Malware Analysis Report

2024-11-16 15:46

Sample ID 240220-j4p29sec83
Target watch
SHA256 0824daab7035a6606fa4f2b332f60b4a3c9df3d296db1294d2563b530b4c0e7b
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0824daab7035a6606fa4f2b332f60b4a3c9df3d296db1294d2563b530b4c0e7b

Threat Level: Known bad

The file watch was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-20 08:13

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-20 08:13

Reported

2024-02-20 08:16

Platform

win7-20231215-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\watch.html

Signatures

Detected google phishing page

phishing google

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a0000000002000000000010660000000100002000000013c33792f8b7482d29d1ae5f72c74e5da8af44a7e95385e3d81afdbec5328beb000000000e8000000002000020000000b324a18f620ef361bf106e3effa1898dd39f674d8c61d49f12d1bd70c9d3bf8290000000ca92183c21c7c2cb88119900bd7918cde254b4575049f49364431dd6ba38754dc0c0bd21f43ff29d7324067dcf26e371e1856b229be2922aae11467bc63eafea214a5732c4116ee85f7f12d324540d1583cada2b8e5a3f1f963ed3580d5b9a2d5d235b8a7e811f1ed55479d5fc6b44a7377d6632f6008859ac9e61cf95736e0a602898e98ea044eb3c777f30c8de72ec400000009b1b757192667039cc00a6f1d333d056df39811d9d13abaf6d2a52db6d8b640be173d65320f9b4560fd0e5d94c15237ce5faf9a547744c7458225ea75d881163 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414578705" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FF430581-CFC7-11EE-94B6-42DF7B237CB2} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 802bb0d5d463da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000f1c74b952fef5c358fcb4a590901b8df11ce5c9944b4b51e97c74d8f19548592000000000e80000000020000200000000e731326f43cb3345494b334450eb2f7eb92e5800e0ee748b837b7e96de6804820000000ac07f166825d2bc9bb0ac5e8a81089736547c8d8b101438416dfbba7a000c1d74000000036de0fb729b787660074b53d9fd2ebb5516a6ca2c96d379fcacee15cd3c9a224c1a8e935e8daa684a886f70df27aef83878dacc5d640b2dccd7fe980cdf897c8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\watch.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
US 8.8.8.8:53 rr3---sn-p5qlsnd6.googlevideo.com udp
US 173.194.184.200:443 rr3---sn-p5qlsnd6.googlevideo.com tcp
US 173.194.184.200:443 rr3---sn-p5qlsnd6.googlevideo.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 172.217.16.225:443 yt3.ggpht.com tcp
GB 172.217.16.225:443 yt3.ggpht.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 api.bing.com udp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 8.8.8.8:53 youtbe.com udp
GB 92.123.128.134:80 www.bing.com tcp
GB 92.123.128.134:80 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.168:443 r.bing.com tcp
GB 92.123.128.168:443 r.bing.com tcp
GB 92.123.128.134:80 r.bing.com tcp
GB 92.123.128.134:80 r.bing.com tcp
GB 92.123.128.134:80 r.bing.com tcp
GB 92.123.128.134:80 r.bing.com tcp
GB 92.123.128.168:443 r.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 a4.bing.com udp
GB 92.123.128.134:80 r.bing.com tcp
NL 40.126.32.134:443 login.microsoftonline.com tcp
NL 40.126.32.134:443 login.microsoftonline.com tcp
GB 92.123.128.134:80 r.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 23.48.165.143:80 a4.bing.com tcp
GB 23.48.165.143:80 a4.bing.com tcp
GB 92.123.128.134:80 r.bing.com tcp
GB 92.123.128.134:443 r.bing.com tcp
GB 92.123.128.168:443 r.bing.com tcp
GB 92.123.128.168:443 r.bing.com tcp
GB 92.123.128.168:443 r.bing.com tcp
GB 92.123.128.134:443 r.bing.com tcp
GB 92.123.128.168:443 r.bing.com tcp
GB 92.123.128.168:443 r.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 api.bing.com udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 967cec6a0261396317c68afd38707371
SHA1 dd599a361ed816312e18b5b0035775724cd68ad5
SHA256 3099502e7fee26ab754f9720e1d7485e064ef995278287d44ebba35a316ef915
SHA512 eeaa21f6a2da567f414477c8c4fe0dfe9504983bcf6b71b7cb0060021dc0ffb3203f04d4e39a64834aae8f676c6eb48e88ee33f69931c8957e0e9f33dbc8451f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9947f1e24a75959573c21eb5ce55b881
SHA1 713eef2afde31211778944d26445097fd2d925d1
SHA256 01ca24a2fcfd58f518cbb71cc45ad186c1907935481cb83129a0fd44580d4b0a
SHA512 c93dcbcb6a2cafd55751439990ebd157bf7ad2a6197abbe3a99549b8232e456c7f028ef6f978c9773578f81477e683a92588d0c1248f6585d1af7ea7123210f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 594f30bc6681346f61233d3ad1078214
SHA1 8be55cfddc7ad4ebb0d41a449fe80a5df016773f
SHA256 8ab9d0faa487520d0ecd55399c2c7d653be521be99c65c40352dc9409942a024
SHA512 e5ab32baba4e1127472efc61a1756b846ed8ea7ad6fd6b91520c2a0f2d920a9067e95fd9d8bb4fedd2665c717c965f3efe65da9fba20a0e64edeaf819faa01a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 fa4bbf81d5a8ece655fb772ac844ad7a
SHA1 aad7fb03b6d8353a2f4ea1b8edf6b543d12e4542
SHA256 e306f62449e63a30a2e47435262c4ca119ead1e0536dacda49d920f3aca2c8b5
SHA512 a35c672ee4c0dc5f6b1003d579c6a9ef58ceed4554138a80f69db7aecd933f0df4011fa21649ca30adc98d9fb7e692e9ca992028fe34a694ce6289b7476b77bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_77B1CCFAF3D0516ED1D1368847DAC1ED

