Analysis Overview
SHA256
4920f8d211a77ef465be8b27a0209d47c4b5bcfb11c33aee781a41bb96b6bef9
Threat Level: Known bad
The file c1b5fae029275b311b627651c3c7f5a8_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Browser Information Discovery
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 22:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 22:22
Reported
2024-08-25 22:25
Platform
win7-20240708-en
Max time kernel
143s
Max time network
144s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{859DD461-6330-11EF-AAD0-E29800E22076} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430786428" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f04ab1753df7da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000c1ac0e9574f0db44b0447273614209a29b805bad45cb62212d3f51f386515885000000000e8000000002000020000000dc93911bcc92c504cebbce8468177848008dcc98ad79e225cf020ada4d5c763f900000001de977907f8c407eb1c58f58708dde1845fe3d86e9db8e1d6917604c01cd070c61e35b7f7aeea2953f1ae42296a42072c43f1e921f66f88f7edad2e847d5386330861f3f492d81f5246a49554c8591ce738f056480c316b8b3cf4a7cab0676575e7b2c99423b05de88cf79679b858800d8ebfee836f51e1a747ce7864c8afdc74b58deb90d1a92205397ea7895c87ec640000000ddbd42ffa6c116b1f88357ae7b23ae7b5c20ede176d59842c35d2d6ded2872cd27f14ec0fbbfbecaea5ea8a3c9893c7e8cfc995fa282db863d3aede3b44b2186 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb000000000002000000000010660000000100002000000062625801e6f2533a942be76a563ea6f376839d0e5ab02fa15f51e87ff4f2220d000000000e80000000020000200000004286bbf93adc7290efe969c29b90bf58022c81191cb3da2b8e5d65c9f705fa0220000000f35f78e366135e41367f6c4ced30eee969aa410bf6b8a87b35c42ae1fadbaa7d40000000cfd106c412d4c069f21a1b8faafbf0283807d07361f48638f4d6355e80ee5adaa4d4721de3a1e85dae34ee8f2729b0647027694db21b8f373b7c85c69c63e634 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2276 wrote to memory of 2684 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2276 wrote to memory of 2684 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2276 wrote to memory of 2684 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2276 wrote to memory of 2684 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1b5fae029275b311b627651c3c7f5a8_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | i100.photobucket.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | www.bestmaleblogs.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | cb.amazingcounters.com | udp |
| US | 8.8.8.8:53 | jc.revolvermaps.com | udp |
| US | 8.8.8.8:53 | st1.freeonlineusers.com | udp |
| US | 8.8.8.8:53 | manifestgold.com | udp |
| US | 8.8.8.8:53 | www.allamericanguys.com | udp |
| US | 8.8.8.8:53 | www.tlavideo.com | udp |
| US | 8.8.8.8:53 | www.turkxxxonline.com | udp |
| FR | 142.250.179.105:80 | img1.blogblog.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.105:80 | img1.blogblog.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| US | 104.244.42.1:80 | twitter.com | tcp |
| FR | 142.250.179.105:80 | img1.blogblog.com | tcp |
| US | 104.244.42.1:80 | twitter.com | tcp |
| FR | 142.250.179.105:80 | img1.blogblog.com | tcp |
| PL | 18.244.102.32:80 | i100.photobucket.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.105:80 | img1.blogblog.com | tcp |
| PL | 18.244.102.32:80 | i100.photobucket.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| DE | 185.44.104.99:80 | jc.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | jc.revolvermaps.com | tcp |
| US | 199.182.184.141:80 | www.tlavideo.com | tcp |
| US | 199.182.184.141:80 | www.tlavideo.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| US | 104.21.21.94:80 | cb.amazingcounters.com | tcp |
| US | 104.21.21.94:80 | cb.amazingcounters.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| US | 172.67.211.101:80 | www.bestmaleblogs.com | tcp |
