Malware Analysis Report

2025-03-14 21:45

Sample ID 250129-fqlk5svkgl
Target JaffaCakes118_530246f73ee0245b9ab0d4b23fe2a69f
SHA256 4be5f404938b45c74988f0978eaf50486d65eb264d7f0e0aa153d23992c3d219
Tags
phishing google discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4be5f404938b45c74988f0978eaf50486d65eb264d7f0e0aa153d23992c3d219

Threat Level: Known bad

The file JaffaCakes118_530246f73ee0245b9ab0d4b23fe2a69f was found to be: Known bad.

Malicious Activity Summary

phishing google discovery

Detected google phishing page

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

Legitimate hosting services abused for malware hosting/C2

Detected phishing page

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-29 05:04

Signatures

Detected phishing page

phishing

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-29 05:04

Reported

2025-01-29 05:07

Platform

win7-20240903-en

Max time kernel

141s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_530246f73ee0245b9ab0d4b23fe2a69f.html

Signatures

Detected google phishing page

phishing google
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

A potential corporate email address has been identified in the URL: [email protected]

phishing

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8B750B31-DDFE-11EF-8252-C28ADB222BBA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444288949" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_530246f73ee0245b9ab0d4b23fe2a69f.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 bloggerstyles.com udp
US 8.8.8.8:53 lh5.ggpht.com udp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 lh4.ggpht.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 c4.ac-images.myspacecdn.com udp
US 8.8.8.8:53 c3.ac-images.myspacecdn.com udp
US 8.8.8.8:53 c2.ac-images.myspacecdn.com udp
US 8.8.8.8:53 c1.ac-images.myspacecdn.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 i298.photobucket.com udp
US 8.8.8.8:53 bloggertipspro.googlepages.com udp
US 8.8.8.8:53 pipes.yahoo.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 i149.photobucket.com udp
US 8.8.8.8:53 www.pustamiska.pl udp
US 8.8.8.8:53 www.pajacyk.pl udp
US 8.8.8.8:53 img357.imageshack.us udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 tcr.tynt.com udp
US 8.8.8.8:53 pics7.inxhost.com udp
NL 18.239.69.68:80 c1.ac-images.myspacecdn.com tcp
US 104.22.74.171:80 widgets.amung.us tcp
NL 18.239.69.68:80 c1.ac-images.myspacecdn.com tcp
GB 172.217.16.226:80 pagead2.googlesyndication.com tcp
US 104.22.74.171:80 widgets.amung.us tcp
GB 172.217.169.33:443 lh5.googleusercontent.com tcp
GB 172.217.16.226:80 pagead2.googlesyndication.com tcp
NL 18.239.69.68:80 c1.ac-images.myspacecdn.com tcp
NL 18.239.69.68:80 c1.ac-images.myspacecdn.com tcp
GB 172.217.169.33:443 lh5.googleusercontent.com tcp
GB 142.250.200.14:443 apis.google.com tcp
NL 18.239.18.50:80 i149.photobucket.com tcp
NL 18.239.18.50:80 i149.photobucket.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.33:80 1.bp.blogspot.com tcp
US 38.99.77.16:80 img357.imageshack.us tcp
NL 18.239.18.50:80 i149.photobucket.com tcp
GB 142.250.200.33:80 1.bp.blogspot.com tcp
US 38.99.77.16:80 img357.imageshack.us tcp
GB 142.250.200.33:80 1.bp.blogspot.com tcp
GB 142.250.200.33:80 1.bp.blogspot.com tcp
GB 142.250.200.33:80 1.bp.blogspot.com tcp
GB 142.250.200.33:80 1.bp.blogspot.com tcp
GB 142.250.200.33:80 1.bp.blogspot.com tcp
GB 142.250.187.201:80 img1.blogblog.com tcp
GB 142.250.187.201:80 img1.blogblog.com tcp
GB 142.250.200.33:80 1.bp.blogspot.com tcp
GB 142.250.200.33:80 1.bp.blogspot.com tcp
GB 142.250.200.33:80 1.bp.blogspot.com tcp
NL 18.239.18.21:80 i149.photobucket.com tcp
NL 18.239.69.68:80 c1.ac-images.myspacecdn.com tcp
NL 18.239.69.68:80 c1.ac-images.myspacecdn.com tcp
NL 18.239.18.21:80 i149.photobucket.com tcp
NL 18.239.69.68:80 c1.ac-images.myspacecdn.com tcp
NL 157.240.201.15:80 connect.facebook.net tcp
NL 157.240.201.15:80 connect.facebook.net tcp
GB 172.217.169.19:80 bloggertipspro.googlepages.com tcp
GB 172.217.169.19:80 bloggertipspro.googlepages.com tcp
GB 142.250.200.33:80 1.bp.blogspot.com tcp
GB 142.250.200.33:80 1.bp.blogspot.com tcp
US 104.18.12.146:80 tcr.tynt.com tcp
US 104.18.12.146:80 tcr.tynt.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
PL 195.78.67.53:80 www.pustamiska.pl tcp
PL 195.78.67.53:80 www.pustamiska.pl tcp
PL 195.149.198.194:80 www.pajacyk.pl tcp
PL 195.149.198.194:80 www.pajacyk.pl tcp
NL 18.239.69.68:80 c1.ac-images.myspacecdn.com tcp
NL 18.239.69.68:80 c1.ac-images.myspacecdn.com tcp
RU 45.130.41.107:80 pics7.inxhost.com tcp
RU 45.130.41.107:80 pics7.inxhost.com tcp
NL 18.239.18.50:443 i149.photobucket.com tcp
NL 18.239.18.50:443 i149.photobucket.com tcp
NL 18.239.18.21:443 i149.photobucket.com tcp
NL 18.239.18.50:443 i149.photobucket.com tcp
NL 157.240.201.15:443 connect.facebook.net tcp
US 8.8.8.8:53 sites.google.com udp
GB 142.250.179.238:80 sites.google.com tcp
GB 142.250.179.238:80 sites.google.com tcp
PL 195.78.67.53:443 www.pustamiska.pl tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.179.238:443 sites.google.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 nethcdn.com udp
GB 172.217.169.33:443 lh3.googleusercontent.com tcp
GB 172.217.169.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.3:80 c.pki.goog tcp
GB 142.250.200.3:80 c.pki.goog tcp
US 104.21.80.1:443 nethcdn.com tcp
US 104.21.80.1:443 nethcdn.com tcp
GB 142.250.200.3:80 c.pki.goog tcp
GB 142.250.200.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
US 8.8.8.8:53 pustamiska.pl udp
PL 195.78.67.53:443 pustamiska.pl tcp
PL 195.78.67.53:443 pustamiska.pl tcp
US 8.8.8.8:53 fbcdn-sphotos-a.akamaihd.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 korfo.org udp
US 8.8.8.8:53 www6.cbox.ws udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 img.webme.com udp
US 8.8.8.8:53 www.kulturinsel.com udp
DE 142.132.202.70:443 korfo.org tcp
GB 157.240.221.35:80 www.facebook.com tcp
DE 142.132.202.70:443 korfo.org tcp
GB 157.240.221.35:80 www.facebook.com tcp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 108.181.41.161:80 www6.cbox.ws tcp
US 108.181.41.161:80 www6.cbox.ws tcp
DE 178.162.223.114:80 img.webme.com tcp
DE 178.162.223.114:80 img.webme.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
FI 95.216.245.87:80 www.kulturinsel.com tcp
FI 95.216.245.87:80 www.kulturinsel.com tcp
GB 172.217.169.33:443 lh4.googleusercontent.com tcp
GB 172.217.169.33:443 lh4.googleusercontent.com tcp
NL 18.239.18.50:443 i149.photobucket.com tcp
NL 18.239.18.50:443 i149.photobucket.com tcp
NL 18.239.18.50:443 i149.photobucket.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 calendar.google.com udp
DE 142.132.202.70:443 korfo.org tcp
DE 142.132.202.70:443 korfo.org tcp
GB 142.250.200.14:80 calendar.google.com tcp
GB 142.250.200.14:80 calendar.google.com tcp
US 8.8.8.8:53 www.turisede.com udp
FI 95.216.245.87:443 www.turisede.com tcp
FI 95.216.245.87:443 www.turisede.com tcp
DE 142.132.202.70:443 korfo.org tcp
DE 142.132.202.70:443 korfo.org tcp
GB 142.250.200.14:443 calendar.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 142.251.173.84:443 accounts.google.com tcp
US 142.251.173.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.cbox.ws udp
US 8.8.8.8:53 profile.ak.fbcdn.net udp
US 104.21.32.1:80 static.cbox.ws tcp
US 104.21.32.1:80 static.cbox.ws tcp
DE 142.132.202.70:443 korfo.org tcp
DE 142.132.202.70:443 korfo.org tcp
US 8.8.8.8:53 support.google.com udp
GB 142.250.179.238:443 support.google.com tcp
GB 142.250.179.238:443 support.google.com tcp
NL 18.239.18.50:443 i149.photobucket.com tcp
NL 18.239.18.50:443 i149.photobucket.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
NL 157.240.201.15:443 scontent.xx.fbcdn.net tcp
NL 157.240.201.15:443 scontent.xx.fbcdn.net tcp
NL 157.240.201.15:443 scontent.xx.fbcdn.net tcp
NL 157.240.201.15:443 scontent.xx.fbcdn.net tcp
NL 157.240.201.15:443 scontent.xx.fbcdn.net tcp
NL 157.240.201.15:443 scontent.xx.fbcdn.net tcp
NL 157.240.201.15:443 scontent.xx.fbcdn.net tcp
NL 157.240.201.15:443 scontent.xx.fbcdn.net tcp
NL 157.240.201.15:443 scontent.xx.fbcdn.net tcp
NL 157.240.201.15:443 scontent.xx.fbcdn.net tcp
NL 157.240.201.15:443 scontent.xx.fbcdn.net tcp
NL 157.240.201.15:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 lads.myspacecdn.com udp
US 8.8.8.8:53 ic.tynt.com udp
NL 18.239.18.50:80 i149.photobucket.com tcp
US 8.8.8.8:53 sc.tynt.com udp
US 8.8.8.8:53 maps.google.com udp
NL 18.239.18.50:80 i149.photobucket.com tcp
NL 18.239.18.50:80 i149.photobucket.com tcp
NL 18.239.18.50:80 i149.photobucket.com tcp
US 67.202.105.31:443 ic.tynt.com tcp
US 67.202.105.31:443 ic.tynt.com tcp
NL 18.239.83.25:80 lads.myspacecdn.com tcp
NL 18.239.83.25:80 lads.myspacecdn.com tcp
US 104.18.12.146:443 sc.tynt.com tcp
US 104.18.12.146:443 sc.tynt.com tcp
GB 172.217.169.14:80 maps.google.com tcp
GB 172.217.169.14:80 maps.google.com tcp
NL 18.239.18.50:443 i149.photobucket.com tcp
NL 18.239.18.50:443 i149.photobucket.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.14:443 maps.google.com tcp
GB 216.58.201.99:443 ssl.gstatic.com tcp
GB 216.58.201.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 de.tynt.com udp
GB 172.217.16.228:443 www.google.com tcp
US 67.202.105.34:443 de.tynt.com tcp
US 67.202.105.34:443 de.tynt.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.73:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 23.192.18.101:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\superfish[1].htm

