Malware Analysis Report

2025-04-03 14:22

Sample ID 241211-2naazs1lfz
Target e38ad722c9d1cbe3000ffc3fc8afc6b0_JaffaCakes118
SHA256 5b548d7f460636a2b0012e0f16147955be8d2de753a00813a09a3e104d63d431
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5b548d7f460636a2b0012e0f16147955be8d2de753a00813a09a3e104d63d431

Threat Level: Known bad

The file e38ad722c9d1cbe3000ffc3fc8afc6b0_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-11 22:43

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-11 22:43

Reported

2024-12-12 12:28

Platform

win7-20240903-en

Max time kernel

65s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e38ad722c9d1cbe3000ffc3fc8afc6b0_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2DA8B641-B884-11EF-B909-C60424AAF5E1} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e38ad722c9d1cbe3000ffc3fc8afc6b0_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 adsensecamp.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 feeds.feedburner.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 c.gigcount.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.reverbnation.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 andreykusanagi.googlecode.com udp
US 8.8.8.8:53 icons.iconarchive.com udp
US 8.8.8.8:53 www.mypagerank.net udp
US 8.8.8.8:53 ajax.googleapis.com udp
ID 103.30.145.12:80 adsensecamp.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
US 52.73.167.182:80 www.reverbnation.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
US 52.73.167.182:80 www.reverbnation.com tcp
US 104.21.235.213:80 icons.iconarchive.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
US 104.21.235.213:80 icons.iconarchive.com tcp
US 172.67.193.187:80 www.mypagerank.net tcp
US 172.67.193.187:80 www.mypagerank.net tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
NL 185.89.211.116:80 ib.adnxs.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.74.234:443 ajax.googleapis.com tcp
FR 142.250.74.234:443 ajax.googleapis.com tcp
NL 185.89.211.116:80 ib.adnxs.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 142.250.74.238:80 feeds.feedburner.com tcp
FR 142.250.74.238:80 feeds.feedburner.com tcp
BE 108.177.15.82:80 andreykusanagi.googlecode.com tcp
BE 108.177.15.82:80 andreykusanagi.googlecode.com tcp
NL 185.89.211.116:443 ib.adnxs.com tcp
NL 185.89.211.116:443 ib.adnxs.com tcp
US 52.73.167.182:443 www.reverbnation.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
ID 103.30.145.12:443 adsensecamp.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 i1096.photobucket.com udp
NL 18.239.18.50:80 i1096.photobucket.com tcp
NL 18.239.18.50:80 i1096.photobucket.com tcp
NL 18.239.18.50:443 i1096.photobucket.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 88.221.134.89:80 r10.o.lencr.org tcp
GB 88.221.134.91:80 r10.o.lencr.org tcp
GB 88.221.135.105:80 r10.o.lencr.org tcp
GB 88.221.135.113:80 r10.o.lencr.org tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
NL 18.238.246.206:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 s10.histats.com udp
US 104.20.2.69:80 s10.histats.com tcp
US 104.20.2.69:80 s10.histats.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 s4.histats.com udp
GB 74.125.71.84:443 accounts.google.com tcp
GB 74.125.71.84:443 accounts.google.com tcp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 www.scri8e.com udp
CA 158.69.254.144:443 s4.histats.com tcp
CA 158.69.254.144:443 s4.histats.com tcp
US 104.22.74.171:80 widgets.amung.us tcp
US 104.22.74.171:80 widgets.amung.us tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
US 208.87.227.250:80 www.scri8e.com tcp
US 208.87.227.250:80 www.scri8e.com tcp
US 8.8.8.8:53 developers.google.com udp
FR 142.250.178.142:80 developers.google.com tcp
FR 142.250.178.142:80 developers.google.com tcp
US 8.8.8.8:53 gp1.wac.edgecastcdn.net udp
FR 142.250.178.142:443 developers.google.com tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.134.91:80 r11.o.lencr.org tcp
GB 88.221.134.89:80 r11.o.lencr.org tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 104.20.2.69:443 s10.histats.com tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.146:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
FR 142.250.179.97:443 lh6.googleusercontent.com tcp
FR 142.250.179.97:443 lh6.googleusercontent.com tcp
FR 142.250.179.97:443 lh6.googleusercontent.com tcp
FR 142.250.179.97:443 lh6.googleusercontent.com tcp
CA 158.69.254.144:443 s4.histats.com tcp
CA 158.69.254.144:443 s4.histats.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 642b915613eec24b4c212fde0a4bd8ea
SHA1 41a1eba372eefdbed0f5277888ff616d4c94acb1
SHA256 1b3a39cf5d633d9a31c6a0d55e92ae411535c95d1501db936c95d95fd96e000e
SHA512 192c112748d4acbab68e081eb198b4274c338f6eb65babdb73eb07b106762f39e081f439e4bd164c75000309150ef0693951528712893a3b771e77150898610a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 84525ac2c52cedf67aa38131b3f41efb
SHA1 080afd23b33aabd0285594d580d21acde7229173
SHA256 ae524d9d757bed48d552b059f951ffd25a7d963ae44a554cb1f3a9641e524080
SHA512 d898b0913b4005bbbf22a5457ad1e86345860868bc2e53187ad8267c07824d592160a27d850978ebfe78392db784fffb80b73e27418d3a71708383d738ea1d57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 28bc6d0edb0a73f70e89d630cd7e4c3b
SHA1 4e549c3e0115f12c811b430539283e9bc66cd9f6
SHA256 e72b565d51d57d48125a5ad58352b14635a0ef035d021a5a12ae8f379573dca1
SHA512 6c886919997c69ad283b751df4b4aed07655eadde817243585f4d7912d4a71580575ca533fffd3347d7c9ee3888c20430bce2fa80134500bde451bac50fbe690

