ID 103.30.145.12:443 adsensecamp.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
US 8.8.8.8:53 g.bing.com udp
FR 134.119.176.25:80 scr.kliksaya.com tcp
US 150.171.27.10:443 g.bing.com tcp
IE 172.253.116.82:80 cuerosb.googlecode.com tcp
FR 134.119.176.25:80 scr.kliksaya.com tcp
IE 172.253.116.82:80 cuerosb.googlecode.com tcp
FR 134.119.176.25:80 scr.kliksaya.com tcp
FR 142.250.179.105:443 www.blogger.com udp
FR 134.119.176.25:80 scr.kliksaya.com tcp
FR 134.119.176.25:80 scr.kliksaya.com tcp
FR 142.250.178.142:443 apis.google.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 kumpulblogger.com udp
FR 142.250.178.130:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 raxterblog.googlecode.com udp
US 8.8.8.8:53 www.iconeasy.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 lh5.ggpht.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
IE 172.253.116.82:80 raxterblog.googlecode.com tcp
US 104.21.31.202:80 www.iconeasy.com tcp
US 104.21.31.202:80 www.iconeasy.com tcp
US 104.21.31.202:80 www.iconeasy.com tcp
US 104.21.31.202:80 www.iconeasy.com tcp
US 104.21.31.202:80 www.iconeasy.com tcp
US 104.21.31.202:80 www.iconeasy.com tcp
US 69.195.73.201:80 kumpulblogger.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 69.195.73.201:80 kumpulblogger.com tcp
US 8.8.8.8:53 dc353.4shared.com udp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 www.checkpagerank.net udp
US 199.101.134.236:80 dc353.4shared.com tcp
US 8.8.8.8:53 www.indonesia-blogger.com udp
US 3.33.152.147:80 www.indonesia-blogger.com tcp
US 8.8.8.8:53 gickr.com udp
US 172.67.131.14:80 gickr.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 96.30.9.108:80 www.checkpagerank.net tcp
US 96.30.9.108:80 www.checkpagerank.net tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 lh6.ggpht.com udp
US 8.8.8.8:53 inovasimedia.com udp
FR 142.250.179.97:80 lh6.ggpht.com tcp
US 8.8.8.8:53 api.ning.com udp
US 8.8.8.8:53 farm5.static.flickr.com udp
GB 18.245.160.68:80 farm5.static.flickr.com tcp
US 208.82.16.81:80 api.ning.com tcp
US 208.82.16.81:80 api.ning.com tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 202.31.21.104.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 201.73.195.69.in-addr.arpa udp
US 8.8.8.8:53 147.152.33.3.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 236.134.101.199.in-addr.arpa udp
US 8.8.8.8:53 14.131.67.172.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
ID 45.126.43.27:80 inovasimedia.com tcp
US 96.30.9.108:443 www.checkpagerank.net tcp
GB 18.245.160.68:443 farm5.static.flickr.com tcp
US 208.82.16.81:80 api.ning.com tcp
US 208.82.16.81:80 api.ning.com tcp
ID 45.126.43.27:80 inovasimedia.com tcp
US 208.82.16.81:80 api.ning.com tcp
US 8.8.8.8:53 www.ning.com udp
US 208.82.16.81:443 www.ning.com tcp
US 208.82.16.81:443 www.ning.com tcp
US 208.82.16.81:443 www.ning.com tcp
US 208.82.16.81:443 www.ning.com tcp
FR 142.250.74.226:139 pagead2.googlesyndication.com tcp
US 172.67.131.14:80 gickr.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 i155.photobucket.com udp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
GB 216.137.44.125:80 i155.photobucket.com tcp
US 8.8.8.8:53 i768.photobucket.com udp
US 8.8.8.8:53 link.belati.net udp
GB 216.137.44.17:80 i768.photobucket.com tcp
GB 216.137.44.125:443 i768.photobucket.com tcp
US 8.8.8.8:53 www.w3-directory.com udp
US 8.8.8.8:53 www.morevisits.info udp
FR 77.87.110.40:80 www.w3-directory.com tcp
US 172.67.158.204:80 www.morevisits.info tcp
US 8.8.8.8:53 108.9.30.96.in-addr.arpa udp
US 8.8.8.8:53 81.16.82.208.in-addr.arpa udp
US 8.8.8.8:53 68.160.245.18.in-addr.arpa udp
US 8.8.8.8:53 27.43.126.45.in-addr.arpa udp
US 8.8.8.8:53 6.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 125.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 17.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 www.auto-ping.com udp
DE 94.130.218.80:80 www.auto-ping.com tcp
US 172.67.158.204:443 www.morevisits.info tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 40.110.87.77.in-addr.arpa udp
US 8.8.8.8:53 204.158.67.172.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 80.218.130.94.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
FR 157.240.196.35:80 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
FR 157.240.196.35:443 www.facebook.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
FR 157.240.196.35:443 www.facebook.com tcp
US 8.8.8.8:53 s10.histats.com udp
US 172.66.132.114:80 s10.histats.com tcp
IE 74.125.193.84:443 accounts.google.com udp
US 8.8.8.8:53 s4.histats.com udp
US 69.195.73.201:80 kumpulblogger.com tcp
US 8.8.8.8:53 goo.gl udp
US 8.8.8.8:53 35.196.240.157.in-addr.arpa udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 114.132.66.172.in-addr.arpa udp
CA 54.39.128.162:443 s4.histats.com tcp
FR 216.58.215.46:80 goo.gl tcp
FR 216.58.215.46:80 goo.gl tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
FR 142.250.179.68:443 www.google.com tcp
FR 216.58.215.46:443 goo.gl tcp
FR 216.58.215.46:443 goo.gl tcp
DK 157.240.200.14:443 static.xx.fbcdn.net tcp
DK 157.240.200.14:443 static.xx.fbcdn.net tcp
DK 157.240.200.14:443 static.xx.fbcdn.net tcp
DK 157.240.200.14:443 static.xx.fbcdn.net tcp
DK 157.240.200.14:443 static.xx.fbcdn.net tcp
DK 157.240.200.14:443 static.xx.fbcdn.net tcp
FR 142.250.179.105:443 resources.blogblog.com udp
IE 172.253.116.82:80 raxterblog.googlecode.com tcp
US 172.66.132.114:443 s10.histats.com tcp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 46.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 162.128.39.54.in-addr.arpa udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.200.240.157.in-addr.arpa udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 catatanerwin.blogspot.mx udp
FR 142.250.75.225:80 catatanerwin.blogspot.mx tcp
US 8.8.8.8:53 catatanerwin.blogspot.com udp
FR 142.250.75.225:80 catatanerwin.blogspot.com tcp
US 8.8.8.8:53 225.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 52.111.227.14:443 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 27304926d60324abe74d7a4b571c35ea
SHA1 78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1
SHA256 7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de
SHA512 f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9e3fc58a8fb86c93d19e1500b873ef6f
SHA1 c6aae5f4e26f5570db5e14bba8d5061867a33b56
SHA256 828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4
SHA512 e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

