Malware Analysis Report

2025-04-13 11:36

Sample ID 241231-ve8nvszlby
Target JaffaCakes118_29b936c7a4979e6e28e51932a8dcb17b
SHA256 81763f5e30c6e0be3492e3a9cb567a07ecc8324cbeae5c3d4bbc122bb8993758
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

81763f5e30c6e0be3492e3a9cb567a07ecc8324cbeae5c3d4bbc122bb8993758

Threat Level: Known bad

The file JaffaCakes118_29b936c7a4979e6e28e51932a8dcb17b was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-31 16:55

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-31 16:55

Reported

2024-12-31 16:57

Platform

win7-20240729-en

Max time kernel

145s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_29b936c7a4979e6e28e51932a8dcb17b.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441825987" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10976" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90ed27dca45bdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10976" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10976" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{04519AA1-C798-11EF-A641-5E10E05FA61A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002acb817533ec2d46b43fa84c815304fc0000000002000000000010660000000100002000000073c658d72e6d3badd8a5b4541e5ea3e4cc907c9da71ee1252994531f27729325000000000e8000000002000020000000389bf3833d3e22aca7eb7af5a38afb3cba9c7be73115b9e5ba74483151d060e12000000000975d6c5c7b1c6b34acc25d3a652bfb5ed4d985235f8dffe4b5efcf8e156d46400000002f9392aa0c725bf917daf08e53e1292c14d4bab3552669a117bf5504c55245dfa37b8d832dc000099f7fd929518e708826f7bebda3fdfc6c933a12031c9835ab C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002acb817533ec2d46b43fa84c815304fc00000000020000000000106600000001000020000000ab4a6b3ca7359c4fecb781b470e6a11720abf3a583ae89a7bde336970cd953ca000000000e80000000020000200000001aa6d51dc4d02eff7ff0af96484ae9465d5eca1d6c420b0b78233f3189e8c21d90000000e4c9f55fc70a8150db4bf22b5b6afad3e2465df689503db23e68c06179500b0d0189b1ab13f9a3b7dd06f97fcc8d54c0fd3bc6578e4bff7bdbae8f3679fbd38fd38a663d113df417fe1e88699c4ff43b66bd1c21f20e442af64f3197b402989ec155faddf568ecc856e906c1cb0e1fa20959b91a24a9e499190e98c1cb0194fc8b52519d4e52a9c867a8492917fb1dee40000000c43000750891106ade0ef426cd64194c60f2258a95969a363f6ad785a2ad444ff0eb0c11df7ccbee7e37047bbfaf8abb707729197b3612ee849f9b8600eb6cba C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_29b936c7a4979e6e28e51932a8dcb17b.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:528 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 cdn.wibiya.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.intensedebate.com udp
US 8.8.8.8:53 i1234.photobucket.com udp
US 8.8.8.8:53 perierga.gr udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 go.linkwi.se udp
US 8.8.8.8:53 s7.addthis.com udp
FR 142.250.178.138:443 ajax.googleapis.com tcp
US 192.0.123.246:80 www.intensedebate.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 192.0.123.246:80 www.intensedebate.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.178.138:443 ajax.googleapis.com tcp
FR 142.250.179.78:80 apis.google.com tcp
FR 142.250.179.78:80 apis.google.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
DE 5.9.46.15:80 go.linkwi.se tcp
DE 5.9.46.15:80 go.linkwi.se tcp
FR 3.165.113.31:80 i1234.photobucket.com tcp
US 104.21.80.1:80 cdn.wibiya.com tcp
FR 3.165.113.31:80 i1234.photobucket.com tcp
US 104.21.80.1:80 cdn.wibiya.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 172.67.164.136:80 perierga.gr tcp
US 172.67.164.136:80 perierga.gr tcp
FR 3.165.113.31:443 i1234.photobucket.com tcp
