Malware Analysis Report

2025-03-14 21:57

Sample ID 250109-cdjz1awjcm
Target JaffaCakes118_b80a2c8dc26776ea34dcb8d4efc7d3bc
SHA256 89ebf50de150585d75f5c66073202eda13e5f1adf560252a02de212e9d914076
Tags
google discovery phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

89ebf50de150585d75f5c66073202eda13e5f1adf560252a02de212e9d914076

Threat Level: Known bad

The file JaffaCakes118_b80a2c8dc26776ea34dcb8d4efc7d3bc was found to be: Known bad.

Malicious Activity Summary

google discovery phishing

Detected google phishing page

Legitimate hosting services abused for malware hosting/C2

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-09 01:57

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-09 01:57

Reported

2025-01-09 02:00

Platform

win7-20240903-en

Max time kernel

129s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b80a2c8dc26776ea34dcb8d4efc7d3bc.html

Signatures

Detected google phishing page

phishing google

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10982" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10982" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442549724" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000cf5d5dd34a87046897a502bbf4e29310000000002000000000010660000000100002000000013bc7e590aa4496cd50bc217205179d1a997b900feb050665c2c445fc8748dd2000000000e800000000200002000000082096bbb0764083c819fd3a52520bcc746d35a563277cf1ef78ca23ff9dbde3220000000975d9418f623b774b33724d340cf447bc4043c010615d20c1181aba3e4f98b4d40000000521c2bc6ec4a080d97a861bfb41a8ee672a1e9040e84cc33d7cdb7c58bf62b02c78d369f319babe8222076876bbbbe6b7c69bf4a23a0e405030e6fcaed77e2f7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{19C40671-CE2D-11EF-96BC-7694D31B45CA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10982" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000cf5d5dd34a87046897a502bbf4e2931000000000200000000001066000000010000200000007da7ed2e19aa01c48100a619826bc4994ffdc64e9c8e446c89ec2d1961681ed8000000000e8000000002000020000000cce733ae2fc7c870d120c9f8f828ccd3f41b787498c7c877e030d7c8dc3031e8900000009d30be8d0bdc1cdb017e126c075af01165bedd8f522cdec5ba93da64dbc6ac13bce6d110bf90414656fb92221e42628fe8cd451199c840fa02bcab3e23d3b60d178499f50c6e76f58249e52ac995188be9f7756064223f48e388751b37d45d37273978e28931eb589811c16df50a4fb1b749294885474e154c8f2971a783b114fce579f5732c1c466fb32d6eaa88bff040000000b60137e3e7f4efa292c67d7d34b2ee5f3644175b7a8aaffb2fbbe52d069d2979441946e47c636ee464c032ff254535acf79aa69b38a0d910602d209c63d89d9f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 106d85f23962db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b80a2c8dc26776ea34dcb8d4efc7d3bc.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 draft.blogger.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.179.233:443 draft.blogger.com tcp
GB 172.217.16.225:443 3.bp.blogspot.com tcp
GB 172.217.16.225:443 3.bp.blogspot.com tcp
GB 142.250.179.233:443 draft.blogger.com tcp
GB 142.250.179.233:443 draft.blogger.com tcp
GB 142.250.179.233:443 draft.blogger.com tcp
GB 142.250.179.233:443 draft.blogger.com tcp
GB 142.250.179.233:443 draft.blogger.com tcp
GB 172.217.169.10:443 ajax.googleapis.com tcp
GB 172.217.169.10:443 ajax.googleapis.com tcp
GB 172.217.16.225:443 3.bp.blogspot.com tcp
GB 172.217.16.225:443 3.bp.blogspot.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 accounts.google.com udp
BE 66.102.1.84:443 accounts.google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
US 8.8.8.8:53 jqueryapi.info udp
US 45.33.30.197:80 jqueryapi.info tcp
US 45.33.30.197:80 jqueryapi.info tcp
US 8.8.8.8:53 bloggercomment.com udp
BR 45.152.44.151:80 bloggercomment.com tcp
BR 45.152.44.151:80 bloggercomment.com tcp
BR 45.152.44.151:443 bloggercomment.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 coroataacontece.blogspot.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.16.225:443 coroataacontece.blogspot.com tcp
GB 172.217.16.225:443 coroataacontece.blogspot.com tcp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 142.250.200.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.200.14:80 developers.google.com tcp
GB 142.250.200.14:80 developers.google.com tcp
GB 142.250.200.14:443 developers.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 142.250.187.230:443 static.doubleclick.net tcp
GB 142.250.187.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 172.217.16.225:443 yt3.ggpht.com tcp
GB 172.217.16.225:443 yt3.ggpht.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 blogger.googleusercontent.com udp
GB 142.250.200.33:443 blogger.googleusercontent.com tcp
GB 142.250.200.33:443 blogger.googleusercontent.com tcp
GB 142.250.200.33:443 blogger.googleusercontent.com tcp
GB 142.250.200.33:443 blogger.googleusercontent.com tcp
GB 142.250.200.33:443 blogger.googleusercontent.com tcp
GB 142.250.200.33:443 blogger.googleusercontent.com tcp
GB 142.250.200.33:443 blogger.googleusercontent.com tcp
GB 142.250.200.33:443 blogger.googleusercontent.com tcp
GB 142.250.200.33:443 blogger.googleusercontent.com tcp
GB 142.250.200.33:443 blogger.googleusercontent.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.117.18:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.241.137:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
BE 66.102.1.84:443 accounts.google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 0a59b970cd0e8016c9a36d3bee57505b
SHA1 dc399dc26a1348963c0b30c5c91b3fb1925a6d31
SHA256 122b2cd83360f0d4deb27c9d599ce57ca94e0191950874381daba82bd4f76a8b
SHA512 76a8959f1d0956e2bfdef92a260fc636a3b3333eddd18371213d51947df206680bdaab88400434987ed8d0d585c42a6262f70d03e1ddba6df072a20b0f3dab91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a0fb69870d3f8723087cd47fcd98bc61
SHA1 c5423775df9dc18e372c02a733671f80def3bdfa
SHA256 2c9e8906fec8404d2063a9edb4b7be3fb216efbfb581dfc9cc495ba707ef5047
SHA512 ff13b3c85ccb9f8d15d316b29f6cf3f6f88f47dcbedb3eb0ed95f1d65696b12e97d94b2200ff0a143576dddbda9f088e2b50867c655ee7000f06bbfc7151fb8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5ec5e6f0e5458e740e85c363ab54a81f
SHA1 31e4a7dc678b908ec9b02353296836b72f025f39
SHA256 55aac9b28bb272893e437b4b19f52c1f142f8fd92348b397d77e31657d9223c2
SHA512 73119d97d64c8de9c8f628c4a99c9c8bc7ae0a14d2c4d71538c004e9799e88d55ae5ddfa0acec85e0ca8f10fcc80d19c834328f7aa76d91bb70ab6ef2a9a3391

