Malware Analysis Report

2024-10-23 17:22

Sample ID 240827-wheqmavekk
Target c57052557afd8f5882a7c757bd846919_JaffaCakes118
SHA256 8fa9f91435a0468b9b41d53f1bde457405b5df5cf7cfa5a4d5ee47d150ae7db5
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8fa9f91435a0468b9b41d53f1bde457405b5df5cf7cfa5a4d5ee47d150ae7db5

Threat Level: Known bad

The file c57052557afd8f5882a7c757bd846919_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-27 17:55

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-27 17:55

Reported

2024-08-27 17:57

Platform

win7-20240708-en

Max time kernel

140s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c57052557afd8f5882a7c757bd846919_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7D1BAEC1-649D-11EF-9BD3-424588269AE0} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 904bc57aaaf8da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000624adc9ee5edc91384383c094b16f16edf2323a42bc9183e855498808a972798000000000e8000000002000020000000cc7c832f1b1cd86b87263ca5eab114e25d639b0454aba02bd3c3bd3ebdd36fdb9000000039eb83f15a25792eb49e607c4732b0bfe56b689c0eeb2fc827a7309727f247a37d422258f738100fcc8fd6b36b56e4b2e15ed0ae176b5771c9232184b8a0f7286c92000964685cb2a9d2c6717e55130dbb0c999a19cf0e7a56ccccecbcc65fc605eb74190b17058be61860b97c0b41fc5e3a62fff8ed1bd3538b2ebdd3b3538a8abc798b64e277b409e433f4713b041b40000000ee25de6ee30011064c5124f962b6320fdaf51df50a9acbf7c82a5af93ae7a7bb55b6b286f31ec3418d0d765d41f88de4057c7998174da1a33b4f23ee97c36a38 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430943172" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000ec6759b3cc1318a2909045018a815e5f07cef6b875f92316118be4d542bd2004000000000e8000000002000020000000dfa8686642e565ced2e77a07c432c63b6db802cb86d4fe16b4f710a5a90502d220000000546c92532d3d4b963986ab39cd2f7d95b9e81a28a480e2cecc6ee4110edd2ef4400000008effc4eb8684484141459cffcb63abcd17c6730cb0564034a87ad8bbf66e29cb093e1d35d7ed7bfd4f8cd4473f021f5dc29a3d2de1f4ff6d2e6e009d9ecc26e4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c57052557afd8f5882a7c757bd846919_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 geoloc20.geovisite.com udp
US 8.8.8.8:53 www.paid-to-promote.net udp
US 8.8.8.8:53 www.linkwithin.com udp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
US 151.101.194.137:80 code.jquery.com tcp
US 151.101.194.137:80 code.jquery.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.178.138:80 ajax.googleapis.com tcp
FR 142.250.178.138:80 ajax.googleapis.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 54.36.176.112:80 geoloc20.geovisite.com tcp
FR 54.36.176.112:80 geoloc20.geovisite.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.paid-to-promote.net udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 ssl.gstatic.com tcp
FR 216.58.214.163:80 ssl.gstatic.com tcp
FR 216.58.214.163:80 ssl.gstatic.com tcp
FR 216.58.214.163:80 ssl.gstatic.com tcp
FR 216.58.214.163:80 ssl.gstatic.com tcp
FR 216.58.214.163:80 ssl.gstatic.com tcp
FR 216.58.214.163:80 ssl.gstatic.com tcp
FR 54.36.176.112:8080 geoloc20.geovisite.com tcp
FR 142.250.178.142:443 apis.google.com tcp
US 8.8.8.8:53 www.cebr.info udp
US 8.8.8.8:53 fadjarandryan.ptp33.com udp
FR 54.36.176.112:8080 geoloc20.geovisite.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
FR 216.58.214.163:443 ssl.gstatic.com tcp
FR 216.58.214.163:443 ssl.gstatic.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 92.123.142.59:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 151.101.194.137:80 code.jquery.com tcp
US 151.101.194.137:80 code.jquery.com tcp
FR 142.250.178.138:80 ajax.googleapis.com tcp
FR 142.250.178.138:80 ajax.googleapis.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 54.36.176.112:80 geoloc20.geovisite.com tcp
FR 54.36.176.112:80 geoloc20.geovisite.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.paid-to-promote.net udp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 8.8.8.8:53 www.paid-to-promote.net udp
FR 54.36.176.112:8080 geoloc20.geovisite.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 54.36.176.112:8080 geoloc20.geovisite.com tcp
FR 54.36.176.112:8080 geoloc20.geovisite.com tcp
FR 216.58.214.163:443 ssl.gstatic.com tcp
FR 216.58.214.163:443 ssl.gstatic.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 4f25b72200be57fb8d0b9e1d80ca39c2
SHA1 4a248d2ad76543850919e0a71751dcbf330a3be3
SHA256 24e84872dbf5027aaebb3aa5d3f23a2e3ec4aebd1dddef8e264a0ac66c68bb8b
SHA512 3879b97250a50aaeef51cbc1f909f5d8294c8a99a0c2f9e35bf0f63baf42a00c676913167141adce9df7c7cd9a876b838939bb2ecb1bdc835ca6dfc2663eeaf3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 c8acb4c74c7ee65cad3a465a4cec4a07
SHA1 b199e83d64077c1f9469ffaf2ef8ae1789ba490f
SHA256 a400d9d729b6f38209943414a337970a401f0dd1232fe91481336f267a18ca15
SHA512 87bea6a784080c4015ae32ba4d2316dcff7ac739143c9dd86df8f1fef6adc9a89fa3b141bbd707b0da5572a9f847eb64fa5d0f3888de983d7b67b80d7b959f86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 254f0ecb54b5ee4b21a9a9b14bf9da79
SHA1 3d88301aca274c33758891dd90262027533d75e9
SHA256 6f57a94015736389347ed116c8ca2695745f248832dd70d144597cc69998ae72
SHA512 48fd61f7e66081e31384723895935fabcc034d41bd2c586ecb9dceeefd3c58d6383a0f9ca538060b9dea66456bfdaba92fcd78c28c3b1195acaa55db68946ed2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