| US | 172.67.211.101:80 | www.bestmaleblogs.com | tcp |
| US | 104.26.9.237:80 | www.allamericanguys.com | tcp |
| US | 104.26.9.237:80 | www.allamericanguys.com | tcp |
| FR | 142.250.179.105:80 | img1.blogblog.com | tcp |
| FR | 142.250.179.105:80 | img1.blogblog.com | tcp |
| US | 45.56.92.145:80 | manifestgold.com | tcp |
| US | 45.56.92.145:80 | manifestgold.com | tcp |
| US | 172.67.151.175:80 | www.turkxxxonline.com | tcp |
| US | 172.67.151.175:80 | www.turkxxxonline.com | tcp |
| US | 8.8.8.8:53 | st1.freeonlineusers.com | udp |
| US | 172.67.151.175:443 | www.turkxxxonline.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| US | 104.26.9.237:443 | www.allamericanguys.com | tcp |
| FR | 142.250.179.105:443 | img1.blogblog.com | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| PL | 18.244.102.32:80 | i100.photobucket.com | tcp |
| PL | 18.244.102.32:80 | i100.photobucket.com | tcp |
| PL | 18.244.102.32:80 | i100.photobucket.com | tcp |
| FR | 142.250.179.105:443 | img1.blogblog.com | tcp |
| PL | 18.244.102.32:443 | i100.photobucket.com | tcp |
| PL | 18.244.102.32:443 | i100.photobucket.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| PL | 18.244.102.32:443 | i100.photobucket.com | tcp |
| PL | 18.244.102.32:443 | i100.photobucket.com | tcp |
| FR | 142.250.179.105:443 | img1.blogblog.com | tcp |
| FR | 142.250.179.105:443 | img1.blogblog.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| PL | 18.244.102.32:443 | i100.photobucket.com | tcp |
| US | 8.8.8.8:53 | www.gaydemon.com | udp |
| US | 104.26.4.171:443 | www.gaydemon.com | tcp |
| US | 104.26.4.171:443 | www.gaydemon.com | tcp |
| US | 104.244.42.1:443 | twitter.com | tcp |
| FR | 142.250.179.105:443 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| US | 104.244.42.1:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| FR | 142.250.178.129:443 | themes.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | themes.googleusercontent.com | tcp |
| FR | 216.58.214.163:80 | www.gstatic.com | tcp |
| FR | 216.58.214.163:80 | www.gstatic.com | tcp |
| FR | 216.58.214.163:80 | www.gstatic.com | tcp |
| US | 104.244.42.1:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.201.170:443 | ogads-pa.googleapis.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| US | 199.182.184.141:80 | www.tlavideo.com | tcp |
| US | 199.182.184.141:80 | www.tlavideo.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 104.244.42.1:443 | twitter.com | tcp |
| FR | 142.250.179.68:80 | www.google.com | tcp |
| PL | 18.244.102.32:80 | i100.photobucket.com | tcp |
| PL | 18.244.102.32:80 | i100.photobucket.com | tcp |
| PL | 18.244.102.32:80 | i100.photobucket.com | tcp |
| PL | 18.244.102.32:80 | i100.photobucket.com | tcp |
| PL | 18.244.102.32:443 | i100.photobucket.com | tcp |
| PL | 18.244.102.32:443 | i100.photobucket.com | tcp |
| PL | 18.244.102.32:443 | i100.photobucket.com | tcp |
| PL | 18.244.102.32:443 | i100.photobucket.com | tcp |
| PL | 18.244.102.32:443 | i100.photobucket.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | jf.revolvermaps.com | udp |
| DE | 185.44.104.99:80 | jf.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | jf.revolvermaps.com | tcp |
| DE | 157.240.27.35:80 | www.facebook.com | tcp |
| DE | 157.240.27.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 92.123.142.59:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | rf.revolvermaps.com | udp |
| DE | 157.240.27.35:443 | www.facebook.com | tcp |
| DE | 185.44.104.99:80 | rf.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | rf.revolvermaps.com | tcp |
| US | 8.8.8.8:53 | widgets.clearspring.com | udp |
