Malware Analysis Report

2025-03-14 21:56

Sample ID 250123-xjzmvsyrgy
Target JaffaCakes118_1a2836cd81c740330305110e5399d6f2
SHA256 329cf3b9e60695717756b8a461b8dac6b8691b9a96fbc520e2cf89c6e0973ddc
Tags
phishing google discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

329cf3b9e60695717756b8a461b8dac6b8691b9a96fbc520e2cf89c6e0973ddc

Threat Level: Known bad

The file JaffaCakes118_1a2836cd81c740330305110e5399d6f2 was found to be: Known bad.

Malicious Activity Summary

phishing google discovery

Detected google phishing page

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

Legitimate hosting services abused for malware hosting/C2

Detected phishing page

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-23 18:53

Signatures

Detected phishing page

phishing

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-23 18:53

Reported

2025-01-23 18:56

Platform

win7-20240903-en

Max time kernel

145s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1a2836cd81c740330305110e5399d6f2.html

Signatures

Detected google phishing page

phishing google

A potential corporate email address has been identified in the URL: [email protected]

phishing

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443820291" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5D851FE1-D9BB-11EF-ADF1-527E38F5B48B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1a2836cd81c740330305110e5399d6f2.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 bloggerstyles.com udp
US 8.8.8.8:53 lh4.ggpht.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 c4.ac-images.myspacecdn.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 c1.ac-images.myspacecdn.com udp
US 8.8.8.8:53 lh5.ggpht.com udp
US 8.8.8.8:53 c3.ac-images.myspacecdn.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 c2.ac-images.myspacecdn.com udp
US 8.8.8.8:53 img831.imageshack.us udp
US 8.8.8.8:53 img135.imageshack.us udp
US 8.8.8.8:53 i298.photobucket.com udp
US 8.8.8.8:53 bloggertipspro.googlepages.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 pipes.yahoo.com udp
US 8.8.8.8:53 i149.photobucket.com udp
US 8.8.8.8:53 www.pustamiska.pl udp
US 8.8.8.8:53 www.pajacyk.pl udp
US 8.8.8.8:53 img357.imageshack.us udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 tcr.tynt.com udp
US 8.8.8.8:53 pics7.inxhost.com udp
GB 216.58.212.233:80 www.blogger.com tcp
US 38.99.77.17:80 img357.imageshack.us tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
NL 18.239.69.83:80 c2.ac-images.myspacecdn.com tcp
US 38.99.77.17:80 img357.imageshack.us tcp
NL 18.239.69.83:80 c2.ac-images.myspacecdn.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
US 38.99.77.17:80 img357.imageshack.us tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
DE 157.240.210.14:80 connect.facebook.net tcp
US 172.67.8.141:80 widgets.amung.us tcp
DE 157.240.210.14:80 connect.facebook.net tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
US 38.99.77.17:80 img357.imageshack.us tcp
GB 216.58.212.233:80 www.blogger.com tcp
US 38.99.77.17:80 img357.imageshack.us tcp
US 172.67.8.141:80 widgets.amung.us tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
GB 142.250.178.2:80 pagead2.googlesyndication.com tcp
US 38.99.77.17:80 img357.imageshack.us tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
NL 18.239.69.117:80 c2.ac-images.myspacecdn.com tcp
GB 216.58.212.233:80 www.blogger.com tcp
NL 18.239.69.117:80 c2.ac-images.myspacecdn.com tcp
GB 142.250.178.2:80 pagead2.googlesyndication.com tcp
NL 18.239.69.117:80 c2.ac-images.myspacecdn.com tcp
GB 216.58.212.233:80 www.blogger.com tcp
GB 142.250.187.238:443 apis.google.com tcp
GB 142.250.187.238:443 apis.google.com tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
NL 18.239.69.117:80 c2.ac-images.myspacecdn.com tcp
NL 18.239.69.117:80 c2.ac-images.myspacecdn.com tcp
US 104.18.12.146:80 tcr.tynt.com tcp
US 104.18.12.146:80 tcr.tynt.com tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
US 15.197.148.33:80 bloggerstyles.com tcp
US 15.197.148.33:80 bloggerstyles.com tcp
US 15.197.148.33:80 bloggerstyles.com tcp
US 15.197.148.33:80 bloggerstyles.com tcp
US 15.197.148.33:80 bloggerstyles.com tcp
US 15.197.148.33:80 bloggerstyles.com tcp
GB 142.250.200.51:80 bloggertipspro.googlepages.com tcp
GB 142.250.200.51:80 bloggertipspro.googlepages.com tcp
NO 143.204.55.79:80 i149.photobucket.com tcp
NO 143.204.55.79:80 i149.photobucket.com tcp
NO 143.204.55.79:80 i149.photobucket.com tcp
NO 143.204.55.73:80 i149.photobucket.com tcp
NO 143.204.55.73:80 i149.photobucket.com tcp
NL 18.239.69.104:80 c2.ac-images.myspacecdn.com tcp
NL 18.239.69.104:80 c2.ac-images.myspacecdn.com tcp
PL 195.149.198.194:80 www.pajacyk.pl tcp
PL 195.149.198.194:80 www.pajacyk.pl tcp
PL 195.78.67.53:80 www.pustamiska.pl tcp
PL 195.78.67.53:80 www.pustamiska.pl tcp
RU 45.130.41.107:80 pics7.inxhost.com tcp
RU 45.130.41.107:80 pics7.inxhost.com tcp
DE 157.240.210.14:443 connect.facebook.net tcp
US 8.8.8.8:53 sites.google.com udp
NO 143.204.55.79:443 i149.photobucket.com tcp
NO 143.204.55.73:443 i149.photobucket.com tcp
NO 143.204.55.79:443 i149.photobucket.com tcp
NO 143.204.55.79:443 i149.photobucket.com tcp
GB 216.58.201.110:80 sites.google.com tcp
GB 216.58.201.110:80 sites.google.com tcp
PL 195.78.67.53:443 www.pustamiska.pl tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.201.110:443 sites.google.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 142.250.187.227:80 c.pki.goog tcp
GB 142.250.187.227:80 c.pki.goog tcp
GB 142.250.187.227:80 c.pki.goog tcp
GB 142.250.187.227:80 c.pki.goog tcp
GB 142.250.187.227:80 c.pki.goog tcp
US 8.8.8.8:53 nethcdn.com udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 104.21.112.1:443 nethcdn.com tcp
US 104.21.112.1:443 nethcdn.com tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
US 8.8.8.8:53 pustamiska.pl udp
PL 195.242.117.217:443 pustamiska.pl tcp
PL 195.242.117.217:443 pustamiska.pl tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 fbcdn-sphotos-a.akamaihd.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www6.cbox.ws udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 108.181.41.161:80 www6.cbox.ws tcp
US 108.181.41.161:80 www6.cbox.ws tcp
GB 142.250.179.228:80 www.google.com tcp
GB 142.250.179.228:80 www.google.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 172.217.16.225:443 lh4.googleusercontent.com tcp
GB 172.217.16.225:443 lh4.googleusercontent.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 korfo.org udp
US 8.8.8.8:53 udp
GB 142.250.187.238:80 apis.google.com tcp
GB 142.250.187.238:80 apis.google.com tcp
NO 143.204.55.79:443 i149.photobucket.com tcp
NO 143.204.55.79:443 i149.photobucket.com tcp
DE 142.132.202.70:443 korfo.org tcp
DE 142.132.202.70:443 korfo.org tcp
NO 143.204.55.79:443 i149.photobucket.com tcp
GB 142.250.187.238:443 apis.google.com tcp
DE 142.132.202.70:443 korfo.org tcp
DE 142.132.202.70:443 korfo.org tcp
US 8.8.8.8:53 static.cbox.ws udp
US 8.8.8.8:53 profile.ak.fbcdn.net udp
US 104.21.112.1:80 static.cbox.ws tcp
US 104.21.112.1:80 static.cbox.ws tcp
DE 142.132.202.70:443 korfo.org tcp
DE 142.132.202.70:443 korfo.org tcp
US 8.8.8.8:53 support.google.com udp
GB 216.58.201.110:443 support.google.com tcp
GB 216.58.201.110:443 support.google.com tcp
DE 142.132.202.70:443 korfo.org tcp
DE 142.132.202.70:443 korfo.org tcp
NO 143.204.55.79:443 i149.photobucket.com tcp
NO 143.204.55.79:443 i149.photobucket.com tcp
BE 142.251.173.84:443 accounts.google.com tcp
BE 142.251.173.84:443 accounts.google.com tcp
NO 143.204.55.79:443 i149.photobucket.com tcp
NO 143.204.55.79:443 i149.photobucket.com tcp
NO 143.204.55.79:443 i149.photobucket.com tcp
NO 143.204.55.79:443 i149.photobucket.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
DE 157.240.210.14:443 scontent.xx.fbcdn.net tcp
DE 157.240.210.14:443 scontent.xx.fbcdn.net tcp
DE 157.240.210.14:443 scontent.xx.fbcdn.net tcp
DE 157.240.210.14:443 scontent.xx.fbcdn.net tcp
DE 157.240.210.14:443 scontent.xx.fbcdn.net tcp
DE 157.240.210.14:443 scontent.xx.fbcdn.net tcp
DE 157.240.210.14:443 scontent.xx.fbcdn.net tcp
DE 157.240.210.14:443 scontent.xx.fbcdn.net tcp
DE 157.240.210.14:443 scontent.xx.fbcdn.net tcp
DE 157.240.210.14:443 scontent.xx.fbcdn.net tcp
DE 157.240.210.14:443 scontent.xx.fbcdn.net tcp
DE 157.240.210.14:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 lads.myspacecdn.com udp
NO 143.204.55.79:80 i149.photobucket.com tcp
NL 18.239.36.29:80 lads.myspacecdn.com tcp
NL 18.239.36.29:80 lads.myspacecdn.com tcp
US 8.8.8.8:53 ic.tynt.com udp
US 8.8.8.8:53 sc.tynt.com udp
US 8.8.8.8:53 maps.google.com udp
NO 143.204.55.79:80 i149.photobucket.com tcp
NO 143.204.55.79:80 i149.photobucket.com tcp
NO 143.204.55.79:80 i149.photobucket.com tcp
US 67.202.105.34:443 ic.tynt.com tcp
US 67.202.105.34:443 ic.tynt.com tcp
US 104.18.12.146:443 sc.tynt.com tcp
US 104.18.12.146:443 sc.tynt.com tcp
GB 142.250.200.14:80 maps.google.com tcp
GB 142.250.200.14:80 maps.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NO 143.204.55.79:443 i149.photobucket.com tcp
NO 143.204.55.79:443 i149.photobucket.com tcp
GB 142.250.200.14:443 maps.google.com tcp
GB 142.250.178.3:443 ssl.gstatic.com tcp
GB 142.250.178.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 de.tynt.com udp
US 67.202.105.33:443 de.tynt.com tcp
US 67.202.105.33:443 de.tynt.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
FR 23.77.197.149:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
FR 2.20.93.201:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8UFEBH5\jquery-1.2.6.min[1].htm

