Malware Analysis Report

2025-04-03 14:22

Sample ID 241212-hd6fwstlcy
Target e5264735c6d80b0ec4c90572b7e45d89_JaffaCakes118
SHA256 b725e00d7a21a7fbf93e1b565827277852389aead393436d85510cac88195d31
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b725e00d7a21a7fbf93e1b565827277852389aead393436d85510cac88195d31

Threat Level: Known bad

The file e5264735c6d80b0ec4c90572b7e45d89_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

Enumerates connected drives

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-12 06:38

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-12 06:38

Reported

2024-12-12 14:59

Platform

win7-20240903-en

Max time kernel

135s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e5264735c6d80b0ec4c90572b7e45d89_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Q: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\A: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\B: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440177286" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000826f44f955b6d343bd9e78ce68641ebc00000000020000000000106600000001000020000000a4002fca2fe7404359f9280352cf065939568bb0173cefd8230efbd4eaf85085000000000e800000000200002000000025c020fde52f2c2f5330b6ed83ddc71c852ce85cad33fdaa3245ec205114f96e200000009ae38e274271be5afc32fd3a2e978db241d75d6307f0945f613d90ee7dcb3a68400000000355ab1a3a41df3b1a4f7abcf4b165977ed03b3b6b68929428316d8478e93121cb0b5aad374ad2c6c22b139bbf207d2d6e23d229ddc234788210d37146ff91cb C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2004533ba64cdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{55F01071-B899-11EF-809B-F2DF7204BD4F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000826f44f955b6d343bd9e78ce68641ebc0000000002000000000010660000000100002000000022d1b4aea9d2d1573206add85bbb4344db46e14c5c4dddec4fb142e98ed2325e000000000e80000000020000200000001d746ac2a9d517226c1a3829eb0dac04108d2829a8c0a60cb04357fc96cd8b339000000017353fc595e5878b1db9668468444d2b87e74a78e5c3e0f3f60f6c587809b9a046f0af81134e9c910787003157e00f3d5cf019b5e64815386fc9aa57aade2139d3fb36f82e456a4041d6eae2bb5f8ed7e0314ea316ec530f3db0366893ceaf267adf9a531c8ea382dacfcde4a0f344ac28a245626a925802e8a56c9e5b22d55c31478c2fd945923625a3832ace61a095400000008f3fb0bb16afbbce0bf24f63d996d87fad8c54e03b906811ee0ab8f126a6a2e5974f86bea9270eef0b48a8b046d5e8036d2f446ccb9b20ee94bf73a08a826c42 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e5264735c6d80b0ec4c90572b7e45d89_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 upload.wikimedia.org udp
US 8.8.8.8:53 www.firefoxfacts.com udp
US 8.8.8.8:53 www.thenets.org udp
US 8.8.8.8:53 espaco.com udp
US 8.8.8.8:53 www.veryicon.com udp
US 8.8.8.8:53 aux.iconpedia.net udp
US 8.8.8.8:53 www.anytvplayer.com udp
US 8.8.8.8:53 static.sftcdn.net udp
US 8.8.8.8:53 www.brunobrasil.com.br udp
US 8.8.8.8:53 www.arespro.org udp
US 8.8.8.8:53 comoquiabocru.com udp
US 8.8.8.8:53 chiletourdesk.info udp
US 8.8.8.8:53 hackerevollutions.hd1.com.br udp
US 8.8.8.8:53 www.belchfire.net udp
US 8.8.8.8:53 img51.imageshack.us udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 lh5.ggpht.com udp
US 8.8.8.8:53 lh4.ggpht.com udp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 s03.flagcounter.com udp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
NL 185.15.59.240:80 upload.wikimedia.org tcp
NL 185.15.59.240:80 upload.wikimedia.org tcp
US 38.99.77.16:80 img51.imageshack.us tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 38.99.77.16:80 img51.imageshack.us tcp
US 206.221.176.133:80 s03.flagcounter.com tcp
US 206.221.176.133:80 s03.flagcounter.com tcp
US 104.21.11.28:80 www.veryicon.com tcp
US 104.21.11.28:80 www.veryicon.com tcp
US 104.22.71.197:80 static.addtoany.com tcp
US 104.22.71.197:80 static.addtoany.com tcp
US 104.21.16.1:80 www.belchfire.net tcp
US 104.21.16.1:80 www.belchfire.net tcp
US 172.67.140.133:80 www.arespro.org tcp
US 172.67.140.133:80 www.arespro.org tcp
US 172.67.128.145:80 www.thenets.org tcp
US 172.67.128.145:80 www.thenets.org tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
US 15.197.148.33:80 www.brunobrasil.com.br tcp
US 15.197.148.33:80 www.brunobrasil.com.br tcp
US 147.135.70.104:80 www.firefoxfacts.com tcp