| PL | 18.244.102.32:80 | i100.photobucket.com | tcp |
| PL | 18.244.102.32:80 | i100.photobucket.com | tcp |
| PL | 18.244.102.32:443 | i100.photobucket.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| DE | 157.240.27.27:443 | static.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | static.xx.fbcdn.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab7B0.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1C2D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 982770087722db667402fe53a86c215a |
| SHA1 | 7f154c69b53629256ee2595a8c050de4d8ae5a1f |
| SHA256 | bfcf73fe69d33da13d0f9b95c339d0ab9c7c2eef0127ebf040b7722d50f7430a |
| SHA512 | 9e83a52273c7522f54de66971e98e88f5bc7239d435a11a902836d95d81ecbc903259525d321fedabb97375a1254a90fb9446bf8f543a3a5dbb18bc9deac08c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7362c915a959dc4a5c0af80b3d40b34 |
| SHA1 | ec061a8275abe4764065c49ac056cb10172b1dc7 |
| SHA256 | a285cc8f6b2ce7418937e7c9b6bc507cfb1560d7cc7d960ee3b3ce91451c44d2 |
| SHA512 | 5df70f087b95fdb9cc597a54ecd0cfc0c24bab354c31553bdacae736feaeaeb17cf08667d973097b72554279dc302a228f922f7a7c1ff35c77d2b897a1a17b31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b00d9e7ad53cfa444f20837b178494bf |
| SHA1 | 9c29acba7d51bd21659ef1ec9eafb261e86ad5ca |
| SHA256 | 8b4f292003a4feb27472b71762ae78a0c71589bc076108a2d3d0110d6a64b3be |
| SHA512 | 4ef6b3694190ad08d4e793ad779eb9c7d74a178f994f0afe621a0348992352dcf84600dd815a14811f1f24e1505d7dbb61165a363c37c64f3a1aa6e2012462b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99546f987a6f99a8412efc9aa29ed474 |
| SHA1 | 136e6a20d97633bf81624928b12c4f47db412247 |
| SHA256 | fabf69a170534303719da2a2ea3274ecb7d6c718c604aeed1e6adbcbe4924d33 |
| SHA512 | d288c29092d95216a0e2942c353ac36ee0f2b6f1af86dda2bad5b40943b7fb6953497465d183d6535c7cded9a2761b7cfe53549960a1d04863e3c6712a7e8e12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21e42a6d8aa254e21f0b375d102ca194 |
| SHA1 | f634baf912fded2071ba72a25a221ddd37fa895b |
| SHA256 | f49f25bd68737b3b0ad64f47ae99c9de22243b03a47ecb0af75483d02b7d4443 |
| SHA512 | bbf4826bad7241c18f9c3b6a7d90bf2b5fd624e6c90c3403edbb304acf45a4b1ca437a6f4ebe2d07f0d94cf745ca25fc7f696abec531e93210d34c2e89647495 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5c222247eb3e0103ce17cae710322ae |
| SHA1 | a9c9dc3c04c7a5151774627b27dab18f5641f36a |
| SHA256 | aac356fe894c32362c50203b59e295a846ff43b86c33b52831a8fc45b482e394 |
| SHA512 | 6a6c757a59e5b6c458aca29173ae0799fc551f6ab0422cb86675970287cd60be8bf43190790b4daee2aafb5a3eae67453013a15fbb9f190b028b51933eb25f48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 7b23ec5ad8b562931b42963cefd9f81c |
| SHA1 | 39ecf4a812cc4901eb1d4e15bac6cd63e02c58af |
| SHA256 | ffa10bc4fbc7f87ce0442e65c9860178044a4caf5e9312361edf58d17a5d4aaf |
| SHA512 | ad7594a4e42a262b2e73352b5286598af0e7a97219e10f0ba1b939c0b9ff35bf702a1175f3b4957bf01dc7c544a84f2918a4957a2141e563c9cce1e737a5aa45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | fc6d7c3d37c1f6936c4ab809a6cbea90 |
| SHA1 | 672d56703b86ffb1fbb8e0f247cec3c89cfc065f |
| SHA256 | 1387dbed37670383a79608240a612b5a9b4ce0322c91826be48101cf40f7b87b |
| SHA512 | c01cc9763090e85e24f69d43110d5a8ab19a36b36f09e6cf6974feedcfc79b693a97302e4c0696d770ced98dc4392a561273823c90bbf8df06e717a3ca1167b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4631e973250c1f8b5c52895ce31df43d |
| SHA1 | 1882adb244c49557c936fa19703be02bf322b520 |
| SHA256 | 8b481cd2ddff8df3bf0c5f8373a3546b99a70b8fb1eb7483539395ab4a720bfa |
| SHA512 | 694c0391edb7517e3dbf6ba96d2053846a69c7b9ed934e06fe5eb13392b34d817f89aba294baffec931f56efdeb1c65491833717517a0d9ffda79d5018adc85a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c561678d87b0f34e132cb5f51b5d02c4 |