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\Local\Temp\CabD1F1.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarD261.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5179be4a4faae74f8d96380d59c7f6b1
SHA1 26da57ee91d88b05c59be2910776f435ace41508
SHA256 212ad135d5701a0dba1b4f23f7f2069bb4d7d02ef9f35217d0d9ec5ce7c2d8f2
SHA512 da9f34814bc48c8f90c44a749b49e2d13015f5c5ecb401fd3a930b502c7145fd52f06d015d065afd395e3f0f22b47cb652b19f6be917b8e0d0447f95b1a34057

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 216fefd03a7b09de8820210813d318c3
SHA1 bd45fc877ede28dc0168d3bef62ef392554128d4
SHA256 ad2da7263ce7133cac3e54dbbcd89de8881ca441ba2b2eb1fbc030f7eca390c7
SHA512 dd02a5545108f774e06e566966dcb05c25f0d7f4d2fb872f3424aba00dd176ed99c3669fcd1e0f2fd5c96e8262138cd8e0a0e9619354daaeaf308aa837c2be08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e883fde5c9f6ba0cfb5729f88813050
SHA1 4677a6c1e32a633993a1d16966fa1ea13f74a7e8
SHA256 136645400780b55f0f88219d21d4dfcaa6535e45b407ae790db7a7e691d12213
SHA512 d703cb43b5d792262caca5933325b737dbffbd53d4c8c7a572e3d9c7bc3f75c940a8096a429d4bfe1d2d29ae015014530f0339a7faf91f20186e94275f74eeb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e32df1cd04d6cea9687f5d32425d56e
SHA1 7f089b475ef82affa4b02d52a19117ab19b05a5b
SHA256 0667a6aceebaed5a3485337dfbe027c44b32b5da4206e6bd7c2b929f8731526a
SHA512 de1e3902faba8dcbc9aabce3e7ea7511603f8f839e8338d2e15cf5234a9d9dbe7014cdd74dee47ed731a35cf13c219d755438e90e159608102f9e5f85e8cdd5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 bfa6c127bb49e9883bca5841b2526bfa
SHA1 48bcd4ae71808b7c3bb248b829b0ce77021dbc54
SHA256 2d67d82ed93b3bcb544129a2afb24209c2f4efa224ca5fd05380f14734ff9416
SHA512 dc2691f6dbff67cc41461f57ff4beef88aaf2de5135a6949806888fab5574e367f568dd6b3b0615e5f9489c04713a96768c00102719d67550893fb22975efcd7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a170e08b3493c1e7f6e47f776dbe1d5c
SHA1 14bc6e5d523a2c12de882e8d0b4d7557c0403245
SHA256 bbbf9c6851be6c85f546714e641f73b4353a4d54efedb6d79b47c637391cfd0d
SHA512 c2c4d40ca398d4e85fb04106e615e5c3a70fb0085d64ece6c286c0d51e5734dce6a8479a0405d5caa1ffade57cec4fb0ced3fdf2d63bad9ba9cb5937aaa6a001

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 474576f939266673aba859044ae21958
SHA1 12c04358ed30acd9b3d982a9dffb854d70a6e27a
SHA256 e46e5f5abb11001c45745706cca798a28aaa14581aa14221e4a5c02d6b9204e8
SHA512 18c4c6c622f319866c3b4f7cded504e0efa980b2feb0f70960539098f473083d981d87a1024bba4414e18fa3eadb670a1c3b80ded99aa21a8786320547732f30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\56BB9AE81D2749B0F66356CEF3A574DD

MD5 a5fc34e2cbec537f3ed3775e6be10cb4
SHA1 6b072323e5e651bb4bb2fbaa0e15bb0d2eeabb6e
SHA256 b3348e2c173c3eb9f3778311d5d22e08b38956cf636bbddcba2c83847bddf6e7
SHA512 dfbd2a371723f866704203ae18448adb35958ed17f2ea0219008f1b7e381aa0efba3ed947c1ba5abe02dc9ab93e2eae2c8a7f4f6c1849e2a366e1e20878f913d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35855e22e71cde8266d3abadcfc726a1
SHA1 f9d2ad659f3f9ed8b31a747159bfe75c304f6fd6
SHA256 e1427491c3d5265d5f1133afcbe1e5a6679e7cec03bd8f7b167dc625b49faea8
SHA512 54a509876fc1d90acc33960fcca68f7e8514fb95ffd4d166d8f61840df099a134ad81d3e06e061a77cbd4c0c3247338d2a4c45cd3b8e88dce24ef98259d96d80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed0cb00c7f795d423a50af773abba3ef
SHA1 a80d66e0f51dc581cdf6616ce12c108eebe88b7b
SHA256 b3ad8b2db8af440cb0971af94d394118d89cae5bb60a718f6ddae677faf516a9
SHA512 1f403f71a8a997e8775ee35bee26b6e7dd99a49eaab42c3ae75dd88523641d0bf5f8f581f55dc15e8a5ef2fd82b480bf6ae1dfa0fef05f01b96e6d9287788173