MD5 e89f75f918dbdcee28604d4e09dd71d7
SHA1 f9d9055e9878723a12063b47d4a1a5f58c3eb1e9
SHA256 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023
SHA512 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 32cbe18305155ba5b4b6c62ff10a67e8
SHA1 af662e381acfa23d01ffb56015415e4283e43d2a
SHA256 7958f8c2cb4e85eacbfb0f87235df3a5d4e1d5c5a176aeb296a77637e2283305
SHA512 9318e42367f1886088d4500c5ebe6c6e30f111c3e8acf22f219c9492940b904cea3f3fbafc42bb1804944e7a2a25ec681111b56d2aea7293f1f74cc072f3326b

C:\Users\Admin\AppData\Local\Temp\CabEADE.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarEAF0.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22f65cca222cb5249a6f004da67e1dc6
SHA1 9abae2e3fdd3606f2919395b87a9093f35de1a90
SHA256 8114576dbe6c72245c9854ac34c603b47c3e59d9ba064ccbdc18f4beda2bc434
SHA512 6a022f8f3e3ec3d59a6823a05398b0e1a4e40ddc3a8ab66de1ce604258926bb34f33cebfde7fe20fe6f52a58fd9117122ce2135f50a52b906359606baac0a2cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6DA548C7E5915679F87E910D6581DEF1_DA783F5F6B4EACF017C07E5A0C9B6E7D

MD5 504a989d64d48df32832d71f496c0052
SHA1 38c2426f87d17a1bce12d939ac3477b95d90132f
SHA256 389f534cf744f1984505d49e0be36dc50b7615de60f9e714be0423f86981b495
SHA512 0b3834472aaac85109ded25a51ce231b31b841034abbdca8691c9e01a3f6d0e29b1620a0301f88125708153de8b61d43c65079338b0114f8e571ab14c8574330