US 147.135.70.104:80 www.firefoxfacts.com tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
US 38.48.229.251:80 comoquiabocru.com tcp
US 38.48.229.251:80 comoquiabocru.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
US 147.135.70.104:443 www.firefoxfacts.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 www.comoquiabocru.com udp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 e5.o.lencr.org udp
US 38.48.229.251:80 www.comoquiabocru.com tcp
US 38.48.229.251:80 www.comoquiabocru.com tcp
US 8.8.8.8:53 aux.iconpedia.net udp
GB 184.50.112.233:80 e5.o.lencr.org tcp
US 8.8.8.8:53 espaco.com udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 104.22.71.197:443 static.addtoany.com tcp
US 104.21.11.28:443 www.veryicon.com tcp
US 8.8.8.8:53 www.search-blogger.com udp
US 172.67.140.133:443 www.arespro.org tcp
US 8.8.8.8:53 thenets.org udp
US 104.22.71.197:443 static.addtoany.com tcp
US 104.22.71.197:443 static.addtoany.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 search-blogger.com udp
US 104.21.2.14:443 thenets.org tcp
US 104.21.2.14:443 thenets.org tcp
FR 216.58.213.78:80 www.youtube.com tcp
FR 216.58.213.78:80 www.youtube.com tcp
US 8.8.8.8:53 lh6.ggpht.com udp
FR 142.250.178.129:80 lh6.ggpht.com tcp
FR 142.250.178.129:80 lh6.ggpht.com tcp
FR 216.58.213.78:443 www.youtube.com tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 belchfire.net udp
US 104.21.64.1:443 belchfire.net tcp
US 104.21.64.1:443 belchfire.net tcp
US 8.8.8.8:53 www.search-blogger.com udp
US 216.239.34.21:80 search-blogger.com tcp
US 216.239.34.21:80 search-blogger.com tcp
FR 142.250.178.142:80 developers.google.com tcp
FR 142.250.178.142:80 developers.google.com tcp
GB 74.125.133.121:80 www.search-blogger.com tcp
GB 74.125.133.121:80 www.search-blogger.com tcp
FR 142.250.178.142:443 developers.google.com tcp
FR 216.58.213.78:443 www.youtube.com tcp
FR 216.58.213.78:443 www.youtube.com tcp
FR 216.58.213.78:443 www.youtube.com tcp
US 8.8.8.8:53 arespro.org udp
US 104.21.94.217:443 arespro.org tcp
US 104.21.94.217:443 arespro.org tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 172.217.20.198:443 static.doubleclick.net tcp
FR 172.217.20.198:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.179.74:443 jnn-pa.googleapis.com tcp
GB 74.125.133.121:443 www.search-blogger.com tcp
FR 172.217.20.162:443 googleads.g.doubleclick.net tcp
FR 172.217.20.162:443 googleads.g.doubleclick.net tcp
GB 74.125.133.121:443 www.search-blogger.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.135.115:80 r11.o.lencr.org tcp
GB 88.221.135.115:80 r11.o.lencr.org tcp
GB 74.125.133.121:443 www.search-blogger.com tcp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.74.171:443 whos.amung.us tcp
US 104.22.74.171:443 whos.amung.us tcp
US 8.8.8.8:53 widgets.amung.us udp
US 104.22.74.171:443 widgets.amung.us tcp
US 104.22.74.171:443 widgets.amung.us tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.146:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
FR 72.247.166.29:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
FR 172.217.20.162:443 googleads.g.doubleclick.net tcp
FR 172.217.20.162:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 8f61c89b5031bce14e496a11bcbb2147
SHA1 10ef454953fea333990f3b2b6c9bb95fdd4b27bb
SHA256 e28c8f44d42c5310ce17188c340062f35ac93c59ed945873488155942dd0a580
SHA512 5ab504d4df21af1e0073e8204ba396490ee4e83a370de4e0db2c0031cd1546892ef55fec40b2aea920da1c0533e8083541c20e2949599a14e9f04120a64f0b79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 84525ac2c52cedf67aa38131b3f41efb
SHA1 080afd23b33aabd0285594d580d21acde7229173
SHA256 ae524d9d757bed48d552b059f951ffd25a7d963ae44a554cb1f3a9641e524080
SHA512 d898b0913b4005bbbf22a5457ad1e86345860868bc2e53187ad8267c07824d592160a27d850978ebfe78392db784fffb80b73e27418d3a71708383d738ea1d57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f99954cd8e936e1518e2538b1d572b4e
SHA1 7045e14a0001857a12b6d7bfff18163f3da70bd6
SHA256 e77da0b1b248010fbf1fc7a904a4d0f81b883c8ab4df441af31af8cd9b1276d8
SHA512 ce714df4e745abf088e0cdae4df4bad2386b282f2cad3fbfa908e362c474e935ecebbb0f5f466b02c41028a6e8f48bbf2548bb70a92a6bab34db5a156e1fd0b5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\Untitled-1[1].gif