MD5 72bde6d1c35fedc47a854d0764f02719
SHA1 148144084bfda73a05c0dcdd7319188b2ccfe710
SHA256 c0992afdf2a1b91920cbc3f207bb5013437f8ecf8af00cdf22dcdd5dba916774
SHA512 71262c425eb8d1aab973778720fe489931d0abd2b3bf3de0169e0c90afb47ee522ad749c2472440f228e4a707887aba78a46a2245bc4b5a9339a0609de169570

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\cb=gapi[1].js

MD5 ed72d618fe48f6fc42c19a4b58511e72
SHA1 80a2da4af91d56ec81c7b672afaaaa72c83a4414
SHA256 5bfd37a756bc7772aa6c520102870dafe2d3b808c562412e30f122a7908f8ad0
SHA512 5378b71a33f67309f788b9fce32daea44051e7e9a6aa326bdd783456ee9eb2f4817aec2ad1e837afc1853acba59080b0114d32c040ea731ebd703f0a84dd7ae1

C:\Users\Admin\AppData\Local\Temp\TarBD96.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\CabBD97.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b16053a0a2398d9195ba071f3ac98538
SHA1 dc9c88aa04b7add3198893683aef4f1ca717473b
SHA256 0e3f5dff8a75c92ffda1b41c4648606f2a646111d807180035ba96c1cf0fa177
SHA512 e4375f05125862a1ed5b408aa47aeca69286cd179a5e292dd2ef8ca1903f11b78d0b13157417244ab54d3e731fc2d45899184f4599f1dee8ac7b7bcdc6c04494

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df1007db0c152bece720e424615c6500
SHA1 99a7e6fca2c57ca6071c12da514c1f1e69458857
SHA256 5ca9a81f445c1fa924a7247fd7fc8860dd2cf57b4aeef50168ffb596b39cb5ac
SHA512 e32f7344bb7f4066c9ac70da0d6f604b08eb53f82c3218dd4d9b6d918be725476c9602dd271dea02884ede1509b5bb8d3d8c036c547c15f7037c750755ab2519

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 475f30c24e08806f32f9b1ad4a73ad2b
SHA1 f3f0e2ecc64f36a8a27f2107ae37407a508fea29
SHA256 443a2f6322112a333053c7f1f14b9c9c0ff09259e3dc8f25b713d655bc3fa21a
SHA512 8af9ea12e2734b7fa18fe3925fd1cb5cba682ef5fb0869100f7aa634503c58878026a22d7a47c5c34de72d761302e07e4795bdd26d8557f53536311502bb16e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f56defa4e89489748ccb401cecfac055
SHA1 efac976d688dac7d3b1f672bb02dafe1ffc6086c
SHA256 7b62efba28fd5b8ecfcb0c3253193a5a273b34d4c0e84e4da691dae20354bc17
SHA512 6695357fca05484f80945f0da4ee65c550a5fb897d14cba9cc76b2cbd77c6ab7944902436ad59ac00c26616c4cc112b2caabbbf2d40606c191e1c0c633496e8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea9b9b9a512fc4b3252e37dab3ade728
SHA1 c65ea8f83b182ef12bbfed6f86573ae5c3b9681c
SHA256 67c8a8540770f0e722d0fa4c9ebe9e968e369fc7bac8e0daf9e47b431d94a65e
SHA512 fba2832ce79917727b1d85641364a4272429c2cc88814cf5089f4a871cbb6d100473167d51a901278a9412b8355812d5bca5ed3527df1e3362b6a62876b46033

