Malware Analysis Report

2025-03-14 21:45

Sample ID 250129-lmcrqatrhy
Target JaffaCakes118_555dca777fbf086a5c3f41b3c295144e
SHA256 fc32bba627150a93cb6d7ec61b5c38aa39e151dd8fcf03d922f167c6f87c96e2
Tags
google discovery phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fc32bba627150a93cb6d7ec61b5c38aa39e151dd8fcf03d922f167c6f87c96e2

Threat Level: Known bad

The file JaffaCakes118_555dca777fbf086a5c3f41b3c295144e was found to be: Known bad.

Malicious Activity Summary

google discovery phishing

Detected google phishing page

Legitimate hosting services abused for malware hosting/C2

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-29 09:38

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-29 09:38

Reported

2025-01-29 09:49

Platform

win7-20240903-en

Max time kernel

129s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_555dca777fbf086a5c3f41b3c295144e.html

Signatures

Detected google phishing page

phishing google
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60a842d83272db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EAAD5131-DE25-11EF-ACDF-5EE01BAFE073} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444305858" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ecc1e5e3df755b4e85efa9196f29fe8200000000020000000000106600000001000020000000d7f04f6cd382c0fc3a9e82c6f7d55e1cda3080a8df8720bd1ad82d6b31873775000000000e8000000002000020000000dd4d540fa4301e7e6dee982fa501a74c264370e5f3af5ac54e1f10e82f7456b390000000515c43c784f0dac427b609ed76dc3c15aa2a5716cabfdef619668cfb456bfcc565d03e1fd330b2c3230ebc3a3007d8bf69424edf931908e86b767fd10b7610b49385289b36c0b4a64c46ef86baf544c4dc78f10b60f2daa032d9446866fa497aa31cd0a6f6a97702b6b8f79117744d6e7795a0bfe44e0d92153021cc416506dfeed8a283a31a0fa8c198a88380ac76104000000000f8bdbe9a4ee6a84fdbe7a690d3b5f743ee9f17e8b7b67a7ee1d982c5e1387696dede7a812ea137eb2cba91e26d02a4fc7ce2313045f2f6a74afd3e2c91def2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ecc1e5e3df755b4e85efa9196f29fe82000000000200000000001066000000010000200000007ee0c66fd1a2395f288627952ebfd041754cb34c5fe19756a72c0d41bc397b4f000000000e80000000020000200000009115b25403f46f35d3fe5dbed29cd5e08ca2a6ebf79be9bf02a49d832186c48520000000fc3c42c7d967e2e9a707389520df405b2a96b288d3b8728371540375c8b12d7b400000002e31ec30cd20a9316718cb8dba8474662b17071ab01ce968f09408e8a4233ba649c06e4e7d013906999af857dddf949bc3ae366c5021dbfc42b254fc04ff42f3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_555dca777fbf086a5c3f41b3c295144e.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2280 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 al7lm.googlecode.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh4.ggpht.com udp
US 8.8.8.8:53 lh6.ggpht.com udp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 lh5.ggpht.com udp
US 8.8.8.8:53 mezaty.blogspot.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 thabbet.com udp
US 8.8.8.8:53 ajb.ms udp
US 8.8.8.8:53 img102.herosh.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 www.poparb.com udp
US 8.8.8.8:53 www.feedage.com udp
US 8.8.8.8:53 www.feedage.net udp
US 8.8.8.8:53 www.topblogarea.com udp
GB 142.250.187.201:80 www.blogger.com tcp
GB 172.217.169.33:443 lh6.googleusercontent.com tcp
GB 172.217.169.33:443 lh6.googleusercontent.com tcp
GB 142.250.187.201:80 www.blogger.com tcp
GB 142.250.200.14:80 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
NL 108.177.96.82:80 al7lm.googlecode.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
NL 108.177.96.82:80 al7lm.googlecode.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
NL 108.177.96.82:80 al7lm.googlecode.com tcp
US 8.8.8.8:53 stats.topofblogs.com udp
US 8.8.8.8:53 www.blogflare.com udp
GB 172.217.169.33:443 lh6.googleusercontent.com tcp
GB 172.217.169.33:443 lh6.googleusercontent.com tcp
GB 172.217.169.33:443 lh6.googleusercontent.com tcp
GB 172.217.169.33:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 www.blogtopsites.com udp
US 8.8.8.8:53 www.blogtoplist.com udp
GB 142.250.179.238:443 sites.google.com tcp
GB 142.250.179.238:443 sites.google.com tcp
US 8.8.8.8:53 www.blogrollcenter.com udp
US 8.8.8.8:53 track.bloglog.com udp
US 8.8.8.8:53 widgets.5z5.com udp
US 8.8.8.8:53 www.yousaytoo.com udp
US 8.8.8.8:53 dir.blogflux.com udp
US 8.8.8.8:53 www.adfreeblog.com udp
US 8.8.8.8:53 www.wikio.com udp
US 8.8.8.8:53 www.indonesia-blogger.com udp
US 8.8.8.8:53 www.ontoplist.com udp
US 8.8.8.8:53 www.mynewblog.com udp
GB 142.250.179.238:80 sites.google.com tcp
US 8.8.8.8:53 www.rantop.com udp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
US 8.8.8.8:53 www.blogrankers.com udp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 xsltcache.alexa.com udp
US 8.8.8.8:53 www.prchecker.info udp
US 8.8.8.8:53 hitstatus.com udp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
US 8.8.8.8:53 s09.flagcounter.com udp
US 8.8.8.8:53 feeds.feedburner.com udp
US 8.8.8.8:53 adf.ly udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 172.217.169.33:443 lh6.googleusercontent.com tcp
GB 172.217.169.33:443 lh6.googleusercontent.com tcp
NL 157.240.201.15:80 connect.facebook.net tcp
NL 157.240.201.15:80 connect.facebook.net tcp
GB 216.58.204.65:80 lh6.ggpht.com tcp
GB 216.58.204.65:80 lh6.ggpht.com tcp
GB 142.250.187.201:80 www.blogger.com tcp
GB 142.250.187.201:80 www.blogger.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
US 52.6.88.216:80 www.feedage.com tcp
US 52.6.88.216:80 www.feedage.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
US 104.21.112.1:80 hitstatus.com tcp
US 104.21.112.1:80 hitstatus.com tcp
GB 172.217.169.33:443 lh6.googleusercontent.com tcp
GB 172.217.169.33:443 lh6.googleusercontent.com tcp
US 104.21.64.1:80 hitstatus.com tcp
US 104.21.64.1:80 hitstatus.com tcp