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 bbfc5049187d3313444230b467eadfe0
SHA1 52876c3d99d770875ff90430de12764ffc0057e5
SHA256 820383796c0843d1fb9b4342a554a162e6765852932e7ed24bf30ac4bf7ab7bd
SHA512 fe95150d32c27be04345d044d00d85819c3823f61ed9f41c6154473e30ef510da8050407b7cfdd75595bb5f0258b62aa3cacce4a6450d7b679a97e8f70888e96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce94a28a802eafb757acd8953d8be2ec
SHA1 e1fada1e59760d2b80caa9fdd02e779ad65626c3
SHA256 21db92b5a8f4f65c067f206f80bf3cc2604d61ba143ad466e8135654a4350317
SHA512 2e40c754d2c77c68473db9eb6cee06c2d8b6fe53d464e63706aa1b4a82560fc67ac51be453ffceca58541f7401ed86cc732c5ef8ca4033b05112deb633fa9ae0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 242cceee979e5cef28282df8b249bebd
SHA1 fbe6b97dbc1a3788018cf42bbf1e8fe03fc22618
SHA256 6135f406b77b0648e5895e06f6721f7d4381ab78512da2791da6bee9653e722f
SHA512 09ed1915047e67ff1255ab0a0ee1763a23d0b4703056bbe6cc314ed41b5eaf094509d4cc43a10049ec98fa4a464b06c460bd5095063d898cef63a288b49b1ef4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a178b59c33f80eda96159976b52ed345
SHA1 a038b901ecd9b80943c67a6c13de2eb4d38b5262
SHA256 f9fc2b46b3c3381877b23c91d33f418ef35b5fe3e0a312bc26b3fcde21c9c57f
SHA512 0eb1662e2aa8cd192a946a19f2b725740c639c68c11450d48e04ef6ad3f4f0664aeb938e8d1bff9ef9aa97b54ebc572d6c43ae6acab7a466a2230e1bcdd63b1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 427504eddde3a92a2ac6566a2ded1ba3
SHA1 14eb93afe1c2969650598e78785bfd46da3617a1
SHA256 c27226925159e327b942a27bbbf2dbecd18d93ede9fe20af2fd2e42fb261c5cc
SHA512 cdf935703d43d02d77da2676e427128fb35f62c2b3325caf4eab2e39ad4379c450dc6acee4e3ec3aa03d4d4218fbf0bbfb60f89a25a201062115696689f56113

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9c7ef249b206b9ab05f003574494db2
SHA1 d5d1c65f7a11eb7a15f6072aded27c59830456f4
SHA256 f07f1e327fbf77b8b3aa578100c0ca34851bf207182aeb767fb2edd5d8e7ee97
SHA512 1046146a24d8c8039d26baa315feacd5c7fbf0622e26747f305455892aa1c88d1f7abb331e790b0aaa8506e64a9b8f5ed0328288a616bd905c9d1ee9cc1bf03c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1595cc60c725fe3cfe5c1df0d9ed7834
SHA1 01ef024d54b95b5e150a5e2011ea6e1ec392b6a9
SHA256 e4810d30165841cfdbe4bb580281f32ce97ab08bf2fe03cd644f235c9087a71b
SHA512 0eeab67a299f7eacbeb18fe17451620e43540b7559abfc7193fdd9d7b7e9c77c2d3c5be9bdf4004635442ad60276e72f07e8a471b7ba1c017815257acb8ac698

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40dd6a2f0162087ad801381108ece739
SHA1 7c998935fabeab5035574e1b83045a7e55c2312a
SHA256 c6cb42e33c1cb3653ec14e3a804aceba05b9da1d84965d6c7a52fe02fce4e07e
SHA512 953773b3e957d00ed32ca72ca88c9b6caef7c3003f9719b68e29eb88c5a757746edbd50d9eff21050f85e0c80d7e2c346813b070c3e9442c1f587018b1548140

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d48c4317756ced87fbaf82711f77735a
SHA1 0f0b0e936cb54f720c4c417b0d0a1ba2c5136b8f
SHA256 89ffe3b7205571319667a8831db31cee8acb1b1245473761b43a2f193b0422d6
SHA512 6c6e9177d90d12b38541157043c526051236e8fe8c0f0fead6310d0e26c79ac92cbca83f6b6498950f24ab487eb545ee364ec7e1c5ef38bd00c663f447bf77bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd4ab89121127d6b53181af7720aa623
SHA1 28195445298a2b7ff23ade31d7af9e779669ddf6
SHA256 a27476e73da168b07146f973340095df3c8e1350fe9bb878a20dc27c17ed7f37
SHA512 e601192a80b570253d6895bef0ffa0ce05f1bca15a7e3e8e72bdcaa381c23e179df84bf9ee0939272591d36649d3ac93a6a0a26edcfc2ac250322389f45efd2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07d6945d7ebae16a3a5e4ea79ce7e99d
SHA1 79fa828f2f1cb9189c35f6d5eb1ef8efca81658e
SHA256 dcfe40a13d944c8d130e72db0530d29af3a9d4214ab917a9f6da6762f68ce75c
SHA512 094d9bcd523d48b4a18b55613503952f6a4137d9afa59acc872ffa256f5b3a0b15d3ecc52f08ed3ce2724aa357bcdde36a24e90f3f53f66e58d9a9912867574c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68658e8c4b6a8e2d08dabe323372f5f3
SHA1 c6e260384d533b95fb34286653482facac3a685d
SHA256 048dca1570db9cf2b93f456a28888af32176e08c72dbecf7ebd4f0e65761ac21
SHA512 da0dcba716f6796f18c3f698324616eb374c0c6a1c96e2250935c6964687799b6ef7d3b99f4752c389daaa67779fd17aa3ac6fc12b9502322ffd1c36d4634adf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ff9d69594ef0ecd10acbf2560bd3cb5
SHA1 f1f1c4c249e9ea2a8e0a7199aab042f4332efa34
SHA256 2b08cd519a3ddd614a61d1439efb5807393158a7baaffbbcebc9d9eeccc546fd
SHA512 c2a2206eea54f7d313f092f0738433590cb90485d87aec636e20f443979cdb060892d233813f6e30f43f71ffcab2622a1569e03f45fafd0f88123380215eb604

