Malware Analysis Report

2024-10-23 17:24

Sample ID 240510-nda8msee83
Target 2ed65fabbf6733a9948f6a7b28270b1c_JaffaCakes118
SHA256 577555f46301bc4861d7d82f3b7cfcd2a7a558356f28394bf185928806dcad60
Tags
socgholish downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

577555f46301bc4861d7d82f3b7cfcd2a7a558356f28394bf185928806dcad60

Threat Level: Known bad

The file 2ed65fabbf6733a9948f6a7b28270b1c_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish downloader

SocGholish

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 11:16

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 11:16

Reported

2024-05-10 11:18

Platform

win7-20240215-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2ed65fabbf6733a9948f6a7b28270b1c_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421501654" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e068a594cba2da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c6000000000200000000001066000000010000200000002acac8537e416fa8b7c094ec959f460a9348e1807289b14d9553f58c982559e5000000000e800000000200002000000048a08aa9fa8c189a00b2ef65781083fe9970aa21bd2752f0c1798343808a47fd20000000988bdf8dec26f9c27465f4c5f1f6cb5af66cc18df852995aa815169640d52fa240000000860bdd99f0a7c6a8c25276c4ca1d0caf1dcddd134fcab99069511ca3cb359b3ba76f287712859e11a6b3e440b82f891d970012a0f874827f133e2cba5b7a702c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c60000000002000000000010660000000100002000000073a0ae4a4f329858c2bfbd1f12f775e0a288dcee65014f9dd36b613494f8f6d6000000000e80000000020000200000002019aab86be0f79e0605805475fd866a0b8aa7216f14a77f64ea981446f1923c90000000b58fad1ddf8efcfaa37f509af38046e52a179a53cc2ce9e1f05077c1cd709038c202abb9d602683c42dd02c376e6ba8a5ba2371a2af7612661e20d683e3424a46f33d4869fde109ff59c07697d4007de8b0ba0a45f9fba52fc04abe886c45ab5f7e7824583d81df0e155b2e0d6ead1be51d8c501ae1ce1a885a29d8002c1dfeea363a74316ff2e513c3f0a1cc2abd41d400000000541ff0f0372d2653a18e1ed81ae617594292583d63730340948440857e8b679695376a8c04becd77be825e5f5b7f620fbe8327556d3485ea8e934b90e213789 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BDD78D11-0EBE-11EF-8FD2-F6A6C85E5F4F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2ed65fabbf6733a9948f6a7b28270b1c_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2924 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 img407.imageshack.us udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 vectorise.net udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 www.ashadee.com udp
US 8.8.8.8:53 soalantemuduga.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.9:443 www.blogger.com tcp
GB 142.250.178.10:80 ajax.googleapis.com tcp
US 38.99.77.17:80 img407.imageshack.us tcp
GB 142.250.200.9:443 www.blogger.com tcp
GB 142.250.178.10:443 ajax.googleapis.com tcp
GB 142.250.200.9:443 www.blogger.com tcp
GB 142.250.200.9:443 www.blogger.com tcp
GB 142.250.200.9:443 www.blogger.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.178.10:443 ajax.googleapis.com tcp
GB 142.250.200.9:443 www.blogger.com tcp
US 38.99.77.17:80 img407.imageshack.us tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.201.110:443 apis.google.com tcp
US 13.248.169.48:80 www.ashadee.com tcp
US 13.248.169.48:80 www.ashadee.com tcp
US 13.248.169.48:80 www.ashadee.com tcp
US 13.248.169.48:80 www.ashadee.com tcp
SG 151.106.123.220:80 soalantemuduga.com tcp
SG 151.106.123.220:80 soalantemuduga.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
MY 103.72.163.9:80 vectorise.net tcp
MY 103.72.163.9:80 vectorise.net tcp
US 8.8.8.8:53 platform.stumbleupon.com udp
SG 151.106.123.220:443 soalantemuduga.com tcp
MY 103.72.163.9:443 vectorise.net tcp
US 13.248.169.48:80 www.ashadee.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 rack.0.mshcdn.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
GB 142.250.187.225:80 3.bp.blogspot.com tcp
GB 142.250.187.225:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 23.62.61.184:80 rack.0.mshcdn.com tcp
NL 23.62.61.184:80 rack.0.mshcdn.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.212.195:80 fonts.gstatic.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
GB 216.58.212.206:80 developers.google.com tcp
GB 216.58.212.206:80 developers.google.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.212.206:443 developers.google.com tcp
MY 103.72.163.9:443 vectorise.net tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 13.248.169.48:443 www.ashadee.com tcp
US 13.248.169.48:443 www.ashadee.com tcp
US 13.248.169.48:443 www.ashadee.com tcp
GB 142.250.179.227:443 ssl.gstatic.com tcp
GB 142.250.179.227:443 ssl.gstatic.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 216.58.212.206:443 developers.google.com tcp
MY 103.72.163.9:443 vectorise.net tcp
US 13.248.169.48:443 www.ashadee.com tcp
US 13.248.169.48:443 www.ashadee.com tcp
MY 103.72.163.9:443 vectorise.net tcp
US 13.248.169.48:443 www.ashadee.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 fca8af0dc8436b9952fdf961f8c7f401
SHA1 ac194f887a84a4538985ece94daf59cea48fe65b
SHA256 477645c7b83bbde8bdcf6d066f0de596d5b02fd47c223f89dde7d86903338cf9
SHA512 ba0d8f654216d9530bec83aa011a3433cea27873be327ac60eb1244997995489db76e25077dead09fcd43009b05deda51fd37b30a33fff01c94ba3927e1c21d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e7e7cd061680e8e8b3cac0abf279fa1d
SHA1 23f614bd4b996cfdc10dd6de2ce6df1e88d80927
SHA256 4ccc73c3081fef0564e57e17cf71dbb09cfa025d0a770fb11000d3642debe148
SHA512 6d4cf0ac6db24b7f641d26996bc73d18caab65103aa2b7611f6a397181f786b1dac9cac71fc148173ba1e5c3662575da634c69b9c3838616d71e0b1da2d3dcb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 b6e1ed95e4369f80df62ffdadad333fc
SHA1 e6256e70df0a05a7dfd81c8f81e7a8ab2f00140e
SHA256 450a8e7e42014c3462ea4d7d8e37685544c760d47410a1beffc8d50e0655b3d2
SHA512 6a5b587fe192c430c5fa65c67f2c70a6da5c101e599ca0564b9c95e8c1ec5f6c602b9aff056b39c36d50a1872aa46b409e00c4cd82da72d0e29105cf3b7b0930