MD5 e89f75f918dbdcee28604d4e09dd71d7
SHA1 f9d9055e9878723a12063b47d4a1a5f58c3eb1e9
SHA256 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023
SHA512 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 bab2a6827780e43e25da5c7fba68a40e
SHA1 9163f3d795308150fce0b5ed399d3dc18edd7e5e
SHA256 633a5d969bce383155674c0bb50aaa1c0d7543931cca29fa07eeaf1cc23a1875
SHA512 4caabb0cb61e84807d10bf069c893ddfaa9c99747826bfcc3e3e39ae1858ccc21a7d70792206400ae3603a5e679bcae71a39176b48ec7be9f10766344acd7a57

C:\Users\Admin\AppData\Local\Temp\TarC99A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\CabC999.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6deefa090903caafc2555d2d74b414f0
SHA1 55add1930236b85dd9aec0e405fc56a045bd4b93
SHA256 c06e1fc39c1b844ad2029c6f1d93c92ce6a6449d618100a7909f43b71fda2f6a
SHA512 f6254862da963c5b0a42fed304575e7d63b4ee6fd2453d9d8776d7612e9ee8cb8d9eb84fb5f114baa1eb178e481c1c25b7ba88b162dc4eee1b2456567b4297be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 b7680ae5db4dcea613e1e15ebef7e894
SHA1 26eb2da1d02e839644d2f212c247cc1726daa680
SHA256 196d0b8542e4f1f530d72cfa54940a06699598e1a99adf5f0c72ec9e17234279
SHA512 734729e0641f7e81088e3779e15b3f377c60029764b524f03d542c6ed85027a2d1d18d30a10542ad9dedf69192e05b0bec26b127e5d461f4e1ea42c922129fe1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 2e801cc81ffe7e01e8bd04630c356ec2
SHA1 bdcbfac1f2dc27e26698bea11a9d19fa64ec21f2
SHA256 87ef15362fa3908b9ec2d6cd376b89532ddeb733d21d6828e22d5aa533d3ffa2
SHA512 39a2ce6f1682979cb2451d38f1753e478e0f317978cb0ad378b0743d247b57d814adcb016de52f7556bad0c18e10c29570f3b23948eea41e405b4a8234ed5320

