Analysis Overview
SHA256
8dc356f18aa448b79559125c8a7790ce26acf4a56ba87064a464405dec40df4f
Threat Level: Known bad
The file JaffaCakes118_e3b4f78d113333da80699b81ad6e84d8 was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
Legitimate hosting services abused for malware hosting/C2
Detected phishing page
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies Internet Explorer settings
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-10 12:00
Signatures
Detected phishing page
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-10 12:00
Reported
2025-01-10 12:02
Platform
win7-20241023-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Detected google phishing page
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{71A97FF1-CF4A-11EF-BB72-627BF89B6001} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442672304" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf000000000200000000001066000000010000200000001c3992c88873d632a04e084898eb96ca9627ce6d9105d10d878498691522dece000000000e8000000002000020000000a1b89316eef2241bcd8b8793a4c2a588be2ae61d1f50020fb9c8cacf318b04da900000001de816b3b730f791d4230b3b94e28e76057b9bcf992664f2ae2c325b9d75d069820f1b7ba9a59a1ec10fe58f5c299cc7acc8e9a6bd60bf675fc09e597a3f380f4ebb8a8d35a7c3f99930f7945a6714fb3ca1f4714bbd9a90d23713f876abd254e9142064b41cf83c36346d728c22d291673b2f2867a27a7b8d7de2e384c8ee3298bcc6541c484e63f64783bd60385320400000006b475b094e48cfcc4fbf9046fd1b0cebdbe97b0ae9bbd7a466817839f3aa0a8dfd6ee4e5b0f8117ab260bcaa0ca71f11e4608347bd113eee12bf26ea472c2749 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf000000000200000000001066000000010000200000004123b90e43c9aef9eb07c5e6800adbb7e1b8e1ef48a40df12e6657f4ae15ba0a000000000e8000000002000020000000a8c54272f539a02ba1306a6249ea19109c95fc5943d61420e3334d441c34712f2000000022d83f8ab018f164ac3d7600fb2811cdd9d99e5a6562aca2f04c60856cba78bb4000000031965dd1a985f4f9dc1b66ac699bc7c9210d129eb2a7ac9a09940b349c9d43792bda7d78f2420276ef008542775a832e4bb885aba6d6e1c6365d177f2dd1834b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70002a4b5763db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2628 wrote to memory of 1436 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2628 wrote to memory of 1436 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2628 wrote to memory of 1436 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2628 wrote to memory of 1436 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e3b4f78d113333da80699b81ad6e84d8.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.onlineleaf.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | js4you.googlecode.com | udp |
| US | 8.8.8.8:53 | kumpulblogger.com | udp |
| US | 8.8.8.8:53 | s10.flagcounter.com | udp |
| US | 8.8.8.8:53 | i7.photobucket.com | udp |
| US | 8.8.8.8:53 | geoloc1.geovisite.com | udp |
| US | 8.8.8.8:53 | oktri.googlecode.com | udp |
| US | 8.8.8.8:53 | cur.cursors-4u.net | udp |
| US | 8.8.8.8:53 | masterendi.googlecode.com | udp |
| US | 8.8.8.8:53 | badge.facebook.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | www.widgeo.net | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | p4r46h-blog.googlecode.com | udp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| US | 172.93.107.85:80 | s10.flagcounter.com | tcp |
| US | 172.93.107.85:80 | s10.flagcounter.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| US | 96.43.128.66:80 | cur.cursors-4u.net | tcp |
| US | 96.43.128.66:80 | cur.cursors-4u.net | tcp |
| GB | 142.250.179.233:80 | resources.blogblog.com | tcp |
| GB | 142.250.179.233:80 | resources.blogblog.com | tcp |
| FR | 54.36.176.112:80 | geoloc1.geovisite.com | tcp |