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eee38b93fe703f53c9e3bcb6e2b1c861
SHA1 411a052f87e1b4239d7880a03f93392ea45e40e0
SHA256 fbde7edfe6fa477a810a7509c92e287de894d76069c55af33dc709df678557b7
SHA512 11245cd9167a0f20e284f3598b96828a505c3288e61347d704a0362dc31f93fff86be3b90ca7467e08fc69f636e480d7ecea9f6d2d84d6b4e0f2ab15fcdd0a74

C:\Users\Admin\AppData\Local\Temp\Tar1A5B.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA

MD5 b43eb3abfaa406a6163d43d035613efd
SHA1 d9b71fa889a37df1c9aa859a9ea0db3d2bdbf181
SHA256 6095afcba5d7759f431ce903c356012f06f5f40c6ca3be27ac5d532e39117049
SHA512 f6acb9fcce0ec0eb129be45efe2900daa8f6392794452053b0559d9318262f17921a8731cd7ba69caa2d6346582ae409d7ca0129074cb2b4fad522e43f5ff0b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA

MD5 43ae1240e82a88c27729aa2e43fdcd18
SHA1 d3d075e4a91481cb936b162a4aef36a7ec25ee70
SHA256 e3502b118ac5ee1eb32690694f604b973f3d5c4a8bc00c7a41e71c63ed96bdf2
SHA512 b41079e60d4fc1c4640a119dc1fa47bec6efadabbc0e5f4e4a3f4c89abb160e74914531088e273feaa670d3a92b00a0e6380fd94fa480913709f34ad1c971a5a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\728x90[2].htm

MD5 e89f75f918dbdcee28604d4e09dd71d7
SHA1 f9d9055e9878723a12063b47d4a1a5f58c3eb1e9
SHA256 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023
SHA512 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\platform_gapi.iframes.style.common[1].js

MD5 7ef4bc18139bcdbdd14c5b58b0955a67
SHA1 afe44fd9a877f81a3c36f571c0fc934324c6cbd7
SHA256 192bc707852c5986f930528442d88a79e5bcf4513aacc2b722a3c5e964501838
SHA512 6c2920e80e4d5059588a32f75bc2b5dcc19f8d68224c0935d74f9fbf49476ca5b1ce43c279768f3d36871dfcec39f36db3fcad559c2f93cc540154cdbb04dec2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\cb=gapi[1].js