MD5 aeaeec59350a548971f8d1636b471685
SHA1 4254a97ed9d7c7a25b4bc6fa7f49aee505f0ffc2
SHA256 73681f1e257b87074b7b08e6073dea1b0204ee7eab4db48a8555a1852758afd2
SHA512 352f59c14630b64c2e170f6b7b84d3d47bdf774addf5008e47458d942ff5208dcd73adcada33b938ccc9fedfd61f1f0f07355c178cc9a1aba13fac215cfca9a7

C:\Users\Admin\AppData\Local\Temp\Tar4406.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab4403.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f78e98c2c380546450c1163e9645086
SHA1 b277231489a6d2b4768548dd29b7197b6da6f57a
SHA256 240717871b125f837eb7a5e55919c9aba9e468d8545b5261dd44eb0678efa803
SHA512 737f8d21e345f1b5a39d5ea6623a0d20dac8238e789ef662c1ae4aa128ba44df18f56e304d7682f1243cdf71ce558d7c106a8b43720e35a408cd8c06ebe0be00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8e1f45cfbfa747f2c5c14c9b469bfe5
SHA1 099293117dcb9f340040a72552d11f2664075e6a
SHA256 8670b555d5b5e11f47aebe8232274cbf9b4550efc778e8ad672771ef18268ca3
SHA512 67e18f98adeb149cf518d8e494d62308225b02209804a54e9f1479eb577f74f73881997624317bdb13b38ada6be3b34c3520f08f48a18946550878a0f1a3039c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0be09db48cc73780268630f95a28fced
SHA1 ba88b01a9573c99b57b62272bde47f1043574a61
SHA256 0cf7126333856f7ae97e6f5d998b2e3aadb2ccf484cc25a53ec60a53983c0065
SHA512 9082951f99a5c19c468644347572dcd13ade9cecaf928721c4dd2ba37a2c77100f3685c2d53c43785d74fb9fb71c8a15ac6d6f5cb86e745097ae99ac417ccadf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ec112e66f1819efa6cde454db0a681c
SHA1 a54393faa71b2832579278a6c99e5a36e02ba173
SHA256 1f1fe55137766f8f6c757e93730ba5308257a467cfa58c085408646ce61cc1f1
SHA512 2846f7d2e7150f058b4704bad7d617e8c6b01c12595cdfd73f5a25ddd7d53f7e8110c89711ee1fa83cfd54f36223257e9abce1f471ee6b7063e04aef55e5b92c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b60fdface0f66cbf9fda7a3efb66ecda
SHA1 71199c40d9bfb5993bbf2fc2ae97f9d672f446f1
SHA256 3d7a154d590cd1afdc4695d392019c4961ee9ba2c8bb0c90ca9e62a22668dba1
SHA512 68633ec1150246fce2b9b09cd86edcf4ce37d66c58442ccabe08033a01c0818969795f3b9306d3409c1d8650e74587d94ecbd46900401fc39d8ae3eef471ef99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d07054966f19fc77eacb64a149209a7
SHA1 af5c259f578a4aef29140398b66abc7a5b322433
SHA256 94036e0f6ce1ebda06d24262436f994b64eddb0d209866d53c26e86ea3e522b0
SHA512 9dff7d8b7b84a344aa9a30c60b42cfe3a1ca355d86067f28a955528cee179f29fbf8d8d3dde144c95ff5ad60de2bdc0b8ea1e149ba14b3397606e00d6a6d3f0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d0c64889a5d4aee1a9425a17e826216
SHA1 58146e44fb023df01966c8e54cc09c7e66082323
SHA256 72ac90e66f07bfe9242b1cbbc729b47ab5cb38e0663a2df676d2f4e6951c22c8
SHA512 0438519a7d29ae6ba4c8413b2dc9fda571c17bdbb492e75e3b95c7ee65cd4eada3781c303385fd2ae25fae846f4d731a8bdda85cac928cfafeb6aebb39431d91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0e90e22381123f4e2dd3f881c027f43
SHA1 01e5fab072b32844123a305f24fc62b73939ab45
SHA256 18ebfb28d38f453f9d7dcac7bb187bdd64324795059873355766397d14962668
SHA512 54387c4df56b8872398601f570752f7daebacd6ee7308c26e6a25d7b9e692d65c91b3f943c57c7967176863f667b14112d37acadd08fb2ae92893f5dd6854301

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e64b2436acd3d8f7f2516c3181d6d05
SHA1 2412e9bd1790d526afdaa90968c56a8c0887591b
SHA256 98ad87cc3f55fb1bde9e00a6813e53b845cad5533ef100406921a20db0d88f17
SHA512 41eaab8b3e561ae6dee93e1368b6d7e4d342e879daecd47eb5ecb53bbe712a8975730866311e01da860de53506b2f1b6223a6f7859600fa1ebb5736a79f42879

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0c6e3ffd48aa9ae5b84958e3ad1db21
SHA1 be2fbfbb831442e211561ed2d0525162930a1fb4
SHA256 a2c00396b8b64456209f449d3a9ff94724792789e540d047834b998c63826731
SHA512 4fc8c64b77b3c92755560e628366109fdd2a30d43799868f8fbb5eacc8574e17c3aa64eeed4a51efe77d33d6b6235d621d06d212d0753c0f19b02fc3d54e06a3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\qsml[1].xml