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acfa61dcba80e2ed271b7abce39cc8f7
SHA1 9a13443e0c479933041c3bd1477caf25cae359f0
SHA256 86a91a17dec38195c5d545ea925d41676c21c09d9afebd7d1c9c0d2e5b23aaa4
SHA512 0930555ed81b0bcc63898649966c161c39009e7ebe81c7e8de7e669f16e204b05f1de794d15d734504fc29157de6a17ef03c972c7f88733f7457b9f446ef70d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 f0d29799e0ff1d4df3762cf0c07d056a
SHA1 79f591590f00418f43c3b965dc5fe1a739b4f40c
SHA256 eb80ee9b97ab3e034b012e12131a4afd4ea248350d65cbb9e1316dc5ccb2da70
SHA512 569809f3b9dabe9a426910a806b164ac7c50503f2256c56e7680bb6845221112bde22c4f4bdeabf4d6e99a695b0a63ff28a179b1e1bc206ff3bdd9fa881983e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 335a01d8e92662b01b2591d82ab1bf8f
SHA1 5dbf59f4845061a0cc11b52871e607e2e6eabb38
SHA256 9659b44d48916658766195630b2c65d2437918f8c5044d9de0cc1a2bf31355c7
SHA512 3190f6d0313fcf36fd8f8f157b54acf402015666a2907987b54577cf86ad11115b2e75bade5411bf7cddbaa4cfa28377666614db598e7c294ede3d71772f12e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 9ad7e73efb37ff5dacbeb7cab9f2f469
SHA1 cde30f8210893b9bb4c4154a74893f40de3dde08
SHA256 c93d6f530a9a40091a325127026fa6e978fe1338b3c6fbf1c55ee16715c892e2
SHA512 b207f2a56bc9ed1ad61844240caa7636056ca6ac9f26e5d880be636365c6e8572cc7cff221c74fb1b90ab82560d4baeba1a07748242765acd21b49a790369e1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

MD5 65c0ba236f5f1ef75f6f6d4a5d870b2d
SHA1 3ddc068985b3ed868e965a0b23e6a0c6d650dabf
SHA256 7ef77d4f500940b65b2c53df648ebbb30a9267699b837400747163af6462ac66
SHA512 295fcaf76878952b90326f02ce07cecd2aeed683554066f21beba498c04b961e293eb8fce46e0a4abe200bc5ede2624b4a1b22e2affc61c4597d5f32735537d5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8UFEBH5\_wnqySXw6WP[1].js

MD5 f5d960e00d27e808fb3ead354f95d460
SHA1 4c5568d3b2f599275d04da2d46984c69d54235ae
SHA256 032fb418e63ab47919dfe0397d227c71fb17ce4bc16966ce79557bd9d10235d9
SHA512 825518a8a3e2346a7fc7ee6f8104853a5bd409a0371248abe00ef1c9e2e822289e2719b740a8db01f3b0982cd909424c65fa999a2316bf6261db8a850df70b6e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\D-elwhLhnAu[1].js

MD5 30cadd856e4e03fea88457b1287ee4e2
SHA1 2dcfb9be31e9876b2c4ba9616190a8a1875fcf8f
SHA256 57f2ca5262b289cb4bb308eb93e9d8708e93f523f9c06a7b5a0a29afd6c10607
SHA512 f89442f4850730addcce5f75dfbdfb5a5d67f112197707d6e6b825f7dcf1a8491fce54bf29040642d9ab4610c977cce8cf6c0e826681b5b627f1b35dcc9c784f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ab18d68a0a286bed62a263d900829ea
SHA1 e6a7b7fe4d36c03b02c2251601708e8c53f03eb9
SHA256 059038a32d7a00ad01568036de5673f3a3722ded1adda6b9f1a618a8a91a73c5
SHA512 5033a310010dc9447ff15671cc318de8117400438f22dd1d4da68353781ac25dec63a7721dbce1b068285218c812420bde72cfb790cceb8141f2371ad107d503

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9487137e763a91f91f99cef0cbea9b25
SHA1 bacf078b7f5455edfe5c7cd8f5ca61e48f6b197f
SHA256 1b8b31d1fb3db3c3a7acf3d69f98862234a59366abbbe2c8a709eb803843b491
SHA512 73d8546ff7daf57e7dd30271432b878442cb5d6e6e84b5af0a9f9c01b97021172704c5f4092adc20d4a49d33beaaaadb914e3332cd3ed03e54e16f0ec9508451

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92b723d6b8cd53c4a233969d1367335d
SHA1 4b6336e994bbf989b40a217f1ef46c28578d7182
SHA256 78141dc49634964a51606757557b70afebcf74010f383709c927350ebbea8dcf
SHA512 ffd02df8b0b660b9163db57d1bda443c7e31e5692bb6aa28ae7e134ed1992ddcaf86b805685fbcbb9d1cb12c9cd4930bafacfc6f6759650ec61156d673499a2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6137dd587b57e761fd85f1f4343f5221
SHA1 113f3c93ee688f139483ee0bcef4246f75e003af
SHA256 725c7276779a58d99cdaf426f8d25b05cf83f4f946f97fe16fcce76ac1791e41
SHA512 951ee2d61a4d401ab104b5b389bcf694d2ec9a06209785cb8ac80494968117cd351ffefdf928e8d4957cd3dd0b67bd623c0a03b1cffc7c0bb6257ae1930c326b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 9fec330541bbc2b5746c05146a90cbcb
SHA1 f9cf5cce651ad8d929d39a4cfd00b20387c98feb
SHA256 131eb5e6976c9051192ccb19b00739e91365a3d16fafee9c52c48efa21bc495a
SHA512 c22bc36d8949c1a1831fb53547d832c7601da562ff17602649e3693ccc082755c81c771c92411bd78ded87df182af35b4e2d609322879467186092744966919d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e2480da22206c0d0037c11d5ce8c2f0
SHA1 31677b9a14fc4cada6e224781e97ec25858b41cb
SHA256 47c4b1d0dbbe57cbbbb56c755e67a9fcd07b5a900e7071b1e1120934e717cc57
SHA512 0ab44a59c97ced283ca5bc329b3e8957dccd8a021d74d5b56b84b8a5cb7e7b1ce700e1e6ef99c88be5fa301985d778bd3f20269592953ea10dae7e63c9c86b2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 5600307dbcf813d38b14543dfa2b5445
SHA1 41769a402cdd0e8c92ad0f164ad671f51ad7ec42
SHA256 5e253734b4920ced05f2de43ace6bd0e94dcc55456a4a334b2cd01e1228722b3
SHA512 b5d1b4480a02deb7ed808ad465c21bf05d239817cbc257e8382f30372fe3523df39db7b7242b4233a957f2f7fdd068c4054c6dbd7b85b52fd1c73614dc7b0511