MD5 4d1bd282f5a3799d4e2880cf69af9269
SHA1 2ede61be138a7beaa7d6214aa278479dce258adb
SHA256 5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693
SHA512 615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3eeb87eda912a3cb18d9d7bbfa3ee1c5
SHA1 a8782838d1af71751780d459e9cd634697262770
SHA256 3bb0a3c9f55b3ea7af03afae7b97e13e3c637aa0aadd8c7200687a0281496905
SHA512 e701afff0d8616bd945be69afc0f3f6b60d83aa9714787cb8f9a2c1c2d955d9f200090ef8e769fd38e6db792108939010dc90139327dde9cb7ac53c8c06605dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9cc555a85606a2b57adb8697b15874e
SHA1 0c9e39394c3280bffd5bb4aa8de24891c21e1995
SHA256 cf8b0b30ecc8e6323f7fdc5b315dc562dd0fa73cc023e9316bb5a4578fc5bb2c
SHA512 cc6bbf7b7b38181c0c8f3a7134d63343d06463160a722d83562a789ac37969d6841123fd3dc67a06a624597a9449e1019200988b8b9b59952f97a1151feae035

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec82be5576c30e62236e24629815c993
SHA1 aa7e533ff4b51bc2a5cfbd3f94719fd3a77aa4e0
SHA256 00d03f3e7f884d3d3997059153d949a8247643eac95c6c3961fc1b8e39f32ed6
SHA512 b04d48807632f07ab129e33ac5b12c5488085ca8132f99102ba982e6b6db0663b6e46b9be04338fb7301ecc1eaf984a59e943449bddeb7344a84bc7880329fbb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96d3ba986aad8bc3abb4e474d08a123b
SHA1 146ca6ab988db85a113198490bbf9cf256729279
SHA256 46d52c9f6db8aa2962405aa2edd30894a1a1ef71d39867252090486b408c558c
SHA512 9d2ab4c5dcccf0ea1feceb65964816ee26cfea4db5b2f7351de231931847c1a9b982d57aef230a8a67f0aed897c84eb871308d02ae5cec18080d566310c73455

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62b6eacff640dce0f28af4b93d321922
SHA1 3266263f4f3efb1fe05acba644327efa449b01a4
SHA256 c77c6e8d0cee244dc48ba085b9d7e9372cb358a4e5f29a032a93ffa29903e351
SHA512 3115054aad2450f723cd374bf4fcdf7c02f218aa575bf9024075e677faa4e75ad0308e3d1b90391367a6cbd01b6ff4f7fb9e4c8d88c938981693da7170734f3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c49c4e3312ad3bef126c034c8774f6db
SHA1 9b4a80b95823af351ec2e4f25142c151c2d4a692
SHA256 53458a950374aa173c402c6f6c2d7dbdb248e2dfb5c28a9a86633c00d8f88773
SHA512 17665899e372ba426e0ac178eaac37c9bc8ba55858be4af274e977c8dfbcbb4e68c6636bf98295e5d7ec80a92dde33a948d274da9bc63e72cec702fb4ca4f6f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a4dd7d2d7835d3f70f17e6e6509815f
SHA1 b89f47aa19e949c2afed0a3fb2c27c11b0308aee
SHA256 51a117eef1ed48eaee1bbb63badcfd34af366cc5ba11446016f92f78b0427656
SHA512 a1a5a4793942bef119a2e7def54b0466595a0b08437cd45274393796bc4e83d4f758cb7104652a71f9a35c7c4a8d76a210f487d948d7191ebab23901d9654a05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 599a9e1b5151fec469072d3f616bf1c4
SHA1 d3d727c3d5a0869df0544b0b95f182ff6d81c7be
SHA256 d84d371143a59d3a116e395dbc7b2be1a75d027ec676d4a822ad90c62479dc30
SHA512 145b32c442b0ceb563dd73298368c22d7a1382942d1ed9ebfb132dfead5e4eef1ea515873c712cf0307afb2e45e5665d02b38644a69a88f18590068d8c78bbdb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd279f120b2d6d9d0bac250c01df2b29
SHA1 79e806e865a806a81b659119471e5328471e5001
SHA256 ed3b9375935b774a11858a5666612150a3ebafb2123398f1f73db359b9b7b67a
SHA512 e55227d5906715f2f12c346f3514030624048551916a69fea40a1fa56020ae48b752a972fec4c96416b9cc7c0c096986c859167f35e38418988a524f7029f9f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd0bb8eda1ff76df0564515be4afe114
SHA1 b5f74d4edda33abc0dc9627de8b0a7328965a3b2
SHA256 a7222a4976d8dcbf7e00f7ab8ca3df387f2ccb63edd2ae6ea268c340560f371c
SHA512 915448ec968b08c5d33c31844a0d9d65f1058c25db8df97496fd38d864226de7507d368d282e6802a785db89fb9ad4e88805758078e2ad343361dd408117a531