| FR | 54.36.176.112:80 | geoloc1.geovisite.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| US | 104.21.51.21:80 | www.onlineleaf.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| US | 104.21.51.21:80 | www.onlineleaf.com | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 3.165.232.87:80 | i7.photobucket.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| US | 3.165.232.87:80 | i7.photobucket.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| DE | 157.240.253.13:80 | badge.facebook.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| DE | 157.240.253.13:80 | badge.facebook.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| US | 172.67.69.193:80 | www.widgeo.net | tcp |
| US | 172.67.69.193:80 | www.widgeo.net | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| ID | 36.50.77.66:80 | kumpulblogger.com | tcp |
| ID | 36.50.77.66:80 | kumpulblogger.com | tcp |
| US | 104.21.51.21:443 | www.onlineleaf.com | tcp |
| US | 3.165.232.87:443 | i7.photobucket.com | tcp |
| DE | 157.240.253.13:443 | badge.facebook.com | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| DE | 157.240.253.1:443 | static.xx.fbcdn.net | tcp |
| DE | 157.240.253.1:443 | static.xx.fbcdn.net | tcp |
| GB | 142.250.187.195:80 | fonts.gstatic.com | tcp |
| GB | 142.250.187.195:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.reverbnation.com | udp |
| US | 34.239.206.54:80 | www.reverbnation.com | tcp |
| US | 34.239.206.54:80 | www.reverbnation.com | tcp |
| US | 8.8.8.8:53 | i41.servimg.com | udp |
| US | 104.21.70.7:80 | i41.servimg.com | tcp |
| US | 104.21.70.7:80 | i41.servimg.com | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| US | 34.239.206.54:443 | www.reverbnation.com | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 172.67.69.193:443 | www.widgeo.net | tcp |
| US | 172.67.69.193:443 | www.widgeo.net | tcp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 104.21.70.7:443 | i41.servimg.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| US | 172.67.69.193:443 | www.widgeo.net | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | arvigorothan.com | udp |
| US | 104.21.30.34:443 | arvigorothan.com | tcp |
| US | 104.21.30.34:443 | arvigorothan.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| IT | 3.165.245.25:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 8.8.8.8:53 | gp1.wac.edgecastcdn.net | udp |
| PL | 93.184.220.20:443 | gp1.wac.edgecastcdn.net | tcp |
| PL | 93.184.220.20:443 | gp1.wac.edgecastcdn.net | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| PL | 93.184.220.20:443 | gp1.wac.edgecastcdn.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| PL | 93.184.220.20:443 | gp1.wac.edgecastcdn.net | tcp |
| PL | 93.184.220.20:443 | gp1.wac.edgecastcdn.net | tcp |
| PL | 93.184.220.20:443 | gp1.wac.edgecastcdn.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d5180223ba059161e0790d5039dd69f1 |
| SHA1 | 711facc50fbe0c7345058119903a3d2c28c1f574 |
| SHA256 | eca7748104fd92a153deae707860d19ea0f1b6e90fb8d9a1de0f1c9c421d4c20 |
| SHA512 | f0b8ef3eaa845603b0d952f60a1c88b1c4b5403b680f363eac0216983134f610cb614b490af3aaaae299f623d0308f9b50a0dfbe9a418f84f75ded2d317d1859 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 9436f71e8269028350690de3342f1adb |
| SHA1 | a835ab70527e2465ad8e48cfdb5cd0b3311d1530 |
| SHA256 | e5a28f7747ae1bfe2dff60fec97dbf8ef074a2ad3d09fa1cc09d23843b569d81 |
| SHA512 | c2f1266915bc3728b1a44852b1cb72ea5c42dce92b8fdf3df20a8fc316f2af1eee42d6e73a8ecdf53cb951f43d0efd1ac8c81192b5a1132b7d807a5a8b05bc2e |
C:\Users\Admin\AppData\Local\Temp\CabB0CB.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | c29fb18d0b668ba7a45360d672be85de |
| SHA1 | 584830a605f3a3254e8ecbc4fd11c7144254e5aa |
| SHA256 | 72a0740c38fe85ed15bfe2c4b8ee59fd5730c8ab678cca2b94f0d7425f965d5e |
| SHA512 | 0ae2a32636e56cf2b64932e543eb3aa347402ba9b359c90fe9434c73d019551c2e3eb02cc0ee68637565a25b10d2e219df6c82661fad13e59f57d5cb3a661df7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 7929a960ea0c3bcb65fe79ed8bef6153 |