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f8fbf7915bef4d8557b1f2b5104499a
SHA1 9b77cd13178a22bbfaf8117747f37e854470c90f
SHA256 93d6f055ef106b28fc058aea00d6d8ba6d884d583ca10891093b65d9e3d8ac83
SHA512 173e5fa7f90959be6cb840035fb262e3f19764b7bbb12e4621c1c20412786c6d65ef29f5088538b3821dd38c9b58cff6de3e1b51254a6c16cfd3c0a0c6edab9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff0fe3b6fc88ccd8d0e17f8bf73cf23e
SHA1 454f25e8cf687e0e1e51eed1ebcfc4af7b33f841
SHA256 abd2d281c0468c190bc183a02110d177979cbba899b66eb5a583da84ac9c2031
SHA512 22c16e7bc105e162e82b25b8869367a7c8c5f119e2cce9762312acd862f3a2e6de6769ca5ac67269c666760414b58211f164af232105706e4349666f0bc844e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6614ac8785b91d7e00957054f329399f
SHA1 fa9ff69d624c5f7f2d4fe918e70694dffc256c30
SHA256 e7b6b90dac667b1ed0ca4be97e4332489f13eb6f82718181a8e0b9e3708fb629
SHA512 1731c7cc9f3235d7bbe2a4e0c65e200cc30014c1877e02611b949ac66def460a9994e76abff3b1cdf487d898d489ec30e37a267faee153259a2f3fc689af2ecd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_C206949D025B756EFD400669E95CC4E8

MD5 17b72237d6478a0ea8d98c20c5c7a5e3
SHA1 0a769c34a532446b9263f390b5b9d6fe513cc5e5
SHA256 4aab6f1e2e2d5ec703581b56dce4117fe56958706f080e7565337ac537ed4e68
SHA512 a79e7f693480481a7e159b710dd94653fee98dfefb7607a27520ce9b4b296244312ee4de92445fa55b667932b0f0dc9ab80910022879202cb8da87cd7e218db4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7d9a877e09de23853d49c7e7e75d7e7
SHA1 1ed1d807c4c42d349dfb49fd9ea68379cf82b7ea
SHA256 4c5b0b081ce190f6c93533097cefe427d972745ba88f8b1e073dc5a237d35dd2
SHA512 878756e551189f58e075e708d9902641c5f5e18e26fac64b5443917d05c4de371f69062a21fcfd2b81b6c7570715e58cc9a1b991f8df524bfa5a2b5b85d53448

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c2916ce940a326581fe98ef9c9fa2af
SHA1 945c659aa9a4baa7327bea60789ab720bd31914d
SHA256 cb57e43939e4a75dc2d5edf42fec280cc9b29d5c641ee7125b01d7d496e2026b
SHA512 424cc285a57bed7c88e275ccbb96c82f9ff6fbeb992427ce7f499661a4187f1dcdef93a8ba70bab6fca1c32f034350bbdbbe071dcb5433fb7606d551ed1e49d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc66b2d6da137a0ced5e176fec52deca
SHA1 0cc06283af7d141e5aa8c8b6828050cb64928a3a
SHA256 7db135a10b5bfec0d08f8feedf3cebd4c60286cd470665b0721b5e895e647e50
SHA512 bd0fca457fd161ded5a51f93a65aa4c41580a10375d28f2908b3ed1f05f62d8fecbae8c586fb3e08ab936fb07b9d87139d7ca814b14239c09efb418e2cca4d27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d858123d799133bc88eb3f620ff9f7a
SHA1 613e363dd8329992ec9d6b17e7e77c927b71fce5
SHA256 ffb6882cd0c73039e691c9a486e0e84a48d874ec7482d401b0d48dafdb344aea
SHA512 e02f6f4b7f4fbcaaf2902852020d64872ade3e601bce1875ee2041d20eaa7763b646964f44099453a2fba146652cffa5d01a62de67213de818adc093a2083fa8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 917de5e0d8a4fcb70661a9e60f9e5a17
SHA1 31433e19fbea83e73accd17ec9d6055394dd29f4
SHA256 d02779f03fea8db92a463ba195392d8701509e8c758864f4f72e223f1d2347fd
SHA512 a314209b63d811e3e1b30bbb5f183e164af86b62d640e5e52dcf588f78bb9b79772af5b71f490b08ccbf2611a718e50a8496ef5558ea0f56ebbebe675b4b1f2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b17493ee9d5b0ae4e1177fccc723c99
SHA1 cb55c48ffe0fdaaaf6fe40195e5aac7cc9f8ac43
SHA256 b8f647bfe5976d3259da650f3ce9ecf252b93edb9b8383c0c8d95c04f54612bd
SHA512 11ac8860de27c77dbd737252a8878558984257f6ad6d72ab3236a9fec2356406c708d2a0fcbff50a46d68daf62f6dcd0640af620ca5322ba966357eccfe71dc4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba9bc34e0b4acc01f08ff8866604fcba
SHA1 e11e5c3422799ee6676a92e115195534992abd71
SHA256 908f9855bbd88ef97a15c41d27f2f89f41fbc4ad50a8de1a4d31bef8939a112b
SHA512 27d38850a8194b3ad666fa5dfc53d999ca46d13d1d2aa39b08ef98beac840698c1478a18d238f043b82d63a29af296cf8afad46ac6c9a59babfd0f888c4f81a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b00e3dd73d16897470a4ef75d8686f00
SHA1 16954ad0a8cf0ed12f30acd93f6c08f43be698c9
SHA256 94fd6d01761acb0b84942f641bd3fdc009461a0c35ea703e5eb90cd6df36d3f9
SHA512 4587356e2348f08cfe2fe8012566c1f59fb401dadef9f3ddfc1bc288506c1ce2a8151f5a5a38cd3e655b79faec72a5e41c680c7d969d58086d8d651597bfa761

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 489cced160772736f68ecb2d153a65d8
SHA1 6627d03588436cc49a0fd65520357aeb567ddc13
SHA256 6bfdf4f52dd8657fd0dc91128e1eaf6691d83afbb0fa9c4420d8929aa71c5e6b
SHA512 416eb9e694b9a0f3d939932980e15aecc15ada05e376e25a88c79ce605f9a3066006688b5f698263c1481a30f2639296be8074c7ea9681b25852bd8d7e57bed4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4aa0b17c0da397a188b8c83baf5fa4a8
SHA1 3b250b8e3a5d42d7d55e975dcc722d0462a0f21a
SHA256 9165de4035d726cdd5ae1a401d3e38b7c841ab90db645e96184d2619135700e7
SHA512 ef94ec39d66b0ec409e9fbb8cab5f7d3863fddb7be576317275c5b2cb8796de667e92dd1d88bbacac2d18b8073d09449f78bcf9f650af8de65f109b1470d5bfa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e82b7f81f00645b39ccf20cbe509d224
SHA1 44eaf8ebb23b34c7eb6fb69ef9f952cf6a69807f
SHA256 6c0fd9d6d1e05cddd7e756532edd98f888b1cae89ed004fade5c66890f88b375
SHA512 659e89f925078f71da064d121d0c75f9f736a971e3ad85795c96d24433edd478a780806176dbecca85c687c03207559c08dc67896618285dc35146c1265af83c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 39b8c7e869bf65193940ca354a5cb0b9
SHA1 47b60cdd34aed766ef20c0c1041f160fdc345ea5
SHA256 d3da7a86039caa7441615525774d1c0ccf46f4ed41c2c3fa13e6c41fa6c6121e
SHA512 c1bca689a62a4a17da904e2c455ebb903601df7632c6ad8719180b3518615200c4d7387dd823c57c2373e0a6ef6888a354e5ee15c61d1f438a176f264bed238a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 082063b39241d4f19111727a371f60da
SHA1 e89ce43228581fc9d42233f544750a3333b883af
SHA256 c3c04a7cc36d83bcab5af08bbff5d5afc3ee51abdb73504c35b95a93b61d41c5
SHA512 4ba5ecd60fd1f55b15385cc722d5319eaa372f92fb50556ff320956f61f15c0bf08c69dae42fa23a1783e49c404c941d5abe6a3d7408dd154466e0e6cf012330