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 db883dc7471116cb79b602f3c42023d6
SHA1 568ed1fe813aacaa5b879d252262b531579dae67
SHA256 145fc658811150640d04ec4aad4e5b6669814cc753ac8ece2ed5869cca5e8e04
SHA512 2c87b5eee0a372b423e7a4041a0373a2be6696b90e384c24dd9801797329a3ac7581a08a4a9d6d486edea390f63f2484585575dc7cb1cdb7d4a59aa3fa74f221

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 8589ca87774f88d798f9ff1953cec052
SHA1 5c8d36d3794406b0564673f5665194e66abb92d3
SHA256 e0bd573eabdc134316d38575e4db17fbdba98ba598ba54aa13d0f9302f2cd9ee
SHA512 2f7f815b8d895ab0b139f4576bcce5a7f8bcfea12b03516d36fcdd840a7472cb7b14f0e488e5b551c7b6233eaba3486e669b7f6a6e97359708324d55ec9cfcd8

C:\Users\Admin\AppData\Local\Temp\Cab1BDB.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_2AC354D163B9A95ED11B23DFC6FCD931

MD5 d80070ae6712494dda47975a086aecbd
SHA1 eb4f17672c96ee1b1938f54fc97d44e04053b23e
SHA256 89bc94787b2ebcccc86e981ec18144ff5dee9638d95ac669e7b38b2840e331ae
SHA512 4641e7beffe0bd39cba8f9b244095a2e5073d77ad3b171ddd4568874b403c3cce1ffc56e7b545fbda0b4fc4e2f89a3ec60f43eed634f587bc562f1d27655fba7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_2AC354D163B9A95ED11B23DFC6FCD931

MD5 e2e54c2d9964e77478277c0e6556c175
SHA1 8e098772264aa159e6f91b0ecc793f0cb01131d9
SHA256 37599b126ac55c92676bcf4c8d94d048d9261920bae8ce0b09d2bd3b39bb2302
SHA512 9ff8115466356b5657597d8ed9331bf5c83c3f233907410204c9a020c255267c6a959567aa83db7f9a6581443faaf72904c7a58e3dec6ab6e1f942f57c182453