| SHA1 | 40ea3e2355c086214ae5dde24d97ef26b2398655 |
| SHA256 | a44ea58dd54c0f711732ef92a24e063bc09d23aef6867d2bb7c959a522131448 |
| SHA512 | 387450a70a4fd99d6adc15d75a92ce9af3e6aacd12b5fce6d0265bfbbf96b6573cac6e30ff0027b6d8f1c54438560b739854e9528f450e474173e117c9a5bcd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a76d7e5dc09f35be4b3ea3abe6bfdb4 |
| SHA1 | 4aae987d6fcb98e59841d01da85122931dfa972d |
| SHA256 | ad847f308877b832a42066d20d88764ded8ecd9209e7f30c783e93efdcd7d727 |
| SHA512 | 4bcffce4bf03db12817c358f6f2cd4d81596133eeea42ec21b1c6782cc4fbd05edde18c2a4d973b7f5389dd552d7d75fe996cbd52f8201a3463cfcae9a6697f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c8b1299e6549f7e11232ec70790322d |
| SHA1 | 92b360a3505960f816341f8ea095b821fd6a9950 |
| SHA256 | 73afe12342e86a27e537e5747837354a275f21e25d367daeaf65059109320681 |
| SHA512 | c0ae485495fb6e098dc7283ddaaf8b6a77e701ac01795c3deb12b1431d319baa8d057440d4f894d4992ef19850a6b992d7a7304d8f49247a9539c4b64f404962 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b87a3f7e706b9f392851d547bb0b1e13 |
| SHA1 | 197f1c55956c8885b6e67253ba9dc37c951cebc9 |
| SHA256 | 07b9e9bf5252993086bc16d0d8db286b02162d1ce7fc6aa035596311be3d0f69 |
| SHA512 | e85a4721dc76d713a386501e016ce439f9e35b0f1f974907b39e5de4543fe9da07e05955c6bca2f19588afeb0fd14e11c90a3f3d0a6936dc891f0676f104da8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 215b7dab397b7f6eba20ae00c9634986 |
| SHA1 | 6d39f7d46b4078c615439ce60373588544c2a19e |
| SHA256 | bb7cfa555ce3043e3962aa869d94779cb5164fa57bc68249531f84f76956cde1 |
| SHA512 | 066edaa7502250ef73a032110bb05d2fb81670a521edcde4a4c416265e41a1bcacae7ff87ba8b3ef6af4e057d404c2daf57ed930ef2a6b7526831f2b128a42a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b8084359aaf68ac56df8936662c793e |
| SHA1 | 3a4c273f4210e477f29df59e0e181f26d8d7c82c |
| SHA256 | 8173a0ffc773c97f276b6505f552ef40b0fe0d698f524f7e69c3f51210ef555b |
| SHA512 | bd4c832513ecdb1804abb1d9e0caa436eafad346622b8758996e13466993c8c6be9ab38b39bfe4ff560cc7d812c8b1a9898f752189e2ef7aefdfaaf156de6a07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7aa33a2c149ec2d4ba934fa4f5faaf8 |
| SHA1 | 65f170510473f09f2e222c402baeef4ae4aa2112 |
| SHA256 | 6e1ad4b0f286afcd0ef87e176805eefad7f41cbe5c993d65afe5ac1379d52bad |
| SHA512 | 071f40081089b1bae989e85bbe3316a9c0281b3ba302c70a05338621b1c3259655512d3f282b94d8f5b8ce6035e3eb9c33411cefe8ce1926eaf03c23df4ade75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a754f0012d9abd03eb2de1808fe46f66 |
| SHA1 | c6be8de65a10f728bf969549755cc6c832c25d0f |
| SHA256 | 5330e2a572947a451935508d797a1d223cfbaef4b277eac766117265fc34f9ba |
| SHA512 | 445cfd080d02f1cf65b7a84825aa4fc6b9b849e9a9e2d8dde0dbffb7a1b980b6c1d61e290e796c9911220d934ada38194f67c386d306ae863f43e356cb21c750 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 22:22
Reported
2024-08-25 22:25
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
149s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c1b5fae029275b311b627651c3c7f5a8_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd45c46f8,0x7ffbd45c4708,0x7ffbd45c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6404 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| FR | 142.250.179.105:80 | www.blogger.com | tcp |
| FR | 142.250.179.105:80 | www.blogger.com | tcp |
| FR | 142.250.179.105:80 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 104.244.42.65:80 | twitter.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x.com | udp |
| US | 104.244.42.65:443 | x.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | jc.revolvermaps.com | udp |
| US | 8.8.8.8:53 | st1.freeonlineusers.com | udp |
| US | 8.8.8.8:53 | i100.photobucket.com | udp |
