Malware Analysis Report

2025-03-14 21:54

Sample ID 250115-l1kdqa1mfk
Target JaffaCakes118_53c8dc12b8f1eda02a50c1aaa8ec04e9
SHA256 71d23a3819daec4a1ae392df35e6c7dac4701f1b2f128ceefb69529444d21ae7
Tags
phishing socgholish google discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

71d23a3819daec4a1ae392df35e6c7dac4701f1b2f128ceefb69529444d21ae7

Threat Level: Known bad

The file JaffaCakes118_53c8dc12b8f1eda02a50c1aaa8ec04e9 was found to be: Known bad.

Malicious Activity Summary

phishing socgholish google discovery downloader

Detected google phishing page

SocGholish

Socgholish family

Legitimate hosting services abused for malware hosting/C2

Detected phishing page

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-15 09:59

Signatures

Detected phishing page

phishing

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-15 09:59

Reported

2025-01-15 10:02

Platform

win7-20240903-en

Max time kernel

144s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_53c8dc12b8f1eda02a50c1aaa8ec04e9.html

Signatures

Detected google phishing page

phishing google

SocGholish

downloader socgholish

Socgholish family

socgholish

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogwalkingwidget.blogspot.com\ = "110" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{79D266C1-D327-11EF-B9BB-7694D31B45CA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\Total = "79" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\Total = "110" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dee8f9a6a609441b962e6955d0b62f700000000020000000000106600000001000020000000ccfc7bc14632042557cce89302001704cd77da914bb2148b1c07ea912cd19071000000000e800000000200002000000089d02e12ac3fe612947da19d41f971a98598f73dbf97eb6bc7b92d05ac0ef97790000000d59ad10648558ff5836408b9e64be484a2ac405543370511e5d37700858a8bb53b88122c23ba94e22f130fdbd6687ce4ebd58189b21a4d405c52598ed0d672de82c220db986e0524855e6fe0c268b425b2563938a5cde3d74c4eecb27a203e0ba58ad5d7dc010ee035190df5399157d9503b800d8ad10ee4aba7fac42e1e31b9a7992302cafc990bad89bd608cf5404c40000000b23fd51cd6e8ccb784f2f80afb11ea506a2ce29e66e9dcd5e941ac5fbce15a1a30ba53bae9ff52aab63a44c62a193783e1d5e7fb97093ecefce45cf56a5c35f4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogwalkingwidget.blogspot.com\ = "79" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogwalkingwidget.blogspot.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "133" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogwalkingwidget.blogspot.com\ = "133" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\blogspot.com\Total = "133" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443097065" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "110" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80d761783467db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dee8f9a6a609441b962e6955d0b62f7000000000200000000001066000000010000200000001723d5bee2ebf166c4e79daaf37923e130c5cebd0668de96f4a5d631c4e261f8000000000e80000000020000200000005e820b2a8acf75a20b54fba8a65aad3f010aa1f999657f49ab4f0e09df8f86be2000000023e05f206c7589089da9335d8df44a7fdeffef5ab46b2c3ec34268001c0a3e3d4000000002ad0a6b91ae0d0149c56837adfce703a461316b27280f18767056981126f54daf0ea4e0953684e526df301b04b8c0ddd13c362a372ff1599db97f683d6a8750 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "79" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_53c8dc12b8f1eda02a50c1aaa8ec04e9.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.179.233:80 www.blogger.com tcp
GB 142.250.179.233:80 www.blogger.com tcp
GB 142.250.179.233:80 www.blogger.com tcp
US 8.8.8.8:53 synad2.nuffnang.com.my udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 tweetmeme.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.179.233:443 img1.blogblog.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 142.250.179.233:80 img1.blogblog.com tcp
GB 142.250.179.233:80 img1.blogblog.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.214.35:80 www.facebook.com tcp
GB 157.240.214.35:80 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 142.250.179.233:443 img1.blogblog.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 142.250.200.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 bloggerhosting.appspot.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 counter.24log.com udp
GB 142.250.179.233:80 img2.blogblog.com tcp
GB 142.250.179.233:80 img2.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
RU 89.169.29.11:80 counter.24log.com tcp
RU 89.169.29.11:80 counter.24log.com tcp
RU 89.169.29.11:80 counter.24log.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.180.20:80 bloggerhosting.appspot.com tcp
GB 142.250.180.20:80 bloggerhosting.appspot.com tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
US 8.8.8.8:53 downloads.totallyfreecursors.com udp
US 45.79.19.245:80 downloads.totallyfreecursors.com tcp
US 45.79.19.245:80 downloads.totallyfreecursors.com tcp
US 8.8.8.8:53 www1.shoutmix.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 172.217.169.14:80 sites.google.com tcp
US 8.8.8.8:53 feeds.feedburner.com udp
US 8.8.8.8:53 gengblogger.com udp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 216.58.212.206:80 feeds.feedburner.com tcp
GB 216.58.212.206:80 feeds.feedburner.com tcp
US 76.223.54.146:80 gengblogger.com tcp