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a80adf774208f3cd17275981891e16c5
SHA1 f72b152110c954e85e8f102f598753e64ec6bc05
SHA256 c09c0aec66eb28878513349ce69ee9e982d3ac3806a44c58252ab3167cb4d425
SHA512 bfbf4fcc73ec62c68f75ceb39c87c6d8eddf10cd5e683b0b0c304b3e07a8976d07ac800390ffa605eda53b98a2dc7572d6cd7ad16c777befc2b752570df6a8b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d36fa9d2785c6a54192f8a5f2741104b
SHA1 916792dc5c03fe400c549b7399f1dec3b6e7fadd
SHA256 e65e0530e7f792fd55eb166da96ad6fa14357329afefe6706c33d7249342419d
SHA512 a9f8329a6399f182b9c24a660ffe5c5338f075072731cb0057d8f277117c55f9292a1bb0444af4aac854417e7aff118c402a52a1d129702d8cb8c6c11bf18faa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd8c5f893addb1eabd1e4151868e8ad3
SHA1 8458c2994dfd81458f551917f2a21e189b6dca33
SHA256 3631104917b2e418545c1441ac7ad97bdd629c876f83b291db4e09c55acb551e
SHA512 d0f77ae9394b04ca341fd8d7c7a784c2cc471f86e23cc9236d81b61df5e769e7924c8216a4477d0483c02869cf43ac66e204c6b580eae1839342bf2524af557a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9a995566665744d6a4b28eef28ecdb3
SHA1 4aeea70574f90db209128f353857e32595febe70
SHA256 f14f5c376e9136681aa7a73f3871e7c96b4b7a78534ced623d956c69f22cee93
SHA512 f88fd9bb4fbd3b625d60f41d60e5777b5f7d1fd5c9c568e105e19dff791cfbd0c86c6e3942d0ac0cb7ebbc9cd47b934b51b4cbdbbc40020669b35827ca77c8ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3a4c8bf94dd7f8caed84a9c3eee803c
SHA1 95434e70d51b5af54021b32d1ceda588525596fe
SHA256 8451620c748e46c432a2176b1d21d14366af2f282a533c8cbf22be613c7c6399
SHA512 eaf714266d775c01f5b864784d4f0d91824b2bee7b4299e8627d126078d84d98c263718a1e79c7dc876125556d56d808e4d70ac72d5b195769589ea609d7f74f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 123e7737145b7f16bcc2539e84b5fb7e
SHA1 ae46c3f432ca847e5d755d78dc507b29b614e20e
SHA256 f5a6b9d7bcb772a003010bdc91d0bbd46129cc6b4f1284b42c37d037ac1ea09c
SHA512 1490174061ed2209fe3ae8043498f25c1e55e21ea45444775eb146d2277e8cadbd6cf463d666cc872cd9ca45efd24d4fc96d65090dd185c2a33a88b16fa66793

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7bdb3c1a2eec7749a58e31a0dd81573
SHA1 5a2fe521a763856520dfeed7ec46a0dba0a551ed
SHA256 43a73709934d76660085cbbea59f9b55b162aa96fa53bca795314b26fb13f00b
SHA512 6764cb5f610ef24a69efac991bb06fd5fbd7cd1e6411bac1ca7760c2fb55626673e4df5854a6deb938496b28957e02319e82fa61752215c6c51774af53f16593

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2cea9992b3d743f927a61eb511cfb20
SHA1 b34e91c00b7ab84e33be7788700379e5f8447411
SHA256 0197871ab656a76c5f3684d9f421cf48b71f84f4a4427f419fe3395f8178500c
SHA512 edc9c25faf844ece8a36a74a5f621a80463c3cc62f78bee204aac23c64f5a56de2a82195aed159d81bc52a8516a9650af795a3edf6496b9b3dc99f0e1a46a281

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65064d57f2a3a023785fadeca2535e0a
SHA1 fbb7e45ea9ea162fb08be819463604f73dfb34be
SHA256 49ed73236211420a806fd32453c8dc1ed24db264f98a00cdca13e6fd6a2b6eb4
SHA512 2de69447e37ef1e05a9221e6715cae7559939cbde8474dba97caad1251bedd69e75942e494192cce9603c7e3f65e3908ac3a6ea1876bfa730abd74abfb134d6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d6913b97ed0b85cddb7ea46d4e4a431
SHA1 18af7a4cd1a7b8f4477d03e7c131c5d560245170
SHA256 3a469fc35e14991aedba62b2973e518b440831eea4f874dd170d499cf6e61f54
SHA512 b89b0e147d0f6806f759d13243fe79c816091ff242bf041b55fd1aa9baf3ae48de6e1c0e951f9d1b002601f8f2501c1525aff00e8e29c4044823d5b34a75a5ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce0709d56e336f933f60947e9033e651
SHA1 9c340f35083b70ff54a6a70182a3e0f9242f58b1
SHA256 78d6112d1dc2a777dfd22b9318f7a3ed2a36d6b169ada7c89a6703bb8b7495b3
SHA512 401e4ca0d3309fb51646f77ccee4a91f8434fc1f4170a6679d96e6477d9bcad74ab16df29866a6b7ac0c5a59718d412be91b5712e2612a03b7dba082b4e04371