US 8.8.8.8:53 www.tealdit.com udp
US 172.67.174.110:80 www.tealdit.com tcp
US 172.67.174.110:80 www.tealdit.com tcp
US 172.67.174.110:443 www.tealdit.com tcp
US 192.0.123.246:443 www.intensedebate.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.110:80 www.google-analytics.com tcp
FR 142.250.179.110:80 www.google-analytics.com tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 216.58.215.46:80 www.youtube.com tcp
FR 216.58.215.46:80 www.youtube.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 192.0.123.246:443 www.intensedebate.com tcp
FR 216.58.215.46:443 www.youtube.com tcp
DE 5.9.46.15:80 go.linkwi.se tcp
US 8.8.8.8:53 webobjects.insurancemarket.gr udp
FR 18.164.52.128:443 webobjects.insurancemarket.gr tcp
FR 18.164.52.128:443 webobjects.insurancemarket.gr tcp
FR 18.164.52.128:443 webobjects.insurancemarket.gr tcp
FR 18.164.52.128:443 webobjects.insurancemarket.gr tcp
FR 18.164.52.128:443 webobjects.insurancemarket.gr tcp
FR 216.58.215.46:443 www.youtube.com tcp
FR 18.164.52.128:443 webobjects.insurancemarket.gr tcp
FR 216.58.215.46:443 www.youtube.com tcp
FR 216.58.215.46:443 www.youtube.com tcp
FR 18.164.52.128:443 webobjects.insurancemarket.gr tcp
FR 18.164.52.128:443 webobjects.insurancemarket.gr tcp
US 192.0.123.246:443 www.intensedebate.com tcp
US 192.0.123.246:443 www.intensedebate.com tcp
US 192.0.123.246:443 www.intensedebate.com tcp
US 192.0.123.246:443 www.intensedebate.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 142.250.75.226:443 googleads.g.doubleclick.net tcp
FR 142.250.75.226:443 googleads.g.doubleclick.net tcp
FR 172.217.20.198:443 static.doubleclick.net tcp
FR 172.217.20.198:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.201.170:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 r-login.wordpress.com udp
US 192.0.78.18:443 r-login.wordpress.com tcp
US 192.0.78.18:443 r-login.wordpress.com tcp
US 8.8.8.8:53 s.intensedebate.com udp
US 192.0.123.246:80 s.intensedebate.com tcp
US 192.0.123.246:80 s.intensedebate.com tcp
US 8.8.8.8:53 widgets.amung.us udp
US 104.22.74.171:80 widgets.amung.us tcp
US 104.22.74.171:80 widgets.amung.us tcp
US 8.8.8.8:53 developers.google.com udp
FR 142.250.178.142:80 developers.google.com tcp
FR 142.250.178.142:80 developers.google.com tcp
US 192.0.123.246:443 s.intensedebate.com tcp
FR 142.250.178.142:443 developers.google.com tcp
US 8.8.8.8:53 doglovernews.blogspot.gr udp
FR 216.58.213.65:80 doglovernews.blogspot.gr tcp
FR 216.58.213.65:80 doglovernews.blogspot.gr tcp
US 8.8.8.8:53 blogger.googleusercontent.com udp
FR 142.250.179.65:443 blogger.googleusercontent.com tcp
FR 142.250.179.65:443 blogger.googleusercontent.com tcp
FR 142.250.179.65:443 blogger.googleusercontent.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.146:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
FR 142.250.75.226:443 googleads.g.doubleclick.net tcp
FR 142.250.75.226:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b983e034726c96cbd74bbae44ff3087f
SHA1 c124bc5843682eed7ef8e4c676b035d280b65e30
SHA256 87bfad7e3eee4555da2c7bedd90bd8c3fbe230756139e89d5f960cca836a6b16
SHA512 e9dc5de2c3dea630c015515cdcaace22c6d3e8104d13f52eeee5cee784af875756d451fec3ed962031fafb33346000d1dcca329c5f809d514bcf11e6125fcb70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 33e7e752397bde42a600a891388f23e0
SHA1 66318656078c4e6e6e6e5237baeb510ec5a2aa4b
SHA256 58dba2ba487e75996d6d6762b1c5ce8d432f0a200333e3a7093168f4bba2e356
SHA512 d055c150684b54cc774d2573e25a5cbe00eb0da297c903a46a60409ddbc59baac611c6ad3b098bfe109f09e0d74e0b34b009bbf227d661f2abd40da6623e7ddf