US 76.223.54.146:80 gengblogger.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 topseolink.com udp
US 8.8.8.8:53 autobacklink.co.tv udp
US 8.8.8.8:53 1000backlinks.cz.cc udp
US 8.8.8.8:53 www.yiedpozi.info udp
US 8.8.8.8:53 blogwalkingwidget.blogspot.com udp
US 8.8.8.8:53 mrdaha.blogspot.com udp
US 8.8.8.8:53 ohdaus.blogspot.com udp
US 8.8.8.8:53 www.jejakaterhangat.com udp
US 3.33.251.168:80 topseolink.com tcp
US 3.33.251.168:80 topseolink.com tcp
GB 172.217.16.225:80 ohdaus.blogspot.com tcp
GB 172.217.16.225:80 ohdaus.blogspot.com tcp
GB 172.217.16.225:80 ohdaus.blogspot.com tcp
GB 172.217.16.225:80 ohdaus.blogspot.com tcp
GB 172.217.16.225:80 ohdaus.blogspot.com tcp
GB 172.217.16.225:80 ohdaus.blogspot.com tcp
GB 172.217.16.225:80 ohdaus.blogspot.com tcp
GB 172.217.16.225:443 ohdaus.blogspot.com tcp
US 8.8.8.8:53 www.blogblog.com udp
GB 142.250.179.233:443 www.blogblog.com tcp
GB 142.250.179.233:443 www.blogblog.com tcp
GB 142.250.179.233:80 www.blogblog.com tcp
GB 142.250.179.233:80 www.blogblog.com tcp
GB 142.250.179.233:80 www.blogblog.com tcp
GB 142.250.179.233:80 www.blogblog.com tcp
GB 142.250.179.233:80 www.blogblog.com tcp
GB 142.250.179.233:80 www.blogblog.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.178.14:443 apis.google.com tcp
US 8.8.8.8:53 widgets.amung.us udp
GB 172.217.16.225:443 ohdaus.blogspot.com tcp
GB 142.250.200.2:80 pagead2.googlesyndication.com tcp
GB 142.250.200.2:80 pagead2.googlesyndication.com tcp
US 104.22.75.171:80 widgets.amung.us tcp
US 104.22.75.171:80 widgets.amung.us tcp
US 8.8.8.8:53 blogger.googleusercontent.com udp
US 8.8.8.8:53 blogger.googleusercontent.com udp
GB 142.250.200.33:443 blogger.googleusercontent.com tcp
GB 142.250.200.33:443 blogger.googleusercontent.com tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.74.171:80 whos.amung.us tcp
US 104.22.74.171:80 whos.amung.us tcp
US 8.8.8.8:53 1000backlinks.cz.cc udp
RU 89.169.29.11:80 counter.24log.com tcp
RU 89.169.29.11:80 counter.24log.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.80:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
RU 89.169.29.11:80 counter.24log.com tcp
RU 89.169.29.11:80 counter.24log.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 malaysiaheaven.blogspot.com udp
US 8.8.8.8:53 mangges.blogspot.com udp
US 8.8.8.8:53 azfar9897.blogspot.com udp
US 8.8.8.8:53 princessnies.blogspot.com udp
US 8.8.8.8:53 yatieepisode.blogspot.com udp
US 8.8.8.8:53 daarulmuaqaamah.blogspot.com udp
US 8.8.8.8:53 heroiczero.blogspot.com udp
US 8.8.8.8:53 lieroseqiemi.blogspot.com udp
US 8.8.8.8:53 syahthebest.blogspot.com udp
US 8.8.8.8:53 nubmohdtahir.blogspot.com udp
US 8.8.8.8:53 www.under-8.com udp
US 8.8.8.8:53 iwandextrous.blogspot.com udp
US 8.8.8.8:53 aestheticakmal.blogspot.com udp
US 8.8.8.8:53 fieq89.blogspot.com udp
US 8.8.8.8:53 cahaya-humaira.blogspot.com udp
US 8.8.8.8:53 kerdildesa.blogspot.com udp
US 8.8.8.8:53 bidadarihijau.blogspot.com udp
US 8.8.8.8:53 kerolmohtar.blogspot.com udp
US 8.8.8.8:53 anatiii.blogspot.com udp
US 8.8.8.8:53 nazirulhazwanws.blogspot.com udp
US 8.8.8.8:53 zahraally.blogspot.com udp
US 8.8.8.8:53 merahitujambu.blogspot.com udp
US 8.8.8.8:53 sinarraudah.blogspot.com udp
US 8.8.8.8:53 qasehsyahnia.blogspot.com udp
US 8.8.8.8:53 ctliyana86.blogspot.com udp
US 8.8.8.8:53 sangkarhitam.blogspot.com udp
US 8.8.8.8:53 zaki91.blogspot.com udp
US 8.8.8.8:53 dalamnafascinta.blogspot.com udp
US 8.8.8.8:53 ordinarysoffea.blogspot.com udp
US 8.8.8.8:53 ezmaliza.blogspot.com udp
US 8.8.8.8:53 arena-hana.blogspot.com udp
US 8.8.8.8:53 www.zafiranabilah.com udp
US 8.8.8.8:53 besout.blogspot.com udp
US 8.8.8.8:53 jejakaanggun.blogspot.com udp
US 8.8.8.8:53 johnjeninz.blogspot.com udp
US 8.8.8.8:53 ahmadalieff.blogspot.com udp
US 8.8.8.8:53 www.ciktom.com udp
US 8.8.8.8:53 ainnabila-iman.blogspot.com udp
US 8.8.8.8:53 www.aidaazryn.com udp
US 8.8.8.8:53 asaltakhangit.blogspot.com udp
US 8.8.8.8:53 crayzeebaybiey.blogspot.com udp
US 8.8.8.8:53 nash121.blogspot.com udp
US 8.8.8.8:53 worldofsizuka.blogspot.com udp
US 8.8.8.8:53 puisitepijalan.blogspot.com udp
US 8.8.8.8:53 4east2u.blogspot.com udp
US 8.8.8.8:53 kimieslot.blogspot.com udp
US 8.8.8.8:53 chentamaneesku.blogspot.com udp
US 8.8.8.8:53 www.ainz.co.cc udp
US 8.8.8.8:53 my270view.blogspot.com udp
US 8.8.8.8:53 dhatieku.blogspot.com udp
US 8.8.8.8:53 penjankayu.blogspot.com udp
US 8.8.8.8:53 aliefcmoi.blogspot.com udp
US 8.8.8.8:53 duckandrun1303.blogspot.com udp
US 8.8.8.8:53 terbiut.blogspot.com udp
US 8.8.8.8:53 erolnukman.blogspot.com udp
US 8.8.8.8:53 www.100penulis.com udp
US 8.8.8.8:53 sejutastanzaselamba.blogspot.com udp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
US 35.91.2.62:80 www.ainz.co.cc tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
US 35.91.2.62:80 www.ainz.co.cc tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:80 sejutastanzaselamba.blogspot.com tcp
SG 172.96.191.42:80 www.aidaazryn.com tcp
SG 172.96.191.42:80 www.aidaazryn.com tcp
MY 103.27.73.150:80 www.ciktom.com tcp
MY 103.27.73.150:80 www.ciktom.com tcp
GB 172.217.16.225:443 sejutastanzaselamba.blogspot.com tcp
GB 172.217.16.225:443 sejutastanzaselamba.blogspot.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabB77F.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarB80E.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\maia[1].css