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b81227bf041e26569d3f89f42f3ddf3
SHA1 5de62ba8fc52c426e9f9bf52d7b4fb0fbf4a07ed
SHA256 628afc581cc4f59ee15eb183b625eb336ca9b6469a237129637f3a53b8b6b9c2
SHA512 23b06cffebbd0a2b505bf3739254449543ab2594f5d22b7d41c187f5671e5dea3e1f56ab6b7214e74225cac5437e6a5f4096d192c1ce82215a247ed775217caf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

MD5 2bf5834759753f1438a7b0fc2472e9fb
SHA1 f095cc0fa29564dc9be35ef888528ffe2e5c3c89
SHA256 8cf177f49ce5151a7352b8581a399b797bf803bc59aedc9e67011e5239a6842b
SHA512 03f054665584dfce9697cbff8731738ebfe577569141c009da929d5f7caa2aabd1d8ad7668bdd057631428ed0a26ff0eb8b789015da5c84fc8b3938adad3ec53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E7C8E59B2C7D34E1131029FDE2D758FB

MD5 6e707be778fa6081e3722c9cfc1e61c7
SHA1 7f644f6b0b7f8e8e7f0a8bbcf803ea5b953aede0
SHA256 77666e9a17bd90949aaca69704819b42ee89a8aea7434b1b8db6520f37446558
SHA512 1f57b2059364f52e4cf2ad23b6faafc14fb5733c23bc4e435bb81b2487a88d5f823dd648fdb794742c53b69a10efad9ca6eab256fb3d89a18116293daced1c78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3179ff9ac18ca95841a4666632087678
SHA1 25f5c3204fb3275df5afdebd60fa2a7312b10437
SHA256 724cad8c009918bc38a9ade28959a18178adfd404dfd3de061e00cdd4ba2e9e0
SHA512 ef1afcd4b9e222a38d170b3dc4fd50586dd2468b9f4edd03ac19c31951ee5eb00e733f730fb7a316a67a16a6fe8bf487aa379af67e98ead4570411ccf2029e10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E7C8E59B2C7D34E1131029FDE2D758FB

MD5 28fdb0748c705ec8d246bb2a31e382f0
SHA1 68534436ba70c59b6f169f48662b79a4155d6faa
SHA256 1ab5fc9a4da0df9be9dcf744c172e86656769f15197c3deb6c89929b39b40cc3
SHA512 e4511678b5efe69971c0068444a1a199ffa85db289da514adf4b0f5343e52ebd39c41359fc746d4b318ba4dfa13b52d8045a4a5bc4d5f08c28740d32125e9678

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9a6aa7fffae7e19a6d8270165612144
SHA1 68cf055a076790f2e52cc52cbb8ca9e0a299a949
SHA256 042e3f66a2f19d0563be02d99b05dddae3624b89b32fdad07d13baf26b0f9b98
SHA512 d5354469be3d325b4649b2da819b66c40fe69e5771bae1174433f6626c5b071f2a433ad5144acef202010ee5e29eccbbf8f4ba9990b9b3ad7af4a83a05c70217

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 674d59b73e73a60131caf37bb85dd66d
SHA1 a4d6f6c67965dc3bb32386b406be056a1a9a317c
SHA256 4ad63cdaf82edadb41f7b0376fdb900c96bc877ad9d61cd2f7770423ee325da1
SHA512 b987e1b79c01a3164717f2b5b01c43e37b4b3f8d236eba8ceb54a147a2d6ab96c79a47d1361d114d2fdc1f30671b9f6b0f419f593a3f7d598e5694ab9a9e390e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1eef8c9ddb1559943443972f01e52ae
SHA1 251cffe567dd520c3470a08974832dbc7dffd3a9
SHA256 3fa5bdfa8c7befd1f2231e616b41996b00cfbf113f5d2a7bd1251355e3d8f1c3
SHA512 5a24d6369dce16134ecb9c6891fcb4d757c314a003e450594587b69bd98b1338ab0658f894dff016dc6ceb2afb2fdaf01e5a6cb6c957b5523a75692b063887e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1b147625ff5c7b2c84ba27f99aa7782
SHA1 ec482f883bf9cda38bb47404fa5ce1118f7d00a4
SHA256 97200eacd21d658ee6413ef5571ba4d883637fc39be4088be8f9d4a26e8e59f1
SHA512 cbd2d5277ff471e4a60bd554aed0453498cd1bdf661e9787fed9e69eefcb0ba214a855120cf2bf8d1a1301ee822edd6b8eb97c6d9250f14d6f4471ea3f225309

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 843b9ce7d6f9132f33d7db303a9facfb
SHA1 a96cf212a6176fc5319266a531239e1a7596991b
SHA256 aa210c151323e596916c30f6f6df2932cf0e14b382a12105f34b471a3a42dd42
SHA512 a8417750d9334acd5aeef07a3951482f4643ad62d33842604f62db9d3afc8f2f277c853296eb7dd0dfeeaa2dbaeab8e36d831b0d7d813bcf0b80dc15a90a3e2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08ba74b7e9af14b9c4c420fe6b9b5936
SHA1 c19f13839f1300eba0a1d5d6d53329d369c06501
SHA256 299585c622161ef9549c7e71b94808fd3346c4bb85b2444ce6c2a670c9cd698a
SHA512 1494ecacaf4240743c0ea52e7122a1dd5bc958963d6e7803571c41375da4ba705ce3de9d607bda297cf9e39b6beceb35c537f6cae52ec519c9586eedffec9e81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bee6c6138e2a809b0feec6780e778976
SHA1 a90c9398cf8239d0e3f5b982b4fcc98e6b13e7b4
SHA256 e1517baa55011a22e6e59b67fc4d050ee412bade6adb551016fa1abb69da92cc
SHA512 58d9444ce13e09d3f600e0cd669f63be328c1f9da2e18427c2f52cc168704865e339c85b969c5551222d8a4d7fb29e5453dc001b8eaf7f9dca96b8e80c03d416