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 babfb26511393775adacb9f487a59ad8
SHA1 d85826ef54addb73a0986b2188128863077cd8d1
SHA256 6ca244ff0401733e4fef4eb876b0efc5a60957fd8e6fe34ac739657dab509b73
SHA512 66b3de2c9dafcac0e361f3923c49f6258cdd3b4582a06dffb74bb0c1bdf0fb52b22eb2e203f617abd2b1cd52e54e50f6e2edf71f454d81c042cd9ad2e54a4554

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 d5ed0f11d61103ae027dcbf215edbfec
SHA1 dc32f198ea67aaa0c0dbea9b98cd02f8d5d529eb
SHA256 c50657728c41b53da94ab7887670450e1fadeee5701c451c9f70bb6f6fcd7fce
SHA512 20167048dfd0987197be595ef562fddd2cd3a17fec730ee55ec48f87b1c90864e5bd59e0622ac9a4f1d84a0c996f359a47a1e6d0a93598f012b2e670d54392ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 6735ad375029011683c6d575f03dc25e
SHA1 61db2cb41772f0a95ea6313db726e49763595038
SHA256 223d316232e899b0346cb4c57430bf6736dd9891de1076f733db2597c5f08d07
SHA512 b3a2a0ab55c06cdf91369c96ea4e8c95c50a8e8373939a9e40b92863d7d0c35fb3f96ea9bc8ef9d66194cacc60dc054a665bc08e659d44179e19992acd05fe6a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 f19aa2a00cab7ddc593e91a7404b6988
SHA1 b92ea16bdddeab1a08b7aef9f07125ecc5a5bc0d
SHA256 a18d689d013be701601f72567703933c8644e20916a09e038a6296afc7732b88
SHA512 45801a2fe079b3b74fbecca4fe95600c01ceb69fa2c07909ba778c39c8f62ae519c6cb17486fc9ba7028000ab2a71d01fd00886671e8c8b3cff53f68b711e34b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

MD5 f7a75c598d8cb6adf2d63bd006c9f3e6
SHA1 6d9ed9977140b21c16eb501d4400abf69c9a7d64
SHA256 88684f13da9f00e897418fedbaffec959192d532c78e20a050fd71fdc7df5436
SHA512 c5dc2f8b8b66963b54d920329fba059653cd53f02a4378a5b937f8aa549d446be52c9ddabac674e906b9eb8d6912329c28bc2c0ab506d4e84ceb1b60c03e9a6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

MD5 ee0dfeb714d308b29588e100946a2c86
SHA1 19d019c48fe456bdcb212bd3d8b88b7c45cee794
SHA256 e116978ca7fd9da8a9bd2eae6a4a50438a8f9f4eb768720820ab0fd80dbcf496
SHA512 599287995416e21e7611f8581554ffc2a484f0bb4f62e3b38e9a0b35353fcb3a57f622e962321c1d6f3c59bf08b4cb564ce38e06f5c3dfcb0de2a9187a25fd47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

MD5 0aaa6b585cde8ef2e4b26c7c6bde54dd
SHA1 f9b6bcbfdd281426eefe5e69e77c54e91399e9aa
SHA256 a3857160724d96cd188c4222d8e8ba61edd89b369e90f74611264f062ce22cef
SHA512 b03dcaf1c7e2462a15378cf333029618aac3e4119d1fe04acfcb2ad1e62d54bdc57e05445e5b9753cae3f0c4839bcba1bb9bec3246e82bd7234b0f6d12fd5bc5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROLMKJ86\47PNZz134KO[1].js

MD5 f42691c121a0bba4d0dc2ae29eeb55b3
SHA1 be218c8ac623b59cd63fa9abee0ae9e6a9de7b11
SHA256 83b46c6d3c47c0423bcb03e9fa74470fd43a92d19cb411a292591ca1fbd2c3f4
SHA512 1f987a9f6e6b4b9f3bbe6b51add4aba7301da7bd27ec47928139293b6aed757c7c1ee8d4c9226fcdf7d53774ea81680531588c4c530c2004a4177ee1d80aabab

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\JyUIKkLrtj1[1].js

MD5 8bec0b4415b3ea970556839dda057815
SHA1 f23f9746bda749dcc43d785a3f930ad115021f01
SHA256 3ea4c856e16be540acdc478bb028938b92c1366dfacfb68f5a2dd92a257cfc9c
SHA512 40192b60952c47491c2f02366a716d4111a78f1fd3ca67055baeaa6b36402c6b54bab5ff055234d61891d378d7de3dd278c5f4e7f62ac1d265ba00c0f9ff98b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d70bf2de7da58040e0f47f72dd7d805
SHA1 a2f36ded2f265a64c3312e2e70ed1fb2ac92f383
SHA256 5a7b599a875b2b3eeecd91cb4b925fbdfbf7dfd250b4800a8689548d2d086b26
SHA512 7d93cedce57d98f5cf14fe25bd0da7fa9dcc474c35d7543261f5877500812c3448281766459b05f64cf871c5bf229a3de979d04feb809679893e1fd55dd39b35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c259070dc8d5dcfce4c436d58cf1df6b
SHA1 83bbf199afd78ef336a52633d562cb54846c40f9
SHA256 de11703cded510a7b9e74134d517874dc151d2812185a7df58885d204fbce8a5
SHA512 f689749bb46a48abd612bc9d374f6e6d406547fa0e953bb0a6e25eff1815d93185ef6ceda8f9145a3f05fbd8c2798f72da2f5b9a189e5c6a87844fc3d0e4f81d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8UFEBH5\_mmMmEI8wtg[1].js

MD5 43f56ef67b443e3128a0f349b75cbf39
SHA1 8a476b7b17ccd51bf8577af0df3b733e232b8dd1
SHA256 05716ccdfbfe0ccf90529bdad4615be46c2992eed2293d26ad5e29b76fc9ea5d
SHA512 dc18d8401443a064d0856b00889e711d675206d4050eea63ae9beeddb1d559c100ea717fa0d2052523dbc17ebee9b6eac290e88318930cfeedfc1b9937eda293