MD5 9e914fd11c5238c50eba741a873f0896
SHA1 950316ffef900ceecca4cf847c9a8c14231271da
SHA256 8684a32d1a10d050a26fc33192edf427a5f0c6874c590a68d77ae6e0d186bd8a
SHA512 362b96b27d3286396f53ece74b1685fa915fc9a73e83f28e782b3f6a2b9f851ba9e37d79d93bd97ab7b3dc3c2d9b66b5e8f81151c8b65a17f4483e1484428e5f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKZ95V4R\authorization[1].css

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S8GI6B9B\platform[1].js

MD5 78e3220eb2fca6a62ca8477767757151
SHA1 8bdbd661f5046a761fc1f24c3124851a15b66709
SHA256 975033c5186c254b228ab70f69b5c1529acc426cc34934422da20da93ebfc9f6
SHA512 6375ca8a2aa701d91d9b23edcced8f1900c6dd26a66b18fc6b3314591a6820e036738a87b290c000a8a82e4ffd9c57ffc3d536253ce3046420c201a26157fe1e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKZ95V4R\55013136-widget_css_bundle[1].css

MD5 e3f09df1bc175f411d1ec3dfb5afb17b
SHA1 3994ec3efe3c2447e7bbfdd97bb7e190dd1658f9
SHA256 1a2eca9e492e3a21e02dd77ad44d7af45c4091d35ede79e948b7a3f23e5b3617
SHA512 16164d66d452d7d343b1902fe5b864ffdee42811ee90952cbfe9efa9847c58c0403f944c8e29db2bc2384ccd516b629cb8765e5e51de37da6efd75962cf82530

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKZ95V4R\cookienotice[1].js

MD5 a705132a2174f88e196ec3610d68faa8
SHA1 3bad57a48d973a678fec600d45933010f6edc659
SHA256 068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
SHA512 e947d33e0e9c5e6516f05e0ea696406e4e09b458f85021bc3a217071ae14879b2251e65aec5d1935ca9af2433d023356298321564e1a41119d41be7c2b2d36d5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UR26M8S\91768132-widgets[1].js

MD5 1b64d44a3782daaf58a619be27d90162
SHA1 e9e48e7f99a419e33ddd5ced433bf6198d6fc266
SHA256 47a39a6f611cfab83e64a55619a984907685686bea4235a9a8fa201cace7abb1
SHA512 f624714c3ed243d14949ac77923117230ea33566ffd59d9db22f194cdc1d9de2dfb3f2602029fe80d3e12b42b4f48092438bfc77954bffd882f9b0bb3fe390fd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\f[1].txt

MD5 7f5f2be159837d73b72a4b37616bce44
SHA1 c93d7f25b530b05c26440d3352213b683d03dcc3
SHA256 ccecd185ac16ba0a538840f37701053fbb861f7fbbdd86039c7415fcd924d1f2
SHA512 a1002883ca1dd74080546c6d34a38144b867a8e8a22e4bad80eb1d221a86fe9edea81a5f12d3ca6b2bf29e686fc80cc32b06e37b83381750b6e773a62052a0a8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0I3FUOXK\blogwalkingwidget.blogspot[1].xml

MD5 25b1993ebd79e6d4e74b58d976aacb3f
SHA1 b877b4e406e0bcd95545f66376195d79150cda9d
SHA256 256a964bd6665fdd09f3a93d7f081d57a182fe83e49700c81bab07ba8b49e141
SHA512 6c12728cb938396a462c185b02217d6f1f86b6d847dd0cfa0cd1c6530938c1c4436af1228c1d65bb519dd04652a754f00e53b8411d261d54cf0b336f1d9298fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9b921b92d7c86d948a54850bf491606
SHA1 52479797353d3a26f56542575d24520d3cf63cee
SHA256 8000d32a1373d457da4cc9c2f58c2d65df3010f1ce686c1fc01d51b1f6164418
SHA512 bea30adf49c11a55fe9e1dc97e1f5ef66786e8d306a3c92ffadebe9f2eb629a16782539355b2c434481e951916899b0b652f3af5997f29c050eb5b99d20b0e14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f89dc201f40cf8f5b6a15fdf7e3e2fd9
SHA1 b981d15741ef3dd6c715ec75c26f57e04b8d98a4
SHA256 c4cf862e54eef851cee185468323e9c5d3cb96f4bf50298b1af3ded869621b0d
SHA512 7167accd10e534d619b8b5e4c7a38d2b129dd0d61dca5a349447ab4333881257cb837c9eaf05d2b2f771e0aa2083e4ebe5695f2284223b0f0eca3050bfc129cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 03052dcb196eae342606bdafcd8d16ea
SHA1 93e9ca67ca8e986e2cd59188b79a7e768c01f75b
SHA256 0654ab8de951a80142faced3071f28017aa8abed7098724e6f524b3647b758c3
SHA512 7ed3b80ac27586e7a3ef35e7b5a6b146125e29041f3a6264ce99d6cdd6bfd0f60f5c70fd7d13a54e3f961f533405ab879ae3b97b38380eb725a2d32959bf735c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c60c56b7ea00ee6d57c896a4ef116f52
SHA1 0f430289af9030da0d7ae6441930a73c1f4486f3
SHA256 631a0ac150623bc2878ef5d06cd6a8bb0bee26a18ea2d7fb8230edb68edf003a
SHA512 c7d4a38daf5221c57096cbc0f2f65341b8f07d8709f38a0b6935ec2bb798e34269e79209c62e0503573d04622285c4256b84d26c5906f2aae3066bbb3383a365