C:\Users\Admin\AppData\Local\Temp\Cab8123.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 48ff4de810914e1bd84e8766749bdca9
SHA1 02f84a7ded113ed173417c9a4f6244883cc55e3b
SHA256 c71707a9d866b2ce645643d131b0c931f8f30a6b81e2ff12d1ce2dd6726c1051
SHA512 e2a1b6ff3da546b570d454eefbe885f267d98d62ed09e3e99505fe66475f40f8456f6d3ee408e5cef63a36c5c3ee78f65a7ed6c7a91523d9623a29449ea809d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\Local\Temp\Tar8146.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d564f244e735110d3faca66fbc49f02
SHA1 7462120905fae520dadf3435a269e9ebd6751871
SHA256 19633924e8f4776f9852c4a1e54740beed63d8d23d4dc2d925992e97379c8772
SHA512 62855adf321daae75641f360fb822e55123e005233b5e02b505d75bd3544b9475304fa4b055e2bbd7d039e572c830db1101b2feeb639e4f634d6f7485e12ca19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_2AC354D163B9A95ED11B23DFC6FCD931

MD5 63961e45588d412dbfc6889d05eac5c7
SHA1 ab26672c750c6015114dc856d9cf60edfacd132a
SHA256 65756d960b30fcec67e58d508df0c16a9be21a70d5398d9701a684f0b2b99e66
SHA512 842b1549ff94ccc72e02bdd9d43d3d230963502f95817faf2568b9a582f62fe91bc64aff80ffb8dbfe9a216e03b53076d664940121b99f42859e481128217937

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 535686750b9e4f8e82e0f98267f0abee
SHA1 c39f20a1dd8b4e3c12586248d2472cce8fb7180e
SHA256 df4c4122d05d7f0bbde24e540c4e294bfad38f7aca9b7b2249664367a1c14581
SHA512 1b64b4244d6666e60d8e21f87263fdb023a52b4a92e7b63c4ef1fa6aea43965fd1ca3a950a83d86afabb1530d3e73961bfc4b1a4d763bd7f56cdb0665f4a8da8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\plusone[2].js

MD5 3c91ec4a05ec32f698b60dc011298dd8
SHA1 f10f0516a67aaf4590d49159cf9d36312653a55e
SHA256 96b335b41362fd966c7e5e547db375ef0be7dcb2aec66bf3646782eeaed4b2cf
SHA512 05345e754b39e9f83514bc3e14b52f3cbf321738fd7d973da55db99035b11b4152fedce2c203eb34376cc9e18571db514ff9fbcb4174a2dd7cca7e439cd25944

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\crl[1].js

MD5 bf85596e03bb78f777a0594c86522ebb
SHA1 68fbaf69eb6745adcf32669e6f97e616847d6ed6
SHA256 15928aa05f60c793d4dfcdc4ed2ffad125b78face4c755cb5c2bec4d381e935e
SHA512 c4bfe5207728937359efbdc0ca7963a348dc8fb31e9f3b003490a3192edb2ddbe4199660d8010b196d514e7908f5f1527b6ea705f0e720a327f2029f58fe8860

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0AP1ZYD8\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0AP1ZYD8\www.youtube[1].xml

MD5 354b8c7fe937885e54a0fcae963f21cd
SHA1 1c60bd0d583e466fea91e150085fdc48239ae873
SHA256 623dccaab6906d5cd67e7dcde9ba88657e9354209ac58fc0a2d7a2ee1369ba78
SHA512 d9fcde4932257454f1eecaead9452b10201782cc6133fdbd7345c3d4009abd6a2b34c2fa647753097fff3fd59b1da4a0bf1aea796fb7a813c8bfa94ca8d29b88

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0AP1ZYD8\www.youtube[1].xml

MD5 5a48ae9f8b1f4256cb7e90226574eeab
SHA1 86026cbd5dee1e5651aa2f72c7a15f25287fbc5d
SHA256 bdc23c91c360c4681a4f8a85db610373d98ad2b3110659ec57abb08fdbc8fd31
SHA512 6b175300d36bbc4691f035c2fe5662d9624763c0fdc8b9b839305c77d3fed78290af4983f4bc7b6727f9871bd37069b8bb26352b94382d05c06cdbf439e7d4a7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0AP1ZYD8\www.youtube[1].xml

MD5 ce9b572916143e3d7f0a086eb9d72a27
SHA1 c4da7df015df6b0faa28dbe69c22922151b43376
SHA256 7a120c65fc77c234524d9dc296a381c99d1b3b8de4549e7157fc42c0c166d505
SHA512 09a8ac9cdfd87512ee48275c0bc335d5ca08ed649603ca15c3c0122a372a209d3f959aaa24e206cb0cb4c9e54df1da2a0fd6c0027562a8ae3852ab7a83a41916

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_DFB78462C65FAC2750B89E1A8A1F9A53

MD5 b33f3f640db8458f79fa6405aef8319b
SHA1 4b1b05cebf564ff8645ec7792141b696c2b15001
SHA256 e077cd807e199e07ff92abcbb428836ee4b9437afc50be8ef529427ebd061ad1
SHA512 47a69938b3171f6a6b509311bf1f3599da569893fc3d1bbce3bb4b4da13e9eb33aa81abc1a9e922f3d5e6b3f029418e16e142f1590f092a83d0ac3491f820352

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0AP1ZYD8\www.youtube[1].xml

MD5 b0ad3e02392977acfcc9b4bda6d1d0f5
SHA1 d40184dce4ca57a6c160a11edde2342de12fcd1f
SHA256 85d9f806587ce7037fce4b03304908d1634b49b5ead51e5f62fa7e3ae31d0bb0
SHA512 8da33b0b0ed02706b3c0b118b9fcfe874aca21bba16e339537d0960fcb09715670abdf7ed9d6968363cd10d4ed6bc3f6074998287f092b54520c24ee2423da80