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 75f5955cdb6ac192a027c2244797a7e4
SHA1 843be934af52cfb7f683bddb11ea1e3fc14abe82
SHA256 6e89e60b5340d81aa0d31c2d90b878f32f003424d49cb30bfc7f69abea99899f
SHA512 479cf976d2d6fc65689d049575f670dd70874eaf98eb5e449c5d2403fd01cd38399d7b6d32a5ddcd9ae14ab8ad7f32808f6f202f91baa555b529ebcb1a9bef13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 242afaf805bed545b2ca6260440d4b14
SHA1 5b5e1951c65bfed5e69f6aa33a3ce4b42af13b3a
SHA256 f289b9b17f4a595262f203fd60bc6fa9628094afa2bc7121ba326505c21fe8fc
SHA512 7344f2d5ee8cf5a288986f9e7a7ec50e129610f6be5afba46b81b5cbb46f6918884523418de0dd292cb64f1194e4a3f23e00e4f53bee299d6210c428bd8b4a9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 466931ad3368fd1719304422961d7e5e
SHA1 6bb3648ba2da290cdb001421d1b7b839e030f689
SHA256 5933d687bc4962c67498c02cf01d96b6ec75479125178f41e93b2bb3b22656ce
SHA512 37a306a6ed705e32bde04e9e5daa20606abd4b7af22d06c9d02789976418d54ab484c8a98e87641d342da420dd3eeacdb378dd11f3e80206ca969f0d83683a3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e800fcb889f3a8256e7e93055225cd69
SHA1 8d95e3ce6d8507415a7be34d4bf66dc33381215d
SHA256 a13c9cd5b374207149c944b6952123983c549d9f855c231b2303f1af1e70b068
SHA512 81ba16610b2e51a7cb1cdf7f85e90802d7df9a6f87fa9c83d47df849eab409cd3278e923d679dd2a976226de44586a16fafc175eb91cc7631546ee86c5c4a4f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06440c0de6a1accd60b663128d8a0b1b
SHA1 ed9dfb35d35c98d64767ee0a264dbff815352233
SHA256 85856a83b4c5c9f3cf57831dce63e25505bc6aa01486b13326ec0fef50f669ea
SHA512 8c998f092447b4acc3e90442791f6c8baa97f1a6dc7db227d17586e7b921f0dd089b6b8edd0fc7d6e6b8a109c7b6adf6c686b28eea132cd68f70ee0f28a7b393

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28cdc4ad2b16d63ab442a7ee964435cd
SHA1 81389282baa71485a2c3c9dc9914c5d48f60bf49
SHA256 96f8861a46ba5c60f23c097b3ecb775f51f0ed09205f8ac748484d1ce25c681b
SHA512 a0ec8782cec6e48495ba1e18943a374d8f547dd1bbe175ec7079326f02b742b30c513faa55b7e1b3e1ddf5e9b9d4e15c02bfebc9ba683b7b84050c1b8373c756

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18ad448f3f4bd8a584e8589d901df59b
SHA1 21ec3bc235f0fbfe4aaa842d7d2d9b2fcb519ea6
SHA256 d6c42df308b085ec7278b3f20a361211540fa62d2c3655d2c9d16f849bb1bcea
SHA512 de48d891b7e4ba2c6ff8e9a2c8a4c105f396a91443ffe503502792d778b3a61ff834f8358a937d07ef6da75c70a284adf77e91c3776c9b82604cadb989de4e6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 0fa8574bf0fecf7b239f58b7ff76c91f
SHA1 58d110b2cbbd3dd3942068ac99f48ac3d5e3f12b
SHA256 7ea8a88b192d76c51dbb7da0c13af0066c06712999d859480a0ad08948c15c5a
SHA512 811e8f5b83a342a6d873a43e9b315c71e8d4a9b7138b2068ebda888a8103209b4c6329940a7b490eb121a17fa4693a8145efa31042231606f73dff4142e0546d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a6783a70ef115515425c76c909ecee3
SHA1 7a4d2a301b03a767296a16748e2e1a61210f3e7d
SHA256 8df253ddd4a0da3096c3cec585327aacabbdac8f09c4f8245911293003b43be4
SHA512 066909ee41a894374c04a4b8ac69be824b62efad608923b66b1f8f4ecf41af0bf798999d521e829991923b5ed645f7ea7c0bb4b9ac480bd649776a9c0f495c3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7e69ebf419326c3e8e54e5f07a60773
SHA1 4077e1aed780e979003b65b937270ebaf9fe2c2f
SHA256 1f86bf4bd2036ed9fabf8e7a6aa484cdad63d77385228f11a927fa4b2e8d90cf
SHA512 432415ee3a3725ba1bc25d36fcfef6d429afaa0abeae5672dc9d8b3efe6769ac46fa8c7777d4f1d9ba668cc1deb95771deb2aca0134872f226a8a04fbb22b27b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f199327bc902f95ec37b7e7ce75186e
SHA1 6ed60be25e5ef3dc5c9b218d68789c2ecbdf0015
SHA256 b685d52f1121b975a70b094749224a5f922991d4c4f55251deadb1d40c760f92
SHA512 63edca87dfec0ccc81bc5923c79c8a9f453665549ec5f648a4e516cbbe66e00185106c75390ae8ad7039dbc74e314738bf2a9485274a9304e4484debade9880c

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-23 18:53

Reported

2025-01-23 18:56

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1a2836cd81c740330305110e5399d6f2.html