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\plusone[1].js

MD5 2e4a448a27b8a58d75f607c7bdcca6f2
SHA1 31cf764c6c2240148eaaa2b9816e1219a273d0bc
SHA256 d3696859f3485d8aa6f8a4d0054d64fc1ee614e57725221dd1c97b930f02bc3e
SHA512 09ca4d8b6a0fc653490921befcb3d752e150ac9abf24d1fdd49c9453fe2baf969b76433a45121451ef642ea3f73f9c62871cdde5e07976ffdc03ee5200e4d35a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EO7AWIVB\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\cb=gapi[2].js

MD5 b103bb58d9e7cecaa60bdf377d328918
SHA1 0f094c307bceef833a64f408d2f749a10f79de44
SHA256 81dcd274347bd909cf132d3c8bcc9924e41921c33eca07fd6fe5e2a59ca4f5b7
SHA512 b1a4fa329b76df7c861771e1dc36749155895dff623cd916811f2af8c95f3bcf9fe75a3b9a56833f066a227444982ff4883459e24f7eead79b521c2ffdcaa844

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EO7AWIVB\www.youtube[1].xml

MD5 ec21b0cda9069f5bf7654313df7a2d1d
SHA1 755293c4e2178ac82959340b3c316d7fa9642512
SHA256 292444bbcd1db3f330c2b179aa88bfaf4d511b389d3d6148ff97dc1bafa5349d
SHA512 509ac9b02785ee2f0699c3cb3e36df8c38b48781d65317285a7e5bacee88b4aef8782a6b0dadbd4227c12c1ede70bfd7e13ce97fe84ac861505a46c8082de437

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\1535467126-widget_css_2_bundle[1].css

MD5 ab6a6d5b5c66d4ee0203f97d9bd453c5
SHA1 018fa22a975db5039d5a1f112d9e021b6e6dcb8f
SHA256 2d903176d4df72e36c554fe65598e07df6e8b0b920cd9e37ee91d96389a44791
SHA512 7bcc86a8ba5565a5b3153dd0d2b3c3a33c983378e3c2cfef74b2526fd74b7e8302694bd83f640efb8418caac1a69ce064437ad9de6ad97a20cc19d445302e081

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\3566091532-css_bundle_v2[1].css

MD5 1e32420a7b6ddbdcb7def8b3141c4d1e
SHA1 a1be54d42ff1f95244c9653539f90318f5bc0580
SHA256 a9ca837900b6ae007386d400f659c233120b8af7d93407fd6475c9180d9e83d2
SHA512 1357d702a78ffa97f5aba313bcd1f94d7d80fb6dd15d293ff36acc4fb063ffdad6d9f7e8d911b1bbe696c7ad1cde4c3d52fb2db2a0fcf6ff8ef154824e013c6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_DFB78462C65FAC2750B89E1A8A1F9A53

MD5 88b34c554e5e3e7322eabb84de03e817
SHA1 bb5be40c1d194c710311db4eae1b045cd0ed5984
SHA256 e2016299f294610d8654d676294bc2d06395130c2c790e4b7b0f8c4ba4e0c30a
SHA512 974e206f6e718513b2376ce4fc034d851dd6557d140d2613fc7076cdfe8f16f86bc65d1c2efd40f3fdf7416ec531ecf89a12eb014d51e8beac1c10ed0456abc0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EO7AWIVB\www.youtube[1].xml

MD5 cc62b72368a371f7d1063c37313d641b
SHA1 0b6c6b6d99409539d7c075e313013f096e2ec17b
SHA256 6aa63bb1850bae6ae65d34bafb861e3fe80969ddb593e3eab330a6955e512bd3
SHA512 8ca96f3b96eb38477ebbcda44071756b994fac386d4cbc195778dc5ab348da75f07ac94828e968c8742d4be35ad3ce76c8a091f63b7c2fbd62cb134f406ac800

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_DFB78462C65FAC2750B89E1A8A1F9A53

MD5 4a6426721b56fcd7d36e7a8123434043
SHA1 c54be30fcf33d58862e605b9c385333c6943538f
SHA256 0e481fe8b8dd82ebfaa40a1c0a9a505fb1f20c87684c275bf39422e6cff164f2
SHA512 4c54cf2828e63f9e9b0face68750c06172680d6bc0763375583d3c0a1806802eadb079edd459471b5260942570ec2ab2554a12c93d61784d9ebdb7cce3738c78