| SHA1 | 8e954796aac381ef02648d2ab92b0e78af118251 |
| SHA256 | 996552eaf2733b53616eba13e52f377e7ef05002573e851ea60e0d54131db3af |
| SHA512 | 3e917bb0e97aad0edce3d95372a32ec8b9a74aaf3e22e8ef993395b32fa4e9387480f3ff5705becc1f3dfe08c4d94836ab9a998624be42e74a6801675997ded3 |
C:\Users\Admin\AppData\Local\Temp\TarB10C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d09c92300f30131b271017bb169a64b |
| SHA1 | d429e666c208257c2f9a5b93f46753e7fac72acf |
| SHA256 | 9c064defc9927c2ef4f48b9534ce0c3b8e9bde72652d93258347fb399ddbf276 |
| SHA512 | 3bad697329e29cd4512602d834b3da2edb747f93c63d1013e675020f3a107ec54d739789ca4c6123e6d43b9724d87db7284dfea6fe13d04a4bf0cae5518df365 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_2AC354D163B9A95ED11B23DFC6FCD931
| MD5 | 4f9f97881a5f531f90a8b2c2957b2ae1 |
| SHA1 | e36c263c70f4445d1403932d2b1ca40a9583cab7 |
| SHA256 | 1a7cc98f8293cf603fadf4ad04f7be21fc9bef5c184870bd537058bbf9074248 |
| SHA512 | 66f090e76e134014a8d6e6f50545481c6a682fcc5fb1ce3e08f0d516dcab91174af033da30a164a9c2ded1d80b807a73b5adf0289e102ff890899fd4abf28a67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52cf6ac3e9a4ef614737085424e16fff |
| SHA1 | fe7c67202ebc58f3914956b8a5d3f2e8ab3a0b62 |
| SHA256 | 375fc960aa8f5d0a84adfa3f7f8a65622e5516bf601bf5eba4e21b3342213d3f |
| SHA512 | e3f9fd5418cea7026b3ce6457d33e4de94f6e57cbec03a7e0f4e704d4fc6557f2074934de55606fbbd859f8c185ec169da01a6733376d7bd7f5f0abc1d689ae4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c11b77c9d5ba8676b4274b5e0fca76a9 |
| SHA1 | b58d1eb0b8c4b1b2003d881e5412a7b02fbfa4c0 |
| SHA256 | fb86777b98322db8f78c65c59ccffc881ee3c62d1909730effe3f674e0264bb3 |
| SHA512 | 24e5bf3d24e67ab7a958714abbc8bbd3dca0fac8f7a4270eda9c41c9fa88e3944316db6c8ac330f9ca9531c4b71201c2eaeb4c9369c84e0e8d8c9a5f6c608ae6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef22ea4a3f99f14973eaa9a6394d8832 |
| SHA1 | 9b9801627c7651764bde37f7acbcd0c72960a98d |
| SHA256 | 1448e94019a2cd53deada731c5d44077953d3ce8bf814bbb4e8ad01904f7182b |
| SHA512 | 1dca83efbd7c8f3398a11c3ec3f05fc03c659c387493f5923b369f44ef7e9913bfb19784fb947038717f8bd052a27363690402df0ed05b8b894dbf6bd0555151 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | df9398504eb1057a66c783bfb49b334c |
| SHA1 | 79c49cd42039035e802695a25da8e51d1dd0243e |
| SHA256 | 32741a82e9fae67d61cf71ea89f2a9a91c7317a8ca4f8f4d22c759dbd53f1c3b |
| SHA512 | bb14a552ddeb90a2b8c49aaf0e17551b360e36a317182f57662760ca5626c3d688a7af531e973d85083c3e76e474eb6d309d415b11874055e7dbb020b00e258f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BQ20K5D\tab[1].js
| MD5 | 8fe8954e18b3eafdb2dcf03b218e88f3 |
| SHA1 | 17bd6b26816b4c9c7fb9b7552ccdca95c2443c9a |
| SHA256 | ff4c07f1e5cbcfdcfeabb37e8c1dc21d3edc5e3e20edd2d3da16ab5aa22bc600 |
| SHA512 | b1b5aee74b063a3093e0a8e62a9be580432b7430f0759ae8309e6b4c2a8a66805a9ed9aa35a42715bdbec1fb85ed6b808e760064181e5e2e774d0551504be87f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9c9a02744fe90c12ceca0bd831c4b43 |
| SHA1 | f51b0407fb35ebad84441decc29761c184d5d867 |
| SHA256 | 0a58d5f975364732042144de32ea59ff969e83446cb4571ef7da06e827880139 |
| SHA512 | ca276302a06867f59ddcd66224779cd2c5d78fdc704bde4e76a032659cb01b3d35e42470679baffec759f7cb972db9eaf2b5e5792b825f46d6076905281478ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64ab72281bf9b7a539a34f6c9f1b37c7 |
| SHA1 | 01d9c2aa8ec19f56bb43f3256678769dccc15f47 |
| SHA256 | eeb1bfca796bd5e184dfb21facc8f76dab239477fd96cf37baf7c2844eea87ba |
| SHA512 | 07ae15a1af06e1c2ba416f823b814714222b52cc6d6e46edf4d6e0ba06abd86c6fe6dabae211a3177e084f825c05044dfcf1a708d6e1fa6312761d63ea0899e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23f6140c986af30e74b08cccdb03ec8a |
| SHA1 | d84886c638e3d78807ec48ae9a06081237db5b37 |
| SHA256 | a7ba6742503be1ad5dc4e487dbf9180fa03311cc76502fce74c2ed4c63fe4226 |