MD5 de31a023739c8606e4f25ff50ff11913
SHA1 f8249210ad01ffa1a75197e640ac3ec339883960
SHA256 0fc63bb565ab5da1430ac3c22d542eceb29fb35b4e01540c0b66eaa983cc2ff1
SHA512 fe6efc69585714bf6b8c0896a9033579f8ec63e077f3aab0c7cd3a1ecfb81de9e344c28ee5456be2130390ab12af0fd70caadad7871207fa0cfc48d25234cb3c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\qsml[2].xml

MD5 ebfc999604cb11af2275baf427e88633
SHA1 446a9ed153861594dc6b2cd7bac9cd9b428fd142
SHA256 c9972293589c47cd6db579f966aebb32a799f36f94646d13524c015d3bf90669
SHA512 32899c73d8485de1d60938a993c942b4e23d22846e02b137695dbe3346648330dba4b85cdeed88b9917e780f9981cd7590af9cbad15703d93e5e2604d655537e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\qsml[3].xml

MD5 00885c2d421443ceac05b98f415c56b7
SHA1 bf33aba89c19bcd3c20665c41e62a0a892507d62
SHA256 753a6b704177a0480e70e93aaaba86b36bb14533aa6b40a5af2484f7eac890f8
SHA512 69c43ad9627556c8193880315f47090fb6d94991aaef4034d689237d75f191a20c2f19578d2331eb554fa5e52d73ea2dd006e559bfc4cf1b50ca0592b4a09458

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\qsml[4].xml

MD5 55c07cb07a13df35d2130796ab5960e7
SHA1 c425e255d97523b675f4f7bd1d00d802ce691512
SHA256 42679f66ed0c581596486d19ee711012e396b5d8bbdb1f8bd2aa3ef62c2375e7
SHA512 b64f2fe8159debb21f1bb938d2a1ab8267aff78d8e1213ed39fcbd051c45dfba2bb41cc3b8bd9ff01b16b37d9b84edfe86a76df26459afcedb71abf74a5f76d6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\qsml[5].xml

MD5 e5b786a401640ae08d8c1658870e345c
SHA1 3ebb95e83b6ea831b70acec94e7db5e4204da9dd
SHA256 dc12f80a04511f5c16d7e61e99a57b55b6ab3725d662475d55977623fc17fda2
SHA512 673bc6063626b0a70167a960c35b00003467c013571dc93361401ed0d7964b135e33a19eef3753ddfcc421a35d2b2486a6302bdf88a7771de706b9d0872d39d5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\qsml[6].xml

MD5 55fd48c5ee6f6325e92a72250cd12d2a
SHA1 0a2f799230ff504925aa7a85c98ad3c53fe17cc8
SHA256 1d9ce5f3fe1a793794f2739227c518420cf3f402db9610226ddaae70e414f041
SHA512 bca2bb1768040b1ba7708706be9f98fde0500d4f4850f6bb0504412aa665b8472bb65f89dc01cd40b56aaada987d2bd166ccb3d7b21594e71a645981a76648ce

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\qsml[7].xml

MD5 b08e7508bc5353d45a097102ef7b0426
SHA1 c1dad2200214e66fb131581499e803a930c8e3b1
SHA256 efce791b70f1629dc6c24d209da6e99f0c08b90676db39f0dc14df5f11d3737c
SHA512 3b064ca8b814763894efb28582883f508110179bc69b5facadc9628ae890d5eecd9b0bc6bb205d35fd15f4a69eb395420e4c3a4c5d8c33be6753652c2919b81c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\02cy2i9\imagestore.dat

MD5 4f2f265db17122ebe2b866f2b299b522
SHA1 3e2bb28e0633587f9c9d8809966bc05bc8daf9c5
SHA256 69236a612e6c9dd6ed8a467f21456c637bd3e101463fcd0a6160b97e4d10a7ca
SHA512 cda3da7f9773f5f9b14c9fba7b867378e7136f1c0a743b90a8535e395c25fc8ce4f710cdce40bf83108d1840f147d0d9f739c7be9038c4a49070e0a48fd3e7a6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\favicon-trans-bg-blue-mg[1].ico

MD5 30967b1b52cb6df18a8af8fcc04f83c9
SHA1 aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588
SHA256 439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e
SHA512 7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcec268cea00b0d00e8e062d1ee031d8
SHA1 99e64b0734247ae69e56a2906a6cf05f0a811d6c
SHA256 2e02bfcd90cb831f90d3e9d3bd88fb1ebc16992a32b9f37a1227f59af8a34f15
SHA512 80536337bff43e26a209c84cec888aeb40ee120de1f8b2bfabe7fcc1e1873cab058d464605f6975bb021a0b3ff4fcede56a9c80f8c591dd491de54a0db39c530