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EO7AWIVB\www.youtube[1].xml

MD5 36e69aea27d0b709c4e319d1b815c7c1
SHA1 a9246c5f06a9da75837af5317e4f540662a5f33b
SHA256 eff6c7504220c81dc421a790dc946ebc7d5611b015abdf4c49c67a22690860d1
SHA512 711a523bf79e535f9805c26bda1ccc1d8d2c769512d73a6e78472017e887150719f537527b9bdb83729d08ea075a00d4cb180a0b924107efb621828fded9fc87

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EO7AWIVB\www.youtube[1].xml

MD5 d878fa4ed8f9b03493072c110644742c
SHA1 8680b56f506b8cdcddc4e4def0971c2219d5a229
SHA256 0e74d2c04d4655744097b4b0983d7b869b47344d9f96509649c74eb4ddf04020
SHA512 9f3514a676dd8c1f358934abc17ecbe0e24e181b069216bc4b7f08fd0abad96bf2bc967fa9348637abde8e8de4f563a1de13fa0514cfdaeb30685e064232c9a5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EO7AWIVB\www.youtube[1].xml

MD5 5d55b9fb217ab42f78e1adc232ab847f
SHA1 338ee0aa329789df7d620589a32f3554a339d7a4
SHA256 532f6635dabfcb2771e258ed48c39ae52cfc3dd3474c2b9835836819d7e1106b
SHA512 7c84e7e3bf152d70e9ec4bf55c7adae8ca5d98a1d0f3a1eaa74f7b3f84eabbaea3cd346d77741527c094eaa0f81cf4b7fe58c20ca2a2a51ee36d796e630ddd82

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EO7AWIVB\www.youtube[1].xml

MD5 03b0b83efbab84747208a5e1fdfacb40
SHA1 46c6df3f1fa852142e9670c238ff6140eaaa5140
SHA256 1c1f1cc7b96228425c12457d2a9911164040556cfebaaaabf0cfad77c9124b9d
SHA512 0963f479af4cc824d08229ef59a02dc9f29424e05dd98fa60d0216837a431b91711bb27d56330e977725a932c680f56bea87c716a2f1b0901a85e58ae66d891a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51219e1dcef872e494ba77325f4209a2
SHA1 6f6ca35f6a6b38e75583ef05999388c4c5b6a6c5
SHA256 cc63f2d319d25fcd60cfd18dd73e21b76d767ac3e775a7dbdfab213fed79ca59
SHA512 d182f7ed95743ec623eea900670630e0801bfbb9b3528e217bf3b7560d77ac4196a5c4838d933d1049be671dd1b645c690526696551c3788813af611b7c6076a

C:\Users\Admin\AppData\Local\Temp\Tar49EE.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08c7bc1ff238f529989f09e31dc71503
SHA1 5c9c2041ef8f0111d28995f8e8ba2c14b5ea7430
SHA256 60f577b40c94e69c6a7960257b290af2b0eb349255375b6e737f90fc2056c604
SHA512 c29f774992e5b0b6bde0cfaa97e87fb9a3460ff39867281f4675180b6d951697be2f1f318b23d05a4520daf785340ce9cfa08f7ad8d67e4f2fdf3014a797e301

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b85e236ec8828d6675274aa9706a663
SHA1 be88673967fe29416403c7fa31839d81fd5af5a8
SHA256 87645e40d469de48505f4fc792b7a021e25c0936f2137b2cb1ef4ebaf7892757
SHA512 c380370eb2683cc4ab8f4d94160a9f7c7834933f5503be57540adfa78e40fd9c00e445ea420134a290b34b510b173dc9b754b014d9f9aff3260669d0bf0a584c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f68892ab762bda12a3e4f2ecbd504240
SHA1 7735d87944f6b07c6df3ea7d52e53aee9bb42f48
SHA256 82cb0ba9fce937b41f3ec1a7dfd53b92b7b7e10acbe5c3c1dfa4de05f8b0f368
SHA512 b09b0b253609a3d45cc9af7757afbe7712b2e9d62ee7c14ec9359b0643eccb608a5e7a630e57450f697fa5a62a96773d52884a2dae8c37cf2e893f772e32e5da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46a5e4120336af94a8640e56024e1f28
SHA1 387e0644159a8685733fe36b202e3fbbf013b55e
SHA256 38d456ca451d5aec2583a3dad013859ff1ee3fa771fc76c4fc356a00e3e0b9c7
SHA512 09dedab2fb0b15f3dc59112bab811b9491b4cdcc1948799dde07651c9f6591b52cd215d4395e914e5f91f482ad41e693292b41acf7b1482d9268bd3cbcbea32b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bbab572b9f19614a04a7900fbe521472
SHA1 3f46c7ca37bf9bdde76397c7d7eb970f06018f9e
SHA256 efb171bdb37da1e8455297b4e7faac41dcb7b8eb3fafc052d24a24b6b70ca8b3
SHA512 01eabe7be6a5c353b111de14e49d12efa38a02d755057bc0c252d9115eae594c8c64d946c45a76abf1966a4893c81e0c0beeaeb5cecbe7a4d8100155d4d9a485