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a25e84698abc91c0fb75dab8d72358e
SHA1 cc83dbadfd9e5bc76328db2274fc927166452e82
SHA256 ffd25d06ac775e317945c0ee5a3dc3e68155d763e7a930f93ef80203d37dbc9e
SHA512 76c43c18e3e7f86d38534659b2501e43a19e7ca2ee245dc20fd989bce480a4ab1791e72675e71e35df31fdb3cab45ca3e0521dd5ed836719a77c0f7b45284d32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c3e9f56e780c7db3a074ff338221c26
SHA1 8616ba91daf4b2c721d5bae3405ec725b264cf31
SHA256 811fa371d1eb14ed6ad8f36f447d74b6b1ae0b0d26a0da31b6e9971dd077cd37
SHA512 25c377e00b309d7c6c2ac411331d22ac9a80efc1bce98979f2af0093927720e3e9b8949006c71bce0459430732d51ab208a4127fa47fe4240624129d1dae478a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 482fddae934853fb2e6677dd7917f72e
SHA1 67151018c3eca1c69655952ad7b5b44d70c126e6
SHA256 4da7722ca274335a8c52eca628b9d7b85f6f041017e523f721d2226ceef40934
SHA512 2e25b75ae3b4446ed69de2362353f0bf91694865aba67df59eba0d7e1bd5ca5a44bdbbd2e44db99662a41799a91d6701db4b049723a49930b4e89be52c17daf2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3fcaf1c941e20f1825a986c563568c6c
SHA1 c59081bbc09bba9e10bd84898d41dae79351e7e8
SHA256 526dcf0c896998077371e1fea4846fcb360062ebf2c524a78102be15b8d665f6
SHA512 48eb5908832d45cb587c8851385c38bfaf7a3ded9c146ae10d5f24cc5b1bdff113235965733a4ed627d0a35431d1c33b9f4f9a2dc28312379e887dad6770a1f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 9dadd8b7432bfdce8386c76ab19e3870
SHA1 a1b02f1aca3de5216c0a9ca1328b74581164e916
SHA256 77d9ef87ba9ac94a1dce0cd4b2947f6b2787c76ca90aa1edd1bb5ac4ac13d5eb
SHA512 7a68e1459f422e54ae1c1251cb53fcf4b8423fda09745bde2f1117ae43ffc9f6f2af1bd96e25075e7d8bf535b56202830dd6154897344ce027ccf0d2ad69dcd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41b50c4f7f904d347215857c8ce097cc
SHA1 1d8d6491749e0544258388467d69f7cc4c9140cf
SHA256 8c80208933d02546826c4a126bee6c3678a8adc1cfc4df9ce3654960a5041478
SHA512 03b572fc2477eec08d1998f33450e20587aa294998d538eee4abf42cacf5d0b5fa9a0d61e6a4bfd8d8ac3194765073dea0b8555154731d8ecbf99382439e6940

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a8e1a745e36ee83b4d62a8e2584f61d
SHA1 0245350029cff7d3637e0c251469c976db5516fd
SHA256 d063219b17e03733b8f6d90a9298c9d823cb80a64dd4f6266cd1b16f4f2ab1fd
SHA512 7a0b78d3f68df8db6d20081a3bc56c34ef3614047ec38bc5005e16fa049d01a819f3c87eb15097fa0bbd884e0d29dbf2f183d50897f565f1a56891e5afc10024

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c58cc3ebbac192cb5a41550b5b866b1
SHA1 b0067ac6a79f1171d8d78aeed3449e529cb95c4c
SHA256 86409693da9b90642b43b7a10c9fcf49c408d082db59a472398a2dfa36d1352c
SHA512 79841815ca313a74c855f55f3e5bfbbedb9ad5faaddea3d1dccb91634be490f8b02acfbc186353a7ff318622b1204802360c472818ef568c71982fc15e78e185