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b94d1c891316953befbbb41a84175b5
SHA1 b55ccb8b1902d7bde390cc00ece8f417d1113104
SHA256 226dce77ba0772e8e36d90a8d64f250b80792ccb2e7fcad7618a3c4923ce292d
SHA512 3522f323e64a62edc50b6e8b65c92f2fd98843a9990d1e9ec93d5ddbc23021659c15e1d15f939e72194168558208ada94de0b831390ffff0c067bab2c1fc2ae5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ef7234daaba24293002a9eba639ad4c
SHA1 e04b085419fe3e145800512a818fe470c620fd15
SHA256 b762c2183e43bccc9a807f7a62b239476d3578abb1b3a012ebf0620a90ea3116
SHA512 ae09b133863f56d013d31270182775ae3c67e3af1d5a8dd20e08210aa2e0beb0660b50c9aad7bbe523bb3dad9cff5462c0544e1fd141e3bdb0cc3394a52498ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0332db01881129c83ff001e889916b50
SHA1 e7ad4a38fdc43800771eea795bc0d001aa823130
SHA256 47248727a87194301efaeb845037872abc0781c2b9f157547e91293fccb8017b
SHA512 93f6ab8fc08eaefd08ec6ba5c5b5ba29683d534d899255e0b1a9ce11633d720891989e7ce564c5eabe91ed10f6881e1cc5ce4455fa01d0be3a1761eeb7694bff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae1c5b243d125b4ee16a5758fdcd0309
SHA1 eed16398daca7bc4fa0bcb0087402198e8e0186f
SHA256 2f753ae35ff646b7054d0f689762f2ce20100b355a4614c709424d1cd16786b6
SHA512 ef9e4881d56a12c0206d99cb679a7561b699baf10acb5640239ecd06bcd15f03ce19865fa89325bc9bc4608279a83b624fb872c776a370b3e4e497fe2b6060aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97fb1e3ee56152072bfa48275e173573
SHA1 0cc52ca1daf7f7ac86e15a693e3bc32e88d3e18b
SHA256 78ed5a8f02cd3343c91992ab84296301ee63a1792c2036510d93ac401feba31f
SHA512 d0830268c6acb4fa4a641cd1413372418363fb766ac696be8dd776f3b69c9f10bf9d649284182f2d87dc8bc2c3605cfb7c790848cee5297986d5b446620247b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7edb960afcf517261170a6e440bf3a13
SHA1 2e8e60e64516e2da920fa4a52016e67388111dd4
SHA256 d538d14877fc4d3c21181a59368baac2ee9e57013e4992448bd6d74f55ad7b33
SHA512 06d6ca16a3a4d5288204db42ac6d0126d8c2285996d68e0acb2f2cfe1c743c9eb6007e01d6ea7a01defdab9018fe1cb966e7c475ed4fb22d6838bcd14fdaa65f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76ee6bd9dde5bb919c0c6005ccbefd57
SHA1 39e7c379014a53b526b92946d27b69c7be9978d1
SHA256 90310f22ab9315dfb1c350206508ca418c0f46167e75e89b241495f5b23219f2
SHA512 e8c0aa6b598381cc0a9e5b3c6cff856a93dab4e73cf4d240348225840e2381d00f59af80f1c7851ce1e17433866ea4474bf6978ae23d7770fe9c1db770a8c573

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 941ac21d36e25a811004f0795098003c
SHA1 71f62d4aded49cd164dfeed7da6f493163c64fa8
SHA256 4d14309fa37eeabedfda3f2ef71bc250c741afa4e770bc5ab8a176a98f23a689
SHA512 2f9fc2871e420a78fab0331591982a2ad7d60c17bf7c76381bd5954b8fd9bdab30820a4c07cb2b2b2ce78c6a2508eecf6ce9df529c8336921607d88afb5a1446

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7ec31f45c51afda09a1b09a32371e65
SHA1 7a8b63a94acea66ae77bc7fc21e08125dc996f5c
SHA256 73283c050845893904d75e61e2893c804a09f90c28ecf148d4922fd3e2f41e62
SHA512 730cc7531448f6a662c875c5f868e2224a0e5576be6990e8d177304acf7976c19f84b0bbf23970872ea33da0db8e995ec37e45112424be30fb338533d69a0dc0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df9684d34fd97253e6f75b8719c9677f
SHA1 e02bbe03fab1e7fbf9c7399449d42ca6adff4d93
SHA256 65ed4daf1d6e1097d4049ee66d7804061dba0a81184fe6791d3594666a7a9b63
SHA512 8dadcc8ed5a485427ee2f0335269c4cee0c49b722156a3396f46894391455bb3a76677362dbfc639ef85de3b1b706da79a553998a6589e2cf2bbfe9f4b766433