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

MD5 f55da450a5fb287e1e0f0dcc965756ca
SHA1 7e04de896a3e666d00e687d33ffad93be83d349e
SHA256 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0
SHA512 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 f6b4a180e4dc46624a6a047bc6577050
SHA1 23bde70a240122f9728519ace8a61ca74c75b53a
SHA256 17f492bb7c942c4aa199f5ba8bfd2f1e88ff108672d32f19b7711dd849b47423
SHA512 e7b41033737bce025b4aa64e98138cd2c66c001186a1c240b547b2ade07493347c527754f185e115b8dfd03753182d3cc9652feb9713eda90dee651f774efc14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b62d866d4b1d738b024f037e43a0fbc0
SHA1 899d82c01bb92f58fc36b346e26e9299528f0e84
SHA256 7c21ca39d840c5118b702602df3c237152b42c05ff6cc00f24be8cf8a215d167
SHA512 08e0aa863e05b0b0cb36407a84da71c166893fd229eb781a2e2afd56d60166b57073708c4d7f9d958ced647fb89bfc9a62ed5c4445e0bc66734a351359eb9bcb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 042811045be8d5fb196c2c584ab5e11a
SHA1 1626283b640049128097c41700c24167ebaf371c
SHA256 0c1d2b9e41b243e85da261c0aae910db99bd6338eb6c9e749c0c91613bf53287
SHA512 51798df4027d0ab35dc4f9dd8d022ed676aeb56f3c7e99896dfabc5b3f026c8dca9aa90cefe6d7a4c6de835fff1299108b9b3ea5e56bb2d7e7f969d7d3dd6555

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

MD5 ffe2ae08ec6f5f148968988aa2b2290a
SHA1 b224c6b4b4b98937e049b2cc0672af2fab8481f3
SHA256 ddf9e7d5de6e81aa836b961c4b8912296fbaa3576cd71eb50900ed301a0e3d23
SHA512 42c3924cc9f01aae4041b66a8aea64c9f7e8ad7138e249dfa44603206f8b414ae6818ab616398a95e253916a24fca7d61e23addcf8cdedcbbecc42ffe125108a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 942bb67034fd1c21fe0e14511e9adc77
SHA1 ee2417d6497551f0cb36501c5bff2e7d3ecca9a6
SHA256 4a09a72b164f5ed0a9acf3217c8e6c08853d875cbac0fce00d2982e720473076
SHA512 bfa7637152d69d1c0b0c2211c52d65734ec42da6959621d211a6a88b1d33d0787452f451a9b167e2169e550c1f274715de69a9bdf0b662575ac4cff863190717

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a53f44f59a40ea456c55149a15ed9a47
SHA1 0125ba6f8c8e00bc1a1a3b0786015d5b6b8d8908
SHA256 1057e23c927ba30cc2a0eeb8392dd720d8b67ea6d81ff52f6347e717c7f39bf9
SHA512 05927467a674b98097d60cd3ba376cbe21d81b1f4c91d76643b93cac4283d5c53574fd6ce3ed41b0b8a0ed4377673ce8224bdc04b7640f5ee4673610a236fc74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ef5aec5ae94984d09fca2a5214e007d
SHA1 b2864e3b7362a75be6a93474a03fce7b2e9f565d
SHA256 511ab278c8175e3b740e7c2c0306d5260d3c385835fa3a2966a75d6a34be5105
SHA512 2e702eff36b2da2313173cd01a2f3cedb8d48d7361034f62cebc085037311076475295a9f93f6abf111446539c09c63ddf45ad3ec6e29d9ec6ca5806015b2a41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 775902e082ca6a15d6080fd6a3ee604c
SHA1 ba39af6021aa0cffee09342efe9d310ac8b3ab83
SHA256 9c90ebca9373300b5720d74ccbf3c1e761d06746261433e9df6c30c3ff549a22
SHA512 c6267b0a598ff425c725de0ef6847c9a93ada24073a36104c7e7af14a1844a9f1066f3eb171393eb9af8d931d44b576e9a27eeddb904d39fc6123739968cd9d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d17481be59714e735dc6ad1b96f13405
SHA1 daf701db8224d214d32aa2a5dee15a69f4d9d286
SHA256 2999bb4ca69ed28f27d09af118ae1dfc898a104c1c72959317fbac61c18aa5cd
SHA512 3017f98ca34d45b806bfa3093f2d46eed6501d088d0c285d77eaa0328a86048ecf2ff1b78d01a64799d018619ced10db8feae526ee303a652a7d558a8fb9e99c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81d9c17bcbfabce9710667d437487379
SHA1 fbeb8e79497d9c86eae99e28e747e8a1ae00f448
SHA256 f34571f429717f1d95b09de93e37f39e595cf2a31ebda48ec72a9e26477529cc
SHA512 1f5948589f4a3bbcf18c6fd5dd96a017545fe5416ecab1ed70201084b0c63112db2727e81788cf9735ac30b26d1587f7d6ad22cbd2983b09ca39a8a17c6ea8c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9640579d03f777a3667dfb183ef8edec
SHA1 5deb1831158bcb32c4faab193c53dbeb6059be94
SHA256 ab1a0ead03657d03415df897465f16adca47c0f37ad402d8e0e3c50506f0e604
SHA512 34a267608bd851672dc240d84b280d1fc9378f6dff03f3ddd8b38146263e385aae03155415504b41b084a2276b9b1942736ff12d2a4fc45ff480de58a223fb9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 551a5d45a0bec34b765b39a0fbe4fb2f
SHA1 73c1ae6e0d7fa7e6bec0b8e64ad9cb2f256e1356
SHA256 4c7d0b775c51fb6ffdb819a192cf893b62102fff48c40b555b5cd335132858dc
SHA512 44439a03bc4222bb8f45a9026be8ebb78a8e4f2a1368e8a4a0eef57cd12e0b3f6bb5d0069f7f6f4cc610af0a021b55b052b6ae5d07e3ac9477189a55fb96c6be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c1df4f0eb4eb35f114c745c36069eeb
SHA1 05dde389ef03e70dacee9d3c527f9118bf0b8a68
SHA256 c856b8c34a37a21b167802129b7da33ff385ba3580b157d774dfbc239b3292f3
SHA512 7d2e395f49a15781e0f881f75cb083219c03adcf0383d3f07c78c7f5c77a3dfdb4dbb480a6fbca83b880d90dc17aa5a7f15f0abdba723b5dc2e11477e2950604