\??\pipe\LOCAL\crashpad_928_LLGGUYCSTOPOVFFV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c018346ef8857b777187ca7ba0690124
SHA1 134a82b4a29302a76e0eac2b4e68e3f93abdafbc
SHA256 45fe66557251efcdf8c9bf67902bdb510c2ca6b11dbee3a1eb503bbac3f8f6ed
SHA512 efffac2a41946b26c89f918a16c8a18c4115c90a258d424e80d1266e1cc0c6ed1771592c6e365ae4f2d4bb2c03875ad932b62cc38adc0b712d724fd2beacdaee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4f5399b5f0cf8ae23f4dea00e38f365e
SHA1 f8b7c7fa450a1f0d2ac6590e27b632e38f36f859
SHA256 9f322d6304e8f1736eefb73d1119ff88e9fdbd3d88c5a2199c475b48be388294
SHA512 9cc7d6aa128367b45530672d718558630628acf5067e9f896a6be05999095d48676b92d56659de391bbc3c53d4e511021c08dbf259912bbff00e4c24e7d5e639

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 77a0faf436e37384d967be9b410da4c0
SHA1 d38897671114ae028df39e30f3d4d812b13f238e
SHA256 2d2744170721a739ce33bfcc059bdde778bc747db1a069e9906b372ef579a82b
SHA512 2360f676e49a03b241a01eaf8d301684954b5ee971e69947da58f85df3ddedecc968d67bf8aa6f3eae9e40aa194e0dd5698240fd66cc5a7e41c31bf0bc1b319a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7c5872d322a0dbaa6111daae18724b0d
SHA1 acfa39b96812e5d3d3ab0286f4df1acee151e01f
SHA256 aaceb0e945054eda7eba041c1f19ea415f88bb1b77d4eaf67d6b82f70dd31dff
SHA512 9b8c82b059c2eb6c4ce0c9ec3cbc96a950ea4e86a6cdbb96117c904dccff194dd788928baaf3a640a7c0ce46e201475b21fb818b875f12daa66728a875463855

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b181c78ee20a2f1a8f240e54e145407d
SHA1 a5fb23c0dfa3316d647171305c5c09657ca15229
SHA256 05ace491059f2b8b483a80fd3c7063f900df1a0a8badb2592e57ce53b99c36e2
SHA512 8b2dd25cfa99083255253402d08c40104dae2599c6b9aa7053af76fb2c2d0b2326bd47a3b0ba6e39f07efd194c771cd8709793ca4045b96dff7fb45b1cb0bb92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5c50f908204bf9362d1b876951453bf0
SHA1 d80de525260a5da5f2d40a525a06221ce6338348
SHA256 efcccf36b0461ceb11223b4c14a6a311b97b5fc536232db4b22969027a2359f3
SHA512 e822e8f0d3e1d880c6ef03356cc81ab5d238456b619c17937d59f807a28a68036c7875660d5ef2ab00773cf626acf5ed1e4903969277fa0517f31f72a19f204e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 929648511b9769681517ef676d0decd7
SHA1 dbb9dd5cd955538204875806c6a84a0b9c01d554
SHA256 7815e3a479a9ec13eb919193b1e22f899d284d8896413ee782218b1456015106
SHA512 7ba384e9a47f1e5e13ddf49bac59823380f0923bdc80f467325987c32e02e266d2a0ee5f1d52ce6082a2d6ab74bd33eb42e538a44b6b883357c99a963c8172e6