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0AP1ZYD8\www.youtube[1].xml

MD5 9498994000875ab9ff9f8bd5d33ce271
SHA1 016afb2226fa02eb5c96413abcf7ca857ea7c979
SHA256 22581f243bd5103e1b34710841c7f6ede24d424daedc1423565fc3d800409305
SHA512 f47457bad572931dd7d168c8fccd3c34aca3b40df65863759247f193a7aeeabd9cf0185295a6411a82a66080d63341d96400ee47c6beaecffaa2b81edfdfe850

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0AP1ZYD8\www.youtube[1].xml

MD5 550e23af62cb287cbfbe5e9fa98c4c2a
SHA1 233bbd6ba2fc6f9f116fcffd4d3a985bb1d1f911
SHA256 7b95038c81257a57fb3a337ecfcefd65bcb91fcd54a96c7da86b7043035ef6a8
SHA512 b2547b058c7ccd03f70164f77e14f825df5f822cd5b522ae455a9cb225acd28a95ce96e564cd26e239bb06607adde68da3ead4a742dcafa4a209d757fcf36076

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3beb8bcca8818f109421837a10e46a16
SHA1 7c6b0f1f7a7da584d3365b422782382ff356c769
SHA256 c1b9ee27a82a87d0eeeecd55ef26fa8b257901a1ea865364cae646c2cb8f84fd
SHA512 8284e43354881f445739b6d183d54f7bbdd06e50f65536842bcb728d7f4a317c3b7fea6c9a060c84ceef5f3ec78612577370944cdd408b6c7481dae82f6f0024

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6cf248a840c5f546b65e976769bf8792
SHA1 7026cba0a623afe7bdc3ef03b4eb870a53ef7e20
SHA256 04a0a18cfe71f39460b6e2104e8c2c4998d0bbe12b083e1e4168781b039acb89
SHA512 503d9f87b5a9ca5ce17a61ef308725e7d00848e8f9d10a692f02f8149cc514df01bd001e74dd891c2fae3dbba49550bdb5be9c303702cd9c3c71e002170f9734

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a454652bb7a381c07ff4d21d4ccaf099
SHA1 b10384b6ad3ab15cc63a6f1aa9c46d6d33c6ff20
SHA256 fd6cc6ba86cac8763e15066cce012295fde9c35d372b1ab768fe3817117098ee
SHA512 53c70bd740c6ad0602c785292e378e455be1757c1b40347a8613fa8e1ffa282ff9a0dd5cbf8d3a45188acf6a1d1621337389df5476a734f7249a411c5cf54623

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 066efed8728eae3a902ba24e08835ce2
SHA1 949b588431cf44ecda9493173dd4419f8bdadfc5
SHA256 9a13476cfc22b521c361b73e1a2592677ee4a2731442837a93e3274768fa3603
SHA512 5a09304f67fb59a57a94ed584a953278acacaa6f79f605bf0843bf569f4c0f5a9e00a9549e4a3cbfa7c4eb65dfd84383123af35ac09630221bd3235099ad980a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd0ddbe7a9013f66b9aee634793f417e
SHA1 65fca2e6c748343f0984ea881f01f4821c78f77e
SHA256 8b56c20b006be587f23c321767796d62f4011597dffd99bc15218d680c36202b
SHA512 274ef6d48a0ccd2d47795b496c2a85760f7a76d8178c753c140b0a23c5d1bdc7d8c0fbafa70b19f7549963bc6dd66670c2f84ab7a539710710177f16298986d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0263d7e20b5b7ef169eff6431324feaf
SHA1 01c8f63df5073733b5d98af49e1600cd53cebc49
SHA256 a1a38c7c137d54ea7118eab825c26ce13e060f5d2814cb4443fa3ec1c086edfe
SHA512 643503e3571066d8eb3d639bbc48ac10ff0c8111b67e27ef00bf8f10e104b2bdd1dea01458cd0bccad71057fb5a1d2e36b435ea52dc01a1e50496a951c104870