Signatures

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1408 wrote to memory of 456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1a2836cd81c740330305110e5399d6f2.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8736146f8,0x7ff873614708,0x7ff873614718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17884130134506092098,14348508124447654757,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17884130134506092098,14348508124447654757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17884130134506092098,14348508124447654757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17884130134506092098,14348508124447654757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17884130134506092098,14348508124447654757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17884130134506092098,14348508124447654757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17884130134506092098,14348508124447654757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17884130134506092098,14348508124447654757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17884130134506092098,14348508124447654757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17884130134506092098,14348508124447654757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17884130134506092098,14348508124447654757,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4964 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 bloggerstyles.com udp
US 8.8.8.8:53 apis.google.com udp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
GB 216.58.212.233:445 www.blogger.com tcp
GB 142.250.187.238:443 apis.google.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 3.33.130.190:80 bloggerstyles.com tcp
US 8.8.8.8:53 bloggertipspro.googlepages.com udp
US 8.8.8.8:53 connect.facebook.net udp
GB 142.250.200.51:80 bloggertipspro.googlepages.com tcp
DE 157.240.210.14:80 connect.facebook.net tcp
US 8.8.8.8:53 sites.google.com udp
DE 157.240.210.14:443 connect.facebook.net tcp
GB 216.58.201.110:80 sites.google.com tcp
US 8.8.8.8:53 pipes.yahoo.com udp
GB 216.58.201.110:443 sites.google.com tcp
GB 216.58.201.110:443 sites.google.com tcp
US 8.8.8.8:53 7.98.51.23.in-addr.arpa udp
US 8.8.8.8:53 190.130.33.3.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 51.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.210.240.157.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
GB 142.250.178.2:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 widgets.amung.us udp
US 104.22.74.171:80 widgets.amung.us tcp
US 8.8.8.8:53 tcr.tynt.com udp
US 104.18.13.146:80 tcr.tynt.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 lh5.ggpht.com udp
GB 142.250.187.193:80 lh5.ggpht.com tcp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 171.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 146.13.18.104.in-addr.arpa udp
US 8.8.8.8:53 lh3.ggpht.com udp
GB 142.250.187.193:80 lh3.ggpht.com tcp
US 8.8.8.8:53 lh4.ggpht.com udp
GB 142.250.187.193:80 lh4.ggpht.com tcp
US 8.8.8.8:53 c4.ac-images.myspacecdn.com udp
NL 18.239.69.117:80 c4.ac-images.myspacecdn.com tcp
US 8.8.8.8:53 c3.ac-images.myspacecdn.com udp
NL 18.239.69.117:80 c3.ac-images.myspacecdn.com tcp
NL 18.239.69.117:80 c3.ac-images.myspacecdn.com tcp
US 8.8.8.8:53 c2.ac-images.myspacecdn.com udp
NL 18.239.69.104:80 c2.ac-images.myspacecdn.com tcp
NL 18.239.69.104:80 c2.ac-images.myspacecdn.com tcp
NL 18.239.69.117:80 c2.ac-images.myspacecdn.com tcp
US 8.8.8.8:53 c1.ac-images.myspacecdn.com udp
NL 18.239.69.117:80 c1.ac-images.myspacecdn.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 117.69.239.18.in-addr.arpa udp
US 8.8.8.8:53 104.69.239.18.in-addr.arpa udp
GB 142.250.187.193:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
GB 216.58.212.233:80 www.blogger.com tcp
US 8.8.8.8:53 img831.imageshack.us udp
US 38.99.77.16:80 img831.imageshack.us tcp
US 8.8.8.8:53 img135.imageshack.us udp
GB 216.58.212.233:80 www.blogger.com tcp
US 8.8.8.8:53 233.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 16.77.99.38.in-addr.arpa udp
US 38.99.77.17:80 img135.imageshack.us tcp
US 8.8.8.8:53 i298.photobucket.com udp
NO 143.204.55.79:80 i298.photobucket.com tcp
NO 143.204.55.79:443 i298.photobucket.com tcp
NO 143.204.55.79:443 i298.photobucket.com tcp
US 8.8.8.8:53 17.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 79.55.204.143.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 i149.photobucket.com udp
NO 143.204.55.54:80 i149.photobucket.com tcp
US 8.8.8.8:53 www.pustamiska.pl udp
PL 195.242.117.217:80 www.pustamiska.pl tcp
PL 195.242.117.217:80 www.pustamiska.pl tcp
US 8.8.8.8:53 www.pajacyk.pl udp
PL 195.149.198.194:80 www.pajacyk.pl tcp
US 8.8.8.8:53 54.55.204.143.in-addr.arpa udp
US 8.8.8.8:53 217.117.242.195.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 img357.imageshack.us udp
US 38.99.77.16:80 img357.imageshack.us tcp
PL 195.242.117.217:443 www.pustamiska.pl tcp
US 8.8.8.8:53 pustamiska.pl udp
US 8.8.8.8:53 pics7.inxhost.com udp
RU 45.130.41.107:80 pics7.inxhost.com tcp
RU 45.130.41.107:80 pics7.inxhost.com tcp
US 8.8.8.8:53 194.198.149.195.in-addr.arpa udp
US 8.8.8.8:53 nethcdn.com udp
US 104.21.112.1:443 nethcdn.com tcp
US 8.8.8.8:53 korfo.org udp
DE 142.132.202.70:443 korfo.org tcp
US 8.8.8.8:53 zh.hotels.com udp
FR 184.51.142.137:443 zh.hotels.com tcp
US 8.8.8.8:53 107.41.130.45.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 1.112.21.104.in-addr.arpa udp
US 8.8.8.8:53 70.202.132.142.in-addr.arpa udp
US 8.8.8.8:53 137.142.51.184.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:445 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
GB 142.250.187.238:443 apis.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www6.cbox.ws udp
GB 142.250.187.194:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 108.181.41.161:80 www6.cbox.ws tcp
US 108.181.41.161:80 www6.cbox.ws tcp
DE 157.240.210.35:80 www.facebook.com tcp
NL 18.239.69.117:80 c1.ac-images.myspacecdn.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 142.250.179.228:80 www.google.com tcp
US 8.8.8.8:53 fbcdn-sphotos-a.akamaihd.net udp
GB 172.217.16.225:443 lh4.googleusercontent.com udp
GB 172.217.16.225:443 lh4.googleusercontent.com udp
NO 143.204.55.79:80 i149.photobucket.com tcp
NO 143.204.55.79:80 i149.photobucket.com tcp
NO 143.204.55.79:80 i149.photobucket.com tcp
NO 143.204.55.79:80 i149.photobucket.com tcp
NO 143.204.55.79:80 i149.photobucket.com tcp
US 8.8.8.8:53 calendar.google.com udp
DE 157.240.210.35:443 www.facebook.com tcp
GB 142.250.187.238:80 calendar.google.com tcp
NL 18.239.69.117:80 c1.ac-images.myspacecdn.com tcp
US 8.8.8.8:53 img685.imageshack.us udp
US 38.99.77.17:80 img685.imageshack.us tcp
US 8.8.8.8:53 img.webme.com udp
DE 178.162.223.114:80 img.webme.com tcp
GB 142.250.187.238:443 calendar.google.com tcp
US 8.8.8.8:53 161.41.181.108.in-addr.arpa udp
US 8.8.8.8:53 35.210.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.myspace.com udp
US 8.8.8.8:53 grzegorz.namielski.pl udp
US 8.8.8.8:53 static.cbox.ws udp
US 8.8.8.8:53 profile.ak.fbcdn.net udp
US 8.8.8.8:53 www.cbox.ws udp
US 104.21.48.1:80 static.cbox.ws tcp
US 104.21.48.1:80 static.cbox.ws tcp
GB 216.58.201.110:443 sites.google.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
DE 157.240.210.14:443 static.xx.fbcdn.net tcp
DE 157.240.210.14:443 static.xx.fbcdn.net tcp
DE 157.240.210.14:443 static.xx.fbcdn.net tcp
DE 157.240.210.14:443 static.xx.fbcdn.net tcp
DE 157.240.210.14:443 static.xx.fbcdn.net tcp
DE 157.240.210.14:443 static.xx.fbcdn.net tcp
DE 157.240.210.14:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 maps.google.com udp
US 8.8.8.8:53 t.dtscout.com udp
US 8.8.8.8:53 sc.tynt.com udp
GB 142.250.200.14:80 maps.google.com tcp
US 8.8.8.8:53 ic.tynt.com udp
US 172.67.70.180:443 t.dtscout.com tcp
US 104.18.13.146:443 sc.tynt.com tcp
US 67.202.105.33:443 ic.tynt.com tcp
GB 142.250.200.14:443 maps.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.2:139 pagead2.googlesyndication.com tcp
GB 142.250.187.238:443 calendar.google.com udp
US 8.8.8.8:53 clients6.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 142.250.180.14:443 clients6.google.com tcp
US 8.8.8.8:53 1.48.21.104.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 180.70.67.172.in-addr.arpa udp
US 8.8.8.8:53 33.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 114.223.162.178.in-addr.arpa udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.180.14:443 clients6.google.com tcp
GB 142.250.180.14:443 clients6.google.com tcp
US 8.8.8.8:53 maps.googleapis.com udp
GB 216.58.213.10:443 maps.googleapis.com tcp
GB 142.250.180.14:443 clients6.google.com udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
GB 216.58.213.10:443 maps.googleapis.com udp
GB 216.58.213.10:443 maps.googleapis.com udp
US 8.8.8.8:53 mt.googleapis.com udp
GB 142.250.179.228:443 www.google.com udp
GB 172.217.16.238:443 mt.googleapis.com tcp
GB 172.217.16.238:443 mt.googleapis.com tcp
GB 172.217.16.238:443 mt.googleapis.com tcp
GB 172.217.16.238:443 mt.googleapis.com tcp
GB 172.217.16.238:443 mt.googleapis.com tcp
GB 172.217.16.238:443 mt.googleapis.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 172.217.16.238:443 mt.googleapis.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.178.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com tcp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 182.129.81.91.in-addr.arpa udp
GB 216.58.212.233:445 www.blogger.com tcp
GB 142.250.179.228:445 www.google.com tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.75.171:445 whos.amung.us tcp
US 104.22.74.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 443a627d539ca4eab732bad0cbe7332b
SHA1 86b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA256 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