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2845432e05d2fb53dde93d5b09df5d0
SHA1 1161955404b4fe116a9856f1b0a417ec3258282a
SHA256 70ca33d2d5da106f127f454e9c0aba1d2ee878afb7f7a70dc2574adee18ab02c
SHA512 a2a9887e661611f7fd31ec55fcdea477350738254b7874a696c9731057e115340af074607f1247687ba8ce0e5fabdc1a278d7031f1c4f623c591c1fa71684a71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a591441ac54a6768fbf95373f29e0017
SHA1 ceeaa71c81f4bf32406df0682988dee1226f7e84
SHA256 c309c80c99c01fc3e6ec2c9577c98174f6f596fea29d86c548e26a448526cb2c
SHA512 40ab450ef033bbda4096bb9feec80509705a05d4f23775a26bd291cc3c742e48c662cb32236b9cacf2ff41d59442011d0efbd2bd1ba2e576b3740e8580327c73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf4fc6bac4e12b4fd0df86c0f8854fdd
SHA1 26a23675dcae32af11726668f407a6aea5e57e36
SHA256 1ada3e75c75f2939180c8be48858f2d3a07583950c03d51893bead2b15817fc9
SHA512 5339e7c80ef766a10373375c7473d0ee3cf8837a552f282f2f0dad1ce1371bf49d9bbf582e42a40a64518ab4c82cb97465e05269a36ff9cc2a78fab0b22982fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3108867ae4b26cb44ae30dcb4dbc74a7
SHA1 dd1d051374f35b0aa36606c5ff742c8e50594170
SHA256 31645a4fdb0f97c36e877a59e2b920137ef4c2b14a689c85aa3f775817a3a819
SHA512 65a167b753b60862c268884b119fd65f87638d3b50e9da432488c37aa473bc093de16adf06aef14c64b2c8d74bf36bc2d1c244b8f8c4b5a571080054afe122d3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EO7AWIVB\www.youtube[1].xml

MD5 e7ad43567769db27d50d3df595158eab
SHA1 02d2468aa26ad56ec9f3612bdd6ecc56e50257a5
SHA256 1b20454c410841d694456952c3d4217a2db9a294f96008fce9fa3fa6de8beefd
SHA512 724840b4a6d31a43438a18b2ff0ec26dcf9d9c514bc3acf251ab8e87c835c35b96607aca3dca37a2b4b4437b5fed0eaea03e1ca2d94112f8c1cc0233037281a5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EO7AWIVB\www.youtube[1].xml

MD5 c04fae5e95c1250cf241dc9b6c72db8c
SHA1 e0498504bbe172c4b74110fb31c35fa158cca0f3
SHA256 11cca96cf4da8071c52a93ad0b0e3b53baca881075dc7448ea08738a88727e8e
SHA512 c7c18f231ef30c06839dac587bbc04bdc647c00c4a772cd1d91e191e1aef64ce1a7585e3e5fd130f1a3a3a561119214eda6174b25518f7d0cabb3d262abc7317

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c94aaa89f26e6cdd6f7adfb68d27f31
SHA1 bf4e5d7436c1066a49d156bd34ee1c25aebde4d9
SHA256 049109b4d48037390e5a058415859cbe1950a17c8f03d0cf337fc13c8a01a9a8
SHA512 b8a6e0ed9b861175cd5ad9188693ef7c4cfd82fe3c31c07b9ee0103f83d757e8c9a1886ce74b67115a1e305bbc55fb21c963719f4d5a0c18c6fcb4097da2470a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7e11adb7cbf40be8f1244555e13c51b
SHA1 fd230330599f8c8b6790f91e3246fde669b46362
SHA256 e177a4c01fdaad880e6b6d8fd0e91e902aa67f36c56b4707b6877ac27b265792
SHA512 123e5b2065c8782e0f0e12f9bdcc6a59578afd76fcc834dce5a51916f7ca10b7d91ceee9ba607e23295dd3ae1d156659f934528fb3844109ae9fddd231047153