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c19b884a93912f747e7e90614978f7c
SHA1 90ae4c46549f1ec64364cb41f894764f309c5c3c
SHA256 cd7ddceb56429b223289dbfb4845f23dab32711c5f51084e3595fdfdf7f0b507
SHA512 87b7562ea499541ba982c11737d41e9b867d05b58cb0c81a25db8a83784a6e98a7e21199bba080b404ccd99c5fe7890df0d877e72a8359482544e3ffe4b5aa35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9eb1b5cf0cf5d39f7e19ce8a45009500
SHA1 0106dc425824d7ddb4722470aad64fb23b0a4323
SHA256 4cba94de7fd3dcd9cfc47605f3e7047b8997bb6132f3695b4edb2a78cc597935
SHA512 a00e9094cb8a8d39f9b539f70842261831004c37ffdc222020fcc7b272a4df7fe8f7a72d8115bb869169e7a145983192fa40a3af0c42c71d0f76fcc9029fae8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 100263efec9bcb71645d77dfb53a1547
SHA1 733c979216627991b0c7e0a0313144c120c52d49
SHA256 13d70757e750266561dc7f722e9ab5863dc5753acd6939cacdf939642fea5637
SHA512 52bf6031dfd7bfe457fadf5eb432ba415bc0f1f8689e41f98bcbc4e7fda2ce7b159c3753a98f695fd08e7e6cb6de41ffaa612457586793fdc69b1b16ad6f1187

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 1e6c935d9cdc34e3f0d92cab8734249c
SHA1 1cbf4d78c199b5c3a6b58936549365abce39fa6a
SHA256 bdad5af84a9fd5ee8638bf6f3f8e04a34dbb858982d52ddf14b1a36badd19260
SHA512 0569385029aed2f3de79503429b124f9c6c5ca696608add6debdd5d931f70f65be0b38022cbd968df46d392945e9c88aef3b698d3b8e87bad231650916e561bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70eb843fd109eaca9155e88712f611f3
SHA1 0cd879aa795c8e664da74bd3caa853065b36878a
SHA256 b3f0574afded513b51f85e37821cef53c67f0e799b244431e5e25955ddd46c6b
SHA512 2824a650d081970bab16ebedd03a75767351c62e2c7a879600e27ef7bf88a0172f056fe3a0d8fd88969a5fa587ecc90435be71bc8e8fdeaf0bf7d62805cac159

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7aad3b6159fa9262436e8fd12642cdb
SHA1 86a0148ca12bbd0f3532ebd4ad0fbb90c9fe45a5
SHA256 fb36deb23b4f41080b64cad263ff34bccbab4b37265c0ed2509ef177a6894fb8
SHA512 ff2cf655b21247448b3f9e5d8d570884e87ef2fe36ced616b682ae4a3c9135fa482e064f656e4fb74f326a0fed8132080d0098c92cf528b7e3e443817b91775b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 513096aa0fedc29ee509906417a53432
SHA1 7b492d060a0452a5044a5cb7bea8a59729d04c1f
SHA256 c476bf4e432972ee002fe89f7c1649d411c1031ffa63c7220807cdea8bff307b
SHA512 a3c83a6df21e541fe5bc2e1aeb83294976dd2f65e0647271a6a597e51f30e993cd0f141e8aebfad911d421aeeca0cb01918a9aea4d7ba419a83021dcb056403d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ec74f61e5969f37af5db9b9fb3a96a3
SHA1 e0d37bcc6954bea6fe614c0f31feae51daa0f99c
SHA256 711be1ee9b654e9425d941df3495a6d69e587b28e8f2099fb998037820fa8bb6
SHA512 7669406351b68c941a40aaffd7e0a28b2058f6f83b2ad22810c3ad44bef420788f22ad7f7ce1317429ff627bd1d81f23b76081afb98214715ec59f5fc5e9a8a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f5cceffc73529e514afa09de4ff7cb4
SHA1 17b188c690f0dd81becb91a58849f622de3ba294
SHA256 9ff16714b4f18a08f240edf47d630400080a0b99f9f8d4abcc3f316a725e26ce
SHA512 8065506f833830a1802911d5854a37ad2f33ad5b20af96307ca55424e8c2a6b068fd193c91371e5ed68ac9e799ae83239ff9d03e5fa472ccb426ca29aa696ab8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c71e45d273b9040e9ec124ac730012b6
SHA1 9d9e3a88981b5c1c2e1db7a96a67fe5a93b272c5
SHA256 42a93629522587d501689cf0b4edd86ef23d7f7e5bac2260d971de9c69e7ba9e
SHA512 7712bdb675ee30bc7f65861f38a7d7c4796633d429d9ab64e79da321fc10e26666f56721bb414c9197cf0dbb0b55af3d24013ad5a4802f6f6ccef510b204437a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 1647ca91575c60d74d643add73fb2578
SHA1 726712c1171b8255480fdeaac92089810d9eb503
SHA256 46e57b70fbad0f2a4bf65c63414f43f0011c0d707c6aae0bb3a5c029448ba693
SHA512 c05b76e58b53d0bddb74718e8a97766aee4c3a6173d1053fef4d58ea687a59b7f6046e5e159fbf8982879be0a84b0afbd7aa620dbd0dbee232bb848222c6ee32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb3fcd1b00a4a426246585d4380d26aa
SHA1 f7d72bfe3b1a0e208d87f3b6faa6c4ba1bcb0b27
SHA256 fc2f5b28ad1d44accef36a350a0989efcc383a751562e0ffd0869a69152c2fd3
SHA512 b9d130bba2a293e3dabb7c0fb16c12001b78b1cf1097647c866e5804facf904feada89123662cb4608f9b6e2d83297886e07d1f0aa00edfe6823d8f8355949b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a429252eae61817d3d2ed39763020577
SHA1 8cf466ed89949802a1d3c4cbc2edb3c9d2730cf7
SHA256 69a55f17cfb1392f7706d420158ac2ad82861c7a30e6b49f2eb4f683776a8dbe
SHA512 530999d4dd65253f4c4a58cd7cd7d25a1063f2fe69d822c85d8f2361fa38d8f5d89aa57695950eae31797cdd3829eccbcec416093aa9a479a26cf94537111365