| SHA512 | 1ab31678b9128444a774cb92b8e3fdc48fa30c888be1de85a5a9028334574f1c161a8da77e40a4bf2493915342108f57bb1e50e55dedc790691ce90f9827c686 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63fa4e8bbf5848873a6a58cfb4b8c409 |
| SHA1 | 2fbdf8e086eabb187cf27e8ccbea8423a47b9540 |
| SHA256 | f38e3db02610e7de59f27f6279c316456add3caaabb3e3925fb76edd3b9d1cf2 |
| SHA512 | 14e1ef466af495f116b42f0b351d19276644b4529967b0188ebc546aaebb9d3e1f3e77a7b0cf476efd025da818b3beb31f1b295a55abaea1e05308fa19ad4402 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e7d24dbf8823ca67e62fbee05e7060c |
| SHA1 | 81e2f2a6ca79a30135467c9a3a5dba619285484b |
| SHA256 | dafe7166114b80a7d7fe0f8111db420d04aa35caab41dd0e86835cab867f12bc |
| SHA512 | 4d4fd6902265ed1ab77900170c407648288146c518e295b077eb8703530b85d5a65f7d03faf13477f13635b20dadeed24ebbb21331af8fe174738a366794f991 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0338451ac1f388f4c3c3c0c96488133a |
| SHA1 | bf79619bee4e807db0c5e0d25bf395b394e3365f |
| SHA256 | e3e0ed7bf78ea1a8487d6b960401a04f2d9805698ea44209e7adb5c5f85401dd |
| SHA512 | a03e3abb8ac904e02c88fa0bfe8fc1edc1c198a3bb409e36786cece0f69c1daeaa15ad529c5b8ff2734b5eeb4042dd6c35242ae69abcdd4c03cf9a6229f41eab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bbc2d34be83737495d8d04b6d4f3428 |
| SHA1 | 99444852896424acfe6e6402a4ddaa5bce6353f1 |
| SHA256 | 53f275f3c3c998e49573ea0c111f703928b270278289b372e03b69eac277e90d |
| SHA512 | 1872de75592b24996197fa3ea2770ed6fb9d7a3b8e877f5f1ef5bcc2d330e95e0d9f7bae3481ced7f10cf9b703e09714ec4079a8473a32d970a49b1de1aa158e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0a4fdea1c1a12ec8460f3a379f58b38 |
| SHA1 | 27be49d9f13cd332fdef552c0943a61e48c3a292 |
| SHA256 | aac5080335b9849efe64e12f68dc95a50e82548fbdc79a764dd9d0b0848408e2 |
| SHA512 | 3f6242450b543beebeaf20f5e1ac24ef2a3c752d13c013fbb7b8a58ef2da6f7cc0784e74da304dcd111ef3e587ef5b37a7bbbf17c09bc6920b7b5ca68d394e12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0d3de53885b9bfc99178593633daa44 |
| SHA1 | f58c6a40eddb28ccd14334dc7c50bf944ad7224e |
| SHA256 | 23dadb9f04d2746f1543777ce2af250a793e4e95c93db3f6e375b041b0536946 |
| SHA512 | 64c4d93619200f11f03bc8e3caa429ba7ae380652fe114351c3599564e2f33c9ee239c554abb17682d93033cd001097fac80031c079c01ac10b95ba3ef0fe4af |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6J4GCMD\recaptcha__en[1].js
| MD5 | 19ddac3be88eda2c8263c5d52fa7f6bd |
| SHA1 | c81720778f57c56244c72ce6ef402bb4de5f9619 |
| SHA256 | b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6 |
| SHA512 | 393015b8c7f14d5d4bdb9cceed7cd1477a7db07bc7c40bae7d0a48a2adfa7d56f9d1c3e4ec05c92fde152e72ffa6b75d8bf724e1f63f9bc21421125667afb05c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81bfde867980cb6b9909dcbbf0074698 |
| SHA1 | 4b40bfa619a05f2397e0f5897ed23e9d958ccdfa |
| SHA256 | c9082b916b5f22c27ca1dc226b6ac8040fb46dc1bfadd0098d094b842d0f8750 |
| SHA512 | 870a8ae9762733d3faa16d0588759b11d17bafbc28df8862da6a0cdc5d5e7f5076bff2070b01241741dce9d52188a2aed6d7455b7407cd01b44dd173c047fb38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f55728e6fd51f7e56930ac6f3dcf6deb |
| SHA1 | abd21b1fc640b194089f92426511f8719ada6c15 |
| SHA256 | 9d2cddebc207cedab421a5b1328fa34c48e954065ff063db464ce8c040dc7654 |
| SHA512 | cf6f2e8a3c651fcc49ad8f54f9dd622342f74d1dd4de7028f5102e3d7cdae939c1a650e85706c8dbef89352272a1dadb46a59e30d7f14cdbe12259b511392b51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d410eb4716f80e23b48663ebe40abe16 |
| SHA1 | 0eb5913252034598399f01fbacef520999852485 |
| SHA256 | 860f85046acb58990822a5a431d410df56d4fc655d66a5d36c77fcabfe552eef |
| SHA512 | c003d4c53f8cd0e7c5548471477b0a33187bfa5c34a38d4556bde742c91d0174e107b5111355f15bd5ff279afb11a69d9e65fe63f7ea69a86e35caad13e93b2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3fb77bd632ee7747474ad3c231b72f3 |