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1a394a1159b5d966d38f96c04548421
SHA1 c8ce0b831dc99ba9993779c12eceabe8dd8328d1
SHA256 619aba7eac37fa0468513d6ba636d834392a64ce5c74fd4da6b3f0bf44d98878
SHA512 27f3cc2cd92f759bce67e16ee8229a754629280a1883db692ba8fc1edf27ef14ebaaddf91e521868c603ebd00b3a0a15ad7fb2d163909473eab7ce37cd24a367

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 f781e5c1453614eb7cf7ee12d78dbae0
SHA1 a35957e8cf647a4ab52c4e977df978e3a6ac32ce
SHA256 921e3f049e3a444fa01cd9c628b4b64ee28fecd4dd823bfddf83c984b8ab361d
SHA512 2703d1a37664b34fda23d143a7ae6ee02a1f571d60b3c24bcb8f8a39f94a0c371e2278b2a0b30f366197ad15f2bc2ef1bb0740fbfdee771d334fd0d851d96bf4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 318b2a9fef6fc0348d722daa368c130d
SHA1 2bf583c21a64c71a7fb38a2d095ca1ec3454ae03
SHA256 e3dc4d537e11baa056d8c87d1c3ccc9be70d387d5d1bf66553d21d8ec2e344b5
SHA512 424e8ab2f3a6bdb4dd0910184c32491227cde596cf2a4eb9f894bb80a24d98af4a7ad5a06999f5a368dc6b214ac27fa6307d1bf39fb992d5836d20467ff8fc68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f2632d19a8e69bda5268f6bf7c5c2d1
SHA1 2609d9115829149f36f059e5937f854b9bc0b964
SHA256 55c6190eb2a993cc7a6e7f01a672aabd4b80bcdbd1f9ee66c85cc56b356b3553
SHA512 97abc2c76531ecd5166b3ca9aa3d89308c8985904aa1d578689dfb8f597244c8c5e411e75a185391444f98520b9b666ccf3b3105364e8547698121ecf7854416

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f765902fd8b97a1c4ea83f173e0219c5
SHA1 019f0fc25060f75c46d0e7aa6b6531299fb9fcc5
SHA256 75cc260e10f4b49bff68bd58fdbe259d94333b4b3020320b1588ff4057358d48
SHA512 3736f7a92507ceff26e441a917ebab415b9983660d59c904f054898dfbfe035bae004b4febbec1c34b0990c2e6c1fed2e1bd4abf45228d05709115662da3e8f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cf49424f122c9c4147c31a8d343484e
SHA1 843af56eb3a18d031464b2c832231b23581b3909
SHA256 62ffde8722118ffeb1a19d711c516dd30a59c3c0dd1338fbbc2b79cf4a650387
SHA512 41d2627367867f7551b912b6532d87e6a037a3060b45ea70a825d3c8a3cd7029ff5ffe0731bb378b95a85b1034693e0a9683a8b18cc0a88c4d9fa4c82776986b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9f80dec5ccfd9b7ae1f9a5cafc38b4d
SHA1 771cccc5444eac365bc78212474b6db85fd4525c
SHA256 f14ee228bcabd58f4719c683f95beb7b006c9e01daafe8d2e979727d0bad426a
SHA512 b83ff3db27c1c4320baf775d7365205e6f7569c87e5786860bb01cd640be92cc6a2247155739bdf42e71c72d4ff77acf7c0528fd71e4decbd53880fc4248003c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd355660f58b43a47c8a4b976a393dc2
SHA1 2058ed7384d302b4ddf9614d01e858e596b9f5c1
SHA256 4df12ee38fe95d769cf1e590ebcb4aeffa1607c7e5052719c4424afbac7b26aa
SHA512 056c6b4fd4792300f3469b85df2d98ccde202b13b5d21846d480e21685b8e300359dd0cf08a87d120945615ec334a8b51d55935edb573f54de2b9dbf31c11153