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d40f98f89320ee3ad843fdb202e2b8bd
SHA1 d0131a7156ccd25dc18536952327aee638175548
SHA256 984457e7fafba69998e090b64aa426c4779d59e11113cfb7884bc24be92dde9b
SHA512 772e4cf8126d4a9a9d8d8f1453d4a4cabba7756cf24a92d6bbaf1c7e392f749884fec542dd15038e72837cd0e9e730cf2900a28cf02eb7cf3a2d20b313a6661a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00dccd7ef1860a65a924232f77bab951
SHA1 a109bfd6716648383aaf988c6ea35f71ce89f884
SHA256 cc321709038951e2e84b34e3e104dbe6f51879876032151492a1819ca1ee5853
SHA512 e7a3b6924bf9ffb7fe9072a8942b34efa653b202035ef2116794f359311830385d77ee5475a5340824822846921958985c767bcc44e164f32c23fca4edc16494

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 db7e971902823c7f89077173a42c138c
SHA1 60a7dcbbc3a76486a4872fb588a4ba67a6b364f5
SHA256 1583d1fa87748d14e20072e6cd6142437054f1d8f14cfa5cfc238c4b977a0f35
SHA512 e2278b8a7dcb87fd3c68e511c35b7dff5bfcf45de575e91363298da48626ad319e3d3da2eac43b46b6af9cd872f731ecdd50b5777db703dd8b16a675b8cc0935

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e05dcf445af828c3f09b8a7bf119bea
SHA1 e1d7726cb6b70092f7b94045a82bd6a5e6be6338
SHA256 5351cda7fe86d42e70eba43375cbef23ac60179913b615fbc877615f73aa2cf7
SHA512 74d99ddd63bc09919e8f0dbb2fdd5c99c579e1e3e744f580689d21f4ce2e7caee80e041ccc8cb086df7ec1f281b92f8856c5491d56100cff8a53a7a523947ec1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df2159d38093204164d0a55c412e6e53
SHA1 4fb5633769574d89cd8162c045f55dc79d02df34
SHA256 2a9e948e99d65f6028d1ed79c4b22cd22798298325bbf9bf67f746d46da26030
SHA512 3d0aeeb87f517b7d1bd0616d0b6fbcf88afe909ae17c75afce5d5aed7d3eab3864cead83c96f7b8cbd2860287ac83b9345e578a34d97a72a22711046fec7f738

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5719ceeb6f088f50cdd4d126bc420c6e
SHA1 336e47f9cd2b60155ce4b4bf0c492f3a7c387851
SHA256 3826872824747afc626edd25b47e90af1f1610fba7540dc3dea7f8cac439b19f
SHA512 8c35dc55f39f7099678d1776ad1e73068bc7c82d561803aa67245a4a66588ede8ce14c5af73c2cdc303cfd9ae5e8c83399e00d8b55db3e09232ebad02c4bff3c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\1380534674-postmessagerelay[1].js

MD5 c1d4d816ecb8889abf691542c9c69f6a
SHA1 27907b46be6f9fe5886a75ee3c97f020f8365e20
SHA256 01a956fa0b3ea8cb90d7032608512bc289c4170bf92759352e40062d5be2946f
SHA512 f534f057e46998bd1ff2c423ad2cf04a880c4a5259e95aee5c6ae34ce7121ccd07ad1bce5d4c3a51ad04f7411b0625da78808326b13d2aeefec502988e113113

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\rpc_shindig_random[1].js

MD5 9e5f0b21584389dc1c7b5da4a900879f
SHA1 191b84e0f5644398ba99e0aa141a6778c14b83bf
SHA256 3e21bdafa913fa25276358db1269238db3012ffd8748626cdad442f838e890e3
SHA512 c1720a420df680bcc46625355ed6d5c35ae280a813692a0fa293f3ba113a023808a781f1b8c9dfeb3ffba29606e1f4bb4be4233983089602e2d2c20786fb0427