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6c76c4ba634dbcd77a8d36e55f7dbf0
SHA1 5acf1a6b560151a78f109c2e676141c66b590587
SHA256 d5f95708c7933bb315a64404c591b85a9a128c68290428c62afd4489c860d1c3
SHA512 7196f9008fb678b8059bc345a6852eff95de6ed1788ef95b1ce3537795b026ed913be8f1db3f1da44cf42d86af8160abc0d3e52fbad3ef73cd45afc1a89eec5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad7ea27519cb446a1532c49452d9f654
SHA1 de8f602e9a9904c6d5460065b0c5572ab535b50c
SHA256 c243bba3dc97ef02ef89c660343f7d6b47c8343914ea28dfa3f738f1bea98c7e
SHA512 37cc4c0b36d462d463f45721c5b6ddea8e4e03f057fe416c5ad139df00fe090a4093608d93a24a5243899d3ea9ccd8bef89f9e2805da5805a4a0b75efbda453a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d16b288e5bf531a0e6860af323acdcb5
SHA1 3e042599bb71ce6fbeb3cb39ab638150207eab35
SHA256 2bd23c21f03c1d347e443331e9d71b26bd8a689f2cad20c3eb438971ac8f1504
SHA512 30757cfbfdd074f8e7dcd7d9d8e47273ca901e3ee6e38a2c763c2c53f7b736251e8d910310bc641404ca8b0666677b434825face724c661c66461516aa99f0a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f20ac7b9665ef06f1a352a51c3ace7b3
SHA1 e1d8abca7c41606902e8505bd802b4bb36f3229b
SHA256 ca7c125debb74c0c0fedfaf523fb7856835d8009f7d1b2fd1acb87afa0b4e2d9
SHA512 dd1b317f06e1515d80866a55130ad7ba9f5221251971257b1c0f187e44537c1d3a551a1f3ce59144fc2826dc905e608779a928714150fa405c4ecf57a85f452e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2b59889d5617097de7ef7c5ef7d5e5f
SHA1 66fb83be065432da37c9b751aaa37c4601706d1a
SHA256 218dec35f4540cc7ddfc636e169182dc5a7ad5ed2eb152aa3bd7fe3e420fad97
SHA512 7e6e996c0a087c116fc64bb02b8f34a28f7d3684f9f873ed59f2e92e59fb19b2f3704a54ff4ad49edd2cb79ca9c504b468ab532ed7a8fc583b4434291e7530f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93e26e06e24043c234466414e95a9fd1
SHA1 0bc16081a4e1a757b57b6951a60c502f0b60e02c
SHA256 00f1e2328fb9ac9e225fa068b4bd6e4812d32e08b22afc5c1f600550fa7b33bd
SHA512 9dfb29311df633953880297782c2f8ce63e01389206a629494b1a0e0510fbf07f6ada8c35675a6581ceebda95d245649f3b2efbcea3acf97814ef8fb8efeae29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 edc21152c1903823762208501e96c262
SHA1 1d2aab2105bdc5c5c0eb19a30e693d00aa224f8a
SHA256 d41599b66c8395d436a6abf99234402308f4e14c134b841a885c84c892cd1a21
SHA512 3f22df54d04cfcc7a63e8eeabbab5c888986748b1a0a838f2db81900cb97b01daa34b569a4534f9247da0147378aef996afa5b4c6f9cd3963f9488e39d2a9730