MD5 428192f0d67f99cbe8a1178e0e4b24e9
SHA1 accaecb5b463d258a137a5402986970d7f750688
SHA256 fb86bd7f9181fc6d00a582b7bc617690d65af5c0a3bac10e51bec21472fdfc90
SHA512 c526c2ce41126548a892b954ddcb307ee4d6d0fab45f99e549b77435cac088f9986e1836d80cfde9cbf7e9befc33410aebd06121aa1d515aa926dadc1936e2f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 b4ab2e156d0593fc81cbb323a92c617c
SHA1 71a3ec2b486179c053b186c94b15ff6742a29a2f
SHA256 817dab738cd42ef258b3c2968e3499f1b2382c7b71382a28add938272d607e82
SHA512 02e38712ecf908bd51a2b03f3b6fc7575dda178fa164f45eaa719fa4c701966b2b4b703c21164e452906281cfa367ce7cbf4ba62e87153b55e7359febad9a141

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\sample_img_slider[1].htm

MD5 0104c301c5e02bd6148b8703d19b3a73
SHA1 7436e0b4b1f8c222c38069890b75fa2baf9ca620
SHA256 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
SHA512 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CNUR30T\page[1].js

MD5 8055537fb4f1977b5babc878a9bbffe1
SHA1 28553e37b98add5e1e4a4389910669df43698808
SHA256 2471f4232ccca845a9da8b10e5be81e7323faa5891b9715f425661505f183434
SHA512 eeada801f9798cb67bcbb75ae70945970235e47b73eebcb5d1fbe4c43d4b09e67165793be0a4c9b40c1698f2aef713881dae413c2789f7d0a4558dd301d362f7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1H055EVL\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1H055EVL\www.youtube[1].xml

MD5 128d67b7122739239f36f03e8b0e29e1
SHA1 fa0f1549082f4484b94605fe4ce93061b70700ce
SHA256 358653a1ce376276a0de096171c54ea2248bdf66646ea01b43ce558bc1ff90d5
SHA512 6a52e9aec1e7e1c928cc32f60adcf9bd326c146eb6f3fb0c0dea88328cd0b50b56e50b477cd91464346b73ff4c43c76306b6a9730e3d09d1f8ee31e927848144

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4TQDAHL\3566091532-css_bundle_v2[1].css