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21d3bd476a291f1388030d97f576e2f8
SHA1 d0e2cd274225fb88093999157fe5b36cd8552ad3
SHA256 e00ed0a0560026d3f034ecfad2d13f83922db831fa788e1755ebb5e438ec0e9b
SHA512 08cdb215b0c6d517f4b6232e595477ee85f88825578180c54e569489a2979b5786b26a8139a92896288b0cecc34d3847badfcec4e323dcbaa85e72f2dbe337ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9394f0312c6139efd14ca8dfb2860578
SHA1 d6a10156892247e86eba8780c15ea4313d3ecbf0
SHA256 ff1adfb92efc9b0be2ec93ba30b2d6e931c0458e56379ab8eb38ea6ffdfd1183
SHA512 c0482f192154ed82b47f35ceaa51590d7d41f1c17cf3e7a0fffbd5afd1552452c72d0007deea06fc19ab98709ed0e2ecf346b1b9aa592b771afd9ad5689a75a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18aca1603947851da207e9e106c5bd45
SHA1 061a01e53b1ccaec6cb3742d621d5c67dfd8511e
SHA256 ec0e66a9101f9a5ba710feeb03ecc98ad6226099141514f890ab5511a287eb0a
SHA512 3a561853792f0a97aaef6db95d6ca5354c0b103fd4645d99b3ad11a4d14c6f1e2eca1c8bfdca9b3e0e017ca9951a656f64c31035bc9bdb1ead2544e8515adc40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2ac5ec882b2ec715753c46e51d9c544
SHA1 4e4d14e09d1039503cf69bf13f34d85c2d37f674
SHA256 66050ea5ff02e62e0f8b6ca17d822bcc49bfec70f709177730c8ff314221e2b1
SHA512 ad72acb101741e5e542e19c40305dab882c7a16106457284b3b93e36f9bc92169b71e0512191259de8f3b53c4c56ae98d2eedc47a808f97c6f38a5ac9aa2b35b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2393c187a351da4855e2556c07b0458c
SHA1 155b54d2877c26ec312a70d4a311970ac9668492
SHA256 7b87c28194ac0798204a10d318a3f62372f545ad956286991bd39be1b6515565
SHA512 c331c859349daf951da5cc90119762cd797eb16039fe42af005a08728ae90b8527e5ac0b4ae65ab50675dc2a267fd8f01c19d01537d36850dc64fa40fb686bc4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7762bd73cc9f543d2d6d4019238d787
SHA1 e90da003c5b58bacec4e0313d85c7b44dc28c707
SHA256 574c57a2fa492860e9b723266e73b81719397c2a4d8f0a46223bd3663e09ae64
SHA512 17cf49a6a75eec2c545cd42a5efecd8891117f46d8370ed582f38ca6fbef6ff3b7fd9c378684cf193bc4b0b7c08fb80b3ea4310271c53c811a1a5bf3926fa9e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe652aff2bcdffe644b364b221b82b3f
SHA1 f9dd96f357730baad88a03cd6955e4a760951abb
SHA256 035a946eca312ffc2a8be9b0a0e247c6d6a23890dabba3b2b1d6775c980013ac
SHA512 4ee246e4aaba5a0717898eaae10a8d6071588b0d7b36e54c67719da8af3049f40e2f0d200ab714558b36fc9c3fafdf5e4f5e1a42bc1d77c107f57a48e21fbae1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc2477e85177ff4a2904332877775ead
SHA1 10f696f51d08830f9aed90b4b5466d12950373f6
SHA256 f5e2a15843c22995e0c1d2a418e62ac0c4d3b1265262f192f340b343eb992a22
SHA512 eb0329bc8fb5b5333b411e2f681fe6891fb21f90c0dfbf7d1caa93ecd85a59b30e419eea202fc3060f49c9693fe225df4da9840232fde2a849fea72a9dc7ace3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efab5a41c3abcba18e25be3698043bf9
SHA1 22922370b0cf9c276d6e3bb0899528e6f7217891
SHA256 7c1f323487859b3809f7a4aa1c41267d362ea7083baa7ffabcc138596035d77c
SHA512 3ebe89b66cb2e726c7938b947329aca5e11303e700d76c8cc55ee27bf2fbb26394ba7c951da5138636dfe12ec7d1a80060765ebedbd134fed06f9c2345bb1bd5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae906d3da1e23e8842f342bd514d4ffe
SHA1 c2d8fe876ed438fbc877d4c50cac5b8a04cf1e2f
SHA256 2c2c62653caf4ed0b36527be92f272cdb1fc14747f1e024dcf845a414e511763
SHA512 86fd5e1c21f8686b70ec413fdc96702652b25e53fa0a1ecda1b9404f2323127cb7569d3c703c5018678e2d2024c05a3d83735d335f56f8fb7fd275a95b75a2b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cdbc72f9b202884f15ac5f21482cbd28
SHA1 91040bebe63dc1f884b102223c217767f3b24ba6
SHA256 82f2072e0205a7bff7d1dfc0ff141ee3d3425011fec603338e38ae6b7d3ff81a
SHA512 3a2fc55cda0012c3886c9dbb4054783ae5a2f63234ab8db3b2f131bd4c6399be9b8954c3657811246cdaaab2f75c3ace3d871378c82f77efba84ca017af1660f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3093a79ccb7a0b15d332dedd5bd0917
SHA1 4f7ed35d8b4f158a5b8bfbf1b0170b421fab166e
SHA256 e28da810833abc8dad2b691a8a134ecb9ec44357d8e7932b11b4429deacfff2c
SHA512 5ea4ee105688e0ca5f9c05d7868bdb406daa5d56f12f444bc6e7c3e882fd59b315f2992449890f2f2fced6d67714ccc23db3c3a6b4bd3ba164c46d3f1651fb39