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cf4f3887e07ba7c6dc1f8d2bd3c4d0b
SHA1 f62e39cc1ced8674871f248bcaa7bccf41e33c9e
SHA256 73b287836029dc1b805e7d62c3020c9ad0412f956cf8dce8939fe7824b9da15a
SHA512 854e9786e4ba637ecf8f3613413c0d1b0e06bcfad494d156393a32773b3d404c9da80115f21e1da30a859a72593e15fa834163c342d52cf298d00dacde1cf8af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e54b10ac07a4346c824503ca2e553e3f
SHA1 e96b6ef04f0281d7749b79267f30f6dc71582ec1
SHA256 bce6b40039c034f94c9d3825604dfc35f5bff6eb19ec1426f875780f4eecfef8
SHA512 846ffdde5d25db833a5e122fc949f2ce2ebc69e7a98152ab9d29171ca24f8a83412aff400dacd8eb8e688df56dab89f37b7a61420bd4ab69164fe2ff603dcf97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab6a27394012625a074e566c763cf0c0
SHA1 ba4acfd38777b3595923a366f3151256706636cd
SHA256 354764690027d9ab2682032e45654174e6561e2a3d8a87035593f4d0caa431bd
SHA512 ffb0a64d25c6b1ed60128c95d4ccbd0b929aa9a813f0f1af5fa4b34210f6191480e07909b56b61f8b1c7fc90fcc17fd35b1708ca8cbf6cb0925e0e494f4affcb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3851157c73b82d54ce25958a7f9d8d99
SHA1 87753740d3937450e391dd3f57cb2d39ecc70639
SHA256 bbeea70165611a0ca109a177fc491b0233e4ef5f2c5e3b2d76de6934a867696b
SHA512 3a7826367a40a14b97d881fc6ec96ba44566942d300395ff9cf50925018985bee0f83dcc76d281c59983d840547112db646c2cbb950dad95f863138372a50ad9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d3a70e781ee58102de8786ea4a3d9d7
SHA1 922ebb732b3cd761a804fb178a82de6958f5f2a4
SHA256 251611a7dfd1acc6acc7510e00982ce70829ff5d95783fd67d90f2dac528864d
SHA512 630c216a5284ebb93f9997ae2b6b0d36cbf6e5200db60bca9dd85d44ab0967ebcbb94c2742a19f6ad76c9317adc36011b92203a89c5fa5e3042c1c7fcf50871d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53531c282cba2beb2414ad72529e6d7d
SHA1 0357575ee0dd7f5d734837d7bbfc92324568ab5e
SHA256 3fa1b3a16ad797ca6d530bbe3cf256359bdb66854c1c0d92d38bfcb9ae252373
SHA512 51a41fff1047d3e4aa42e1eb12d109dcc37771c5a2d4524937d381a177f78f802ad39127c3644e0478553355db21f214f7cf1b1b1581d7c87bc8db60afef7d01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4fce1e50f195efdd925051966543dfdf
SHA1 e625862e3ecc4b05a450503e8551786868c2b7e9
SHA256 76aa0a382430d6548ddc96134f50ca1b4e49b4f264bc3d365bc931439bfacb18
SHA512 9254b15cd80add5315d55fc08ca725236221f4be5e4bba81c3a99234080b3a60d0e78206b7cf8851268304deccc76f793a35871ab5bc0c4855652b43bd1476fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8e49279e9a953350e9fdd3f5051e6e7
SHA1 e5b68a482cb5ce089cdd60ef24de1847d8e894b9
SHA256 c5f9d12858f300eed20bbfd828eda13e0c96203b1a9b2a3f59b74660910a7f6a
SHA512 c270ef5bb542a149860c925793d32bf9462b5e3b152229a42a2b657cc1dda16756e7cae09d6bc29d9eb16e918b2774deb1577f8a735bcbdfd95a17220652827c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 688bc94feb83efe16e9cf24098049206
SHA1 ac35262fda5337a7b0b3112e45142c550cf4d180
SHA256 ec35bcf99783df47733ae2a75cd7bbb96acb6d5fc1314a6239d8d52fd3cb03da
SHA512 0e04244870449df96f493c199d2856499b11d662968fdf58bb665bbc4b2cab3953a1cd535bf0a700c44fe6b02fab2123aac45eb6b2c01b2fbc37345715d6164b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 babc617b4cae381c2d891f1f744c0c39
SHA1 424dee7ee99ac5d5b636980be97ff35222292669
SHA256 8b6eee1fd65a21f9604a709138ae5c52a8719f2c7a005377ccb2e6fd83d496c8
SHA512 6372186b9d5aa0166d5e3466a34e6f13849e0af5a078d02037d407100458fd80cba5ea815b32012379a01f08f02baa346fb864f9513357e3895f235ee6f7f768

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 0b51ebd12ef4e626d4ff9e19400af66a
SHA1 901f5693f613ac4f9cbbc8eb32e431cb99b15c8e
SHA256 7f4f75509457c00da8e670767f6b79b56e9456c6c58f4c994eabb23a4d5d0de8
SHA512 f40ac06cc9f77cfd0820dec2de1b54c4f9de035600a3cb6262e60a123826d83f96011a45c8d35a4816cb1334067e456c5ed42d116ae326108d23f208c139a725

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 813499afffcc08b61ac443f7be3d9bbf
SHA1 989d6a8caf0651eee7ccd477ba82a061b38ec6b9
SHA256 69562de197fc8b4cba0213999538c9d89a2fe4ef8e4ddaadc9fa767342ac13e3
SHA512 cdd79d12e45ace20c275401bd7d207980e6221568748f03f2171aebb9d211c24973fb62e8961f0fde10238b8d8cc694a916793226e302694bf5f355a4b361681

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65a1193d6ab1297bb5bf612897ea806b
SHA1 6b9b0a00265713d45b2b0a8b6199f7b1b8765ae1
SHA256 42a8f9d6781da90fc2562784389776e04fd14d0bcc01100f6abc87887363f138
SHA512 e4fdece000527f3d2998adf0f55de21cdc3df5d6715fbfcf51e6a4e900238dd194a282cb78947c5802e475408cb0cf967ab6e4d89ef83b17156167920ebf04f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e71a2c79de9d6d5d4a4111b0b032a88c
SHA1 92ea773252925e6ed441c461e9ca9fb45a948540
SHA256 1b4f1adbc4eb3051370bc73aa6b77680657fa5fc34749dbd73821ead22b9c6cc
SHA512 705a8e4d0eae77cd97ff9f6b9c6dfb9a52b5f42386c13c508984764af661bfcc835add3e9b681033878b279f16525bfdcbfa070f50f16ba35d00be51e2602cc4

C:\Users\Admin\AppData\Local\Temp\~DFCC1D6F8F8E7EBF2D.TMP

MD5 902f2e753a0d734acc8a2fe5dd756b5f
SHA1 cda1366f6163a5d4db543dffe7761c82205911b1
SHA256 180bdcb1a838a7ab7bbd335fdf5af850020a6e85392854637eed76e630731636
SHA512 6c0e799584bfee27ced64d972b2174fe01681c8b8b3c9d4bef0a815f9392e85be3fbc1448d8b12a41203cb4e4a6c95251c87e429c2382584870231e5ff74dd07