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0cae492caf25477e4ec58aade04165e
SHA1 f60327d6a9fff7b2865efabf115a48eeb0d42175
SHA256 33904781ca82dac76abe1bd1b0b67904bbaa536e8a215d4b45011016c0289620
SHA512 256eda4b0f78c2b38d7bd176d0feb3a94e1e88b5474577c2574b5f8c00916b45ea6e6d6373ce67943d3ec297832ce280ae0bdf9102a42e35d1f7cdcc70c697ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31a99c405cf14714aa538c0bce560341
SHA1 59d0501ca0234d4849f8f4923174846e8d203948
SHA256 ecd8c1c0e245f593be7468fdee9ea6f83f9f1a5b37c9eedfacb448257e41706e
SHA512 9ff155df59d540d49855c2a3d4788e2479c27f51da8aeb7d8d946d16342ae5fa99e3118c29464e9eb75a4a958393b00d21bac33bbd66c856d0e580c5ee00c2ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3edde867ff527090c2647a4d4cb2ea2b
SHA1 426f1142858d44b4f5bc00d0d415ef507cfb7bee
SHA256 68aaa962812e1fdf08b1d195b2a05c44278591872121d677562a3e9aea47dec5
SHA512 6646737cae548ed8a06b1d6f20f98cc6b56bdbb63bbf56895b712b79b6d0afcc0fd1935188e5cb02dcc5941fdbb1e4c3cafe3ed825484e5571aeac36647f88fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 390fa2cc3270abb91b7c22b84f2a59a3
SHA1 082856ba69a32a6000109f0df96e52a1719b1b49
SHA256 b9f4fe5c0af37fcb20d083705bc115ca69e010a4a4ce01dd443f8029e73663b7
SHA512 8366cb01b07cc87887490918d8912e159baf71f993e386f02cec145bc84f962036b77bcfff5e0310d29b49960919a2db599a28ba4f33b49c89a2fb4eebde4e01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f414fb409687358860aba18e6e7a344
SHA1 5e78414e47452b9eac99ea608e9ecdad842d506c
SHA256 f9d67f937fbdf8885a87e1c967f8621a3f82cc723eab0bb0a38c7a03a55ceea4
SHA512 7390d88115519445d93494131b7dd83778d34d1f8f11d252c6bccd9981916faf7e471977feb0c04b1a8fe6f46c80c28a67a88e4b35e68c7bae5a686e1c6f3f1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 364f4514d62db4ee318333271f06b874
SHA1 866e9cfe274b83951a44f2aca1f7083882243a4f
SHA256 6dda8f1cf58a7690a3ee5656eb4c45bfe969d0920ea67923db3d7772b81ad79b
SHA512 7489fec7f262a2e85e873cf75e3126b27537adaa748017d48bf9f2d207e67d61683e924e05f1b0504a64a1ce9679a68c9c709e7ff6d977f87af2d153246b4d60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f01b388a174d729a2611ae82f24f558
SHA1 069de11fc02cb8b2a22effa2eda952ef775e7800
SHA256 59ad08ef3081e12607cc3daee171e7d4585c865c4e9666a96d781e1744787b38
SHA512 cfd72c7f5be1d17a7aad5fd8c347a8f4712d56bb1e5b690265161194bf07ce1b33c314b4fe22b94824163f3a3ef795ec9aa6ea90d3ab09a303289d5ffd05a791

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 5f33cbc5c3dd2f7b06b71146d36f49d2
SHA1 05c3bc6784bae8f2cfe80b8d458d8f7c2330f36f
SHA256 48826838155c0fd289b59c971ad96664dc7b3ede49cf5afc164ef97de11807ef
SHA512 f4c8b7c3097cf835c0488db8516523b08a02e81e490510ba34a9251016cf734327afe5e2b2bfb40998d681fe1ca78e68cdecc55ca7154713b801e100910fbffb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c82579dea2b2ff8b2fccabb821407cb
SHA1 18c954d06606e11cdfe045c0696b66912ccaead9
SHA256 8adf115b789bd21052db1332773ce93cd43a731bf1eb19f3917357ca6c322332
SHA512 675d2f5e4781b92ca23a0bb2b253c5dd42162c9ed30ac5339336ff1f24f1af7883de181acc0ef2d4ef59cdd21114d1458506b3a304ec982912604cf99d8f72f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6923d0faf4a16a6377da2ca7d5eab891
SHA1 0b8958fb5f5ee0e4080d5a1d9bc801b653edd05c
SHA256 660ef2e8ebf1c5467e0c9a1eb58fa5424116ec5660d43d950f77a1efc440e875
SHA512 b39df76f48509712cc44685096e076fa4aa90fbde362dc7ee0a7fa97235c1d2ed9fc75fbb9965933df65d582e6b0e4f321246559d088e1f96cab3ee89f49e562

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 1e75a67ce8bac73b64e073e7d577f478
SHA1 b3b96343c0a635db1dcfc587eba9295696c6971b
SHA256 36aa043af17fe10e3c83b170de5ba8ff418e746a918af12bcede09dc2aa1e2c9
SHA512 fd76d480094e8d77560852c4d70ce206a5f76847b028e1ec716f09e20d5c7cc94dd26463274973caa805e4486871916cb62f761e777c4452ee17dc0edc977917