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8UFEBH5\C-nC0a4Bgfn[1].js

MD5 7e234225492ce54e5d0214ea0f82efec
SHA1 78d400cd627e5ca22f27e49c7b7b989a25d82811
SHA256 bd3848abab82698110608386d14126508b483df033acb966f3293dc90fcf5e89
SHA512 ab2240eff0b559c8dfe0c67e6ec882b03bf0b47a07caea849a5a66b052ff48f46da7327ede82495a9d2c0395f7e8dc8ecb6a978e00f3fed43e89f4f1c3ac4dd2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\p55HfXW__mM[1].js

MD5 759df6e181340ef0a76a1bab457ebb22
SHA1 2afdfa1808428e97f7f8faea0624c8402956b04e
SHA256 9e57fedb96b3686621bccd5521f43a2037a823c74f062176952890b179b3955b
SHA512 2e20c1b3b445dd0b143dc636eac9421454b1615a6ce0be63afa012e7571385f346f456b9ff25545fd90ae11dd08b23f03f36f2242c817855d26578fc9f5c94ba

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8UFEBH5\c_jVG7DOBM1[1].css

MD5 d382fe895f8672732e4d5f068bc3d45e
SHA1 110fdc71145b532fef3b194ff624cd02666203ea
SHA256 2cb9fbfa2a03bd79dd19687ca23f7d5634b2a06eb99fb17f64cd0b14342eb7d1
SHA512 8fd981db2b7bf66259805060183b187d88a4011fab7194cc583ab7c1d5bbc002aff8167fac6ec5a0125d9b2ea0f6f3c35140678e6f671d17b2d3e3a60231bad3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\dXk5exdOVhk[1].js

MD5 b4be83a21f6e0d40b752cdddee19103f
SHA1 3b0b9b0b023ea84a328e9b3b0af8635e631efc27
SHA256 25901136ab2bc54ec7e5603010b853c78fb36efb401f2045bb399c060b64292b
SHA512 1ea3bed440a81b42be9b1678af522c3a2cdda42d4d042d2bf355d43c61c1e6eb767f0333938b08af8d71fd3a354e35369cd2e083ff851bbe9964d5e54100f0cb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\X9buzokbj47[1].js

MD5 d12d188c634e3cbb8af962d4b2e502cb
SHA1 ba4251ca01062f1eeece97de4756d3a657f9e044
SHA256 363cfc47cbfd70f11ea6d2baa502be8a96c383d40f1edcc8bbad26d2a192370d
SHA512 a5501afd9bccb8fbcd6eefee3b51214648c6680dd3db6f410b3bb98d1aa61f572eda85bc58676fe247ce77608cad1a90145ce4616840fa2225549c9e25c4e8fb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROLMKJ86\Su1a6ic0V4M[1].js

MD5 7db586241673c1f77acf085220a66687
SHA1 77be53e4984a80776ba27ef0bda9f02322e1e30d
SHA256 d7520507cd52337837f41def488958d94c73c3b75ce5517df76783a5e698d126
SHA512 3cf06550c89b93266f728ddbc265cef8482a4597cf510247fd1e9fc492abcecbbf8db5c40be408ed4fce7006ea23041679bdc072aa72c583991a5ac0cdf9ce12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f2358d0d1ba631f38491b539f66c911
SHA1 751a59d2c442df5ec9ef59ce7ddcb3e1a1427b2c
SHA256 61d6325bf64766f8e4f1d05530d58ced6bd6123955b7f18ed3fff4e2dae98989
SHA512 3211cf158f3137a849800cd42468b7f48a05c3db7246391a7f353b235b41a7fa8c01e79bad148707a5d839a1ade851417781a86758eafcb0afcd37d60fbc173f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01711f3a632f29e240ae0b705fe37cd1
SHA1 b0b8485ec4724a3b37ba500d08a7facb2e1d46ab
SHA256 b42c75430ff688382bd6c99c7f3add0ae93218482a8f1c8f233144a3f53d74bf
SHA512 a315490efabc2c472a10857f187d304e812a87b88fd848c700ded2823eb503955a695f352b7a85c9a2f7b921e73444cda7e23674caf2dfb1e66b5ee8d8d92238

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02e64d70fc8ae75094ec5d6df05652c8
SHA1 b84ffd25a8f61d9cda2409027ba66585f01ae430
SHA256 1d552ba277c7f12c399ea28cf080444a865ebd5eaf1f0f3dc02cfa0634fb63e9
SHA512 a60612e9ac6e7ed106ea81f094a31edf681ae4d4f7a81c8ec70b74136a23cf31b42781eab4f71a53a56af4b6b058211462e486d661b26cfcf169c803d1b94ff2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 3f82c6663a216e7810e01231058fd60e
SHA1 e79326d637f1c9ca8b61fbd647298fde95092d0d
SHA256 931e62988b3b5fa477f32a7597885162d8a8c2cd919407340a4b3931ae47e9aa
SHA512 10a62cd74aadac9ec43ec1481930e3379977bb84a9ac8aa2591ecbe0e1047feb6836116883e4350086f34b103ee01345f7084e93779e902c4799ad4f8080bb74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a9341ea58ff1dc835f33e2abed8e9ad
SHA1 8e97665deec10a81367e9c714214d65bb3fe52da
SHA256 556476af9e3fdc3abe6ebd78adc0ac52f51dd401dc287dec058e7d16fac4673e
SHA512 3b2077c84144688c5fdd952d3ca089f3825de0af4b433167816ce8590c4300d5353138e10c85209eaaf82ffd2d60df46c69abdc44418993aced07565ede08677

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 070d49e9c004f4524cf8166117f2584a
SHA1 56c2afeb55e746a6df2b7c83a11c166cdba372a2
SHA256 32bc22322019f1a4da8f3e27b8650838a0ac288bde66089e93c5ddc669411558
SHA512 77eede720fe60581c2efa3ab1d293789e3228c97e4b21bdb677e3e74d5c842d35bf6f41187fba140d89f82a6ea9f74a77add5769e4e97951332872816eb05dcc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0580cc2182339c75c854b113cb575c1a
SHA1 11742d313a262bd13e2ecdf044bff84cc4d812a1
SHA256 37810835702dfab99b7d1d617424b07e2b56736dcac39c0c6708503addcc1067
SHA512 b1675270d2ff31bb0817145452b704e3a3f51fba2eab54133427f2f66c692559d09c5b2ed7b1ca5f7cdb17c7d5790646e14c08136f2462dc3b232e353f8e2128