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\plusone[1].js

MD5 65d165a4d38bfc0c83b38d98e488f063
SHA1 1c4ed17c5598a07358f88018a4872aa37ae8bc07
SHA256 b1320e0dda0858c87971f7baa0d53063ad2a429d232fd06b0067bda8b9eeb0ec
SHA512 abf4c755d88193e7e05398b6f934fc561d8e2adbee7d2170af399e145e54a4a8a93988e4af4e28d6240c0bd1bda7035ae97f67a85a471088820baae8d89f3d41

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\loupe30[1].cur

MD5 8d300e130519fc6dc5cf027b3307804c
SHA1 dca17fefa8bf60f4997a9b107cfcdb5a2f5864cb
SHA256 5f16ab826f87f46f60ad8c98c3bbed9a4273ff2da7843130b3036891251af5ed
SHA512 1e3bd73d6ede3a9277d38873e457db57f6af60365ab49a8d10003f4dd22e6abdb27388dfd54be440debad1da46b46e52753d465b94875df541b156626f5a214d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 365871688cfb39ee02990543e54a6249
SHA1 0b6b6aa7fe39f7806d35bf1bca4f3916776c44ba
SHA256 a778729797b094721070dd387940d57da7c3454a76efae2ffbb0edec2e608c3a
SHA512 3f4636a87d791b14dfcdd1da8aac99a62717b01d228a4384a4131650fc4e24cdcb76e69b1883199c5e33563af14e31ef7c4106bb028f71aa99bf80fe1c4d174e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 941fbfb0faf15df08797f913fbd9ba12
SHA1 4bf3ebff6ea8bf0683e60a03690c8266ae8c6df8
SHA256 8d4a5e779a654622fd3a4cd3004dda3eb3380436fafa737e71c74bdffb1197d6
SHA512 5eb1326ba1a19105579f694cbc5f4f3110da51c0dab68ae116ac314ca5794e98b04a8a0dc659af5d48f6aabb6bd393576698324bfd890b381b621621ce8df379

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f823bfffc8021d5c61b6366ee3559f4
SHA1 67974af7cf9ecf750eddb62329e94d2dd85c343c
SHA256 7ef94da52eae04417525b506269a02c0ff3ae5e14883eae9022ab2c7b1a26418
SHA512 4e16df431e88c2408730bcd37c1abe40dc300958bfa788ae3c96ca60be5508f20bd29840d6bfab493363c7dd38096884de757796beac2e37d4cf005457497282

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a2faa116c0f20b802e53f32a7662ceb
SHA1 2b9c4fdc2822202ded017474d8c1a4a199f5ab4c
SHA256 fbc9cb23ea45028154c63771f107b1c1c8f96cdd8353b52f2cff12057477f194
SHA512 b55cda8ff465a0ade49f7100fb9ca6346dc3eae9c1946be73a8bd581cdb8e6dae0bac47c4f4f478dd5104766810b2194b36ece0d47d5087aa8900ea2f47cdc7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 616e3f97c881cf0f25686e3f6a9ff94d
SHA1 cd1a244a813a0cfc62a2a87b96c6dae6c006c752
SHA256 0abb9035a8caae441593c9bc40fcfbe691226c2cd1dd78c2ac3c628fd80916b2
SHA512 e22d2bccff41089c270780a3eb227fbc2c30c3cc6499f5ec9681d3dc49c885f99a90da96f51e7ef2943402a960ab64f757062f53fd5a8ac7099a0937d55e74a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4203e46aee7e268f53a89872eded613
SHA1 168a3aaead264e474e8d9c12f78b76c5eb6a75be
SHA256 40adf3b6659c1e054e70262e401a4dee072900093228b233bebc2d69a3f4f6f1
SHA512 fd3cd1e107a99b4f7289fb23557e518be510335afef55b03cd6a9cce7d039ec86f1272d7237799ac7b995e02c576ae723a5679eb025cb8300219514d24dd3cdc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e2a134d0d09a59a1c8a5f25379ffc64
SHA1 4fb4151a4d1b07e1f9a46256603ccd71a052de6e
SHA256 bb60dd8b4125efa59c3dc6bdd1a606c0c9179cb0a814c3dfb454b5c0a78a85df
SHA512 65c496a6d4f7beea914edd73b589fcc7302346fb2dea1b74f322d91f69ff729a9a721df2313da66cead320b3b956c54dec3b2ed2b6ffe70e197b7b9596419311