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd023275cec08212fb80857b01db5c8b
SHA1 6f085dd23059639a5b0687e128f74a69d9d2498a
SHA256 4d7f095c2d5cf58a71782c3b720edf30d9825d3752e8e4499729b8eb71bd2652
SHA512 53067659900e53782f99a1e664ab121fd76349bffed4faae9543e4799b1d4e928828dcf81526bca5bd3df85df2cfcf75ba2c0d228bc38799a9947e9a672822cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4b311049917c1ce964fca2c12e85c68
SHA1 f5224b316e65ff1e79676581dfd5a42a5c973b37
SHA256 d9a20a00d85d5bff1d8500cfbef65124b84b698e13c23c0b4b41ee1bac3ebef7
SHA512 b714aae776a0361c6bc0898931fa483bbd952080e4b5ab89e28a6a49bfa29ccd5e5ea273fff49d64657251d217fcb361f29739ac4b9c17cb53cd2990c111afd5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f24458dbf5ef4be761cbf7cdb1da65e5
SHA1 199d693b84f59c374d1b9eac58750de377a03725
SHA256 83f9a2873dd5534020dcaa9a576d7472447a9f3f2cb5bcf9228f9aaad3f82a9a
SHA512 d9008774315b654d261c523eb1eaef9cb37d50ad3bd781ba4d8194fb4812480226d068af72757b7c1f2f1bf9909b5bf309c90b71d6533bc733456adb9381ec86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c4cb558402bbac57b408061d8a3b2d0
SHA1 849464c81cec0106ea34d150a57c9a6cd31a97b2
SHA256 e0e5d179d9cb667e8faf94c3dcb9d3ff89e8b0a6c42f4e5a3dc764f9ea178139
SHA512 1ed92124b4bd573bd030c07a04665850eff06fc99aff90e351844fc6ec3653bd5b748a97a5dbb8f9d834fdd25bd443a13aaaeee9ad961f1bd1071127ac19a321

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b743b898a0406d253bb68373dd39884
SHA1 562438daf35af3b973634e378c14a309c2735aad
SHA256 9669d0f515eec5e4bff2decdc7f7514e21148fd9d548b34d25136060dacce549
SHA512 1a24dd91e3d3b8ec650922b65370aa2e9913993669b7c07f2198564f46f51d48c0c3b4118114e347da484bd9f6a9470933a1124f5a80d108f5f5e23de67be42a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0aec4bbdde02cac5bef0fb34d6d7d865
SHA1 c849ef3f8cf57830387e88aae9c62b4acdc1c4c8
SHA256 5ea4dc329acd6f1ff17f71373248f24ebbea1498ef949b88b39ff6a8c9bc99e5
SHA512 c77f23f77a6581063f274dcac04786c13b263bdd6240b6f19272968c5a68980cf56d4b7feca46f19ccbbff5f63e2f59b1f43e2c3fb434d111fb4e012e275defa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 267d8a9c600f807e993ea4979e3f0d53
SHA1 ecc0630dcc292c7247bc2127b711747ee23829fe
SHA256 9037c8f07b0b747ac840a0bc9a0da8318d83ab79c79e9e7dac469830129237f4
SHA512 aa66eafd60da2a1598ac97e979814c33063cc1016f88b0c1d9368dd595525399b0adcfe8fce1da04adfe095bfc8e35ff62910d3f2192c61de8850d7de567ebae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3cff68c8d4189d23a645b91fcb064e24
SHA1 cd58662d1547bf7c06b5b532a264606a70de0a0c
SHA256 b8d7cefb7218be3680c68f96edd1707a5d54e68d8385ea8b7dc6910b9a90fbd5
SHA512 31125bec62559ee5a1ddd61951f7b4ab1dfd5cd46c6c6f8101c5e12231bb8b0c92ad37fcc34742d2235d17cb74bb443a513982ad03e3c8c309c63712915ea596

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ca7a99284cecf8333f2ab94967564ec
SHA1 d27db615801936c50e940c26d8f33113e1947319
SHA256 1e6d2f68930215ad0478171df9e7c67908c231294d0f2b6e8021e9b4ec866c30
SHA512 7554d9f418ca01ae504e1f70d0a0dba32e88a2ff6b79d863f5e75c89bd8fbe1a4de1d137066ca9444928c4bf4a6fcf994dfdab1abd33eec993b7a674711f92d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ca8071453147290f8f83b3e1cb2f3bb
SHA1 3cb25ef634803d68032678613af2130b8477425a
SHA256 6fc841e6f40b999b2aa024c6d5f90672cb0ca3d0d566d63660c088f0d77787cc
SHA512 88365134608f6600ccad65201e68268592245f3817a00f86f0affbd4bc68c94c04bec40e20d056d76cbff2a28976916d4e03ebcb9bea1c2a645882cca83a546e