GB 151.101.188.157:80 platform.twitter.com tcp
GB 151.101.188.157:80 platform.twitter.com tcp
US 35.168.241.43:80 www.blogtopsites.com tcp
US 35.168.241.43:80 www.blogtopsites.com tcp
US 104.21.91.176:80 dir.blogflux.com tcp
US 104.21.91.176:80 dir.blogflux.com tcp
GB 172.217.16.228:80 www.google.com tcp
GB 172.217.16.228:80 www.google.com tcp
US 67.227.215.171:80 www.prchecker.info tcp
US 67.227.215.171:80 www.prchecker.info tcp
US 104.21.48.1:80 hitstatus.com tcp
GB 142.250.179.238:80 feeds.feedburner.com tcp
GB 142.250.179.238:80 feeds.feedburner.com tcp
US 104.21.48.1:80 hitstatus.com tcp
US 172.66.40.139:80 adf.ly tcp
US 172.66.40.139:80 adf.ly tcp
LT 79.98.26.232:80 www.yousaytoo.com tcp
LT 79.98.26.232:80 www.yousaytoo.com tcp
US 15.197.142.173:80 www.indonesia-blogger.com tcp
US 15.197.142.173:80 www.indonesia-blogger.com tcp
US 13.248.213.45:80 www.adfreeblog.com tcp
US 3.33.243.145:80 www.rantop.com tcp
US 3.33.243.145:80 www.rantop.com tcp
US 13.248.213.45:80 www.adfreeblog.com tcp
US 69.16.230.165:80 img102.herosh.com tcp
US 69.16.230.165:80 img102.herosh.com tcp
US 8.12.18.87:80 www.ontoplist.com tcp
GB 142.250.187.234:80 ajax.googleapis.com tcp
GB 142.250.187.234:80 ajax.googleapis.com tcp
US 8.12.18.87:80 www.ontoplist.com tcp
US 172.67.177.143:80 www.mynewblog.com tcp
US 172.67.177.143:80 www.mynewblog.com tcp
US 172.67.143.68:80 www.wikio.com tcp
US 172.67.143.68:80 www.wikio.com tcp
DE 159.69.186.9:80 stats.topofblogs.com tcp
DE 159.69.186.9:80 stats.topofblogs.com tcp
US 206.221.176.133:80 s09.flagcounter.com tcp
US 206.221.176.133:80 s09.flagcounter.com tcp
US 104.21.112.1:443 hitstatus.com tcp
US 104.21.91.176:443 dir.blogflux.com tcp
US 104.21.64.1:443 hitstatus.com tcp
NL 157.240.201.15:443 connect.facebook.net tcp
US 8.8.8.8:53 publisher.linkvertise.com udp
US 104.18.1.75:443 publisher.linkvertise.com tcp
US 104.18.1.75:443 publisher.linkvertise.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
GB 142.250.200.33:443 mezaty.blogspot.com tcp
US 8.12.18.87:443 www.ontoplist.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 172.217.169.35:80 c.pki.goog tcp
GB 172.217.169.35:80 c.pki.goog tcp
US 8.8.8.8:53 c.pki.goog udp
GB 172.217.169.35:80 c.pki.goog tcp
US 8.8.8.8:53 c.pki.goog udp
GB 172.217.169.35:80 c.pki.goog tcp
GB 172.217.169.35:80 c.pki.goog tcp
GB 172.217.169.35:80 c.pki.goog tcp
GB 172.217.169.35:80 c.pki.goog tcp
GB 172.217.169.35:80 c.pki.goog tcp
US 172.67.177.143:443 www.mynewblog.com tcp
GB 172.217.169.35:80 c.pki.goog tcp
GB 172.217.169.35:80 c.pki.goog tcp
GB 172.217.169.35:80 c.pki.goog tcp
GB 172.217.169.35:80 c.pki.goog tcp
GB 172.217.169.35:80 c.pki.goog tcp
GB 172.217.169.35:80 c.pki.goog tcp
GB 172.217.169.35:80 c.pki.goog tcp
GB 172.217.169.35:80 c.pki.goog tcp
GB 172.217.169.35:80 c.pki.goog tcp
GB 172.217.169.35:80 c.pki.goog tcp
GB 172.217.169.35:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 172.217.169.35:80 o.pki.goog tcp
US 8.8.8.8:53 poparb.com udp
GB 172.217.169.35:80 o.pki.goog tcp
GB 172.217.169.35:80 o.pki.goog tcp
GB 172.217.169.35:80 o.pki.goog tcp
GB 172.217.169.35:80 o.pki.goog tcp
GB 172.217.169.35:80 o.pki.goog tcp
GB 172.217.169.35:80 o.pki.goog tcp
GB 172.217.169.35:80 o.pki.goog tcp
GB 172.217.169.35:80 o.pki.goog tcp
GB 172.217.169.35:80 o.pki.goog tcp
GB 172.217.169.35:80 o.pki.goog tcp
GB 172.217.169.35:80 o.pki.goog tcp
GB 172.217.169.35:80 o.pki.goog tcp
GB 172.217.169.35:80 o.pki.goog tcp
GB 172.217.169.35:80 o.pki.goog tcp
GB 172.217.169.35:80 o.pki.goog tcp
GB 172.217.169.35:80 o.pki.goog tcp
US 8.8.8.8:53 r10.o.lencr.org udp
US 104.21.96.1:443 poparb.com tcp
US 104.21.96.1:443 poparb.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
GB 88.221.135.105:80 r10.o.lencr.org tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:80 www.facebook.com tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 216.58.201.99:443 ssl.gstatic.com tcp
GB 216.58.201.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 www.blogtoplist.com udp
US 104.21.96.1:443 poparb.com tcp
US 8.8.8.8:53 gelgit.tk udp
US 8.8.8.8:53 s10.histats.com udp
US 104.20.11.182:80 s10.histats.com tcp
US 104.20.11.182:80 s10.histats.com tcp
US 8.8.8.8:53 s4i.histats.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 172.67.8.141:80 widgets.amung.us tcp
US 172.67.8.141:80 widgets.amung.us tcp
CA 149.56.240.129:443 s4i.histats.com tcp
CA 149.56.240.129:443 s4i.histats.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
NL 157.240.201.15:443 static.xx.fbcdn.net tcp
NL 157.240.201.15:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.135.105:80 r11.o.lencr.org tcp
GB 88.221.134.89:80 r11.o.lencr.org tcp
US 52.6.88.216:80 www.feedage.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 52.6.88.216:80 www.feedage.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.83:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 184.25.193.234:80 www.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 s4.histats.com udp
CA 149.56.240.131:443 s4.histats.com tcp
CA 149.56.240.131:443 s4.histats.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5ecb86fe6a4a235efca6131f806e1a12
SHA1 c96ec9588ca686550e13090027eb5dd40e5ede13
SHA256 52cc1777843ccce2550b41faa7965459803fc61320803284630fb43d8c0569c5
SHA512 e62c0ea1159dc0c307cc44bcbb1f4afa196fb8362f7686d2338f36b01cde3afa8b5c622813d44006aab59e1fed0a59ed9c9a5b7237b3cc21309e62760a1131e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d62f401c6e1d5cbbcf730eb38c76ad9e
SHA1 77915a141605d38179391c78eac9cdbfdf383221
SHA256 b334d2d8067af43daa1fa1b46b005483d6933ba3ef9e4281493b9c7bfd06d485
SHA512 45c0d35af2dd51171c59a695fbc620a56bf650d00ea7c76515c16f50c17b55bbed24ae218f19db460eb7298b49761a54231afd373cdb1916925a86074a29c981