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

MD5 f2f229445230c9c65bc8d307cbfb3072
SHA1 af5df3c870c92187d74c7be00d832bed411039b5
SHA256 2c9ecabf157cc874a168cb0beb617030a92538c7bfe585e92c880767f0083b93
SHA512 0a2a4430521e6c7e7782e0cfa8d0cae5d06865191355323e89236345262d1c0755ea58119ed3a6cc7b1a51c3eb871b075874b64822469d139f47746ade620b10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20fca034a73f9819b3448e682cb8aef7
SHA1 48335ced96875366c993563a3cdfa43abedda5ee
SHA256 e7c20f204011863ac42e4ed78b4f60ed0e7f25139244c4fdf1977589104ff900
SHA512 514eaeafe7a99d4078dd9dcb7ce91d5856d4e4125ab3ea66ddc4a97eb60920bfdf6973db433449783b9b4236bff323dc5ef7598a4e0b53be456ca25379e23cac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23193eb84c0d726c28ca491500258f4d
SHA1 73f91cb8906578311c1d04547d2777e7ab51993d
SHA256 620392e01d17b6f9db6de427671c1f1da4a806a7e584d9f1730bd7aad1a9ded8
SHA512 34b377961ff0e15786b8aad12666edaa49937b39d83dfee5167a6588816eaadfa569d4ba38b99696b8bed6e55aed2b261f340545ea64392550813a9087ccbe7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abc51b3868c85fc9aed2eb46b89b5067
SHA1 1dae226993aca76691ae70a3e1ca2a99a2c79f7c
SHA256 99292e4af826f14a8853a5827ed9c1c7d9323042a36450f1b15d1f50e0661e03
SHA512 90db03428db4db048ef3d58586aadf5d910a51a1a706f86cc58198b6c8f459f201ad23e52e9870f986a6cf11bec5a9d42e8abfba69936c7a3f37adfabdd48907

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d287968127b8fa464ac526be6dbe21a
SHA1 89800c77de2b58c40e2d9c11f80812257b93e603
SHA256 f931a849cd293bab24cae1833d4155cbbbaecee243ea9f5999024a06f8b68931
SHA512 03f4e8b817b5c4ddd3aa95aeab92d688f631569abc6ae57f3ccee1c75983664f41767d8bb83acb54acc54101b1007b06600ee4bcfbd0f1df451080381eb70e99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 088739a435b7e2e4e0936f55cd30976f
SHA1 9b1c84e04f994c4ee6bb407a147ad4ccfb6744ac
SHA256 af0c26bab359afa5609b88b50f3a0d81ce50009dc4cd693439a89f4e00db19b7
SHA512 268dcb4132beb03f0494b7ae227105dc9cc71592f117d9e693a9f3f3a4719620438b314744be00961650cacf8e7d5b5fe5f957d8c31e6588b9794841c962d7f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba677180c717b53543ec8c96a314d0c4
SHA1 d863e59ddfec6e90601dd4630aadc92d9c1b7e27
SHA256 638ebc209dface52281fefacb13f9101b2124fb22b46bafef6049efe25bad127
SHA512 8d1283605b5eec5084357a23099f8d1d305914ad78bc1e4c1ab3a16431bca2308f24e68f5f306cb731949e799165aa462a6d847812a7bcd5024d4ececa9a830c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0112f437deb0600aeb7afda8f00b673
SHA1 d0d869d2dd86e0817f3fa55e5f3e2872bf4f6af7
SHA256 0debcab188973959283bad00843ad37ae3dde547801d86e90dfd25553e1c9e07
SHA512 d20e9968d5eedd117ba604d7ecfb7f2ac13b9e814c3ae062509ac52c622a24d5545e70ffbd55d727b1459cc55fd2c6e13c91b6fed32d491dd64f8bb6c46e453c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8951e1f8d24681a9629bd8c31b6d54b4
SHA1 95afa23d2a5e4f675f4af3596f18b5634ac02aca
SHA256 8c0743ee6bdeb970862654b12afd18677a79923833b26d757656aa6b4047efd0
SHA512 6246bfe09634570e49951619f84fac5d8bb5c30a2413972d70604aec258a92193841dbebcfaef14e568b2c740075871e0498dba1176d0db2e765292c6bc9aaac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de5cb366efdf57f611229c9886319978
SHA1 b72c4b18808689a0553d6bc94643c8b4b1e680d8
SHA256 0559fe939be5213302d95d6ea08c43a9530e60a69a8f527d34568da7ba0e7c9d
SHA512 b5365179f113a9366af6ef06a43f71a2be62471226a3538970f05d9fa5339cbafb0f929036f2e2eed9bc82697182b52807ea8f1c8346548ea2f40aac7b584f04

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78e38e560bf795dd61653107853fdf1e
SHA1 3a8b2003c748f3fdabfff264520a324fbac745b6
SHA256 2bb82ead1440c5e1b64f888a1207b42ea9b28e936ac60a4be17f80cee08c56e0
SHA512 8540f6057f5752e5ad4d8d0a0dd65dfbd88750e00f18a55a44824d5e22c7b9ccf6b441a0c46e4ca5db5eb9578fb1853f12a6b206cb2c890ed0a16f606496cbca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3404f2cada62dd72f0c9df0b29265de0
SHA1 4e3f3759a27f5950e45c31363ac7f93ef2d39eee
SHA256 b9c7c241f4bae93ae1697f230eff5a387769039aaf0ae6a48f4622d69da1b858
SHA512 7483b1fd70c12ca7c07b54c48d2b707199402debd4c46bbff25c3f58ba1be666f4a40645241c3dbbecec6d4d179b5136f2170fd4460fe29a421d4089be5ff947

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 d611766f00e5d3b6b5197474bd25f011
SHA1 46734a69ca315488d489b5ec566e51d26b7b89c2
SHA256 6c64bdc0bb23428d0b2240739b85bfe7912d0eb5f3e75d8ebc7aeb9ebfdf5c44
SHA512 7cc6737558da933b5e5646c3ab41b00a995f83cc54f118fc8b7a146a711a51c0f838e0c2fa7701e07f56f4bc4cae545fd5a2640185d68bc3fc400aa6b73f297c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcba35405ec3c5f84140a3ffa7951b34
SHA1 84b2fd483e3874b91900620b2c9a7c3e60f0a40e
SHA256 7d63931eaab2686ca5b49223f262d5a167bf3becdc1805ec706f0f13e0afa0e5
SHA512 24e6756efb72f663ae5cf8584ffd763a3d0f2d48fc164f522c1155963533693d82d94075438daa9cd26ba14e94b9bd59b511d72176d47d29ed2a738f1ca51f7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da51ba3cce7c1b47025b441c4f829f2c
SHA1 fc5e13bbb8fdf6e08f45cc34cfc55f0db09e7893
SHA256 fd20e3724b68b089c6ec8ecfcd8922f4038d028a26e99282a6f31716dc2bb698
SHA512 a33530c239d7412741b0aaddb3936d826686d66a0725060d7a5ecdc9e4ef5414a27eab997e43579f619499326a3a6652f62a631065bfb2e008a7d1f8b41a5df2

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-29 05:04

Reported

2025-01-30 15:29

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_530246f73ee0245b9ab0d4b23fe2a69f.html