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 5b60127f5987e3568e9de3e765664495
SHA1 1f4afb0a7f63883b22580d5edc15e259bc66e549
SHA256 84cf611dda2b99abec541a35fbbb4fdc58e2f5f752f99b885e4cb73c8da08788
SHA512 364cf020f5f9377fafd44ecd9ba1f2110bd0cb309000cae225d0b77e2272078e5b0b1fb12513ca36f26aeb3799353ffb4174f1bdc1b0ec9e588808bac04ca28f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e71fa570fd2a73f0016137b302603cc
SHA1 a14fe3674a0641d3d44df58b39045066aad18b69
SHA256 812631af5db36bf3fdfe0e1b331cee664724cee2d094381f164ced0ca17562dd
SHA512 e097f74a66adc457177a0cdc3bb1356758c81381163acbe16db2b914bec33572b01a5edbf603a433c187b603baae94161bd47d9587428f78555948c531b530f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4f61f9e6ee96daa70e0b6c947396596
SHA1 23d99349145f57bff08de6e823c9c025c0efd872
SHA256 e702054c9b61580b48a8d5410d58d50203f8fc14caffee49ce4e9a20e06e380f
SHA512 069e7c5c616dd8bf35e6cffbd46c3af2378e3cce6c96462c04771074065a7b0897454bd3184a54cba3ae08033804c5c0875e2c0c8d469ad4169b7a0b0e392eff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 029d2b16aa81ba171f6315280fa78802
SHA1 9b537a880d584ed322f0bdf0733d33659efb5404
SHA256 8e5c148bda2eb85c341325dbc638a5a8c163adae411e778f1aee6b91d92a2af3
SHA512 bb4e024d7708eec771b5056ac39a2700baaaf89f6aaa6a15d5e5eecee28a6355c94a932316adcf1216abe0b0b49afc08631b65a4a9dcf6203c496b186f0fda19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 965b9544aa92ce995a9cbabc9b203134
SHA1 afd97b601ee3122b9ae0ddb05c0d9e566c72d9e9
SHA256 149a8777ed9ae3dfd45e5be8fd446eb18c5034c596c465016762137ca29bd45c
SHA512 afa8733c44d29547e10d5318e17bb4a9ab285e5765df1cff5bcce721d10381e50eb47a224b86086947eff7f66e735dec6c2da7c55c3980b41382438fa6d09965

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\2254111616-postmessagerelay[1].js

MD5 c264799bac4a96a4cd63eb09f0476a74
SHA1 d8a1077bf625dac9611a37bfb4e6c0cd07978f4c
SHA256 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d
SHA512 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\rpc_shindig_random[1].js

MD5 2a64803c4545d283d7a51e71f82a64a0
SHA1 d1e190bc4ab6a900cddff5891650f5ddc390e9db
SHA256 0a5518064275c2fba33ba69c84f584819aafdc9faa0ce3689c8687fc41f58ed1
SHA512 82bd924261272ed025d4938d7e7d5ccd9c6ebfa571b1b6816bf56341ebb70ef9faee807d83ba491a2ddea86e795780ce097fce4957d432d3b44497f5e6e16576

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-09 01:57

Reported

2025-01-09 02:00

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b80a2c8dc26776ea34dcb8d4efc7d3bc.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 116 wrote to memory of 3828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 3828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 116 wrote to memory of 4576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b80a2c8dc26776ea34dcb8d4efc7d3bc.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd3a146f8,0x7ffdd3a14708,0x7ffdd3a14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,159851649623300265,5597897911406288642,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,159851649623300265,5597897911406288642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,159851649623300265,5597897911406288642,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,159851649623300265,5597897911406288642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,159851649623300265,5597897911406288642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,159851649623300265,5597897911406288642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,159851649623300265,5597897911406288642,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4964 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,159851649623300265,5597897911406288642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=928 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
GB 142.250.178.14:443 apis.google.com tcp
GB 172.217.169.74:443 ajax.googleapis.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
US 104.18.10.207:445 netdna.bootstrapcdn.com tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 60.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 233.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 172.217.169.14:443 sites.google.com udp
GB 142.250.179.233:443 www.blogger.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
US 104.18.11.207:445 netdna.bootstrapcdn.com tcp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 104.18.10.207:139 netdna.bootstrapcdn.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 goo.gl udp
GB 216.58.204.78:445 goo.gl tcp
US 8.8.8.8:53 goo.gl udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 167.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 img2.blogblog.com udp
GB 142.250.178.14:443 apis.google.com udp
US 8.8.8.8:53 jqueryapi.info udp
US 198.58.118.167:80 jqueryapi.info tcp
US 8.8.8.8:53 draft.blogger.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.179.233:445 img2.blogblog.com tcp
GB 142.250.179.233:443 draft.blogger.com udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 167.118.58.198.in-addr.arpa udp
US 8.8.8.8:53 img2.blogblog.com udp
GB 142.250.179.233:139 img2.blogblog.com tcp
US 8.8.8.8:53 182.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 172.217.16.225:445 3.bp.blogspot.com tcp
GB 172.217.16.225:139 3.bp.blogspot.com tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 151.101.188.157:445 platform.twitter.com tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 146.75.72.157:139 platform.twitter.com tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 static.addtoany.com udp
US 104.22.70.197:445 static.addtoany.com tcp
US 8.8.8.8:53 static.addtoany.com udp
US 104.22.71.197:445 static.addtoany.com tcp
US 172.67.39.148:445 static.addtoany.com tcp
US 104.22.71.197:139 static.addtoany.com tcp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 bloggercomment.com udp
BR 45.152.44.151:80 bloggercomment.com tcp
GB 142.250.179.233:445 www.blogblog.com tcp
BR 45.152.44.151:80 bloggercomment.com tcp
BR 45.152.44.151:443 bloggercomment.com tcp
BR 45.152.44.151:443 bloggercomment.com tcp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.178.14:443 apis.google.com udp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 142.250.179.233:445 www.blogger.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 142.250.179.233:443 www.blogger.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 142.250.200.14:80 developers.google.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 151.44.152.45.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.1.102.66.in-addr.arpa udp
GB 142.250.179.233:80 www.blogger.com tcp
GB 142.250.200.14:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.blogblog.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 37f660dd4b6ddf23bc37f5c823d1c33a
SHA1 1c35538aa307a3e09d15519df6ace99674ae428b
SHA256 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8
SHA512 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