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-20 08:13

Reported

2024-02-20 08:16

Platform

win10v2004-20231215-en

Max time kernel

162s

Max time network

168s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\watch.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3304 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 4796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 2384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 2384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3304 wrote to memory of 3580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\watch.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeac3146f8,0x7ffeac314708,0x7ffeac314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,13205853907019121161,9393801432732727678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,13205853907019121161,9393801432732727678,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,13205853907019121161,9393801432732727678,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13205853907019121161,9393801432732727678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13205853907019121161,9393801432732727678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13205853907019121161,9393801432732727678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,13205853907019121161,9393801432732727678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,13205853907019121161,9393801432732727678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13205853907019121161,9393801432732727678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13205853907019121161,9393801432732727678,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13205853907019121161,9393801432732727678,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,13205853907019121161,9393801432732727678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,13205853907019121161,9393801432732727678,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 /prefetch:2

Network

Country Destination Domain Proto
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 142.250.179.234:445 fonts.googleapis.com tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 172.217.169.14:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 246.179.250.142.in-addr.arpa udp
GB 142.250.179.234:139 fonts.googleapis.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 rr3---sn-p5qlsnd6.googlevideo.com udp
GB 142.250.179.246:443 i.ytimg.com udp
US 173.194.184.200:443 rr3---sn-p5qlsnd6.googlevideo.com tcp
US 173.194.184.200:443 rr3---sn-p5qlsnd6.googlevideo.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.184.194.173.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 172.217.16.225:443 yt3.ggpht.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.16.230:445 static.doubleclick.net tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.16.230:139 static.doubleclick.net tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d5564ccbd62bac229941d2812fc4bfba
SHA1 0483f8496225a0f2ca0d2151fab40e8f4f61ab6d
SHA256 d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921
SHA512 300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025

\??\pipe\LOCAL\crashpad_3304_JEGILQKFRFGOJTJM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4750f33cf26620879ef6368d2600ffa8
SHA1 e226180d740b94f236241b75fc98828a0e211b78
SHA256 7e29a8af01beba9ccae130876531e3f8b68460485f48ec73124180c7a65b21e3
SHA512 5e65b9ba9cdf17719ec0c12902e85ea644157db8ad08030084a8ed91c2a6a01ef45fac281d00d0d521dd7429064f335dc0fb5e8ddb43b797e3212b4ad0cef23b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bb550143f8485ad8e0526243bf09f479
SHA1 048d444ba68c98d099c4e49e0a6958f930c413df
SHA256 2286203437e665bb1e711fdcd14716523d80c047e8ecc277e990140e209992c6
SHA512 ec6598e228ec21f88dea704f10ab32737ea4ed0df63f655df1ead7961183062fd30ad092b8683d4b4828edf63ead1d08d80aca00108cf8b75a5934e44b2fa698

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ed7b3bbc-50a4-4e84-bbaa-7ac647f36a77.tmp

MD5 a476d47ced1743e77ce5b67e6a62904f
SHA1 81b17480b1d2a3fe85b2ae24d16e0afc8b30edc4
SHA256 d381430e0e69065f9d9cabd71bd45e3c9ffe2582003cb4be7b9111f68dc240f2
SHA512 d018ced808cf91b0d327183632cc1d0251e87e4f0d07c925cfaf33c6a5da14590ebc46099ab6e71c10bf01f3c0a27c995be421a670139bb09b25edfcf84ed660

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1d1c7c7f0b54eb8ba4177f9e91af9dce
SHA1 2b0f0ceb9a374fec8258679c2a039fbce4aff396
SHA256 555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18
SHA512 4c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

MD5 d2f8beccd4ac546ec7826dfb3c2ae545
SHA1 645b65197d5b1d03ec968d4d998e0cc7f705c589
SHA256 d1a46fc19707b90ed9e0392e2483ac514fe6e6a68318b920b9395a3947a8cd9c
SHA512 4ff41c0acb36a7dbd8876aa347fb2caa287430fb3c3a8e1dadf5c5d41bf0af087217f129701fe4d4bb9309e4de55b027dca75dca8725623da5a78cba9d44b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

MD5 c24ce9cb3717d54f469a2a06cd185a8e
SHA1 a9cae81c74b810b9eb96172a8987cc6fd9afd9ee
SHA256 2c7afbc0435e267ba3fd74b88cd792ad91e64d3f6594bbbc7dcad4065e471adc
SHA512 1da1a0e3b3eb6663a38790ebf61653511a87c7c68cbc99455a688357eaef87d8ddf43b3095c354a1235c19f9027cfdbeccd414e2d08aa64d659304caa52c060f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

MD5 35728caf7c8b1c42c50fc44dfcdb46fa
SHA1 89963afe898977c4a20f502186d0a2db80a8d2d7
SHA256 03f81d3b61ffa6aeb7be4507bccd9e1d2a64535678e93ca5a2dc9c5aa2370e8a
SHA512 f1fafa6b98b94dab864e36e85adaf24445e6313eb7f13fa18a0bf079b57812cf4e881962887714f30efa9a1d32db0b7ac54b479ce5e8b438c744f0087e29c54f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fea7148c6ac2f641c8a25f9bc58057d2
SHA1 e591dd196524bb7dca3d3b037d039b39d18070ae
SHA256 6d0e543e6eb40486c6957a036e4b1d6dcc74ea784c21a569b78a04488b7db16b
SHA512 b6bffc5c6ccc37107b3be508ce69aca3df5e44be5e796f50304b4e0de65013ecd349a7b9162438f40bc6ff8808b1217bb0215c4358414d32a8e39c3c81a1906d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\baaca7f4-788c-4f32-8fe5-62c6d5ac6ba4\index-dir\the-real-index~RFe5862eb.TMP