MD5 1e32420a7b6ddbdcb7def8b3141c4d1e
SHA1 a1be54d42ff1f95244c9653539f90318f5bc0580
SHA256 a9ca837900b6ae007386d400f659c233120b8af7d93407fd6475c9180d9e83d2
SHA512 1357d702a78ffa97f5aba313bcd1f94d7d80fb6dd15d293ff36acc4fb063ffdad6d9f7e8d911b1bbe696c7ad1cde4c3d52fb2db2a0fcf6ff8ef154824e013c6d

C:\Users\Admin\AppData\Local\Temp\Cab604A.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar604D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 c02ca2235efac51a878d32f122ba6b91
SHA1 6f66a0b0dc55e79f4d798d290d874fbad3a6e446
SHA256 01aaa8370976d3aa8536089a6c92909672940e0ae1263940a96a1d7b504caa07
SHA512 6c287f4d20bedad34a87487e74ecbc343093a5d826a671166ca35f8287d97d8cc9457fc8958bb9ba4d0f7a3bd5c5372f97b62ed095a69aeb4fc91852f2693846

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac9376d0d6f3ab24457ffe145ac4d966
SHA1 6baccc808535a43240022abfdc2c3f36ba09da2f
SHA256 fe81be4a8daad925923edd2007a57e5bf97cf16488817fe15ce34ad3e0044f22
SHA512 55663f6880bb24f525f7ff6c63bd1c1c5c3cf7ac77bbe6e8d0246cf9bb4d50638a4988cf10e0c43da695b3f6b8e3584b49ecf28a88ceac25796d92e4a7313895

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 eaf9f9454f95847d366d29d321d6c6b4
SHA1 c1924d251d9b704e74af4ff19c5a9afd1e264800
SHA256 64c8a52f5283c98791cd659b71131692ba7297c462dbb37d0622e15f26e2d34b
SHA512 3e0f9b77b5a7d7b5fbb8e58da2e4045ab956616df6540e0e83cb0201bdb5c44f3a351a002b486c429217985daa9bb2a0a38ab20751948c3af582866a961059be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8bab044eef70285a64ac17b458fb1520
SHA1 97df681c449d9a96d992800c73270388cbd491cb
SHA256 0a5302f158ddd6145cb73825d81f0f98cd2de56c2ccfd4b661a5001ceb2ef9ce
SHA512 8a6cb5caedbe2a6d421ebea98acf01b2b3cd22d75dfa7976ae99665e4b04514bbf229110f49d2cddbebd8cd3b62b5d8f83c9cb15dcbb4de89f755fc62a0b295b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 4230572c73bdde4c74b3ef6bfbc3d6a2
SHA1 4fdb8ed1795a919c6ff55ff165c2b82cb37cc970
SHA256 15f5387e7c08a2a86d5284af6c94cb3fb0b0bc762850ce0a84c007d644cd4586
SHA512 607aad66b045957bbdfc9c5326faf03f60f57360163caa8a10c293452fe5a26ed89fa50ed3a72dc0bfeeab786813453a1669094f02100c4c8530eb529a08f7b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e80f249d4cffc6e89781d92b44ceb0b
SHA1 707ad9c7afe6dc5b67696fe3e810eb73567d6e35
SHA256 1be1271175b709e7d3ce6f54a535a7b5a4b921960d645ff59652b7ea88387304
SHA512 d562eae5dc0de2206e40014f29b2c27e8d9258e96972613eb01c10d4dc9cc71eeddd718adc9ef0b49c7f3ad3849ecfff50c8c90715d43ac194f544edba19765f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 223df01e6f1790cbf97e8e0c48c8b0d2
SHA1 b712fbcd26c8825ed61ddc3aac3ad89d70309e69
SHA256 494d45575e7332cbae1df0a2be2feaefda2a8408bdc9ceda6b58c3be54803dbe
SHA512 8dac88232f129f3a1150f69af8bc16397606214355ae84c438339cd64c5b53851981c290cb29e726a7fb8b75540ddf145b15d820bf4635784202877d0a6f0e12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56b0301a1b241a3a6c3db769d28ec982
SHA1 9bc7f16e4ba2211a8d07b74b06d0363d6eee8d0f
SHA256 3ae5e24fda89999e70a3a9a337be58f174d34bd417880ac924dccb394cafba03
SHA512 f33eaf1884e3e3f8faa6fb690716d590d19889d5f3d504f57ace1c05e1145b5a5e41d6a833695d637103010771912b99eed5c0cb82065c5f576e10e90e059dc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1e0a0616b6b7036e746367b166ff76d
SHA1 05c2fb087e1221940f032b373012470bfc2c54dc
SHA256 2b9f71238c4b222e3742b5bf6d953bc744678d1f335bdca74e23b8ea04f745dd
SHA512 018142e776789fe6d2671e3df2017d6f2f166e84337cc093f2dc2302ca42d209c93a9cb8b28bfd1df4f480782ade397c5a8887397b07136a307c9bfc9362e687