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 824a42957aba78b385e5088261e1ce22
SHA1 ec182ccb510862d5bc3f6b8d5fe55489744dfe1e
SHA256 287f51d015b1f9d9e8459719dc12a2954026cbf452c7c03aa0a281cacd2dbed0
SHA512 42ad7253b88c34cba215f727f22bd32dc0d0b2c22522852415e0c2f21b6518968c11dddc7b8297ff7bb7dd7491efc09a57942a43e662b342232154669dc5c96d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 e3ae6dca43f85a5043b9528d93b8e6ae
SHA1 17b77f56d0184668eaa821e7b588e4e2916b5711
SHA256 9de52e8c11f59d46af8a9c21428a65b7632fe54c8bc6d905e4e02ab80e1e6aeb
SHA512 9d4e5f7c73a0c3ca51675d0c677ef7c70b747a9ade5bdd44ccd800525d770597e4861b36d04e1b256e533a9f97152fd13dc26caf1f2cbba438a58d5eef4590ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 c9be626e9715952e9b70f92f912b9787
SHA1 aa2e946d9ad9027172d0d321917942b7562d6abe
SHA256 c13e8d22800c200915f87f71c31185053e4e60ca25de2e41e160e09cd2d815d4
SHA512 7581b7c593785380e9db3ae760af85c1a889f607a3cd2aa5a2695a0e5a0fe8ee751578e88f7d8c997faeda804e2fc2655d859bee2832eace526ed4379edaa3f5

C:\Users\Admin\AppData\Local\Temp\Cab5949.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar597B.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 be7108b74ed08afbc1349add59fdbe59
SHA1 5c6693db3ebf678b7deb58d624720b122af641dd
SHA256 e78ef02d1cc5444df5a233ad12193059bf7aa12e7d96a62cde614cad18d65f13
SHA512 8b4b97e5400e13aeabf90fb64cdcb1ebf45c2283fd06d7ce8601716ecfcd1a6ceb38a03e5cf3fb78c8caadaf46882363f52e22e514aa6d5355e59ad6b51274b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c1ab75914e04775dad25cd5a9d3444d
SHA1 9cf48f4b267395fe3a7a06f497ab4b398fcdddc1
SHA256 f16b336c3bf1778bf92508881fff9e3fa0aa6cde5690182bef5e27901713157b
SHA512 ced8a4b05fdbe7ca6abb8c9898aede6ad5910909a84477d32a90949b2a749dde97fde264031858c859b710b65441cf3d44bac6891c06f8564316acbb1fe62acc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 69b2a51e42653bcfdd4da138673d4db4
SHA1 007ab55e37288cd91fdff7042746bd5c261306c4
SHA256 d87424aa88fc63bcd5ae2b902eb9b90c1d906079b8ca645f14941187c1e42b68
SHA512 09e8635b3128b3dd56c499d7b5463aea9bc872613830593205b24202058b483f4668aabfb686e8096947b5ef3ed0d42b10ef3620a4ad855a913e8cbbe78bbf5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcda21074a503884e6ac19a741e6103e
SHA1 f91d25e60af44a0892cfd047b1e46e0b2512cbec
SHA256 00d81c2b23647cdbf5c9bad2ba95691e6a8d9cb3a14d4cb432624cd85a53dd38
SHA512 0535f8c2cff9662a39850422688a923d88071e3cd19eb247d06eb08ac03c8aaa420c361c0560a9d4edf110d26788e060d563341128d83c86361deb4c0a566ca6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 15404d4cc60cdefc1c74566523485107
SHA1 416e169847a960eeaa5060784a02cf28967cef04
SHA256 e5770dbc9a66ffe6b06d50f0b83450d32c2bf6f1d106716a59981d7a0cdcdd60
SHA512 c9c362b3e42226181ee1dc361ff477e3014eafca465207cd567e4dbe62cd75691a32fe2e2933a8a1db8cce735282a608273d37f3c74666e4c98f4d4cc5ef20f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