MD5 9927ff32f4fe0170775d1b1ec33ff650
SHA1 1668c2854257ceb4a4fb759251323ae476aea4ca
SHA256 25bc1c9283365fc08d58e89a045aa1f6ad3f0eea7c8b7c4b1fe728c7f9c5633c
SHA512 17341033662f9ef16571b06813a336aff7e47690c55dfe3a012a91d52176a2b75d5134ac7467b329899c39d0de75430c77e62fdca59fd367f092db5c151eee08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\baaca7f4-788c-4f32-8fe5-62c6d5ac6ba4\index-dir\the-real-index

MD5 7cb439ac693b136faad5cd10ad40bc34
SHA1 a0bbc77e557db2c2758c6a01d876eb6455f9e4b0
SHA256 6327e29e152c43c9e45a480ddb197802bac9d36b34dfbb89ffded39cd0bae3c5
SHA512 9a25ffa9ffca34035016259cbe96014f2ec9d879c034de5767e6433ae54b5715e4cebaadd79a5813b477c99458fd3467353adb5d7b27c019a4e5e68c490a4418

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

MD5 49280b70f91e6ccb92dfc86093598d4b
SHA1 bc95ee5fabc89734aadb5fadf2a1a783efe199c2
SHA256 d5f48bc6fc441779b07852d54f047b8da80f5f60605401eee8a74af0315b324e
SHA512 50994f608908964a07fab786438a14e90a0703c957d64cfea497f91e394448612b81da15a37fd1e7584d0298ebb2d5f637f8c06e85e5d570ecfbdd3d68cc41b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 890c1f6c94df20e9d81cc74df1d42fdc
SHA1 570eeb83d44807055232affd2ad903bc728aa4b3
SHA256 596c2f26a89378d3636cab04b9087b1abea4aba2660abcc2ab3b2c4b8ad3a8a6
SHA512 6b6751fa43c571bbfcbefa582f5bbd7aa6df9525961f689028f1211a8a8e81b5e33557caa5abc703b3eb7326cc560c9aca5dce79670e12e25dc84d92a0e90728

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d73612fe7c829fa7b68871f0f0693832
SHA1 adfc4c284dde9f1f5f0e6d7f195afc0fa6034a61
SHA256 174b496654d5d00da1ca38130d5a52f5252922badb3a579038672766f1b3f116
SHA512 120fdef5540b0c35cfaf4dc1bf25f0d1df2de31e71130178594ce7b3fb7d8e4337c6cc80b5ba483ff8618a535688e4a0a34ef09529cb7a0aeafbc6095a30d96f

Analysis: behavioral3

Detonation Overview

Submitted

2024-02-20 08:13

Reported

2024-02-20 08:16

Platform

macos-20240214-en

Max time kernel

120s

Max time network

131s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/watch.html"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/watch.html"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/watch.html"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/watch.html]

/bin/zsh

[/bin/zsh -c /Users/run/watch.html]

/Users/run/watch.html

[/Users/run/watch.html]

/bin/sh

[sh /Users/run/watch.html]

/bin/bash

[sh /Users/run/watch.html]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secd]

/usr/libexec/secd

[/usr/libexec/secd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 20.42.73.24:443 tcp
GB 104.84.95.239:80 tcp
US 8.8.8.8:53 gateway.fe2.apple-dns.net udp
US 8.8.8.8:53 onedscolprdfrc02.francecentral.cloudapp.azure.com udp
FR 40.79.150.120:443 onedscolprdfrc02.francecentral.cloudapp.azure.com tcp
US 8.8.8.8:53 bag.itunes.apple.com.edgesuite.net udp
US 17.137.170.36:443 tcp
US 17.171.98.2:443 tcp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.44.233.108:443 help.apple.com tcp
GB 23.44.233.108:443 help.apple.com tcp
N/A 224.0.0.251:5353 udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 c05b619361d2cac0288befbdef519546
SHA1 634e507971e2bd2697df0cdbbe8772e6fbec276e
SHA256 1b2c817978649cad70d67be41215a663790d97707b7512cfc156b488438cbec8
SHA512 86308ab30375670ff5eb886d50e3b5be5f3b7d60e0de53458e0372c0c67cbfd1c58450acb201c7d21a5f351c2b0e796d1777dbaa1e2b83ef7f69a83dac26ba20

/Users/run/Library/Caches/GeoServices/Resources/altitude-1168.xml

MD5 76ebb0196d42a294b69ef118cbb301d5
SHA1 61e5ab752d351af1661716bc48c0520f66cd1d1b
SHA256 aaa9febe98e3a75220b4933d1f00f2bef276183491e7d171fa54d03259812759
SHA512 8dde09d72944e8925c5bd64dc3799a44d7c30191d5038939a24f8a45ccf4d66b84990e8be3e0f2ee1d42d1dd6e5ed3673c39f803874fb0840a3232cc1e533663

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 73fcebfec3e7d35b5b52e5e6905bad99
SHA1 fd455093b22650eaba80dbc78fb38c4d491c42ed
SHA256 e5bbd19c9be1c62d048b9adfd8a6ee32d31d2a46421afd7e0a24d6c64109ee00
SHA512 8fe55185e3c80088d21a100032a0dc626af2b854df7003e9817e6d4e98c74dfba1237ca169fbaee5196c357b777bf77410f95fb4d7ca0f19c6a2cd2373491fdf

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 e251c94fc14a772dbd695b0919d4f53a
SHA1 63c2eaa2aae3f097a6ad8952064d4764fe8295e0
SHA256 2e8a5e8288abdb773269792173899a3261c3a04c2a4d07c119988542d1978b49
SHA512 92222001d9e6f4bebf5abfc02f4a0b379b33c4f7dc4e9b27170e8b2d43f7c7e017632f893619d04f01eeaa48cfd79f77c7b910cc47d74d5b81f69ea83bd69a5d