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-11 22:43

Reported

2024-12-12 12:28

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e38ad722c9d1cbe3000ffc3fc8afc6b0_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3248 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 3308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 2812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 2812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e38ad722c9d1cbe3000ffc3fc8afc6b0_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8640646f8,0x7ff864064708,0x7ff864064718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8556937127059141146,12671863255245386478,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8556937127059141146,12671863255245386478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,8556937127059141146,12671863255245386478,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8556937127059141146,12671863255245386478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8556937127059141146,12671863255245386478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8556937127059141146,12671863255245386478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8556937127059141146,12671863255245386478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8556937127059141146,12671863255245386478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8556937127059141146,12671863255245386478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8556937127059141146,12671863255245386478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8556937127059141146,12671863255245386478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8556937127059141146,12671863255245386478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8556937127059141146,12671863255245386478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7124 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8556937127059141146,12671863255245386478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7124 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8556937127059141146,12671863255245386478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8556937127059141146,12671863255245386478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8556937127059141146,12671863255245386478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8556937127059141146,12671863255245386478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8556937127059141146,12671863255245386478,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5916 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 adsensecamp.com udp
ID 103.30.145.12:80 adsensecamp.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
US 8.8.8.8:53 s7.addthis.com udp
FR 216.58.214.169:443 www.blogger.com udp
ID 103.30.145.12:80 adsensecamp.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 andreykusanagi.googlecode.com udp
US 8.8.8.8:53 www.mypagerank.net udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 i1096.photobucket.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
US 8.8.8.8:53 feeds.feedburner.com udp
FR 142.250.179.78:443 apis.google.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 104.21.12.69:80 www.mypagerank.net tcp
FR 142.250.74.234:443 ajax.googleapis.com tcp
BE 108.177.15.82:80 andreykusanagi.googlecode.com tcp
NL 18.239.18.8:80 i1096.photobucket.com tcp
FR 142.250.74.238:80 feeds.feedburner.com tcp
NL 18.239.18.8:443 i1096.photobucket.com tcp
US 8.8.8.8:53 c.gigcount.com udp
US 8.8.8.8:53 www.reverbnation.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 34.198.33.13:80 www.reverbnation.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
NL 185.89.210.212:80 ib.adnxs.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
NL 185.89.210.212:80 ib.adnxs.com tcp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 12.145.30.103.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 69.12.21.104.in-addr.arpa udp
US 8.8.8.8:53 234.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 82.15.177.108.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.74.250.142.in-addr.arpa udp
NL 185.89.210.212:443 ib.adnxs.com tcp
NL 185.89.210.212:443 ib.adnxs.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
US 34.198.33.13:443 www.reverbnation.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 icons.iconarchive.com udp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 104.21.235.214:80 icons.iconarchive.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 74.125.71.84:443 accounts.google.com tcp
US 8.8.8.8:53 212.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 13.33.198.34.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 214.235.21.104.in-addr.arpa udp
FR 142.250.179.78:443 apis.google.com udp
US 8.8.8.8:53 s10.histats.com udp
US 104.20.3.69:80 s10.histats.com tcp
FR 142.250.179.66:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 s4.histats.com udp
BE 108.177.15.82:80 andreykusanagi.googlecode.com tcp
CA 149.56.240.129:443 s4.histats.com tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 www.scri8e.com udp
US 8.8.8.8:53 widgets.amung.us udp
GB 74.125.71.84:443 accounts.google.com udp
US 104.22.75.171:80 widgets.amung.us tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
US 208.87.227.250:80 www.scri8e.com tcp
US 104.20.3.69:443 s10.histats.com tcp
US 8.8.8.8:53 t.dtscout.com udp
US 8.8.8.8:53 gp1.wac.edgecastcdn.net udp
US 141.101.120.10:443 t.dtscout.com tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
PL 93.184.220.20:443 gp1.wac.edgecastcdn.net tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.179.97:443 lh3.googleusercontent.com tcp
FR 142.250.179.78:443 apis.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 142.250.179.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 84.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 69.3.20.104.in-addr.arpa udp
US 8.8.8.8:53 129.240.56.149.in-addr.arpa udp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 171.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 250.227.87.208.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 20.220.184.93.in-addr.arpa udp
FR 172.217.18.194:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 ssl.google-analytics.com udp
US 8.8.8.8:53 platform.twitter.com udp
DE 157.240.252.35:443 www.facebook.com tcp
GB 146.75.72.157:443 platform.twitter.com tcp
FR 142.250.178.136:443 ssl.google-analytics.com tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 157.72.75.146.in-addr.arpa udp
US 8.8.8.8:53 35.252.240.157.in-addr.arpa udp
US 8.8.8.8:53 136.178.250.142.in-addr.arpa udp
FR 142.250.179.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.136:443 syndication.twitter.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 136.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 e.dtscout.com udp
US 141.101.120.11:445 e.dtscout.com tcp
US 141.101.120.10:445 e.dtscout.com tcp
US 8.8.8.8:53 e.dtscout.com udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 216.58.214.174:443 play.google.com tcp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 172.67.8.141:445 whos.amung.us tcp
US 104.22.74.171:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 teknoinfokita.blogspot.com udp
FR 142.250.179.97:443 lh6.googleusercontent.com tcp
FR 142.250.179.97:443 lh6.googleusercontent.com tcp
FR 142.250.179.97:443 lh6.googleusercontent.com tcp
FR 216.58.213.65:80 teknoinfokita.blogspot.com tcp
US 8.8.8.8:53 65.213.58.216.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA1 4d16a7e82190f8490a00008bd53d85fb92e379b0
SHA256 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512 d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e55832d7cd7e868a2c087c4c73678018
SHA1 ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256 a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a6b7502a48c401d69cdf8cf1015198bf
SHA1 7acbc3219811c166e3c2e8cc9b45789dda4237e8
SHA256 5513cb60bdbc9e5e43dec6318a2ba3c34091124f4d9da34ebd16bb34f7333b06
SHA512 eb8146a627bb221be08bcc5440fb5c037832324eb7d3189a5bd8ebf7d7585a348794b852dae71357fb64d88c959f7f81878b5d3a9145abc2a9d6f822b90677a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 1ff53dae34c4555156d935d6455b5e8e
SHA1 7b0d480ae156810635d33de2750d7de405c41c62
SHA256 b60890e621ee1f1885e164572c092e6dfcaca3d7c7e2b6cbf65b5acbfeb6a998
SHA512 103de10e245e4eeddd8611d30f62a74b16b364b5aa90c866c1d239649363e42cce013d83520b7e3fe2c17ca709421168f78736477e124dfa841dc021f512bd1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 1794e209c784b5f1d14e6b9b3dd42fdd
SHA1 1c41e8364a39722c8c3accf6514af18534a0e883
SHA256 3306123926341119d694833ebf674b28191c67910f2835f7430dd9527a89143e
SHA512 78d17b622edb2ce77f6fa1fcc9ebb89465693a353ea97facccba6317c39d714468cb7d1970f47b67bffb0c923eb9b40dc3b741991d1d216eadeb979a199c3f09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 715d3810b3854e232f6a13e778dc2351
SHA1 2bc3cdf2351ab57279c020097a9125a53c3cd0a6
SHA256 4bb00df36cf6f330a391a4b6092ee4334763f63ab93b9d5b0a096f965921f51e
SHA512 31cd5f875650d4f2933dcf69c5fa5a821d9a0e12ff6c9bee5144956a3d573d5eaaf606a04186675859bb210dd2f4497e30ddab367b757427c63d9849504ddaec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c1136e00a3ab5f457cc1c1c7a397eef1
SHA1 b68b2902447c822183583725a76f1642dc32503e
SHA256 ed6d04297b528d1af5289fd04fb1ed15c39ae54f607170507bf63344373aa61f
SHA512 6721eba7f250ee000635e8f548bc9c8dd90688d28caf6deaa1bccb16a7cf8e57013bfe9f989949c166d5b045427f60363845ebc2652b9e1803c5bd9a62467141