MD5 971c514f84bba0785f80aa1c23edfd79
SHA1 732acea710a87530c6b08ecdf32a110d254a54c8
SHA256 f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895
SHA512 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_C206949D025B756EFD400669E95CC4E8

MD5 ef40c8c7a39f58a068507083c3ae05bc
SHA1 17a6cd468dd09fc5d705cefb06a9fb7bd444a31a
SHA256 e2909a0f7743ef47ef5f55f53585d41e743766fb9450ed692c7ef71458913345
SHA512 6489514790ba885fe1ec615bb58248c8e29e9ec88b59c181e45557f2bd6cb981384256d673580410719852215b8ed77120877ab8dde47faa65958d7ac66b4224

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_C206949D025B756EFD400669E95CC4E8

MD5 87be1af2417fb49726281586d07169c3
SHA1 9a9776c1375ebcd7874ac60ed3dd2ace6c8f63d8
SHA256 9238baaea2c83c4103779ef652ddff67240e23eab7b536bbfba6b81365471059
SHA512 4050ce74d6ef4527fa25950ba7ad331e39d3849eae4d307b7b32cc51ba3ba96eb6fb8c482aeeeff244951b8f18b74eb429b2b5f4f0f599d2906219044de49ee2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_C206949D025B756EFD400669E95CC4E8

MD5 144ad617d7b989531b5216d30c39db48
SHA1 a9a4738862583b20e7baeadab308f285f2fe492a
SHA256 7d2d31280759065bae203e79c44d2f5bf82b403f965eba18e8876b29a74243a3
SHA512 9f44179b659045077db6f0aa2ac620dd7af59b7f1fa984ebb22b3b37a210def7173de21d997188ad7f25f8e638fea68b38d59f39279d908a1b003bfc97187056

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUBCGJ0A\plusone[1].js

MD5 2e4a448a27b8a58d75f607c7bdcca6f2
SHA1 31cf764c6c2240148eaaa2b9816e1219a273d0bc
SHA256 d3696859f3485d8aa6f8a4d0054d64fc1ee614e57725221dd1c97b930f02bc3e
SHA512 09ca4d8b6a0fc653490921befcb3d752e150ac9abf24d1fdd49c9453fe2baf969b76433a45121451ef642ea3f73f9c62871cdde5e07976ffdc03ee5200e4d35a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCATT3E5\cb=gapi[2].js

MD5 b103bb58d9e7cecaa60bdf377d328918
SHA1 0f094c307bceef833a64f408d2f749a10f79de44
SHA256 81dcd274347bd909cf132d3c8bcc9924e41921c33eca07fd6fe5e2a59ca4f5b7
SHA512 b1a4fa329b76df7c861771e1dc36749155895dff623cd916811f2af8c95f3bcf9fe75a3b9a56833f066a227444982ff4883459e24f7eead79b521c2ffdcaa844

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 056d1c0e1a2c8db8d2f282fa4f76110a
SHA1 a90e9ee32309e0c7698bb9650903729099f85438
SHA256 77b94e3a2ca275342cfcd03bca1d649718c01de781c897e5d295db4d7d2278af
SHA512 7b32bb440a19542511564fb6129fd084302e60a0d4c87baefc68a55e6276b42af00305be796274fcdb8b68377b51d650731d60c7f875c5c73a38cb558faa471e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 342e25dd539869e9c411cd600b0eaaa9
SHA1 07018917050c310c5b80b0aa66d952c2f90846a4
SHA256 3bbd8de3733909acccc625a23e02453fcb1705a127d18cc0aad5367839cea9d0
SHA512 ddcff823240290139b6e40d706e5507376031d3f83f12bd18e2c56743d9b6e5f9b224493a74e6af31870a48b1be93e74ef23ff3e337dc1b9880de7b69470f849