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a0c119ff2b9cb1580d25893c1bcf834
SHA1 66aa0b96bb42da574910c8a175585478531e1038
SHA256 f19711c468905cb4ce36b0797c73f31002a38d55553f7e60f8e0c17cb30b5019
SHA512 a58f0decdce82acc6611b2f5857e94504d332355ad6db24d8f1bef63a4fce43ad75b7a3de33c29668075267ac8c3e1bbe4fa678afa5b9841b4baafd851b41a56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f6aced1880365065ad9e0d9fe993b5a
SHA1 5b5b3dae2bcbe4d71729213e170ed5f6043f4a17
SHA256 cda20e789b8397370ee80775d22550b5086a16977c48ea1060c02641fb2da525
SHA512 6b121d866c193b6e55916ffedee065f4255b2809609f6ff4034a0668f8889b497145a23b2aa57dfa390295e26122efb984bd97b1c9d901c5b4d2a488b20ecf9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5eb409056477e92d8b0ee9c906fde02
SHA1 22eab7217ed1c301237931337e0b1940515afb41
SHA256 f6d21ab658cb706067b836e758138196adba8cf46582892288ca4c5bb660eec7
SHA512 2240c76a273398e41cf2b594986b1e4a61d3438d1be32c996e5e29567d0f4f0d76558cfb72318c4bdcebfa30494cb00f7e080649977c13975930c6b458f39426

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5897e837f7f9dda4a0c5bef3da351c7f
SHA1 cc73cf47c6914a127955e4d62864dd76f499d33f
SHA256 2b7dbf4819904b0b76509ba0b8ece0a9ea085a86d1b2d3b1487787ea9522f01d
SHA512 fb1b9e4fe180c3ec7e9892545785bd14f2dd8b05c6f98d9c2b1309b389a92b254966a5daceca094f586a635dc89d282255dc5b522a27244d2111131987ff5cf6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2090631972228d47a785cc056c962201
SHA1 209efc07ed6957360db342c26fc40af6136d2318
SHA256 98744c8bda18f0ea8f24d20de36e06e8f43af5607603561a917778fe44f97bbb
SHA512 11b16a0f595532c336c35c16b8f9cfad2903bc101ac2633251c3eafbce60e6aae5f9a3467351f1d468a67cdc7ed5ebc53337ca3a08ba959d92c29127e1e1ac40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29dcb89a5122c01528f8c1f628582cf1
SHA1 1b44bd885d4c7db1e1355a3faa3d7a9f3638f484
SHA256 326889d0a510535f7c38189b830b44b776bcbb3ab38fb97c1c80387e4b751c5c
SHA512 c51b7fd09f21c11edb69ddc55845d677f60ac24a9e7e56b4321f1d0eca16c36b731ad378d1edd16f3d4af0962d69308aa39d6795dbd706c78e65542401be38f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ecb296b062e3ec7c310e6747771ef60d
SHA1 10fc48ba00acf7c864250065a73a9707f937b88d
SHA256 95e692fd6c5fdd3b1b3699070b5669ef24f2fc46e168bb772f6061e14feebe69
SHA512 558b93bec10acbc1139aabb318dcba94b278136f36e6720212153cefe9dbd01ff1179452298ed2fd0928338590cd3f4be2757f7b030966c912691ecd50e72f2a