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d697018eec93604a9de004a9cc3c3f2
SHA1 b48d01112764ba89ba245a6890149c23102a2a96
SHA256 b39a7eff1162f7a1fe9a5439ec469b6688db7a2083650cc3e58721d6cd6029e1
SHA512 ceba1b829805219eb4c63414a10a8a96354a3f2b2b26962579c8a40c5cd1ffb12f95a030d2f45d6d6eeac2692cab19477d0dbd91e5b2f1a363506892a4a5419d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d417654a9cb1a61e783f8c895d71e399
SHA1 5e86098d8d6b26cbdcbe99317a1a1e1f67037be4
SHA256 3c43532390b614b3e1db4dec0ad5a4866dbc06df043744edf1f0dfd55f080514
SHA512 a55567c047f564053357ed0bd7dc790924ecceec1b47191a40e40b61b09996dbc8ac08e19c2c18f58e0898db2295748a860d92d18786ff150135b73fafec9058

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04015214ea2634fdb5ed2bb29876a82d
SHA1 0fc83dbb35c58b0282676e74d765d168afb474aa
SHA256 147bc6daea6df825475d466db9a00018a3242a648414affdc7c6aa5f485b898c
SHA512 44b3285a4872d57d757bc57b933b8337cf356110406604f61ee4d3bd73fd6331f4bbf0ddd9b1a15327184fa713e5137089fb913c194fb60edc593af43be73989

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df08b56d12d2ce75190c41190fa7cf52
SHA1 35d836e8b3597cb36dd5a91ddda33ebc9611a603
SHA256 acd82df157668ca50d85ac1f312ef639ebd812dbbb1388a8f8c4c497153b36c9
SHA512 66fc67d5b0e679c322508cc6de63a7aefed0d863901bcceb0002c7ebc30aaa92860e6b804b1985af7f0bb2b521baa4dd0486098e07ff49fe0aefa23da566f2b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bcae5dd1526a4754ccd9a5cc6d73b0fa
SHA1 b9abe12440dee6fafadf29b04760b107eedb741b
SHA256 37335c3352aed202e1e50f25ca862321404e955c22cd6d5dfe5ce56cd279a365
SHA512 eb033d77e4ddb080f1bed6c5b4f32a08e7a725182fb05b2bf68716e09db30d450ac2d551953743e5cd02643f6a3294abf84648feaf1219536e39d91c8b84877d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e25caa4797bf31303eea3ab181343420
SHA1 2b77076bc7fd7b848d061f2be1d26d8b1d43a55f
SHA256 5af0e1f39d43370a3376f020cdf3469a0d8ec52f07fa81183df14b10e8d27e4b
SHA512 e781b3f5a6bf56e5bb12756882855300933878c5069647addc78c4f1afd050a4ae4efb91a669273a2f81adec02eb77bf3379148c576d1922cbc960f053fb74dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3e9a9d7f045d9e61c37c809882dedd0
SHA1 6de109a01b1668faf5797de9c3693a270da62deb
SHA256 2c7bb331b40fa500fedf7af5f350c57af7c8c21646117cbd6fbb8e9f0f91b957
SHA512 80aaa0236c4a723472cb12b1fa472af0a5995cc2bd73045cb69e764e4fb353dae70029e8162485dc0b6d0b6dd44b836efb4e33fc48bbb1383f7bf25efd61416f