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\673IEUYT\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\673IEUYT\rpc_shindig_random[1].js

MD5 23a7ab8d8ba33d255e61be9fc36b1d16
SHA1 042d8431d552c81f4e504644ac88adce7bf2b76f
SHA256 127ffe5850ed564a98f7ac65c81f0d71c163ea45df74f130841f78d4ac5afad5
SHA512 e7c5314731e0b8a54ab1459d7199b36fc25cd0367bc146f5287d3850bd9fe67ba60017d79c97ea8d9a91cd639f2bc2253096ce826277e7088f8abfe6f0534b63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f73b7a45390372baf641d7bc27832c7
SHA1 a252eaf2e804470120c982074280defc8266a5ce
SHA256 94673e0b0c0a20bd8796a89706610834cfe4f648134a009adf16eaa99bca4c90
SHA512 a6bbfbb38d5dff2331040fe65153db197b36728f01be1417cdc873ee5f2f8a520bd5e8b7c95b91cb3254ab193c27d6319bd0a600e717a46c981182b1101bdc12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 018be8c8d5a77e2b9ca4e7a0305ef84a
SHA1 18ed2a1b45fe6cd9ab9776b4d7749aebc80f4f14
SHA256 975cd046ddfe412406dac5b26029498276e35c67a0f22e156df4d48fbf46fed9
SHA512 0b4011d1b7563f24303c189e199739c37c7582f290b52d9f7d043e931e58a3984a6a973773ea459813804cb2e22d793afd6a53548bacf6889945fb9bbbe05786