Signatures

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4572 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4572 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_530246f73ee0245b9ab0d4b23fe2a69f.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83b1346f8,0x7ff83b134708,0x7ff83b134718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4537743388412682388,12594929551287197622,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5728 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 bloggerstyles.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.187.201:445 www.blogger.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 190.130.33.3.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 bloggertipspro.googlepages.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 216.58.212.211:80 bloggertipspro.googlepages.com tcp
US 8.8.8.8:53 sites.google.com udp
GB 142.250.179.238:80 sites.google.com tcp
US 8.8.8.8:53 211.212.58.216.in-addr.arpa udp
GB 142.250.179.238:443 sites.google.com tcp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.253.1:80 connect.facebook.net tcp
DE 157.240.253.1:443 connect.facebook.net tcp
US 8.8.8.8:53 pipes.yahoo.com udp
GB 142.250.200.2:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.253.240.157.in-addr.arpa udp
US 104.22.75.171:80 widgets.amung.us tcp
US 8.8.8.8:53 tcr.tynt.com udp
US 104.18.12.146:80 tcr.tynt.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 172.217.169.33:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 lh5.ggpht.com udp
GB 142.250.200.33:80 lh5.ggpht.com tcp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 171.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 146.12.18.104.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
GB 142.250.200.33:80 lh3.ggpht.com tcp
GB 142.250.200.33:80 lh3.ggpht.com tcp
GB 142.250.200.33:80 lh3.ggpht.com tcp
US 8.8.8.8:53 lh4.ggpht.com udp
GB 142.250.200.33:80 lh4.ggpht.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 c4.ac-images.myspacecdn.com udp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
NL 18.239.69.83:80 c4.ac-images.myspacecdn.com tcp
US 8.8.8.8:53 c3.ac-images.myspacecdn.com udp
NL 18.239.69.68:80 c3.ac-images.myspacecdn.com tcp
NL 18.239.69.68:80 c3.ac-images.myspacecdn.com tcp
US 8.8.8.8:53 c2.ac-images.myspacecdn.com udp
NL 18.239.69.83:80 c2.ac-images.myspacecdn.com tcp
NL 18.239.69.83:80 c2.ac-images.myspacecdn.com tcp
NL 18.239.69.68:80 c2.ac-images.myspacecdn.com tcp
US 8.8.8.8:53 c1.ac-images.myspacecdn.com udp
NL 18.239.69.117:80 c1.ac-images.myspacecdn.com tcp
US 8.8.8.8:53 83.69.239.18.in-addr.arpa udp
US 8.8.8.8:53 68.69.239.18.in-addr.arpa udp
GB 172.217.169.33:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 img1.blogblog.com udp
GB 142.250.187.201:80 img1.blogblog.com tcp
US 8.8.8.8:53 i298.photobucket.com udp
DE 18.64.79.94:80 i298.photobucket.com tcp
DE 18.64.79.94:443 i298.photobucket.com tcp
DE 18.64.79.94:443 i298.photobucket.com tcp
US 8.8.8.8:53 117.69.239.18.in-addr.arpa udp
US 8.8.8.8:53 201.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 94.79.64.18.in-addr.arpa udp
US 8.8.8.8:53 13.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 i149.photobucket.com udp
DE 18.64.79.101:80 i149.photobucket.com tcp
US 8.8.8.8:53 www.pustamiska.pl udp
PL 195.242.117.217:80 www.pustamiska.pl tcp
US 8.8.8.8:53 101.79.64.18.in-addr.arpa udp
PL 195.242.117.217:80 www.pustamiska.pl tcp
US 8.8.8.8:53 www.pajacyk.pl udp
PL 195.149.198.194:80 www.pajacyk.pl tcp
PL 195.149.198.194:80 www.pajacyk.pl tcp
US 38.99.77.16:80 img357.imageshack.us tcp
US 8.8.8.8:53 194.198.149.195.in-addr.arpa udp
US 38.99.77.16:80 img357.imageshack.us tcp
PL 195.242.117.217:443 www.pustamiska.pl tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.200.33:80 1.bp.blogspot.com tcp
PL 195.242.117.217:443 www.pustamiska.pl tcp
US 8.8.8.8:53 pustamiska.pl udp
US 8.8.8.8:53 pics7.inxhost.com udp
RU 45.130.41.107:80 pics7.inxhost.com tcp
US 8.8.8.8:53 217.117.242.195.in-addr.arpa udp
US 8.8.8.8:53 16.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 107.41.130.45.in-addr.arpa udp
US 8.8.8.8:53 nethcdn.com udp
US 104.21.112.1:443 nethcdn.com tcp
US 8.8.8.8:53 korfo.org udp
US 8.8.8.8:53 1.112.21.104.in-addr.arpa udp
DE 142.132.202.70:443 korfo.org tcp
US 8.8.8.8:53 www.hotels.com udp
GB 95.100.246.72:443 www.hotels.com tcp
US 8.8.8.8:53 70.202.132.142.in-addr.arpa udp
US 8.8.8.8:53 72.246.100.95.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:445 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 165.190.18.2.in-addr.arpa udp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www6.cbox.ws udp
GB 216.58.201.98:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 163.70.147.35:80 www.facebook.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 172.217.16.228:80 www.google.com tcp
US 8.8.8.8:53 fbcdn-sphotos-a.akamaihd.net udp
DE 18.64.79.94:80 i149.photobucket.com tcp
DE 18.64.79.94:80 i149.photobucket.com tcp
GB 172.217.169.33:443 lh4.googleusercontent.com udp
US 108.181.41.161:80 www6.cbox.ws tcp
US 108.181.41.161:80 www6.cbox.ws tcp
NL 18.239.69.117:80 c1.ac-images.myspacecdn.com tcp
NL 18.239.69.83:80 c1.ac-images.myspacecdn.com tcp
DE 18.64.79.94:80 i149.photobucket.com tcp
DE 18.64.79.94:80 i149.photobucket.com tcp
US 8.8.8.8:53 img103.imageshack.us udp
US 8.8.8.8:53 img685.imageshack.us udp
GB 172.217.169.33:443 lh4.googleusercontent.com udp
US 38.99.77.17:80 img685.imageshack.us tcp
US 38.99.77.16:80 img685.imageshack.us tcp
GB 163.70.147.35:80 www.facebook.com tcp
US 108.181.41.161:80 www6.cbox.ws tcp
GB 142.250.179.238:443 sites.google.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 calendar.google.com udp
US 8.8.8.8:53 static.cbox.ws udp
GB 142.250.200.14:80 calendar.google.com tcp
US 8.8.8.8:53 grzegorz.namielski.pl udp
US 8.8.8.8:53 www.cbox.ws udp
US 8.8.8.8:53 www.myspace.com udp
US 8.8.8.8:53 profile.ak.fbcdn.net udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 161.41.181.108.in-addr.arpa udp
US 8.8.8.8:53 17.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 104.21.112.1:80 static.cbox.ws tcp
US 104.21.112.1:80 static.cbox.ws tcp
GB 142.250.200.14:443 calendar.google.com tcp
US 8.8.8.8:53 maps.google.com udp
US 8.8.8.8:53 t.dtscout.com udp
GB 216.58.212.206:80 maps.google.com tcp
US 104.26.10.2:443 t.dtscout.com tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 sc.tynt.com udp
GB 216.58.212.206:443 maps.google.com tcp
GB 216.58.204.78:80 developers.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 ic.tynt.com udp
US 8.8.8.8:53 accounts.google.com udp
US 104.18.12.146:443 sc.tynt.com tcp
GB 216.58.213.2:443 googleads.g.doubleclick.net tcp
US 67.202.105.32:443 ic.tynt.com tcp
US 142.251.173.84:443 accounts.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 142.250.200.14:443 calendar.google.com udp
US 8.8.8.8:53 clients6.google.com udp
GB 142.250.187.226:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.178.14:443 clients6.google.com tcp
GB 216.58.204.78:443 developers.google.com tcp
GB 216.58.201.99:443 ssl.gstatic.com tcp
GB 142.250.178.14:443 clients6.google.com tcp
GB 142.250.178.14:443 clients6.google.com tcp
US 8.8.8.8:53 2.10.26.104.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.173.251.142.in-addr.arpa udp
US 8.8.8.8:53 32.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 maps.googleapis.com udp
GB 142.250.200.10:443 maps.googleapis.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 142.250.200.10:443 maps.googleapis.com udp
GB 142.250.178.14:443 clients6.google.com udp
GB 142.250.200.10:443 maps.googleapis.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 mt.googleapis.com udp
GB 172.217.169.46:443 mt.googleapis.com tcp
GB 172.217.169.46:443 mt.googleapis.com tcp
GB 172.217.169.46:443 mt.googleapis.com tcp
GB 172.217.169.46:443 mt.googleapis.com tcp
GB 172.217.169.46:443 mt.googleapis.com tcp
GB 172.217.169.46:443 mt.googleapis.com tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
GB 172.217.169.46:443 mt.googleapis.com udp
GB 216.58.201.99:443 ssl.gstatic.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.74.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f426165d1e5f7df1b7a3758c306cd4ae
SHA1 59ef728fbbb5c4197600f61daec48556fec651c1
SHA256 b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA512 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