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-12 06:38

Reported

2024-12-12 14:59

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e5264735c6d80b0ec4c90572b7e45d89_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3832 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3832 wrote to memory of 3688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e5264735c6d80b0ec4c90572b7e45d89_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef21e46f8,0x7ffef21e4708,0x7ffef21e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9248128268351835048,8131670346600195662,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,9248128268351835048,8131670346600195662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,9248128268351835048,8131670346600195662,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9248128268351835048,8131670346600195662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9248128268351835048,8131670346600195662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9248128268351835048,8131670346600195662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9248128268351835048,8131670346600195662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9248128268351835048,8131670346600195662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9248128268351835048,8131670346600195662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9248128268351835048,8131670346600195662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9248128268351835048,8131670346600195662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9248128268351835048,8131670346600195662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9248128268351835048,8131670346600195662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9248128268351835048,8131670346600195662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9248128268351835048,8131670346600195662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9248128268351835048,8131670346600195662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9248128268351835048,8131670346600195662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9248128268351835048,8131670346600195662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9248128268351835048,8131670346600195662,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5452 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
US 8.8.8.8:53 www.google.com udp
FR 216.58.214.169:443 www.blogger.com udp
FR 216.58.214.169:80 www.blogger.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 static.addtoany.com udp
FR 172.217.20.164:80 www.google.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 104.22.71.197:80 static.addtoany.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 104.22.71.197:80 static.addtoany.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
US 104.22.71.197:443 static.addtoany.com tcp
FR 142.250.179.78:443 apis.google.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 197.71.22.104.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.214.169:80 resources.blogblog.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 www.search-blogger.com udp
GB 74.125.133.121:80 www.search-blogger.com tcp
US 8.8.8.8:53 upload.wikimedia.org udp
US 8.8.8.8:53 195.20.217.172.in-addr.arpa udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 104.22.71.197:443 static.addtoany.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 104.22.71.197:443 static.addtoany.com tcp
GB 74.125.133.121:443 www.search-blogger.com tcp
US 8.8.8.8:53 www.firefoxfacts.com udp
US 147.135.70.104:80 www.firefoxfacts.com tcp
GB 74.125.133.121:443 www.search-blogger.com tcp
US 147.135.70.104:80 www.firefoxfacts.com tcp
US 8.8.8.8:53 www.thenets.org udp
US 104.21.2.14:80 www.thenets.org tcp
US 8.8.8.8:53 121.133.125.74.in-addr.arpa udp
US 8.8.8.8:53 104.70.135.147.in-addr.arpa udp
NL 185.15.59.240:80 upload.wikimedia.org tcp
US 147.135.70.104:443 www.firefoxfacts.com tcp
US 8.8.8.8:53 thenets.org udp
US 172.67.128.145:443 thenets.org tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
US 172.67.128.145:443 thenets.org tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
US 147.135.70.104:443 www.firefoxfacts.com udp
FR 142.250.179.66:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 14.2.21.104.in-addr.arpa udp
US 8.8.8.8:53 240.59.15.185.in-addr.arpa udp
US 8.8.8.8:53 145.128.67.172.in-addr.arpa udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 espaco.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.veryicon.com udp