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2741a311d9d76996936a1c6825e1cc9
SHA1 6fa2384de7968772d0f8cb758020754ec65c34e5
SHA256 692e658c24a4a6919748ee1b8f5f0e98ceed51450a9261beebd9254aeccfbf35
SHA512 0c6a0d411680aae97ac2eca7716123afd215821122bce985a7d9f4af711d8564f880aaa17a0921b415da72c3d0c1c1a3c22fc6b0acf9fb63ff8d593a3cfea3c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06891fcf46efc0eab8d7f544e5ba3032
SHA1 a55d440943af75524d88ba21d981f0b6a3a5f0f6
SHA256 a66b2ef6a41fce4c11a7d17f0c620d18689b428552b4569862664ddcb2c7ea19
SHA512 22d2b4641f557bae6155a5e4b0bb90eb0d98c88a8cd2c466d254e85afa9ea2989ccf69e54c8d9cb746621e3e308677f7db25a657f9408079aecf8d1d417e9d53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c8abec0a8986aaeac1d4b9762592457
SHA1 1e060191c82463226272fd8672d7f3e14d92b5c3
SHA256 749e9d8a8b3924bdb710c260f4e99b3e10dea1a01adb8a5bfc24dad6473b142b
SHA512 de79c3cadcd85380725d84e057e69a32a149c2b35d45fc66cae1d554c75cf0e781ff22cb204d55f86262bc5624533f207909d84f47fc563ce3a016d531ee6bd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77465583e9e8e593bf25fee2234e3cfe
SHA1 3e0fc5c6dc453c597473edc6fe782eb25185cd1f
SHA256 6ef19626f217aa7f0eb3120a726712621b3f53993ffbf97eefcc013639057c7e
SHA512 1e644aa7f187466f7c96f815caa4daf57db1fad4e8fd89cf8f107c1082dafdc4f328ff01743e33bc5de844042b87e3b2bfb6172a952c326a387fc4e60cb6ff11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a0261fd590c76afe48e7afaa77b8367
SHA1 c34b4f1cabad017222795705c66312b4d5d5a251
SHA256 585450e30180237fb77bfad922dfc7b78771a08505d9047fcb8207e3a0321944
SHA512 9cc5f2dc10881dd9333738cbb6992a2ea3acce6b055c7f11265c238b327e57a5ddcab7f006fd4d93a8a30cff24e782b32905f89165b3c1e0b910e53ed0034b07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cb541077075f5be5de971efa3a00a2d
SHA1 3a8abef6b6b6cd254b90bdbefb402e2a87038f96
SHA256 7c8856936f1d4470f8ddc90f817e7d2df962984175198ed3c5a2d3f097946c48
SHA512 493193d752d3f2796f30685d32f1ea7929fb847a16f3ef3e83647b9c9f74aa593aed75190a60683e0eea2c5f1caf884a7848e915cf7a44e99e3e181dbab63de6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 596269c9baff0b87d083abe51462f6c7
SHA1 0c11c643e42cad544a6de812dec9a69dd5b3fa21
SHA256 c1a2c46a879e2e060277b6835445b6ad56424a67d1eb3da3d0328809fa5b29db
SHA512 ade219a2cff86f45f6203e13ef2d3ab4852c99648b260cdfdb799441f0b5c6f2c574c2fe44b71c7fede9a17d5498fe791dc4bd17d073e25b72ced5b822c42f27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ee6bce99c791c898e17cd3d917c6b24
SHA1 fd132606b65b944eed318f4c145b5e7512007059
SHA256 61e57e40ece8bab52746ccfa6b4f28a3ea6e2111cb2830422a142eb4f1751c1a
SHA512 2f33b36f2042cf4aaa3c73ddbde05182ab50180abb7db565d1448538a6327a7a02ef9460ca7c3fdde412d036c07e9425b0bd82216e2574548440534ee43b88e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b116df72d0f670d1a554ccb00fd64b2d
SHA1 d8bf2ab20f9567884f820efaa490d1191c5d6a0f
SHA256 dfc9a44ccff53e59f66b21179f909689b4784394da82bcc3a3760d3f23c499cc
SHA512 b2c9685d0fe8f11731ec50f6d81246f4b8559b946760da8f399becaaa7f3257de1ff33e98199522a3ca5680e4bb25cdeb08f3abd1347e3ef107317c956a802b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbcdc2039a603f9dc4de2ed58e15c096
SHA1 8ef13c2e74c59c22a9de4c8beacdf055604fb26a
SHA256 5e953ff12645a1a04bda5da606b28d2da33d380aec20273634b3d192943ad144
SHA512 585295a6230caff8fe50e4cbd697275bc59fb720bc5cabece95fb94ba5dc8a97b30173f4fcf0ff9820798719023cc06cc57d2196bf7c70a55ee194687836e08f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cea7fac8b89783fd9b30120dd5200ede
SHA1 7abd9ef78d34197810297bf2a1948915f2d7e883
SHA256 8a0603cbd357fdcbe651a71f6055a4a3b59585c26823191c308e5912ef830dc5
SHA512 c586292666413f9e176514e22852f1797baed4c565a8d8f8227502b103be4da31d8461be68261b0799b3073c438de19856cc6f7e3a4b20ffead425476c11c5e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf2c35f26b3f4c268629fbdb9212cca1
SHA1 d8182eeaf4595e1a74d9c11363eb940e3c8c6ac6
SHA256 682d08d8a8e4125f046864eb54470b79eb8893993b8a720e570fc3ef1a33cbb2
SHA512 6a83f2cc655ee0a61b2a7dcff0396154ddd8de73b55d5444707cc230d8822e54d7b0ec4eedce99893142d640ab683820a2774accf9fee203c1ce59a155cb6f65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fec2bdaf81ce6b0098e8fce9967c1349
SHA1 82edbbf69fa2a8e854b40b165db24487ada10bef
SHA256 47bfe947c0fc86563bed7a12f70354abc3b87aa99d7dbb424a585120d5762a9e
SHA512 7990e1950d9c1b803565c402b0e2eddfe1510d82a44cfe0a30d6fe39b9efbbe67066d90cda9391876966e8d27f8b29edfa96102ede04123e39791d668a6ed5aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01dec38c4a466aa1e530aa39990e940f
SHA1 7bba4010ea709ab02d75770128d1a4b816437a49
SHA256 0dfdf19cb9d85a3f2bd85fd3f022a6102cf34e1914ad6460fad0d1f54c7a5a64
SHA512 3bd5cc0b6fe85f9a7805158f125bb8f9ef177be4c62b7802e530c7e19dc57e9c31b4c1f4a62e5a78b4b456d51c91d0edd8f74bdad38c7ac16bd262da44a326bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8105d86edc742c557af9e97f2a98c5e6
SHA1 94a162eba8c59d54794851083df61851566c6f71
SHA256 ebe63763806e6c0cd661926e6e122b7bcb929a94e9a3d58012d2e7132a22e2ba
SHA512 13d3fb6b7f009586b6b5d782387b7cb6fb385042dde5ef8121fea7a8903a5d5c9b35338016d22aa8cfa40f9b2b7e8f3fdf2180bfbdac6df6581b2e571c3b143a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 442b0c7850088a96025e71e386b00d2b
SHA1 9de71dbb09a6bf78af02fd188adfceda6b5a9f01
SHA256 0e0586060ec65e6bc41a2b79eb2b97ba6936932b91012d8530d5dbbbd9054d8d
SHA512 c102d8edee21e4bc816232c39b5d0199a31af4ac3c8863d245d7cd9759d7788cef6a26a47ae33add0a5ce143eb76d264eb89054912aaa6905db2bb46c0323835