| SHA1 | e3d2d18603aca524958d35f9c3598af30a95169c |
| SHA256 | d2b34979adc8419c076701e499b084f2a6e4b6398c74eed922ceefac65d6c8d3 |
| SHA512 | 439e57c113d40c0907f81044e77a9a44d84c6d4c18f1b84f0213ad71ba9a229d0423ca0dfc2b4fda97272b496b320b1e97198ac5c3b88dc4f78c19a81f3cdb19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c068accb3d7d02dec3527d42d271812 |
| SHA1 | 8117129d40a475faad8edb9875d89f5c430e5b3a |
| SHA256 | 3c2d07f598630ce52a43cae83223c83213d7b0767f1a4b55887ae8abcecd6b01 |
| SHA512 | 06ac97889060ffa544d1f68f1d6895b7e10b1e0b5f2e1af235103975673adbaa36bc688bbd59b37c5cfdc793684d4f8092aa143dc2399a6f5b84b93c986145e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c100740a5bcc088e6cfae938b9bd5acf |
| SHA1 | fdbaf33696c54987ce391e61c0f1456df0bfbc49 |
| SHA256 | ed1b5c172d3d3ade1a37a81c6b3401f7baf16d0d3bf3751cf57c48ad5d24e419 |
| SHA512 | 383809a713d93530b9230b8269f5824a19df8a635842ecb4558db465179f1a0d8f1a3c61fe6cf415337451b36ae15235ff4f1d6c2b347e3b7ce6d35056351b4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 980f949c77840055bc13f336eb18f9c4 |
| SHA1 | 578bf86dda0772f486417c36c62a5eb78299a9c8 |
| SHA256 | a9487fefaef06c43557aac0e68042fc6a0af207cab219a3e2667d45e73a28624 |
| SHA512 | 1136793229d39378fd4073e988c1536cde3cdbeca05f642a9db3a73118de70e3d1fa5bad4a9dbddbc9468a3ae8f4f84fec86be23395bdd24d84249784a32569d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e62cc2bb1cb1ca7a4a37c914d110304 |
| SHA1 | e650578ca713681acab3ea5c62d5a09436e57a42 |
| SHA256 | a8a69746cbe13606c12f9abe9ffaedff5120fb7a1ccc9e1440f650e0db866606 |
| SHA512 | 15050a02ae9e20231e69590ca728e34d166ec23476da7ccba5a8ac01563bce62cf1a71b1c5e1292b597d7cf277f8412ec4ac8a0ca7b9289dea2bb485b3a36bff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc1f3a9de0da011042d5f69f4b2782da |
| SHA1 | 20afa0ddd009a1032502cb228367ea78bb31cc08 |
| SHA256 | 074996aa510648c8c161d611b21da6c6e5c6a2977339dcaab8f92e1e4363d564 |
| SHA512 | 3dfbc983d77a5e929241eb5e166c66324d50fda8df0d8c8d08a42cfb914f59edf0ed0ce7b85e894db88cd159d348c201dc0ec416d76b8744d23ac0572c5c186e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbaec9f96510a0280ac3cd0f61ffef71 |
| SHA1 | 7c3d47278618ee0d0d3f29973ac87faba0f5fbce |
| SHA256 | f3873300596db57cb2027fb132ab311b2b925b34ea3ae8fe2e28fd9a6eb6d4eb |
| SHA512 | 394df139ec83db50f2b52d9793ed1f225a6b8393e8f67bcc1afb5252e01177842df4208a644c375918bcfa7bfe4043eb3006af7875c4088dbee742981595097e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd0351c9e0be4e629ba45df844137489 |
| SHA1 | 825959512e9140b6a0b193d4f0c2af1c057a811f |
| SHA256 | 8ad341774231e9af38bacacb677ef06b46dc6f3c1641612b5371ab740e282dcc |
| SHA512 | af40fe739190a7d891f191179bf448b9be306a722a9936b446cf8092cfe8b6efe08011c9c7fcbbc9841b8d32f52742425d516e2bdb9f8a0965eb90c8a41466fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8f1d44cb15e70d1aac8044f33b7ef0b |
| SHA1 | 2c2603c5a2c4a8999bf7c5709516d273369e9fcf |
| SHA256 | 39e6414717a1bbc367a8c1178b104233e8f16cb13a72006d2bd3b344b504572b |
| SHA512 | caabbec3819853454a6f22ca9e733cf00786786f28a9b3150f86266551534888ad2c18d19552e5d2cfb327e30f8fd0d1d25873b148b37554812a35a126adab39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3958fb1a5e1e9cd8c17f726f5f36d21 |
| SHA1 | 3e0fe8e90796bbcabf7500fb2b6653eb8dba9b16 |
| SHA256 | 6dd280b5d99130ec333b31d693920b10c723804d65ed54773be280ec27773cf1 |
| SHA512 | e28f0bc1b8dae3d318973c186369ee86dc62f0c3c9ddef2c53b6ded9c6f11915de129da09b958e54bc8894608ce615d96a03ff3776cf9fa4d8297ab83f4837e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32456740a9ffaee54340e741c755abde |
| SHA1 | 3cd8375f4cb6ca52cfcbe9abde18d31877fe1cc8 |
| SHA256 | 7ff2e09a3a8ef9bb537e76c85299b3f18d2f68474b80f1c749d683ee73ca7037 |
| SHA512 | 2b42627a41e59b22ba4bf6a1c8a50fbce3ced5097a35c053769eadca9a2b886bb705b38b47852deea160fad446ea3c063ef0beaa9db5fd1b26f7dfc565313f74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9723a3885862403f51eb00659de5b386 |