US 104.21.11.28:80 www.veryicon.com tcp
US 8.8.8.8:53 aux.iconpedia.net udp
US 8.8.8.8:53 www.anytvplayer.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 static.sftcdn.net udp
US 104.21.11.28:80 www.veryicon.com tcp
US 8.8.8.8:53 www.arespro.org udp
US 8.8.8.8:53 www.brunobrasil.com.br udp
US 8.8.8.8:53 28.11.21.104.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 172.67.140.133:80 www.arespro.org tcp
US 8.8.8.8:53 comoquiabocru.com udp
US 8.8.8.8:53 chiletourdesk.info udp
US 8.8.8.8:53 hackerevollutions.hd1.com.br udp
US 104.21.11.28:443 www.veryicon.com tcp
US 172.67.140.133:443 www.arespro.org tcp
US 104.21.11.28:443 www.veryicon.com tcp
FR 172.217.20.162:139 pagead2.googlesyndication.com tcp
US 3.33.130.190:80 www.brunobrasil.com.br tcp
US 3.33.130.190:80 www.brunobrasil.com.br tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 38.48.229.251:80 comoquiabocru.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.belchfire.net udp
US 172.67.140.133:443 www.arespro.org tcp
US 8.8.8.8:53 img51.imageshack.us udp
US 38.99.77.17:80 img51.imageshack.us tcp
US 38.99.77.17:80 img51.imageshack.us tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 133.140.67.172.in-addr.arpa udp
US 8.8.8.8:53 251.229.48.38.in-addr.arpa udp
US 8.8.8.8:53 17.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 www.comoquiabocru.com udp
US 104.21.64.1:80 www.belchfire.net tcp
US 104.21.64.1:80 www.belchfire.net tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 1.64.21.104.in-addr.arpa udp
US 8.8.8.8:53 belchfire.net udp
US 104.21.112.1:443 belchfire.net tcp
US 8.8.8.8:53 arespro.org udp
US 38.48.229.251:80 www.comoquiabocru.com tcp
US 38.48.229.251:80 www.comoquiabocru.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 1.112.21.104.in-addr.arpa udp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 lh5.ggpht.com udp
US 8.8.8.8:53 lh4.ggpht.com udp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 190.130.33.3.in-addr.arpa udp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
US 8.8.8.8:53 s03.flagcounter.com udp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 lh6.ggpht.com udp
US 104.22.75.171:443 whos.amung.us tcp
FR 142.250.178.129:80 lh6.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
FR 216.58.215.33:80 lh3.ggpht.com tcp
US 104.22.75.171:443 whos.amung.us tcp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 171.75.22.104.in-addr.arpa udp
US 206.221.176.133:80 s03.flagcounter.com tcp
US 206.221.176.133:80 s03.flagcounter.com tcp
US 8.8.8.8:53 133.176.221.206.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 search-blogger.com udp
FR 216.58.215.46:80 www.youtube.com tcp
US 216.239.34.21:80 search-blogger.com tcp
FR 216.58.215.46:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 74.125.71.84:443 accounts.google.com tcp
FR 216.58.215.46:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
FR 142.250.179.118:443 i.ytimg.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 142.250.179.78:443 www.youtube.com tcp
FR 142.250.179.97:443 lh3.googleusercontent.com tcp
FR 142.250.179.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 46.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 84.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 118.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 172.217.20.162:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 172.217.20.162:443 googleads.g.doubleclick.net udp
FR 216.58.215.42:443 jnn-pa.googleapis.com tcp
FR 172.217.20.198:443 static.doubleclick.net tcp
FR 216.58.215.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 99.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 162.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 42.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 198.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 raredowns.blogspot.com udp
FR 216.58.214.174:443 play.google.com tcp
FR 216.58.214.174:443 play.google.com tcp
FR 216.58.213.65:80 raredowns.blogspot.com tcp
FR 216.58.214.174:443 play.google.com udp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 65.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
FR 216.58.214.174:443 play.google.com udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 443a627d539ca4eab732bad0cbe7332b
SHA1 86b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA256 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