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bb40f0919003c006baca5c0ab85268e
SHA1 10803b203f80708f002e9d97855f6b21b86c3ad5
SHA256 e8900e4d330009551e6d4d66b22d53046e70e40f1241a913cff9bde082390850
SHA512 d423ea15d429ed5b889d2c588a67df244ca40caf09d535ae644a212e97a89421423e9d3fec0de094cdab056e32e6a19135e218bcba04603a97da130ca47ae68b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EB0KZ1Y4\2254111616-postmessagerelay[1].js

MD5 c264799bac4a96a4cd63eb09f0476a74
SHA1 d8a1077bf625dac9611a37bfb4e6c0cd07978f4c
SHA256 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d
SHA512 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCATT3E5\rpc_shindig_random[1].js

MD5 2a64803c4545d283d7a51e71f82a64a0
SHA1 d1e190bc4ab6a900cddff5891650f5ddc390e9db
SHA256 0a5518064275c2fba33ba69c84f584819aafdc9faa0ce3689c8687fc41f58ed1
SHA512 82bd924261272ed025d4938d7e7d5ccd9c6ebfa571b1b6816bf56341ebb70ef9faee807d83ba491a2ddea86e795780ce097fce4957d432d3b44497f5e6e16576

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-29 09:38

Reported

2025-01-29 16:20

Platform

win10v2004-20250129-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_555dca777fbf086a5c3f41b3c295144e.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3640 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_555dca777fbf086a5c3f41b3c295144e.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb443d46f8,0x7ffb443d4708,0x7ffb443d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1856 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11841943768903214366,5753155996734630961,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6940 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 al7lm.googlecode.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.187.201:445 www.blogger.com tcp
NL 108.177.96.82:80 al7lm.googlecode.com tcp
NL 108.177.96.82:80 al7lm.googlecode.com tcp
US 8.8.8.8:53 apis.google.com udp
NL 108.177.96.82:80 al7lm.googlecode.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 mezaty.blogspot.com udp
US 150.171.29.10:443 g.bing.com tcp
US 8.8.8.8:53 connect.facebook.net udp
NL 157.240.201.15:80 connect.facebook.net tcp
GB 142.250.200.33:80 mezaty.blogspot.com tcp
NL 157.240.201.15:443 connect.facebook.net tcp
GB 142.250.200.33:443 mezaty.blogspot.com tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 82.96.177.108.in-addr.arpa udp
US 8.8.8.8:53 10.29.171.150.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 15.201.240.157.in-addr.arpa udp
US 8.8.8.8:53 thabbet.com udp
US 104.21.112.1:80 thabbet.com tcp
US 104.21.112.1:443 thabbet.com tcp
US 8.8.8.8:53 ajb.ms udp
GB 142.250.200.14:80 apis.google.com tcp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 www.poparb.com udp
US 104.21.16.1:80 www.poparb.com tcp
US 104.21.16.1:443 www.poparb.com tcp
US 8.8.8.8:53 1.112.21.104.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 poparb.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 146.75.72.157:80 platform.twitter.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:80 www.google.com tcp
US 8.8.8.8:53 sites.google.com udp
GB 142.250.179.238:80 sites.google.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.179.238:443 sites.google.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.179.238:443 sites.google.com tcp
US 8.8.8.8:53 1.16.21.104.in-addr.arpa udp
US 8.8.8.8:53 157.72.75.146.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 adf.ly udp
US 172.66.40.139:80 adf.ly tcp
US 8.8.8.8:53 publisher.linkvertise.com udp
US 104.18.1.75:443 publisher.linkvertise.com tcp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.187.234:80 ajax.googleapis.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.200.33:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 139.40.66.172.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 75.1.18.104.in-addr.arpa udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 linkvertise.com udp
GB 142.250.187.201:80 img1.blogblog.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 172.217.169.33:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.200.33:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 201.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.200.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 172.217.169.33:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh4.ggpht.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.33:80 lh4.ggpht.com tcp
GB 142.250.200.33:80 lh4.ggpht.com tcp
US 8.8.8.8:53 lh6.ggpht.com udp
GB 216.58.204.65:80 lh6.ggpht.com tcp
US 8.8.8.8:53 lh3.ggpht.com udp
GB 142.250.200.33:80 lh3.ggpht.com tcp
US 8.8.8.8:53 65.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 lh5.ggpht.com udp
GB 142.250.200.33:80 lh5.ggpht.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 142.250.187.201:80 img1.blogblog.com tcp
GB 142.250.187.201:80 img1.blogblog.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:445 www.google.com tcp
US 8.8.8.8:53 img102.herosh.com udp
US 69.16.230.165:80 img102.herosh.com tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 www.feedage.com udp
US 52.6.88.216:80 www.feedage.com tcp
US 8.8.8.8:53 www.feedage.net udp
US 8.8.8.8:53 www.topblogarea.com udp
US 8.8.8.8:53 stats.topofblogs.com udp
DE 195.201.124.255:80 stats.topofblogs.com tcp
US 52.6.88.216:80 www.feedage.com tcp
US 8.8.8.8:53 www.blogflare.com udp
US 8.8.8.8:53 www.blogtoplist.com udp
US 8.8.8.8:53 165.230.16.69.in-addr.arpa udp