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UR26M8S\favicon[2].ico

MD5 59a0c7b6e4848ccdabcea0636efda02b
SHA1 30ef5c54b8bbc3487ea2b4c45cd11ea2932e4340
SHA256 a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f
SHA512 bcfebb2ca5af53031c636d5485125a1405ca8414d0bc8a5d34dd3b3feb4c7425be02cf4848867d91cf6d021d08630294f47bdc69d6cd04a1051972735b0f04d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4fdfbf8860662978be6a6eb135fe979b
SHA1 a0d7ce900cbe86cef05b7278f79d8b47b8a0aed2
SHA256 b316254a9f2980c569bb4a435546990c40a39026dad94a40cd82ff6d1ea09952
SHA512 3cddc09ab7d64b73cacd3849ca29abadf4ce827730902b760715df272a0863fe4a96d96a429bc5798ff4657e37c9737e72352514ee6d41454b7b3e2c8d03473a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d82c87bc05f1b27c55c680913751cd87
SHA1 f606cdeff1b995edebe57c409b74edab5c9e7110
SHA256 3406c37c2e3f5ae8b30e5dd18168e98a143a13ac0aabf00ffaa47856847781c9
SHA512 1ba0715543476bf28509b18ec6c90209369fd7f8cafa49719715e06c0be6ca9c8f30b27877e91e65eb09f95959dd0d91f37a51e6c0ceb5c9c2e12d371765365e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57b4674cf1625721a39eb97a7aa2aed8
SHA1 b59f4e1756e2c44286a51d82e8a563b56cbb7664
SHA256 ff9243de802fdc6d3efb675bfe2c31adeb869db8a7c6a4257450533ef93b1511
SHA512 937d8c62e2a97bec7dd89f39221554e602ca1d780a3b5cefd609e4567bb89f555e09729e93b920681cc82fc92bd5bd287032dca902f41262a9b63e498dfe0aba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56ce60c416f8a2473d45dfc721d1dd2a
SHA1 d174db71851b164309f2fc59775204a0f2fe93db
SHA256 c565d626334486089649df559d223e1ce0a9047c493d0d180d7a4c07b400a156
SHA512 8286662cecbe52bd5b0e493518f75618f3ecc07ed7b6e5ee00f8186a9b5c4bd8710ad71432ec14d73088f3143f93c9febeeb4fd06e28133ba7f6e987c6e21e05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 098bf846837bd20c92cfea0ae04dcafc
SHA1 d9ac6bc0bcadf87bf29426d7b28a87f60f3abb6d
SHA256 a44a7d4e67f00875127c71dd4fdd849d4bad86b986710a0f591eb712bb05ffe6
SHA512 006df8802518726cfc7fe885746198c9162b758b88d0d2dcb95959695efa81885ace443d3889460ce1cdaa855d7660f63af0da9a03a51a0d9be484e94fae00d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a0f880b16bb4c3a686e46b60adb6d07
SHA1 08dc0fdead639f50cc8c924e43bd9ae495895b79
SHA256 e2daaebc41cef368db6cd64fda289fe9fe45115bf0717eefcde23c69f167284e
SHA512 52c682b52ffca44285480f01f9ed7a31d9132cc6837cb3b24f02b9b9516e88bf030db33c1ccb1ca3018234ce2e709bdb9105ebf723c473d777f061aeb0590fb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5fc86e7dc8f02788768d19ff0a3a245
SHA1 02c86c719ce2627fdf780e6a5197b691a970498e
SHA256 a129028dd5dcd262981fe17933e35d08411fe4185c4789c86b554cf34e927fb5
SHA512 73dbd872d621c445ba3f3e8f35bb4cea980568351d25d87c315656de335773cdad27121ebed3adc5ad98c5bcf7e4dfa6ee18075ea2a08359f948ffb297e8f75a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9116d2edf6c8eea4832c38f9a187b07
SHA1 c0b28daa33a2be15e4d9ad61031b86a77240fe82
SHA256 4d0036d84623813c5f3106299364540e02e3a853ecfb22f7a5b6cae2213443f8
SHA512 347bb6b513569143f56f16e13cd2f7edaafdf8ac8bc58560c5359048c0375710b2e5e4ebd20a25d35cbf7e9e6e3c15575cb408789ec876cc2442cdd13cd013de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62385456988770c50719c9351f16aa82
SHA1 188c85185c9fd10214a5ead45aee867810ef179e
SHA256 c3b6922df1fe932c4bd507fda0c9a4e374155e59b9f8c3c79e55a05fb4c123bb
SHA512 e68a06b1a96a572f6d6b56d6ddae414eb38c121a89294512a57ef48d3f2fe1f9a9615a5cb8dbd12654b4079657ef953194c3b85447e8713b0f64efc05b7dedd5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80dd2f75c43952999cedad16a31cda58
SHA1 9b5e7d270844790587438484d12ee9167d9f4588
SHA256 93799c6a00128c1ee1531c10668730ff8aedb4d5987019cf16b3fc5866d06ab1
SHA512 57d16fe231596eaee314bd952f3545d548e9297365681e4a949bafb546e30ef094fc0935ecf55023405fe6a5367f6b5ce63444a69cae5bfa8001c8b100bb3e70