| SHA1 | 076005021ed27390d9449275cf701b9655e0e0db |
| SHA256 | 2f0532a6de6fdb0f6284952c28c581655db82a9bc6666b1d562611c8d23a2896 |
| SHA512 | fefbaa16952b31ab5f16f2ad68bd4a6983a57dbb21a8f63adc225a98ea335fc69fa82fdc914e3e158b2f96950c74709832dd21861c3cbacd8d82a886e202d3a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f3da97a358a1f6ecd8960a6ff464f89 |
| SHA1 | c5144228bfce3511da60924148c5dafe6f29cb18 |
| SHA256 | 8bf8d96b387cc5fd2c11ee835979da461308071acd571118fb74ef6601da99fc |
| SHA512 | aee1aaf3a7d6b4bbbf6607030fd9a37cfd1656dba07ea92df56b69445c545ba80a0cb36fa8e8513bf3f0ab38f765121ad86114079beb66f099bd308fe6928b9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86b85168a9a2a0112f065cb1578867f2 |
| SHA1 | 6d158387b7d6d2a5948b2d6cc70af275e86e58fc |
| SHA256 | 0e071413880fda5bbfb75e30927ef53ca0edbf50b1375ded69d63c7128925ab9 |
| SHA512 | 8d924d343a64e14a7cefeedee0b22596d9dd00490fb32c0cf430faf0f90bb3072da5acba6f1bc71ef7c65ca92d04d8de7b131298198d5f0ded83718da136f614 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7254d99f1e92af7a2d9e3957ddbde609 |
| SHA1 | fd9fe7050bcb31eae30e84f98d26f13e139c86b5 |
| SHA256 | a3ed0bcf441b83d0de364e9340c35121984351431cd76108a8dfdf1f21582e34 |
| SHA512 | fcd3d407d45483799ad017c1ac19a75931c3f70638f7ccf8ea1b0218de810450b36c1208f2b4a221f4d827880c9f11fcc3edc935a71805b9e91b3f9cdd539481 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | e21929cdc96b6bbfd7cef594593ae1fa |
| SHA1 | 3e5b52e5763d52ad434086c39fffd747c07825bb |
| SHA256 | af2145398f58ebacffeb0cb5f16eff39c4e586a30ef6e31489a1703dff997566 |
| SHA512 | f9afc922db1331e672c33158231cab7813aa48f166f1b53e39c861da05a8069363abd70c6624861117ca9fde8c9938a2030ae372dfa551e2b80007402549df65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 49bab707a5f12a50e3006ab451d2e2b1 |
| SHA1 | 694481f45f9fe025c9e0d8a47be3ca2f5b79681c |
| SHA256 | da674a6ab412abf7d9131ba93e2c3baad4c43076a2ca2fe2a2fb6c29436e5cfa |
| SHA512 | 78f983f9528ba41878fc90121aeee1c523b9097d89e9cdd2b9f3644645f095afe0883b4ae07a1363b3792921bea915b9630d88a86472491dcdf17cb14ec229f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | bd3df395c97d37908bb795eb9bb4632b |
| SHA1 | c7295676967f3469f1385a07c5923fdb02fad2f6 |
| SHA256 | 94d08e1d8370700ec68c00a073572d3e39d1f0c8943831a72b38b51bf66e29fd |
| SHA512 | 8d75bc5cc17223075bd4f6deb054408e6fe04a8ffd5a72a65d5873eac1945ce127226e7fb151b54ea5ae9281592471b4e6327c22234d2fe1ba97a5ab7953799f |
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-10 12:00
Reported
2025-01-10 12:02
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
148s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e3b4f78d113333da80699b81ad6e84d8.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb386746f8,0x7ffb38674708,0x7ffb38674718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5432 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x170 0x40c
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,11702730811235198605,4240485004575325243,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6900 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 142.250.187.195:80 | fonts.gstatic.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.onlineleaf.com | udp |
| GB | 172.217.169.14:443 | sites.google.com | udp |
| US | 104.21.51.21:80 | www.onlineleaf.com | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.51.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js4you.googlecode.com | udp |
| BE | 64.233.184.82:80 | js4you.googlecode.com | tcp |
| US | 104.21.51.21:443 | www.onlineleaf.com | tcp |
| US | 8.8.8.8:53 | geoloc1.geovisite.com | udp |
| US | 8.8.8.8:53 | kumpulblogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.195:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.widgeo.net | udp |