US 8.8.8.8:53 255.124.201.195.in-addr.arpa udp
US 8.8.8.8:53 www.blogtopsites.com udp
US 35.168.241.43:80 www.blogtopsites.com tcp
US 8.8.8.8:53 www.blogrollcenter.com udp
US 8.8.8.8:53 track.bloglog.com udp
US 8.8.8.8:53 43.241.168.35.in-addr.arpa udp
US 8.8.8.8:53 translate.google.com udp
NL 108.177.96.82:80 al7lm.googlecode.com tcp
GB 142.250.200.14:445 translate.google.com tcp
NL 108.177.96.82:80 al7lm.googlecode.com tcp
US 8.8.8.8:53 widgets.5z5.com udp
GB 142.250.179.238:443 sites.google.com udp
US 8.8.8.8:53 www.yousaytoo.com udp
GB 142.250.200.14:443 translate.google.com udp
US 8.8.8.8:53 www.adfreeblog.com udp
US 8.8.8.8:53 www.indonesia-blogger.com udp
US 8.8.8.8:53 dir.blogflux.com udp
LT 79.98.26.232:80 www.yousaytoo.com tcp
US 8.8.8.8:53 www.ontoplist.com udp
US 8.8.8.8:53 www.wikio.com udp
NL 108.177.96.82:80 al7lm.googlecode.com tcp
US 104.21.91.176:80 dir.blogflux.com tcp
US 3.33.152.147:80 www.indonesia-blogger.com tcp
US 76.223.67.189:80 www.adfreeblog.com tcp
US 104.21.95.51:80 www.wikio.com tcp
US 8.12.18.87:80 www.ontoplist.com tcp
US 8.8.8.8:53 www.mynewblog.com udp
US 104.21.91.176:443 dir.blogflux.com tcp
US 104.21.56.47:80 www.mynewblog.com tcp
US 8.8.8.8:53 www.blogrankers.com udp
US 8.8.8.8:53 www.rantop.com udp
US 8.8.8.8:53 176.91.21.104.in-addr.arpa udp
US 8.8.8.8:53 147.152.33.3.in-addr.arpa udp
US 8.8.8.8:53 189.67.223.76.in-addr.arpa udp
US 8.8.8.8:53 51.95.21.104.in-addr.arpa udp
US 8.8.8.8:53 232.26.98.79.in-addr.arpa udp
US 8.8.8.8:53 87.18.12.8.in-addr.arpa udp
US 104.21.56.47:443 www.mynewblog.com tcp
US 8.12.18.87:443 www.ontoplist.com tcp
US 8.8.8.8:53 xsltcache.alexa.com udp
US 15.197.204.56:80 www.rantop.com tcp
US 8.8.8.8:53 www.prchecker.info udp
US 67.227.215.171:80 www.prchecker.info tcp
US 8.8.8.8:53 hitstatus.com udp
US 8.8.8.8:53 s09.flagcounter.com udp
US 209.90.91.147:80 www.blogrankers.com tcp
US 206.221.176.133:80 s09.flagcounter.com tcp
US 104.21.64.1:80 hitstatus.com tcp
US 8.8.8.8:53 feeds.feedburner.com udp
US 209.90.91.147:80 www.blogrankers.com tcp
GB 142.250.179.238:80 feeds.feedburner.com tcp
US 8.8.8.8:53 translate.google.com udp
GB 142.250.200.14:139 translate.google.com tcp
US 8.8.8.8:53 56.204.197.15.in-addr.arpa udp
US 8.8.8.8:53 47.56.21.104.in-addr.arpa udp
US 8.8.8.8:53 1.64.21.104.in-addr.arpa udp
US 8.8.8.8:53 171.215.227.67.in-addr.arpa udp
US 8.8.8.8:53 133.176.221.206.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.33:80 4.bp.blogspot.com tcp
GB 163.70.147.35:80 www.facebook.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.204.78:80 developers.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
US 8.8.8.8:53 gelgit.tk udp
GB 216.58.204.78:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.201.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 216.58.204.78:443 developers.google.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 s10.histats.com udp
US 104.20.11.182:80 s10.histats.com tcp
GB 142.250.187.201:445 img1.blogblog.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 s4i.histats.com udp
US 8.8.8.8:53 widgets.amung.us udp
CA 149.56.240.132:443 s4i.histats.com tcp
US 104.22.75.171:80 widgets.amung.us tcp
US 8.8.8.8:53 182.11.20.104.in-addr.arpa udp
US 8.8.8.8:53 t.dtscout.com udp
US 104.26.11.2:443 t.dtscout.com tcp
US 8.8.8.8:53 171.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 132.240.56.149.in-addr.arpa udp
US 8.8.8.8:53 2.11.26.104.in-addr.arpa udp
GB 172.217.16.228:445 www.google.com tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
NL 173.194.69.84:443 accounts.google.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 platform.twitter.com udp
GB 151.101.188.157:443 platform.twitter.com tcp
NL 157.240.201.15:445 connect.facebook.net tcp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.72:443 syndication.twitter.com tcp
US 104.244.42.72:443 syndication.twitter.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 157.188.101.151.in-addr.arpa udp
US 8.8.8.8:53 cdn.syndication.twimg.com udp
GB 146.75.72.159:443 cdn.syndication.twimg.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 72.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 159.72.75.146.in-addr.arpa udp
NL 157.240.201.15:139 connect.facebook.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.180.2:445 pagead2.googlesyndication.com tcp
GB 216.58.213.2:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 102f253d13f1fcbd58ff7ea07502d0f9
SHA1 17fa9662f4778117d415f7821ad2f9eb549832c1
SHA256 6d75e75b1174af3c7b730d9d4a397e5c1b53c6935f7c4ea675da4e42a9f6559d
SHA512 5401a9bd5aab0b6add34e79e644916c3869198b3310c47aa8a845ab2d4d566d973c2a56e888c675c96bd04d2e1cbc756189f9122d6ce4b88cdbcbe1186ca7eb9

\??\pipe\LOCAL\crashpad_3640_UOUUPFVWVQVTLACP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d071abd21ba95452bd70e7274b2139b6
SHA1 75ea5ccc5ad04b9634e377b286fc99c448f07891
SHA256 973e07a348e7b2dba242b74f59a5d3d690842f19be76dd15a5e693992f08f142
SHA512 af42a390439b837dfffa305f21fb573b6f2028bbf767d7dcf239900fbcbb8d4e7015d37a8c52bb513bad60f6f5039d4e699acf8b5135b24e8d0e26a1d96d9b5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b8d8d67852ef756a95681d191939887f
SHA1 3c55a3e9c9d25a45912e48148e48c48ed53bb6b2
SHA256 64f615df6eabc70bb5388467abf92045a085f6319abf796ec6c0547ec4d34ad2
SHA512 a37bc6076de62852b20c68396ca4610341467fb64363263148f7f89dd56c92d533f1565dfa639efe698dba2ddc4fb5c4a10656a15ba47125ed586fa3bde80932