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-15 09:59

Reported

2025-01-15 10:02

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_53c8dc12b8f1eda02a50c1aaa8ec04e9.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3044 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 4012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3044 wrote to memory of 3496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_53c8dc12b8f1eda02a50c1aaa8ec04e9.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7fd646f8,0x7fff7fd64708,0x7fff7fd64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2352 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6884 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.179.233:80 www.blogger.com tcp
GB 142.250.179.233:445 www.blogger.com tcp
GB 142.250.179.233:80 www.blogger.com tcp
US 8.8.8.8:53 synad2.nuffnang.com.my udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 tweetmeme.com udp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 233.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
GB 142.250.179.233:443 www.blogger.com tcp
US 8.8.8.8:53 bloggerhosting.appspot.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.180.20:80 bloggerhosting.appspot.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:80 sites.google.com tcp
GB 142.250.179.233:80 img2.blogblog.com tcp
GB 142.250.179.233:80 img2.blogblog.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 counter.24log.com udp
GB 142.250.179.233:80 img2.blogblog.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
RU 89.169.29.11:80 counter.24log.com tcp
RU 89.169.29.11:80 counter.24log.com tcp
RU 89.169.29.11:80 counter.24log.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 163.70.147.35:80 www.facebook.com tcp
GB 172.217.169.14:443 sites.google.com udp
RU 89.169.29.11:80 counter.24log.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 topseolink.com udp
US 15.197.225.128:80 topseolink.com tcp
US 8.8.8.8:53 autobacklink.co.tv udp
US 8.8.8.8:53 1000backlinks.cz.cc udp
GB 142.250.179.233:443 img2.blogblog.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 20.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 128.225.197.15.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.180.20:80 bloggerhosting.appspot.com tcp
US 8.8.8.8:53 downloads.totallyfreecursors.com udp
US 45.79.19.245:80 downloads.totallyfreecursors.com tcp
US 45.79.19.245:80 downloads.totallyfreecursors.com tcp
US 8.8.8.8:53 www1.shoutmix.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 gengblogger.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 76.223.54.146:80 gengblogger.com tcp
US 8.8.8.8:53 feeds.feedburner.com udp
GB 142.250.200.42:443 ogads-pa.googleapis.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 216.58.212.206:80 feeds.feedburner.com tcp
GB 142.250.200.42:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 blogwalkingwidget.blogspot.com udp
US 8.8.8.8:53 www.yiedpozi.info udp
US 8.8.8.8:53 ohdaus.blogspot.com udp
US 8.8.8.8:53 mrdaha.blogspot.com udp
US 8.8.8.8:53 www.jejakaterhangat.com udp
GB 172.217.16.225:80 mrdaha.blogspot.com tcp
GB 172.217.16.225:80 mrdaha.blogspot.com tcp
GB 172.217.16.225:80 mrdaha.blogspot.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 245.19.79.45.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
GB 172.217.16.225:80 mrdaha.blogspot.com tcp
GB 172.217.16.225:80 mrdaha.blogspot.com tcp
GB 172.217.16.225:443 mrdaha.blogspot.com tcp
US 8.8.8.8:53 146.54.223.76.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 blogger.googleusercontent.com udp
GB 142.250.200.33:443 blogger.googleusercontent.com tcp
GB 142.250.178.14:443 apis.google.com udp
GB 172.217.16.225:443 mrdaha.blogspot.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:80 pagead2.googlesyndication.com tcp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 104.22.75.171:80 widgets.amung.us tcp
GB 142.250.179.233:80 www.blogblog.com tcp
GB 142.250.179.233:80 www.blogblog.com tcp
GB 142.250.179.233:80 www.blogblog.com tcp
GB 142.250.179.233:80 www.blogblog.com tcp
GB 142.250.179.233:80 www.blogblog.com tcp
GB 142.250.179.233:80 www.blogblog.com tcp
US 8.8.8.8:53 t.dtscout.com udp
US 141.101.120.10:443 t.dtscout.com tcp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.75.171:80 whos.amung.us tcp
US 8.8.8.8:53 cdn.tynt.com udp
US 104.18.13.146:443 cdn.tynt.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 142.250.200.2:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ic.tynt.com udp
US 67.202.105.34:443 ic.tynt.com tcp
GB 216.58.201.97:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 171.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 146.13.18.104.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
GB 216.58.201.97:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 de.tynt.com udp
US 67.202.105.32:443 de.tynt.com tcp
GB 172.217.16.225:80 mrdaha.blogspot.com tcp
GB 172.217.16.225:80 mrdaha.blogspot.com tcp
GB 172.217.16.225:80 mrdaha.blogspot.com tcp
GB 172.217.16.225:80 mrdaha.blogspot.com tcp
GB 172.217.16.225:80 mrdaha.blogspot.com tcp
US 8.8.8.8:53 34.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 32.105.202.67.in-addr.arpa udp
GB 142.250.200.2:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 en.wikipedia.org udp
US 8.8.8.8:53 darkbatman.com udp
US 8.8.8.8:53 9gag.com udp
GB 142.250.200.33:443 blogger.googleusercontent.com udp
US 8.8.8.8:53 fuckyeahtrollface.tumblr.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 kpop.pooq.co.kr udp
US 8.8.8.8:53 memebase.com udp
US 8.8.8.8:53 memegenerator.net udp
US 8.8.8.8:53 ohinternet.com udp
US 8.8.8.8:53 ridoma.blogspot.com udp
US 8.8.8.8:53 trollfacecomic.com udp
US 8.8.8.8:53 tweepi.com udp
US 8.8.8.8:53 twiends.com udp
US 8.8.8.8:53 whynne.deviantart.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.churpchurp.com udp
US 8.8.8.8:53 www.cuhax.blogspot.com udp
US 8.8.8.8:53 www.guatv.com udp