| US | 8.8.8.8:53 | oktri.googlecode.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | masterendi.googlecode.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | p4r46h-blog.googlecode.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| FR | 54.36.176.112:80 | geoloc1.geovisite.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| US | 104.26.11.22:80 | www.widgeo.net | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | www.reverbnation.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| ID | 36.50.77.66:80 | kumpulblogger.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| US | 34.239.206.54:80 | www.reverbnation.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| ID | 36.50.77.66:80 | kumpulblogger.com | tcp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.200.33:443 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | i41.servimg.com | udp |
| US | 104.21.70.7:80 | i41.servimg.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| US | 34.239.206.54:443 | www.reverbnation.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.21.70.7:443 | i41.servimg.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| GB | 142.250.200.33:443 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | s10.flagcounter.com | udp |
| US | 8.8.8.8:53 | i7.photobucket.com | udp |
| US | 8.8.8.8:53 | cur.cursors-4u.net | udp |
| US | 8.8.8.8:53 | 82.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.176.36.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.11.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.8.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.1.102.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.206.239.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.70.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.77.50.36.in-addr.arpa | udp |
| GB | 142.250.179.233:80 | resources.blogblog.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | badge.facebook.com | udp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | udp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | udp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | udp |
| US | 96.43.128.66:80 | cur.cursors-4u.net | tcp |
| US | 3.165.232.87:80 | i7.photobucket.com | tcp |
| US | 172.93.107.85:80 | s10.flagcounter.com | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| DE | 157.240.253.13:80 | badge.facebook.com | tcp |
| US | 3.165.232.87:443 | i7.photobucket.com | tcp |
| DE | 157.240.253.13:443 | badge.facebook.com | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| US | 96.43.128.66:80 | cur.cursors-4u.net | tcp |
| FR | 54.36.176.112:8080 | geoloc1.geovisite.com | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| DE | 157.240.253.1:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 104.26.11.22:443 | www.widgeo.net | tcp |
| US | 104.26.11.22:443 | www.widgeo.net | tcp |
| US | 104.26.11.22:443 | www.widgeo.net | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| GB | 142.250.178.14:443 | apis.google.com | udp |
| BE | 64.233.184.82:80 | p4r46h-blog.googlecode.com | tcp |
| RU | 87.250.250.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | www.widgeo.net | udp |
| US | 141.101.120.10:443 | t.dtscout.com | tcp |
| US | 8.8.8.8:53 | gp1.wac.edgecastcdn.net | udp |
| US | 172.67.69.193:445 | www.widgeo.net | tcp |
| US | 8.8.8.8:53 | arvigorothan.com | udp |
| PL | 93.184.220.20:443 | gp1.wac.edgecastcdn.net | tcp |
| PL | 93.184.220.20:443 | gp1.wac.edgecastcdn.net | tcp |
| PL | 93.184.220.20:443 | gp1.wac.edgecastcdn.net | tcp |
| US | 172.67.150.119:443 | arvigorothan.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | 87.232.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.192.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.253.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.107.93.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.128.43.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.253.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | udp |