\??\pipe\LOCAL\crashpad_4572_FGGEZRXFOJDLBLMO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6960857d16aadfa79d36df8ebbf0e423
SHA1 e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256 f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA512 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f6decc5552f72657c4ef67c580abf35b
SHA1 6a20ee9ae44b488425cde9bb697f7a7f2fbf1517
SHA256 78d71177f73b5e1e99a6a37ff5d4e5d3824633cf0ab1ff05b49ef6a4d34224de
SHA512 63e42e075ae275fe61341db396b5e587a40208b0b573e163fa5ee6d7009cabea567036a667ca2c49a7af3794af12cf1a3be76d8b70a3d6944405ecf37f43dbb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 632dcbcb7a7ec913c1255f84cf90668c
SHA1 552a0ecb2e45985954a419a2af6989a4bb6a0dc9
SHA256 0b4968f03d1fe20d689df48c1294106a4244c17f00d758fb4669e9d184c5e67c
SHA512 9f41d194777de14da4d4f2828adc4bc49dc15819bcea87950c282478d59fc62d434cb2e8be1cfe2bde5eb6a53495af1ae1b83bd9d3a8ddeafe186e65941df91d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7b486738d1110edb22bd56bcbafbbfbb
SHA1 9350597f229c9b97e74b947037379e5cf84c9000
SHA256 b68a13a526a440c92afb0d696506a2512bae727ae64ed636543949030e4d2b76
SHA512 bbfb2c8e309aaa04aea6be41b761f2e052955be41ef95771a518cc0bbae2702b4ebe45bc3a29ad9e069293cee10e1e95e4efd1b0ff580d720e544c467fc48afb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e32c.TMP

MD5 dd830b838600bc307a26c345d2daaff2
SHA1 1931149f29af97f08efd1692ab995fa72c9402c9
SHA256 1f6b05d411fbd4fe43fb0c96dd767dbc94696178762f5f7627ad9fc4ef18a7e6
SHA512 6277fc8ec5d1c7724d1f14522df3492708037500d50826ebc6aba41c9ef81053f844e22cb663efb69d75b7354b081317dcfc676635423b91af57e8b1587e069e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0e43d7ab5277541dcccdebbcad4ff0ed
SHA1 99a2b093698ae6a5974d0a1870efb4289614e909
SHA256 b03009c871cade4b45e19eef8fee4a81e7cb64c41967112a95d94828d7b01efc
SHA512 4478d00ca7e2c795e95f83db04972751934d8c0917d75751fc30e25640d0bda9fd5b2e4112f8c399c4d9f49cf5f63fff0cd0d351209a4838412f24e9ce19cf82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 2ebfdbd309ee762211b4a2ac39708c4d
SHA1 b002922c672dbe1dd4caa02af24d0b1e7da616af
SHA256 54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797
SHA512 d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ebe6dcadd10dc6e2a033d11d9573cae6
SHA1 36a24e5819dd696d338dadb15f76284acc591799
SHA256 14394594a5527311bb540237477894bf38224475897c69c695ddcc9d5b95f89e
SHA512 fb27dd54cd9a7ee6faf1268e82d22a4524a5852cf0e08c7b34b2ddcb0dfdd7c471f585d803ef6fa5400ea744a1ee864b65e9c7d62030cb6d28f56d32a31a115e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d2ead7fda42605744914d678084b696b
SHA1 d797de76fd2c55e9d4fda886ec88b3dea6bbf92e
SHA256 6f0cb037594b8e0a1bca82ff37bd8086a771e1e15ad6af9dd9f1c0988228fbcd
SHA512 b0d53544df3f484008f43091ab17cdb6029037acefe004d4af7df27681a3b6b23b46d7730a2818c2975d60168619670ce4a488b76a97d10c598341466bbaf8d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9aa9ceb01361416ebe598a12b5376e5d
SHA1 cc0b43d367a11aed585cd0af22ec5f898c266d49
SHA256 53bfa92b575f0c5f30c20de59bc95bc3877cefa086e1cf1a3959d49c257a8562
SHA512 a799d08c1ede688adf682ddcb34de0fa294ec75fd8f997843bd04691743242259dadd219223a864f4cbc0dbe69f0686ffefc3fd45eb342364612edc1f70249d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 28f56469c013192a7b95fefbb5affbae
SHA1 203bc264cdd603d7a6d77a5ae5613650bb92bf4e
SHA256 f474819bff3d50d7cc77d8ac84d179c42b7466f334f26c025af08b3c6543bbaf
SHA512 10dfc07d6734e8670e7424d46599cb1b4b3c1d2e865b6ad3324b23780bd3dc2e9107f8f8a935ea5535d97ad1b5ac55e51149fd33664e0ffd2fa987f020d9755f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cd4c553efad142eea41c51a9f8634bd8
SHA1 bb2ef48c0f6e99d52c0c0e02464d7ffec99bf16e
SHA256 f3f6d6aed823ece276107c0168dee55e123d5e8dfb90152a938c0f7908290f71
SHA512 9b0e115d343d22a11b3b0326bdec6b0446260d4415b8fbdd0ad88413baa84f1c0b122e8aaa0571382df8f96eb00ef5e4e421bc364bf09690477763154d269125