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 3d51d9659674ebf893b2034cc83e358f
SHA1 d8c67215802efb544ff1f5634b5da382f76b1787
SHA256 2449f3e2e63d7c45b50347ff0f964d7eaa736e7ef6ab66659c550d043b5c2dfc
SHA512 6049be70d8345295782bfb36e2b98c5062c546057912d6d3978199b7cb5b562c10c4e1380754e85baeefaadee0ad8767a24b6ac7d39ab682c06abe0d69c834a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 469b71f77b7fd7d71e77d686222cff07
SHA1 8ee55c6e24d447380073b91b8ef83efc42e67d2c
SHA256 e8e24f5456c4ba3cb94a87574d1eb2818f71a80e56dbb74388a4581c8e025216
SHA512 7d4207a6c942e847c32abe04ce1946abc84560434a22c4a6c80baffa01a0a3823a68173501920e436233dc9b3072a273885ff9fc6b2018045249fc0be51109c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8eea808493db44924182ebf32ea1053
SHA1 4978eb7816f5735b212caf6e556d6e4640dae4c7
SHA256 bb4da87a8e6b4cf89725f674c1c30a5d7849a0cfea35f1ad2e51691e937a13b2
SHA512 26bf8211b5599aeb2d63de5ce6e51141a88c16c207a813d8f851f9da7b0cf91223c7599f03ec12fe132279ca700a050f945b72435be116273e452959ddcec48f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfea5b4041f686d6a9daf72ca24e08f2
SHA1 2433919ea39bee74a9dd91781097d504dfc4b151
SHA256 d75e5cbf9210cff271b9abcd03d6316bd215794a0366d2f38e307bc749e20858
SHA512 eb7f06d04a63dd4b8fc0e2058df79ef0aa22d4b82559b8b0c86e79c42063658db6bffcb0cde95fc6bac54c4c90d194a9dea85aa89bab306aee51f3921a126b56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 532ffaf1f07da771caa1342fd1f81659
SHA1 7d6b047682b3e1485e5bfe7205ac4a28cef9e131
SHA256 d1986fab9b460c2c9ea577c46dd9b87ea457e56b183afbd9503eeb6ae21e7384
SHA512 67fef0497b277d2a1019d48b7ef075ebada813d982de5d3ea507915b682b768ab3fe0bc80c4581ac5cf400aeb42aecdb640863b62634c103b18c40480ad1507f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3efca3a832fb98857fbe683fa39a16ec
SHA1 73cb8ab5d2715f458039e3a91f504fd53f3b4ff1
SHA256 ec5c78f85376196eebe0615cc41bab06d1829c3369e33f7f2359b4f719f5be1e
SHA512 376acbf16623716ca9578d6322d519993feb16b54bf80ad493c907ee1cc7108455b161ac8712e14f62bc442bf5a05fd19c50dbf50a153cd8ae7f4a55a3697d83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 1396fea9ee1e3c5a0f44d696077fbd25
SHA1 857d37318505449b777ed83c0e06cac6144be5f9
SHA256 408a51da0f1d65cffc5c6a685f00bb2cfdd18d91d7301f0a70e61268e094db9a
SHA512 dbc51114a452870a30a32810ce0bb685120fc9322e79ea2d18f5ad4b125f81b206547924a27ac498c3d5748c8aac347723001fd671a9012f4886db7ff88233f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6aa78a599027ad7f4314b41b13b59c1c
SHA1 b52b90e30dbd8606956c5305bc3be0c5fc77786e
SHA256 c1387efa7bf73e80b3852c8138e52e0f8be73c4406c1ad511bc86ceb5d1edbc5
SHA512 19277140dabd741495c17a9c6268caa9fd52714b20219f08f1403d230243df6013fe73d94a6d4939e671b6775459fc902eca8c20c054d41c2947dc29b2070104

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 222435fa8737806447126bde866c99df
SHA1 e8778925e6700d3e9f853444170c21061c6f83b8
SHA256 702fd69c1fbee407d0a71a5ace16c2bbad89b0251b3f5926a605c35adfe627c1
SHA512 04976cd12410e4be3e17dada3af69792daff6a2814abb3b54b6008f98333d5974895f16feb0eec4cecdf37123daa349cbd69e8e4ed1beefbf801e0eba7f74244

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2cbc8260d0d5e2b5e74d647730c640cd
SHA1 3426256f97f290d4826e45aab8c0916a0bcc8eae
SHA256 8cc8869dc8a272b98d54984fbe39c0e5e39fe86279cf83e61cff7c823b032855
SHA512 c79fff250bd4a99ddafe77955907b22b5cd35aab9e186fd423cd5ef666388945d2e7611005d5a2e769535a5936fe8d4eb6c39351fca4f4884d1874e0184b88c7