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-31 16:55

Reported

2024-12-31 16:57

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

145s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_29b936c7a4979e6e28e51932a8dcb17b.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5072 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 1612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_29b936c7a4979e6e28e51932a8dcb17b.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0ac646f8,0x7fff0ac64708,0x7fff0ac64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 cdn.wibiya.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
FR 216.58.214.169:443 www.blogger.com tcp
FR 142.250.75.234:443 ajax.googleapis.com tcp
US 104.21.112.1:80 cdn.wibiya.com tcp
FR 142.250.179.78:80 apis.google.com tcp
US 8.8.8.8:53 www.tealdit.com udp
US 172.67.174.110:80 www.tealdit.com tcp
US 8.8.8.8:53 www.intensedebate.com udp
US 192.0.123.247:80 www.intensedebate.com tcp
US 172.67.174.110:443 www.tealdit.com tcp
FR 142.250.179.78:443 apis.google.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
FR 216.58.214.169:443 www.blogger.com udp
FR 216.58.214.169:80 www.blogger.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 142.250.178.138:445 ajax.googleapis.com tcp
US 8.8.8.8:53 go.linkwi.se udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 perierga.gr udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 i1234.photobucket.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
FR 142.250.179.78:443 apis.google.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
DE 144.76.151.218:80 go.linkwi.se tcp
FR 142.250.179.110:80 www.google-analytics.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
US 104.21.10.213:80 perierga.gr tcp
FR 3.165.113.12:80 i1234.photobucket.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
GB 151.101.188.157:443 platform.twitter.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 192.0.123.247:443 www.intensedebate.com tcp
FR 3.165.113.12:443 i1234.photobucket.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 1.112.21.104.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 110.174.67.172.in-addr.arpa udp
US 8.8.8.8:53 247.123.0.192.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 213.10.21.104.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.188.101.151.in-addr.arpa udp
US 8.8.8.8:53 12.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 218.151.76.144.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
FR 142.250.178.142:80 www.youtube.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 142.250.178.142:443 www.youtube.com tcp
US 8.8.8.8:53 en.aegeanair.com udp
DE 144.76.151.218:80 go.linkwi.se tcp
GB 88.221.134.195:443 en.aegeanair.com tcp
US 8.8.8.8:53 i.ytimg.com udp
FR 142.250.75.234:139 ajax.googleapis.com tcp
FR 216.58.214.86:443 i.ytimg.com tcp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:445 www.facebook.com tcp
US 172.67.8.141:80 widgets.amung.us tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 developers.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
FR 142.250.178.142:80 developers.google.com tcp
US 8.8.8.8:53 51.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 86.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 141.8.67.172.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.27.84:443 accounts.google.com udp
FR 142.250.201.162:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 t.dtscout.com udp
FR 142.250.179.65:443 lh3.googleusercontent.com tcp
FR 142.250.179.78:443 www.youtube.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 141.101.120.10:443 t.dtscout.com tcp
FR 142.250.179.99:443 ssl.gstatic.com tcp
FR 142.250.179.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.72:443 syndication.twitter.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 142.250.201.162:443 googleads.g.doubleclick.net udp
FR 142.250.178.138:443 jnn-pa.googleapis.com tcp
FR 172.217.20.198:443 static.doubleclick.net tcp
US 8.8.8.8:53 r-login.wordpress.com udp
US 192.0.78.19:443 r-login.wordpress.com tcp
FR 142.250.178.138:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 162.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 65.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 72.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 198.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 19.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 216.58.214.174:443 play.google.com tcp
FR 216.58.214.174:443 play.google.com tcp
US 8.8.8.8:53 s.intensedebate.com udp
US 192.0.123.246:80 s.intensedebate.com tcp
FR 216.58.214.174:443 play.google.com udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 gr.linkwi.se udp
DE 144.76.151.218:443 gr.linkwi.se tcp
FR 18.245.175.46:443 static.hotjar.com tcp
US 8.8.8.8:53 168.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 246.123.0.192.in-addr.arpa udp
US 8.8.8.8:53 46.175.245.18.in-addr.arpa udp
US 8.8.8.8:53 ssl.google-analytics.com udp
FR 142.250.179.72:443 ssl.google-analytics.com tcp
US 8.8.8.8:53 script.hotjar.com udp
FR 18.164.52.95:443 script.hotjar.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
FR 172.217.20.164:443 www.google.com tcp
FR 216.58.214.67:443 www.google.co.uk tcp
US 8.8.8.8:53 72.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
US 57.144.120.128:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
US 57.144.120.128:139 connect.facebook.net tcp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
FR 216.58.214.174:443 play.google.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 104.22.70.197:445 static.addtoany.com tcp
US 8.8.8.8:53 static.addtoany.com udp
US 104.22.71.197:445 static.addtoany.com tcp
US 172.67.39.148:445 static.addtoany.com tcp
US 104.22.70.197:139 static.addtoany.com tcp
US 8.8.8.8:53 86.49.80.91.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 cdn.viglink.com udp
FR 18.244.28.122:445 cdn.viglink.com tcp
FR 18.244.28.25:445 cdn.viglink.com tcp
FR 18.244.28.18:445 cdn.viglink.com tcp
FR 18.244.28.110:445 cdn.viglink.com tcp
US 8.8.8.8:53 cdn.viglink.com udp
FR 142.250.178.130:445 pagead2.googlesyndication.com tcp
FR 216.58.213.66:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 57.144.120.128:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
US 57.144.120.128:139 connect.facebook.net tcp
FR 142.250.201.162:443 googleads.g.doubleclick.net udp
FR 216.58.214.169:443 www.blogger.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.74.171:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 61cef8e38cd95bf003f5fdd1dc37dae1
SHA1 11f2f79ecb349344c143eea9a0fed41891a3467f
SHA256 ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA512 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