| DE | 157.240.253.1:445 | connect.facebook.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | gutockeewhargo.net | udp |
| NL | 139.45.197.107:443 | gutockeewhargo.net | tcp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| US | 104.21.80.1:443 | my.rtmark.net | tcp |
| NL | 185.89.210.244:443 | secure.adnxs.com | tcp |
| NL | 185.89.210.244:443 | secure.adnxs.com | tcp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 20.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.150.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.200.250.142.in-addr.arpa | udp |
| US | 104.26.11.22:445 | www.widgeo.net | tcp |
| US | 104.26.10.22:445 | www.widgeo.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| PL | 93.184.220.20:443 | gp1.wac.edgecastcdn.net | tcp |
| US | 8.8.8.8:53 | d3e6ckxkrs5ntg.cloudfront.net | udp |
| IT | 99.86.159.128:443 | d3e6ckxkrs5ntg.cloudfront.net | tcp |
| IT | 99.86.159.128:443 | d3e6ckxkrs5ntg.cloudfront.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| DE | 157.240.253.1:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 128.159.86.99.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d22073dea53e79d9b824f27ac5e9813e |
| SHA1 | 6d8a7281241248431a1571e6ddc55798b01fa961 |
| SHA256 | 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6 |
| SHA512 | 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413 |
\??\pipe\LOCAL\crashpad_2668_NVBDOJDCGQYQNQGW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bffcefacce25cd03f3d5c9446ddb903d |
| SHA1 | 8923f84aa86db316d2f5c122fe3874bbe26f3bab |
| SHA256 | 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405 |
| SHA512 | 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 53032e00463d689328678b1a7173ed08 |
| SHA1 | 4745f7f74ab9157c304fdb1decc7aaa1d3fd2e5e |
| SHA256 | 65f16a6a4a3513469ed2de3f2e4e28b90589a517202e56768d350c8c4d3f14f3 |
| SHA512 | 60239bf73191c7928967760aa217445b564ae7609863ed1d17080d142a9899407aa8b6aea4767e78c97fee5e8407acdb1ce65430b7fd1e0c67f8223269dc2a51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | d79b35ccf8e6af6714eb612714349097 |
| SHA1 | eb3ccc9ed29830df42f3fd129951cb8b791aaf98 |
| SHA256 | c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365 |
| SHA512 | f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3d118ddf2827d0001992e5659a3eebaf |
| SHA1 | f475992dba7ce9b3bd56a6c1e943f8d6b56ff965 |
| SHA256 | dba47afb6c39b8a337571e8c46ce6a56ae385c996790c3bb9c4be3399a376981 |
| SHA512 | eb229d371d193dab1a016741e6bd2f3e01af7613bf70bd541bc61ae6fae8ef71333ec0a6ee0877a34ecaa742f1aafe935f97abf6905bd1dbc961a144d68a1b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dc68e2d21be9acc39f48dec98965ed67 |
| SHA1 | 8a42f0b22fe7cf7641e0e191aa9c9e75e13b5b53 |
| SHA256 | 65de49a6fd65ccd56fe0f71cda46e1d004910722d088d905d476659eb8e411db |
| SHA512 | 662289bb006cdd2f17eefe748b0d33794652d64622921e97326ddb373ae54a16b0698b726edaee0201f1f1b41fe73f60a14f23c8a4afc5128b2f379122621ca1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | aea91c037ba56f1d4b382f0c740efd54 |
| SHA1 | 4e9ef748a4c744f5e3b9faa59b243f3c255b8269 |
| SHA256 | 1bf4fadac9a70464ceb1b047ee323987482ddf8def76425fd4fa9bab75797a7f |
| SHA512 | 30390045f31eb3787fc1344631a1a01f785a0c7b9a344389674ebbb2eb6ee50d3f1dad7a0ed830f83c762f499187885c6407abadf7e99be46c914b3bcd4c9f64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4b48c4bf1eadc8b081f6303a48daf9d6 |
| SHA1 | a630be2dead124c6b4388b4979927cd2ff33c65e |
| SHA256 | 2e6d99e4d0121bb6d596472a80b9e76e15a8631c1efc76e10178018b86311217 |
| SHA512 | adbd45ea47ba2672b80d44e14d7c77f257bdb21474e96e51c82005e52889d53988f7085a310fd1422bf05e1d93a0d3d9765f6297b201d53f2cecd318a5a9bd6e |