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 11:16

Reported

2024-05-10 11:19

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

145s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2ed65fabbf6733a9948f6a7b28270b1c_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2532 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 3444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 1460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2532 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2ed65fabbf6733a9948f6a7b28270b1c_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5a8746f8,0x7fff5a874708,0x7fff5a874718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,16537512991175391395,17586573371362645922,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,16537512991175391395,17586573371362645922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,16537512991175391395,17586573371362645922,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16537512991175391395,17586573371362645922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16537512991175391395,17586573371362645922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16537512991175391395,17586573371362645922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16537512991175391395,17586573371362645922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16537512991175391395,17586573371362645922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16537512991175391395,17586573371362645922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16537512991175391395,17586573371362645922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16537512991175391395,17586573371362645922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16537512991175391395,17586573371362645922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,16537512991175391395,17586573371362645922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6416 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,16537512991175391395,17586573371362645922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6416 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16537512991175391395,17586573371362645922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16537512991175391395,17586573371362645922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16537512991175391395,17586573371362645922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16537512991175391395,17586573371362645922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,16537512991175391395,17586573371362645922,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5736 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.200.9:443 www.blogger.com tcp
GB 216.58.204.74:80 ajax.googleapis.com tcp
GB 172.217.16.226:445 pagead2.googlesyndication.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 142.250.200.9:443 www.blogger.com udp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 216.58.204.74:80 ajax.googleapis.com tcp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 www.ashadee.com udp
US 13.248.169.48:80 www.ashadee.com tcp
US 13.248.169.48:80 www.ashadee.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 9.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 img407.imageshack.us udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
US 38.99.77.17:80 img407.imageshack.us tcp
US 8.8.8.8:53 rack.0.mshcdn.com udp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 216.58.201.110:443 apis.google.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 13.248.169.48:80 www.ashadee.com tcp
US 8.8.8.8:53 soalantemuduga.com udp
NL 23.62.61.155:80 rack.0.mshcdn.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 platform.stumbleupon.com udp
SG 151.106.123.220:80 soalantemuduga.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
MY 103.72.163.9:80 vectorise.net tcp
SG 151.106.123.220:80 soalantemuduga.com tcp
US 13.248.169.48:443 www.ashadee.com tcp
MY 103.72.163.9:80 vectorise.net tcp
US 8.8.8.8:53 www.godaddy.com udp
NL 23.218.54.37:443 www.godaddy.com tcp
SG 151.106.123.220:443 soalantemuduga.com tcp
GB 172.217.169.34:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 17.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 220.123.106.151.in-addr.arpa udp
US 8.8.8.8:53 9.163.72.103.in-addr.arpa udp
US 8.8.8.8:53 37.54.218.23.in-addr.arpa udp
US 13.248.169.48:80 www.ashadee.com tcp
MY 103.72.163.9:443 vectorise.net tcp
SG 151.106.123.220:443 soalantemuduga.com tcp
MY 103.72.163.9:443 vectorise.net tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:445 platform.twitter.com tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 199.232.56.157:139 platform.twitter.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 34.56.20.217.in-addr.arpa udp
GB 142.250.200.9:443 resources.blogblog.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:445 www.facebook.com tcp
GB 216.58.201.110:443 apis.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 kiambang.info udp
US 8.8.8.8:53 developers.google.com udp
GB 142.250.187.225:80 3.bp.blogspot.com tcp
GB 216.58.212.206:80 developers.google.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
GB 216.58.212.206:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.179.227:443 ssl.gstatic.com tcp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.9:443 resources.blogblog.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 infojawatankosong2014.blogspot.com udp
GB 216.58.201.97:80 infojawatankosong2014.blogspot.com tcp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
IE 209.85.203.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_2532_PGYJSIKGYIFGZMTS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 049948c9b7266fe7335982ef1edd9bcb
SHA1 29a405e7fe3862c328814e55e3b9903f4ad8f538
SHA256 41dd457d040853e2b7d37b95e306969a2780e03b9e7a852d733bbfe9e78a621f
SHA512 d3b13acaabb9fd83adeeb85d2f395044eebd9b91eae3568f7b825f880ca7eed50e1846bf914a1ebfb234b072d5ff406e6b9a7abd7ed9013ad9da1af6be6d31ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9a72258ac361e0c4fd8395a5ab3bff5a
SHA1 866e82b87f6a6c92913a09b1dc1695852b5ae0b5
SHA256 ded5d1d44792caee99e595db7a7b7be3e58dc98bc0c320c902893c2929ed1aa4
SHA512 2349674f496e832dac48b0b4a0454cb3d279f113ebe561d3dbbdd1f6d32b5fa652bc3b985fb163b602a1feea6bd0bdbf96d54ecd3924fdda35fcb251e6ddeaed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8f9ad68ff1644f68cebd3a620d07bc07
SHA1 c007241cd4802756b52c725417e4c720ab8f29a2
SHA256 c2f8e8a87e5a745d48efc4c5091e60d634ff6c194e171d06f4d33b684a669360
SHA512 53846ddcea58d1099570f74ce0385d7a9f83cfd2239d132412c3d41063e8384b6bdf1d199171bad8a3a1353c9a5582657f341712392009e7be3ee6ab6daf32b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 5e74c6d871232d6fe5d88711ece1408b
SHA1 1a5d3ac31e833df4c091f14c94a2ecd1c6294875
SHA256 bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105
SHA512 9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9f3471e6ac3030cb30ced82e8f5e1447
SHA1 0f36641e75dbf6a84645dc2eccc868266f25d1a1
SHA256 7454798d943e58df6b2cc8f9b67ccced8c8a69ec7560361cf7e22a394e06e4fc
SHA512 cccfc26ad06c27dd5e42296da64116f5461116c5c554903ff07f070628a50c8af09deaedc8a67bede6cfbf752b1102c9927814a43d25fb134e27040f145e2cfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58248a.TMP