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 542158eec2bf85ad52259fee6f211909
SHA1 65a3f879c05c792e1f6f63ab3246ab8b006445dd
SHA256 a4000825bd17a0c7093c18056e2459d2cd6210b3e7113ecfb3c28de0b909ef85
SHA512 3249dc35b566743b05a0d5b71843b9acd7b08994295e603be78c537104bff50389ac3ff46775139d453ef00e09c939b01750f2bbe13f14a9809a4a740e67e413

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c672afa43c4d92ed912a7cdff86aa7c8
SHA1 178a0163d4ccf519ce2ec1bd515652a2a80b869e
SHA256 19d2925e545134809cb9e6cb76f55928961d23e5b7dd2a519e86fa25ae5619f7
SHA512 97eb1dd9f6d5c307f1dc2f0bf7e74793743706ea01376b6c6463c47540f5471b5247664786d50aef32b486342caa9cc914b4c8d21f3ee467efa856ad26dae5cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5879bf.TMP

MD5 c94a76b36ea51a576d67b7d8e4004989
SHA1 30b65a7f487ac3fcf5710dd6a07ad8c531d0be78
SHA256 2ca591f0d20d245accdf862fa95d94c2abc61392fb7d241dbbb7e337a1f9fdef
SHA512 0ed35c2418d8485269d1945010bc0d58d4bba6672f1417c1ed3bb90fcdbb79c2a5f0da40107654fff5dd413a9adfd488cb59fd8d0cc06e4493e4c79252962640

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a4795db68e259f93e439ef3b00230f25
SHA1 9f60740a4d222754f519522ef017f607e9bdc3eb
SHA256 0bd7d25181ea0d351b6c2153a4b264e174bcf3ac9f7034679d40bd3c08732b67
SHA512 e257f5785ee7d7a84687a6ba4ad4ba974706317819c1731fe0f676df59bcbb27eed9e05590a9c6fe8404435ba5a3a59db3010f6750c8956b64d6d829e078bf73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7e482a696cb123d60ce1e1d00630358b
SHA1 68668839893ebc9f364792e54a757c64f4400309
SHA256 5e2b85126db5723edbf043ad412d00c9b166345e80c4ca5faeb74d783ca7d7e8
SHA512 95afa9869b08ea4cb47042bdbb52d61f91fbd9d7c3cfdc642f9c2d0308cd76c04a70eb8c10b52aaf8930a56178d4074d4a271a6effea05cfe8467aa19a6d3292

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d2352ff00d159d32038e94bfd71288d8
SHA1 d40b0de4a34ec408b039694fa607399f79795117
SHA256 ab0aa151b22c7fe98787baffb2589c12e498b6467aeaf19008ad572e7d5bfc6a
SHA512 8eeb693dadabb153ca2c5a7b15f058dce2929cad8b5e4c774a795b5061d2817d6686ac168d75bab92b5c4156a15cdbadd750f9f145cdc056ae5c9f8602a3c995

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fc9080f7bf158497d820828bfc253f5e
SHA1 747c8a2ff3805acc8dc4c543352e026adf649f04
SHA256 b4bd3d57d7620a46c1f20f6c7ce56f0234ae8d718038beda074d97f347632ab0
SHA512 17d54a3c52566b14f87491a939f054b9f19ba5b9a6bdf878f95afe097038f1b46b304631579752be12c5113e0824c6ca348feea488dfa2aeddf53e3de3a02a1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007b

MD5 2ebfdbd309ee762211b4a2ac39708c4d
SHA1 b002922c672dbe1dd4caa02af24d0b1e7da616af
SHA256 54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797
SHA512 d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 69b1de380159df8a607366aa66d3ffb2
SHA1 f3f3e2051fb7f04d01eaaff2d1b632d7d94b27c2
SHA256 e9325c5f2d25d3d1e2007501c246917fe5e213cf3239df691351899b06024b54
SHA512 2a1f35df9d3f56a3d24b298e2012b6694c77bcb4361688e81369a59eaa61f71c83b8478f964ac5b0ca294bd7ba7f75dd5b935a39f0e3470ec21d579aeb3c146f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 46bb9ae98130fd8802d1b8c95377c232
SHA1 1bf52df7740caf1faad3324a5a3151d2282716a9
SHA256 431b72de3b4d9910ba8753a31d24fb66a05b3abe417229f4ed70bcc5918af74c
SHA512 1d1a06ce16d2e5f24198d645e906bdcd1f841587da837ce293ba96354fae6d50de3e6ee002ecb7166a512b117ead76da4594ec8a73c0851eed9262f03165c09d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a9318ef3823386248f730f7522c862ea
SHA1 0d8af4a3db1ffb05e4d38d26ab26f04a9d39d9aa
SHA256 47a2797a2f357510775e071bae395c4abb86c7530cc72f734222b370274c2572
SHA512 575a44fbf8af81bb7da048581422cc6270b898a6dfa0ab240b99977b8e6a59c7d4ca0497da74f3cd1b4dfaa44bf59255af66925a063f0cd09bf0fce622c3cce6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 98bc50b5e45a426cef9e1d1713cf87ce
SHA1 193b97af82b897593b2cb3f3aba0b3d3f727b4f6
SHA256 4f9278ffd8f5769632d9f73ff427302c784c6be40c66320fdc56a965c67ff272
SHA512 5f15e559414a2024cd3cc4c3b62ab7205bf9b76a289d8a5ff31fac0a16960989a9d3ec2e7ac662bf8f0fcd5861bd386cc5f9335f2fcebc5b3d1dd569439a6332