\??\pipe\LOCAL\crashpad_116_WTVQBDJHKFRUWXLS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7cb450b1315c63b1d5d89d98ba22da5
SHA1 694005cd9e1a4c54e0b83d0598a8a0c089df1556
SHA256 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031
SHA512 df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4beb3aae85155273a414254c19aa05b4
SHA1 bbec8c70b6d766fe1238deeb98b3b9d881b3e75c
SHA256 10727d6dd9302fb20405b98b21e5b0cbeec2a834e497706d51e61c8ec77bb02d
SHA512 a13c91f039ef9383890b4c5de3e716679cca69ae6ad42f96f44b09c27bc1d3271ba42c41fdd2342b5e2a7e3875f114acb8db1895b2eeb1ff5567295cadd550f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 12cad10e21d704af0903657f0d398b16
SHA1 5b82e2693b9efa568a619999e625ecda87d068b9
SHA256 a074ff60fa3d29cda07ccc0a4ffb58f76ee05d035b390b782758e0f6b29e005a
SHA512 76d80a0fdab53e6468f33393af296eddb37a35fe5084f3e116d3b1a16c68e094ab8110a4b84ed04cb4b1b4f16e4b1cc0127e10be3660e683fb49ad88190109ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0006d4f94670057ef4730965bde66b25
SHA1 f1b67a0530d008df2a62bcc1c393559a6a2d5d32
SHA256 695aba2ad777be02b2efc6a4e3e2513223f3af17c5988f0b715eb5f4b8654cbf
SHA512 0b5bfba485125f8ecaf512f3a51b663513c7b0b7ef2c30cecaa114a97832207c0be212e5476d807487f95c4134b65762cb9592ab88ff6f49816059c725730e10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3f32c5b573b76fe7943d9e5b5373c402
SHA1 0484a7b2b743856a90691e9d0c107effdfc0ead6
SHA256 8a3ab0bcfef6f658112e38916570274b57998ada8d282a5b1193ab45d4610230
SHA512 f97cb875d46dc06b39db91e2e396aac945baa1199451b1047cccff382e4ac950c07d36863c89a8dbde8c6ee986be58dcc15771961e080b67dde3be10f7f5d097

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1fcf5d033873b087cee56df2b43593c3
SHA1 c7f3b996937967adf1fa7d7c7e3be698ea71f456
SHA256 f1b7583f6c7b41705b1b416268949ac5220c68ed8ebe0d1cac0313233dd9b23d
SHA512 587500f3047858b9a1c52aa2e21bd9217fab18a9a39a613eee7d77114fae6dd104ccf9cb2245754110372b4488bf3711f2b9b9c84cf6e2b9898e60bc5f90e56a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 2ebfdbd309ee762211b4a2ac39708c4d
SHA1 b002922c672dbe1dd4caa02af24d0b1e7da616af
SHA256 54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797
SHA512 d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7b0e8b8a2fd120af52a52e392e377825
SHA1 3a579ef32d5de2dc0a14b4f2ec193ff2b551b178
SHA256 92a9d3ce7188c48348b9ea2a217758f2b6d1370930a2072c3378722b1fb67ef6
SHA512 f0f4c42556c564f3ac7ec9f51c23a27fd52747223cd6a0588185aae288aa3e58a180427c564a2eb2cd0588be250bba64ff1638b4532e0bb2b6c8d267664fbb5b