MD5 c21d75b9f8189f70653ff087e9f9f516
SHA1 5835202119b31fd50c3ec3bd81dbddbaca3e5129
SHA256 4b68f7039222fd16822ccfcc2364f6ed7ed6dd75ff8dc252b803dafc61f00ba5
SHA512 4ed6eb67cf850c4011272bbb75ecd4b3d920d0c04716c0ca703ff9ddfc44b7aaf7192a7968d9d30c102685c5702cb3511e6e531a174bc5959bb44a1395ad06df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4706c984fb88dde4da4c24cacd90b3a6
SHA1 104e0c79857eb5efd2ba60f5c0148407a05ce266
SHA256 d97636988e8143086e463f4c7ce8fc55231a13492ff84ab670dd39b6c6fb5f44
SHA512 fb82954e13c2774c80d11bafce865744add5123ae71c762d8c1ce32388ede685d3b3609dbab3e2fae6cab63ead480128bc3c6e0b82b42723c950bc5a95c551f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5e6e6d5a730cf7eacca233eea4a1630e
SHA1 2d74296025bbdcebbf67b0fdff5f7d07cafd1888
SHA256 43a6218b6a64230f06ef130831efa13f9ab1fcfa0d6f1f4599b30c2e08be339b
SHA512 db75dd633c7f8d284d32dc0de467541cb34e2463c997a2226778e5ae7a865e887fe50f7d005f898cf4c4d22933d66106cc9e0b5ce37e5c41074f1a98a3db42ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 afe4821a87966f234fb172d8c9afb84c
SHA1 ffb650e65999290e381c6698bedb792345ab17ca
SHA256 b4c76a9849a78e791e07bf48dffae078a191a117964d869d31eb2ee0f31dc35e
SHA512 3991f9ecca5fed1d7596d2f9273b652ee39b507c63f4ad8c8fc94b6c162bdfb6430ff18bb3871e06cdc6dc4423e12bafd6bd03e4b76bbaad10eba075810a0217

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0ca1a4c44de304bbbb73a2131a71a4a6
SHA1 16dee4581a796cd9b801481bb3d4f1193d3f0f54
SHA256 e9e7a95af3ce8cbfce38791f5d907ed0393d22cff0e753a7845aea7e19fac9c2
SHA512 63d00d7a74ad58d3caff96c8d32a32ab53d3f9c141d448df3328cc08c9274dbd961f3181a038f8af1549ff05a507e8b31b0e5374500b958ef4ea0faac1c21e67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7bc2eb64b7e50f5269d78a15a0d5617f
SHA1 4c82dae960c7c42da6690282a7f9a6389990f599
SHA256 758c166dd3629cd82e635f5520abaa1af20030e07aa67edf228f589cfde443fc
SHA512 c4f66bc9e3e3181d53ef02498674e6fd5a634e687657ef0b20790a81943d32a4f1d9c01823f6e4c001c6429c814a53b59db9419f9ec6deb3579cf86309f8238e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 48f579ba48ba0650eb77288c50f00b56
SHA1 f2514b85563ac5c0a33ae506bb7472dfe4f5d20e
SHA256 b16a953fca5e97a65c4c585e09072b5e30abf503f1f949c8d5357beaa0df2be7
SHA512 bfe622bda191a3dfc5c2838055677f5f69640372d18df992fb92e4346b162997dc4827b704e77f5109de758eec6cafb32817529f35817b5bf8b6ac11af6a3f12