| DE | 185.44.104.99:80 | jc.revolvermaps.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 216.137.44.112:80 | i100.photobucket.com | tcp |
| GB | 216.137.44.112:80 | i100.photobucket.com | tcp |
| GB | 216.137.44.112:80 | i100.photobucket.com | tcp |
| GB | 216.137.44.112:80 | i100.photobucket.com | tcp |
| GB | 216.137.44.112:80 | i100.photobucket.com | tcp |
| DE | 185.44.104.99:80 | jc.revolvermaps.com | tcp |
| GB | 216.137.44.112:80 | i100.photobucket.com | tcp |
| US | 8.8.8.8:53 | 65.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 68.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 112.44.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.104.44.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.137.44.112:443 | i100.photobucket.com | tcp |
| GB | 216.137.44.112:443 | i100.photobucket.com | tcp |
| GB | 216.137.44.112:443 | i100.photobucket.com | tcp |
| GB | 216.137.44.112:443 | i100.photobucket.com | tcp |
| GB | 216.137.44.112:443 | i100.photobucket.com | tcp |
| GB | 216.137.44.112:443 | i100.photobucket.com | tcp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.68:80 | www.google.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | rf.revolvermaps.com | udp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| DE | 185.44.104.99:80 | rf.revolvermaps.com | tcp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.146.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | www.revolvermaps.com | udp |
| FR | 216.58.214.170:443 | ogads-pa.googleapis.com | tcp |
| FR | 216.58.214.170:443 | ogads-pa.googleapis.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| FR | 216.58.214.170:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| DE | 157.240.27.27:443 | static.xx.fbcdn.net | tcp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 170.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.27.240.157.in-addr.arpa | udp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | www.bestmaleblogs.com | udp |
| US | 8.8.8.8:53 | cb.amazingcounters.com | udp |
| US | 8.8.8.8:53 | manifestgold.com | udp |
| US | 8.8.8.8:53 | www.allamericanguys.com | udp |
| US | 8.8.8.8:53 | www.tlavideo.com | udp |
| US | 8.8.8.8:53 | www.turkxxxonline.com | udp |
| US | 199.182.184.141:80 | www.tlavideo.com | tcp |
| US | 104.21.21.94:80 | cb.amazingcounters.com | tcp |
| FR | 142.250.179.105:80 | img1.blogblog.com | tcp |
| US | 104.21.33.238:80 | www.turkxxxonline.com | tcp |
| US | 172.67.72.147:80 | www.allamericanguys.com | tcp |
| US | 104.21.85.210:80 | www.bestmaleblogs.com | tcp |
| US | 45.56.92.145:80 | manifestgold.com | tcp |
| FR | 142.250.75.238:443 | play.google.com | udp |
| FR | 142.250.179.105:80 | img1.blogblog.com | tcp |
| US | 104.21.85.210:80 | www.bestmaleblogs.com | tcp |
| US | 104.21.21.94:80 | cb.amazingcounters.com | tcp |
| US | 45.56.92.145:80 | manifestgold.com | tcp |
| US | 199.182.184.141:80 | www.tlavideo.com | tcp |
| US | 172.67.72.147:80 | www.allamericanguys.com | tcp |
| US | 104.21.33.238:80 | www.turkxxxonline.com | tcp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.gaydemon.com | udp |
| US | 172.67.72.147:443 | www.allamericanguys.com | tcp |
| US | 104.21.33.238:443 | www.turkxxxonline.com | tcp |
| US | 172.67.70.244:443 | www.gaydemon.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 210.85.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.21.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.72.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.33.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.92.56.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.70.67.172.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | jf.revolvermaps.com | udp |