\??\pipe\LOCAL\crashpad_3832_ZDTZNHTHKVRSEEEO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 99afa4934d1e3c56bbce114b356e8a99
SHA1 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA256 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA512 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e6508e5e8ca462ef5624095cecb24e0c
SHA1 a05fcd754da31713df7c5770dc891b913480e5ce
SHA256 24f154bb818256134f75aa629570f54ca8fd322d34281e846e41f5f999b9612c
SHA512 1c029b0daeaa50709694a9ffc52a08ce2711660b670d7adffad265682956f1ced702b95daec60589abe789e74ed0c1ecd449b36230a12710c15366f897102c07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9c907874-d64b-4543-877d-fbfc16be2f64.tmp

MD5 c4bf2989eb63b126a3a108d5bd18e6d2
SHA1 1f56b59f40a5665cbca2e16ca2dc5ef5cd939376
SHA256 3258eff215aed75f7367386c70baf8625d1f2afebd83d0e24a6bd37c97918f49
SHA512 45d7bb41d93f305951b18ab4101664091908cd051c7c7a8da4104253761953b85e968101f3e813fe05b5030db4836c45b9d138ce7be987dbfb57606742a2575f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5b66ef97d228e845e6234d2939aeebc5
SHA1 312550b366b6b9b9987c24341b460e43e50dbd2a
SHA256 eb01c68738e1cab8afd9b7e4ea610343ce24544a6de3332dd62fc3a3ac227d02
SHA512 05aa51f10dc3faba3a94a7962a10fce82fe79eecc94170c3b8ca573dfb90becc87ee02dd66e392e525a93fb4f0a93e5a9e79d2b6bf987c660c512a0270c4d083

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fa928f5f5820dbdd4487bb715defa868
SHA1 9b7b5b015e597d3847c1f475c10b22c019df9928
SHA256 e764dd516aa08fad2fb1f11bfa39fcc099f648816b734c834d1f2f7c2d29b1e2
SHA512 066b13857cfa73b30c6319ca901dc736d763634a427414183fdd620e5ebaecb9675546f0d0b141b5bf3268710d7344ba15efe6c9339ab9d68b0d93bace2d112c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a18ce393a477c152e61c0d0339a1aeac
SHA1 728dafc826009c0389bc5953720a3d8cc01f5b21
SHA256 3032648a3a8931ddd78ecde5788982cf0d9e4ad975473cd2ad6a60201597f765
SHA512 daaafc2c99360dc46e3fd402ca08c32dca765127f36df92150f0a24ee159d2156b20c82362bd81f8f131dec5672a556037a8bbc98500b5827f04204a256dc3fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586491.TMP

MD5 0c379dfbba3e72d6d46ecd1d285f5c53
SHA1 0b10d2e36cab0bfa78dbca81dc43da25b69650ab
SHA256 322f2f2ae08e42952c5462224471f1bf1f232a6e22b6a88d3fa6064848878a84
SHA512 daca797f229b1d4b0fbf857dd74b9b7a9a94105daf752453fdc7bcd4ac4bd2ff0628ee4846b583187ed1936df858d5de78b21032e36069fec248002d4d41e839

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e80d9f7a-da50-418b-a0c4-57468a65decf.tmp

MD5 40b31d5c5d45e9e4163c653e6a42c49e
SHA1 f57c8922575cbb063bb28cc229a2c37648d12e2f
SHA256 e2feb742ed259cb9bcd7eb1235cca11e4e621163a2671da639571c0e28c6fc6e
SHA512 96665a2c137269cdecc7d61cc5dcf2be9d3cf7187f336eb8209e77d53a955117af364e107575436a58d18e2dfa1a7f19bfe41815888fab9479ef64482d3695cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d3654b729eaa5a85696d06c16c976d0b
SHA1 4bae52261bcb6512db2ae93f5e0a7c17ca58eb11
SHA256 17d4d797fa65adefa71174911bb31d05c5a3eb5e99123169c02b230b810a5f2c
SHA512 73668f8b26ae0d47a19b96d1a8714bc18c1ffacac5d646700a16a5b9fa819661b8deeb0956e9b2d5cc8113d32c391808437013810848a45dc681c021af8d637e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a9e1ed8b6d41282b0afb00480e9033f1
SHA1 a9881397e455e267f1a709f79acf6981f4f02a07
SHA256 a3d0b05bfe7f2d51959586bdd901fd19e340a62ff75a9eff97d6969b8781c0e7
SHA512 eb4f37fdd069b88a847956685495975c6f2bf6865674634145ffb118c9dc2e30ad1fc19b58734150a4e8c816c64bacbce7c242724b4cbeef724d392c8f39a4de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 318a6d2f88cdb00d1984f0d1ff4d024f
SHA1 0103bcd002a6697305a8f4115e0351d511999746
SHA256 96d6d9fcac575415ae8322c42ab78d060702cef1b6b7550495024b5722753e33
SHA512 b6cce123941003ce54a7b30df760fa8cc7c527f10e620e49ec6f64ae1b4859b44d3e8b4c67d7abbb744f09d06d7c4ccdd466e264cd0d8002a849cc09024d32dd