\??\pipe\LOCAL\crashpad_5072_EHQESSREMHWEJEJV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a9dc42e4013fc47438e96d24beb8eff
SHA1 806ab26d7eae031a58484188a7eb1adab06457fc
SHA256 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c37631ed4afcef77cd073eb1430029f9
SHA1 e9562a7dee1ad6a6581700f40fb48144c364456b
SHA256 41e30544c4bbfe35bb80bc2cda836f3dd5cad1f2241934a15dbc9236fe722573
SHA512 927ebf42f5458ebff93c75abda1ee12547acde4dfbe24c62738873291122bb7eca80f16e0f14333aa9e9c9bc199687bc4b0c17efb2115d7723dfe0439ee9e62b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 2ebfdbd309ee762211b4a2ac39708c4d
SHA1 b002922c672dbe1dd4caa02af24d0b1e7da616af
SHA256 54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797
SHA512 d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 71ecbf160ebf483b174a58d4997e24e1
SHA1 687d4573c2b6df85b80bd8b203fc8f0bca137fb0
SHA256 f0a79d929a19f4f690f740ed0a916f879fe9446e8c4b452fb5869914e1947012
SHA512 ebbc47439a6b4ea7eda911c6cd033e519225cb621f47f3ac377062aa8a79b78a27989899e2abac6aad85c289132992fe8e4921298daec6ddec6251a912ee5d1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 147bc9c8b98a7ac7333b72d48d85c7a6
SHA1 38b9128323b4a13f624ba88444e96aec521c0653
SHA256 6acb01534cd37b17fc1cfd93af7be7fb84e87b7fce13b8a4a10ac0ab0557c437
SHA512 19524f78cd2ef2a7f8e222fce9ab6c97cc73c3f83172ce081d5ece85d650068b0968e698a168c05a66bb51c25f3165b975480ae1b92bb6f3a7c36a57ea5cfe7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 d0a50020e4d8c905a5347117951a93da
SHA1 ab40c5c3068951ebce6b152c47432bc585da293b
SHA256 9f8b01e282285807e46b64dbad1a1de76615ef612bded4dda9cd98fc971d1d3b
SHA512 7a35300beb0be19ce88f78eeba78e795d457f6ca8d1e2c92455bef2838891ac7eb67d069e388cf8ec6d5433662f42445ea1c19f4dcce2e4bdc37b4a8a8168c73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57dd02.TMP

MD5 613c323913cbb839763fa071a0ce2721
SHA1 3fab0734df3adfec97a894b87803187f11fc93b8
SHA256 1588c4f69f9fd0a5cf5aada5092f2bc9eac7bde895722cab4102cc9f02ec3fc0
SHA512 7f0c3558d8f97329479309f16b2b6c4f6075039429024b4338e38f2d047ce3d83358076c7019997ad82c5415ee851a587957c496f01e41f992428ab9e2699e09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f667d894d771bed47420d28273c5a5fe
SHA1 307f4dad3138fe92017ccbe67ff4d91456f232ae
SHA256 2bc1c5a6a9799dba838146dc104d3c239ff63d43d863dfef89996fcd946297a3
SHA512 cf8c2dfb204ad8a469fa7aa58530af5fdc16b71bab130cb25d752f0a722c8d45c983b1021ba622fe276b61edf4861155c3f8242f87e6996b5f75c04cd82a5ff6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9f60b3b604a77cc08495a199c5cddf91
SHA1 d5c5d0ad839afe057455400f222810d6e034d473
SHA256 89162e3433b1787307da06df0904f3667a7853c7fe650e95f4dc8637249ca7b1
SHA512 2d6455e2226ebae77b75915e1b7e5362fce6d3243afe9b19d1a8ae3d3aa1a84404a23d11be8ba328fa46b896c9605ba138498244d36490ad96579cc415886f1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b72007bdbc55bddefea1aaefc9f7e093
SHA1 6612997ff156e9b2d578021e0966688a06da2d3c
SHA256 7e946b4ec8655cb2ed70d875355bb4fd5cd36506b57bcd13e61ab80cd21216a7
SHA512 fd1fd5d665ff382d0f97d5b8a395bd51a08488c3d57b9350ebb84f93f2ddf29a8d9689c7b272680650ab5ccee7e8ba05988517f2995b9c9962bfd5b79ebb9a3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 09c7c10b19f2f90b8763e7e40dfc84b2
SHA1 be2ce5ff5ef0d960aaac7f703e1988bd410fe656
SHA256 740721c9c655b5bc1250670d9a4c6c053448a75c87fa86e4126363f5b619a508
SHA512 fb81d731cbaa6560dbe829fcc38db4eea5bf40814be270b2c304e47354818d36732a51f0ca9efb06a60d274a46aeacef1b90d1cd04c47ddc2c451a4998ef25a5