| DE | 185.44.104.99:80 | jf.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | jf.revolvermaps.com | tcp |
| DE | 185.44.104.99:80 | jf.revolvermaps.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 172.67.211.101:80 | www.bestmaleblogs.com | tcp |
| US | 8.8.8.8:53 | 101.211.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dd2754d1bea40445984d65abee82b21 |
| SHA1 | 4b6a5658bae9a784a370a115fbb4a12e92bd3390 |
| SHA256 | 183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d |
| SHA512 | 92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1 |
\??\pipe\LOCAL\crashpad_3364_XCREXUBNNHVBFANB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecf7ca53c80b5245e35839009d12f866 |
| SHA1 | a7af77cf31d410708ebd35a232a80bddfb0615bb |
| SHA256 | 882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687 |
| SHA512 | 706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 34ba0640f46e02937a9ff0ef350baf9c |
| SHA1 | 17a1354830c4605a9fd482e2441dd3dfa7b84bcc |
| SHA256 | 5787465e70a789b7c042173deae619c9fef40bfc321d8bb969b690ce2b2ff701 |
| SHA512 | dacc00da41976ba5d080163e2045a38c9f04baad6345013f319070881180548da3c1c38684b68a986efad0ed47f040aaf133523f2586ce7633ad11359164d7ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 60efea35d92a79606991f684c7e44a2a |
| SHA1 | 9a0e3da02ef2224371789bbeae1902788f24cff6 |
| SHA256 | c6a1c1516e73267af4cf04ef45f26aeaf3204988a0f9ecd3df0b1f568e31011f |
| SHA512 | fb2f2d41ccb80b26ec31b564c8c7fa762baa61e20bdfc4ff3ec4158e970be6b925fb0c00c8852d631617bb329d0dabc8d8e4c8e1796d950acab0388280b959e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a30568bb-e243-4ac2-85a4-a46f08dcd476.tmp
| MD5 | d4c4b020a7c046068c2acc5981381537 |
| SHA1 | 36fa310881cbe92120cf1bcd13f801a797e5bec4 |
| SHA256 | c46eb3c84e67528c994bbfe5cb0c8069e34508afd5a9e85d0d4106e81a967de3 |
| SHA512 | d9babafbe4570afdd484668f6559d3eb195cba285a26798997c418d083cb05e78a9f92b88579bd03a738507fa80b125cd85a2226e290ddf974a2660360d961f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5f4b8b163170e1821ecc35369a6819d5 |
| SHA1 | 5693d742899e6441d4325b15c0363885ec7cc24f |
| SHA256 | f64b345fecaca64f9c9e05f87d711c6f2457d7bb21fb1bbb277bec530224b90e |
| SHA512 | ff03dbf64fb9a2ebd0a1c6727e7a220ea54ef487e893462abd3404d42c593eb8612f5b2f25450c3dc23ef6ff843b5b8cce1c8071aad8390ee1934c2169a51384 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f898.TMP
| MD5 | 2c1ac51bf9b887fc869a073bccda3b5d |
| SHA1 | a09f5c2212790a87d6f2ede5416c71ff26b0ec8b |
| SHA256 | b35a1d1fad760483c4e0d05499daa95ef29431e532ec47a5128ae7ef518161d0 |
| SHA512 | b14b88f1b6de89087f48d0e6df0a43b7ab4c7c2bbbb2fbb8fb00b00467924121c1967a9f44a14636fdef607508337511af13d9a7be49e02e3424ea8c3bfbcd3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b4d4666bac9a328c2ecbd6fd0007cbfa |
| SHA1 | 50a2f94a465df87bb5dffb58700cf811c1b21d6e |
| SHA256 | 2102a1927cd67c0d62c853bed0b609561f04f62d27535f4b5a1b3f8a60f366c9 |
| SHA512 | 1924c5d84d1041ca7fff620c525f92e3ed1c6226d4851b27d92c421d3ceb7a751cbdf5aa138da9c989fba63d4206d2476d808f5706dc8a8cc4b81025e36a9dcc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0439530eb43ecac09dd3fe60cf1dc41e |
| SHA1 | 84642494e3b14bbc722720d57a9bc52ed6c1fce2 |
| SHA256 | aedc120bc7959a04bf3cff350ffe0c54b38d85ffd89f6c7785ad20241be11892 |
| SHA512 | c297b68a90c1c7f69d504805f546202e63dc2578b8dac7eefb11119ef0e913c3d75557e6c2a58ea354ece73fd925f8755a3a898ce65c3c9caa15ea1d08f50d65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 37540ea8a7c41526973193803c59e4dd |
| SHA1 | 30acf39efbd411e9cecbc085b9122ed8151bd630 |
| SHA256 | a8ad0ad224b7ba50424704e623e99c9b44e625f6868c76b3de70871f66cb2017 |
| SHA512 | 0cff21022892191da732aaae0534524bbc6d894d73c25910304ac45e894b87bfbcda7ea8d261d2b9e8af362d1b7bae54b26442ece9946a256e39f97a8dd491cb |