US 8.8.8.8:53 www.twitter.com udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 67.202.105.32:443 de.tynt.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.178.10:445 ajax.googleapis.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 216.58.213.10:139 ajax.googleapis.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 67.202.105.32:443 de.tynt.com tcp
US 8.8.8.8:53 www.100penulis.com udp
US 8.8.8.8:53 dhatieku.blogspot.com udp
US 8.8.8.8:53 my270view.blogspot.com udp
US 8.8.8.8:53 penjankayu.blogspot.com udp
US 8.8.8.8:53 sejutastanzaselamba.blogspot.com udp
US 8.8.8.8:53 terbiut.blogspot.com udp
US 8.8.8.8:53 duckandrun1303.blogspot.com udp
US 8.8.8.8:53 aliefcmoi.blogspot.com udp
US 8.8.8.8:53 erolnukman.blogspot.com udp
US 8.8.8.8:53 nazirulhazwanws.blogspot.com udp
US 8.8.8.8:53 merahitujambu.blogspot.com udp
GB 172.217.16.225:80 merahitujambu.blogspot.com tcp
GB 172.217.16.225:80 merahitujambu.blogspot.com tcp
GB 172.217.16.225:80 merahitujambu.blogspot.com tcp
GB 172.217.16.225:80 merahitujambu.blogspot.com tcp
GB 172.217.16.225:80 merahitujambu.blogspot.com tcp
GB 172.217.16.225:80 merahitujambu.blogspot.com tcp
GB 172.217.16.225:80 merahitujambu.blogspot.com tcp
GB 172.217.16.225:80 merahitujambu.blogspot.com tcp
GB 172.217.16.225:80 merahitujambu.blogspot.com tcp
GB 172.217.16.225:80 merahitujambu.blogspot.com tcp
US 8.8.8.8:53 zahraally.blogspot.com udp
US 8.8.8.8:53 sinarraudah.blogspot.com udp
US 8.8.8.8:53 qasehsyahnia.blogspot.com udp
US 8.8.8.8:53 ctliyana86.blogspot.com udp
US 8.8.8.8:53 sangkarhitam.blogspot.com udp
GB 172.217.16.225:80 sangkarhitam.blogspot.com tcp
US 8.8.8.8:53 dalamnafascinta.blogspot.com udp
GB 172.217.16.225:80 dalamnafascinta.blogspot.com tcp
GB 172.217.16.225:80 dalamnafascinta.blogspot.com tcp
GB 172.217.16.225:80 dalamnafascinta.blogspot.com tcp
US 8.8.8.8:53 zaki91.blogspot.com udp
US 8.8.8.8:53 ordinarysoffea.blogspot.com udp
GB 172.217.16.225:80 ordinarysoffea.blogspot.com tcp
GB 172.217.16.225:80 ordinarysoffea.blogspot.com tcp
GB 172.217.16.225:80 ordinarysoffea.blogspot.com tcp
GB 172.217.16.225:80 ordinarysoffea.blogspot.com tcp
US 8.8.8.8:53 ezmaliza.blogspot.com udp
US 8.8.8.8:53 arena-hana.blogspot.com udp
GB 172.217.16.225:80 arena-hana.blogspot.com tcp
GB 172.217.16.225:80 arena-hana.blogspot.com tcp
US 8.8.8.8:53 www.zafiranabilah.com udp
US 8.8.8.8:53 besout.blogspot.com udp
US 8.8.8.8:53 jejakaanggun.blogspot.com udp
US 8.8.8.8:53 johnjeninz.blogspot.com udp
GB 172.217.16.225:80 johnjeninz.blogspot.com tcp
US 8.8.8.8:53 ahmadalieff.blogspot.com udp
GB 172.217.16.225:80 ahmadalieff.blogspot.com tcp
GB 172.217.16.225:80 ahmadalieff.blogspot.com tcp
US 8.8.8.8:53 www.ciktom.com udp
GB 172.217.16.225:80 ahmadalieff.blogspot.com tcp
MY 103.27.73.150:80 www.ciktom.com tcp
US 8.8.8.8:53 ainnabila-iman.blogspot.com udp
US 8.8.8.8:53 www.aidaazryn.com udp
US 8.8.8.8:53 crayzeebaybiey.blogspot.com udp
GB 172.217.16.225:80 crayzeebaybiey.blogspot.com tcp
US 8.8.8.8:53 asaltakhangit.blogspot.com udp
US 8.8.8.8:53 nash121.blogspot.com udp
GB 172.217.16.225:80 nash121.blogspot.com tcp
SG 172.96.191.42:80 www.aidaazryn.com tcp
GB 172.217.16.225:80 nash121.blogspot.com tcp
GB 172.217.16.225:80 nash121.blogspot.com tcp
US 8.8.8.8:53 worldofsizuka.blogspot.com udp
GB 172.217.16.225:80 worldofsizuka.blogspot.com tcp
MY 103.27.73.150:80 www.ciktom.com tcp
US 8.8.8.8:53 puisitepijalan.blogspot.com udp
US 8.8.8.8:53 4east2u.blogspot.com udp
GB 172.217.16.225:80 4east2u.blogspot.com tcp
US 8.8.8.8:53 kimieslot.blogspot.com udp
GB 172.217.16.225:80 kimieslot.blogspot.com tcp
GB 172.217.16.225:80 kimieslot.blogspot.com tcp
US 8.8.8.8:53 chentamaneesku.blogspot.com udp
US 8.8.8.8:53 www.ainz.co.cc udp
GB 172.217.16.225:80 chentamaneesku.blogspot.com tcp
US 8.8.8.8:53 malaysiaheaven.blogspot.com udp
US 8.8.8.8:53 azfar9897.blogspot.com udp
GB 172.217.16.225:80 azfar9897.blogspot.com tcp
GB 172.217.16.225:80 azfar9897.blogspot.com tcp
US 8.8.8.8:53 mangges.blogspot.com udp
GB 172.217.16.225:80 mangges.blogspot.com tcp
US 8.8.8.8:53 princessnies.blogspot.com udp
US 8.8.8.8:53 lieroseqiemi.blogspot.com udp
US 8.8.8.8:53 yatieepisode.blogspot.com udp
GB 172.217.16.225:80 yatieepisode.blogspot.com tcp
GB 172.217.16.225:80 yatieepisode.blogspot.com tcp
US 8.8.8.8:53 kerdildesa.blogspot.com udp
GB 172.217.16.225:80 kerdildesa.blogspot.com tcp
US 35.91.2.62:80 www.ainz.co.cc tcp
US 8.8.8.8:53 nubmohdtahir.blogspot.com udp
GB 172.217.16.225:80 nubmohdtahir.blogspot.com tcp
GB 172.217.16.225:80 nubmohdtahir.blogspot.com tcp
US 8.8.8.8:53 daarulmuaqaamah.blogspot.com udp
US 8.8.8.8:53 heroiczero.blogspot.com udp
US 8.8.8.8:53 syahthebest.blogspot.com udp
US 8.8.8.8:53 www.under-8.com udp
GB 172.217.16.225:80 syahthebest.blogspot.com tcp
GB 172.217.16.225:80 syahthebest.blogspot.com tcp
GB 172.217.16.225:80 syahthebest.blogspot.com tcp
US 8.8.8.8:53 iwandextrous.blogspot.com udp
US 8.8.8.8:53 aestheticakmal.blogspot.com udp
GB 172.217.16.225:80 aestheticakmal.blogspot.com tcp
US 8.8.8.8:53 fieq89.blogspot.com udp
GB 172.217.16.225:80 fieq89.blogspot.com tcp
GB 172.217.16.225:80 fieq89.blogspot.com tcp
US 8.8.8.8:53 cahaya-humaira.blogspot.com udp
US 8.8.8.8:53 bidadarihijau.blogspot.com udp
GB 172.217.16.225:80 bidadarihijau.blogspot.com tcp
GB 172.217.16.225:80 bidadarihijau.blogspot.com tcp
US 8.8.8.8:53 kerolmohtar.blogspot.com udp
US 8.8.8.8:53 anatiii.blogspot.com udp
GB 172.217.16.225:80 anatiii.blogspot.com tcp
GB 172.217.16.225:80 anatiii.blogspot.com tcp
US 8.8.8.8:53 42.191.96.172.in-addr.arpa udp
US 8.8.8.8:53 150.73.27.103.in-addr.arpa udp
US 8.8.8.8:53 62.2.91.35.in-addr.arpa udp
US 67.202.105.32:443 de.tynt.com tcp
US 8.8.8.8:53 60.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 de.tynt.com udp
US 67.202.105.34:443 de.tynt.com tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ba6ef346187b40694d493da98d5da979
SHA1 643c15bec043f8673943885199bb06cd1652ee37
SHA256 d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73
SHA512 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