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9e50067fe491924aeec9f9ebe198ee9c
SHA1 928b7f8fdce3655120e2200c741e8ecc579d221d
SHA256 4f2f026c7eb58dafde1c4cf717fc85bb9c237c4d4367c575a9d335db955610cd
SHA512 c20ec3e34edf6f63783102f3e0a153d883492eb2120ef1134ec6a19ca68106d0790d04c1a8154a50ee3b4f06ddbeb34c3a7bbf79bbd815fc4b202822dfa6932a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 95617b253c5aff739aca7d62928a2396
SHA1 9bdd31a4522291f92bdf8a0ab3ba50464225c831
SHA256 73f4ded099c142b14474f095d455c0269fe567fb0381e7a20580ab0672cc3908
SHA512 200ab8e146192fc9f827123862ba14dab6e018e611e99f2d1d783de7b815cf11ed21787eb0d588fda5467137f0fefca8349544ee10e8cc0b6350ca8acf794477

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 815df16c7ef4b50b6597cc5e2e1b38e0
SHA1 3ca8383e1841d32a2399fda51fb6f9636b75f9f3
SHA256 c8f65247f8db358d608d47c799e4df468a1b63bcbc0280e276d1c2fddf94912a
SHA512 5f436c08f5278ae523cab6df65bd1479e0a1bd740719cab6c549ef3c6bcd14db82af8ed0ce61a87fd8b61ed232fdec9745f3478719927b3e18e8e9bf1331f02f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 43926527eab13b7e1e3d558b5df713db
SHA1 2539329888c613312f1804ec8f5d33069e6e9923
SHA256 0cb477a8d88d45406f150cb859d6db74146f189858357a0945d1722565f0ebc3
SHA512 246633ff046ab3555f544192d66907f487f436cbce4b1f9b781210ff03279b91e56215796943a21a1abcf403a73a383e32036935779d1df1d3b50c1089fade6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ad9230d1c770e6246c697da9ab3f37dd
SHA1 ce95cf82dc6c0d725b73327d4f5d1a72051239ea
SHA256 3c79a4cbc7fc08a9cdb0b3e0be37b905b33e114e98625631fb016fa5b7fa7aca
SHA512 f89b0cd006436dcbd421a3bce913f6fc93a344953f46b3c3e770f67c8add52f51558c49b5cb7a7411d1bcc800a03f9936af2f334189efe1984cd799b0448fc2a