\??\pipe\LOCAL\crashpad_1408_EWXRVVIZIWILQQFS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 99afa4934d1e3c56bbce114b356e8a99
SHA1 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA256 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA512 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5acf4889bcb8ca951306ff2ed1a105b7
SHA1 9b5fd38535dc0ad941794bf2717f1249e88a5967
SHA256 3fd6a911ecbe06812949950c32fa7e95eeea0628afa57786419562ed12d3d2dd
SHA512 c3f3eb18cfc58001258f59684df8947fcc21da82b77594a40f6adce9e3983e8a7b0a96b94120bfef04124c19cc3be7e09d66f48f347650853544b0045283a063

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3e34d411f3862a4a3a6ad533cde3a5d2
SHA1 e510869b6c0dc441fc0e9a86a03e93fb19fc2a54
SHA256 46d6aea95973858966845dd54cf554bec1cd8253f9a283ad13e63ca545038847
SHA512 e134ea07e0f56c047bbef2df2943570b97110e456fae92bce5bcd7484bf6bd85a4b1ab41964c1ae7c5a0da641dbd11b3f5a82db295f9ba6ca1f067168008a2fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 01224a84b0bbe6250e9d5a0e08e03005
SHA1 68df18e1c0d8bab443d09ce08335981d0a37ed2a
SHA256 f31175fd5b80b365d8cc614af770ebbeb04333d6debb6807389cb3435d17739e
SHA512 8c7c19fae06b2ada4e0ab03c890e2797f0233d0015d04dfdfc0713ddea6e20a9773730d815cf00298c900c53d9502df27771dbe742f486fdb5f63e3509031739

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8a36ad518d91bd9d877a9341a90956d7
SHA1 260b7443940f80e2f2df410be102f80ab0834f0e
SHA256 7637251d3cd1a19d003f6b26baabcb4a9e078cb9b3f775995f09c132be8b4b0c
SHA512 4e63221c8f014ee703374dca2b22cd2ebdc7ebccd9cdebba253a687e62641ea35f9c90f71a0f6b29d4d57d8a026e30f54b934c8adfd45e29528a409b0f9ac345

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58826a.TMP

MD5 b7dff112346d790e7c2841aa6f5a07f6
SHA1 0c3c8aca3a500e332de0e08a545ff7381e26c930
SHA256 e319b49849aa563c59aa3bde9605dae4e8ba6fbecddfe9d6ec3ae3eefcba08be
SHA512 a1723c16d4aad8af973fd5b4929ec9c4791470b8c682638385511da652027177cdd1f7dd12294123d7c00f17bc64b06fc1afaa3532a44077d1aa4d03e9a0bf78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 eb0037d888f6bf3a258dc83ed934d1f3
SHA1 a574a9dce343e0f87ea0eaa3236ccb204af87d97
SHA256 4783900efa33b3c6c530489ec28f479e48c72b894be423623daafb49869d122e
SHA512 1f33a8d3ad70872ffeb527c8c641d556c71978af08c4b0a31ce39622c4d932a1e1d44ff56715e4420c2abf9cd4acdb0d5ec552436a23251c538a5b6a1fb8ac26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0e8ab4ca35da15ad7a568c7bace43ada
SHA1 a9ad9c89cb0492bee97b252291a81d99e2ea6910
SHA256 3001f4d2f9c2e2f4742c9f3adbcfe7807bd2d02ffd7f3612777512329a74b241
SHA512 53babf4afafa11f847c1608937e5ae2888963c917d93fde899af5014c275b4c10f72f971c9543caa098f641358c027481be262afc52c8444235f2b57b3425180

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5395483c8d935463fe98ef3fd4697ead
SHA1 3dd72c1f9359226cde45e085086ebb03175060a0
SHA256 b75a8cd6456ffa0177aca9e8b5c58591cc47eb6e814b9b684e754a65e52ec17e
SHA512 a11ab5b79b0d061dc4ecac6fdaca6c456cfcc89fcfcceb70092e3c5868cd3456b39ba004d19ea62118b5f299fd7585454adda11bcd3d353507a32e01e4a2391c