\??\pipe\LOCAL\crashpad_3044_ICJSOFVJUQVJZMSQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b8880802fc2bb880a7a869faa01315b0
SHA1 51d1a3fa2c272f094515675d82150bfce08ee8d3
SHA256 467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812
SHA512 e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 009aa20808f0dfdd9b024abf4ead8f97
SHA1 076aee9b480bb72e298cff215b217aa083868a5c
SHA256 df097c9053aba1b3ede68abb499389ea313848a832ef02a2d0d636d7bc11deb1
SHA512 423d7a86183bd8dafdb990a90a4a0d36a4ad82f70773b47abade123d3982fb2ff7415429b0338befbc14689278b940858bb887385b815f0f4758214b168f9169

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 e6ad753a82fdc788050af77fca673b05
SHA1 6aefa50b2c26efc0f2882259a61fa821787f67c5
SHA256 497818d0b5caa89097f3373acfd01110705688091301770a58bc8963514bb167
SHA512 88dc9e4ed92bdf0f9083fe1650cb5fe1592c57393af0e010081c09362da6112f6a28ca73ce31de3f33573f22a8e413b16b013c9a825b62034e0ffbf906d25172

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 2b5b5e31c8cae7a87bd2212d04dfb2c4
SHA1 6753096c4c808970acb4a59eace93e4f777b6792
SHA256 7fb5e0939c5fce8e0d8d1440c7f8487331ec6958675ce2562f2f68a61656b96f
SHA512 d6c739df4d749beb16d9e9ef42f3e331922ca910a9176b5709ebc2f8da929b4c9dc9996956250e79470e6073edb2a40a8e609ebb618f3e93abee0b156acd6495

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 314d29b70141e3b8bb7b72d563930aae
SHA1 5743d5e7ad11bb92834e04263b015f62753f0a79
SHA256 98a88c23d36b5bb9c76ca611187354dbd2f5e4b99973cc18080883ee0a39031e
SHA512 36cf65b3da1c4abe64767475409b69358ba6a4352a2fb0c71c32b07d4a59f733b2127bbd7772f39b5915e1cec6ce8fedc71cb09afedcd96a57e03c0de189b263

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f0ef6e76c1705b7790ef4dcdd99f2fdc
SHA1 571a2b796a71b966376620e2de3681e436df0b42
SHA256 042c42d1c604267e59d4965a59c29f80c7436227d649c936f34ffb211e8bd8dd
SHA512 c838ca1e6c1d08b82a29b3681a8f51ca1565c4ed4e9307637755a5e59b90db3696703bbbd3a6a10923a473f642abdb6f8a9c0987b26d72f11a595b600795967b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9ac6710323df8dae85ddb39943ea1797
SHA1 b1db3a33de8a060fba7cae383e2b0ee8a71ac89e
SHA256 67e6115630dadbbea92fe3717b3030fbffb5635f099fca88a1a5be4ad301d0ed
SHA512 21cbee2edbaf5e3d1a9a238f75f15f31dae46b19676976b71cd61026319e221e270ad05916117426e08fe6bb568e7e5eaad050282617628de64b0c4357a04b9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 77997c45f622ab1071fd754b564440c9
SHA1 8ef42afcf59f22fa29ba9668143a9d010cf40027
SHA256 f09658cdc0adca6894da7b7c412b0e177aeb2ad9a2e54f08de5e871c9339a563
SHA512 2504f4d0bf1b1b451071f399ea21bd4fce95bcddb4717e77e185563ec58520a3d896262531c8975fd78bce7ba73802df00b924d57c8eb2e5bbb6be0d97918693

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 df5e877cbaf6040e93359c0f4bf3c2d3
SHA1 7b991f2d89495cb42c4f44cc929192c9627b1bb3
SHA256 d6bdcf78d017afc5cdee1f9fac74555629315206d29be352ef10b5478e8986ab
SHA512 a7610ce139d12b53d7ee9ccb2789d135b71726acd3a7c990ff56f20430d6961e17687c86329f5b774432f8af825897f11e18973f436555c21ce654754e96ec51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e52e1f82b8a54b84aaa8864ce4d157fe
SHA1 fb0736b6292506cadc875152b16305480abea971
SHA256 7cbeccf54c6b26ec306a021967ab4730ab697a91630f5ddf4c2317df131716fc
SHA512 9fbd55e3f273fe762424e1799500363e65450b8df3aa57173ee362659d1619a2ef20c553f3317bc8e89a9a68cb673d5d13215e05502b7612fee2ddb33aee38a3