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ec1ec75030c249b9702b18660488dae
SHA1 446f9f136f8a05af3ac2b2dd2446a9f34bbec57c
SHA256 de4acf70f78aba1c1f68fff3dfaa24958efa2178fea91bf1e96d5f90a19e1c31
SHA512 e9b7507642ef3cc2652ab1cf98b4182298e841064ebbe183cca5e9f6bf759177796bb085b9149ee7183b0410a7b236671d20f1082912fe682095479aa0e67da3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 403c842d04512cfd83d7a451459681c5
SHA1 3a18f1ba1a9a90a2b2a443e1bdd25f7a45bf989b
SHA256 4fc7b404ff621507069898d649a58e2ef6676e1c9e0cf2826aa9bac6cb2dc4c7
SHA512 797881edcd46fcb41ff14513f78b861f9f1c0f3c1aca6b20e22073661fda6304417356cbc98b4284ab42ed96b90d67ad16c686f5b90f017a4a7bc7a08aa9c52d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 428d1fafd345e7c03129616a97af9908
SHA1 4586dcfdccd522c3f2382a174c36dae7129be9c4
SHA256 5c541ec586bae245c24466f648c1e6dcc9b9f96c6ef4cf605f745f1e468121a9
SHA512 571f234d4911451ea864d173d84723aa925f6862792f05b4c9899cff7b846de5d23cd29a9b071357b278d83d37eb1ca0c41fecb87f3a8ed0752d319ac97ffe4c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\jquery-ui.min[1].js

MD5 e436a692a06f26c45eca6061e44095ea
SHA1 f9a30c981cb03c5bfa2ecad82bd2e450e8b9491b
SHA256 7846b5904b602bd64bea1eb4557c03b09dabc580b07f18b8d1567d1345f0a040
SHA512 1b09a98336cbc0c8ff0f535a457a3db3cd3902e4a724bb2e56563648ed1a36201dd84e63f45dcea80bb6edfe80a17db388379417386dec76341fb9eadbafa88c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\124887373-widget_css_bundle[1].css

MD5 430d0f52546401d2f8c037bb84952ebc
SHA1 446c9de67e5cc8c01e2108494fa0055693dc6993
SHA256 fbbb7e598e30407bfbc0e1415bff3127bf07ff9282937b87330bac620e919696
SHA512 6b9f3d0332aedc15d05e0f574e8710678898355cca6b16ec452fc9c3fc80cd4a7e7b45361f0a4f7faf55edc5f6c0c76efbf235b022a895e3aa5a06a4bc843830

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\jquery-2.1.1[1].js

MD5 7403060950f4a13be3b3dfde0490ee05
SHA1 8d55aabf2b76486cc311fdc553a3613cad46aa3f
SHA256 140ff438eaaede046f1ceba27579d16dc980595709391873fa9bf74d7dbe53ac
SHA512 ee8d83b5a07a12e0308ceca7f3abf84041d014d0572748ec967e64af79af6f123b6c2335cf5a68b5551cc28042b7828d010870ed54a69c80e9e843a1c4d233cf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\cb=gapi[1].js

MD5 b405ef99007697771b5e6165e1d39f71
SHA1 9b8958cf7388f842b86be97a3e108060d6c2db9d
SHA256 29ee59933fabf111ef5688b293cf90d65354ef907eafdca7cabb5de999cd1f4d
SHA512 36d6f1b5c6a8c8f7a32dece60fc7010b32fcd0ec05f73eab4b44e7ee9b000b79e6ffa2303a322df6af3a7db42967712dd9a60c1598bf59dba943d1a7bb9ea576

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\cb=gapi[1].js

MD5 4bbef8be336cdcadfc514957b2d482be
SHA1 a4f3ccb000b8e50d2cff26c76a6d25ebd2c2eee3
SHA256 ffe69e7df7704937b794b614ee2dc41930105d3b7cae878ef08a29a69632c20a
SHA512 d38519211e15822c5aca5332c86deea2e4682478bc40e2658e8cc703e041e8a4b74930e213cfb92ae3cbb414bff00ce495948a7fa9a599df317899cc72d0578f

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-27 17:55

Reported

2024-08-27 17:57

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c57052557afd8f5882a7c757bd846919_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4816 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4816 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c57052557afd8f5882a7c757bd846919_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd183e46f8,0x7ffd183e4708,0x7ffd183e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7044 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7044 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6036 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 151.101.194.137:80 code.jquery.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 216.58.213.74:80 ajax.googleapis.com tcp
US 8.8.8.8:53 geoloc20.geovisite.com udp
US 8.8.8.8:53 apis.google.com udp
FR 142.250.179.105:443 www.blogger.com udp
FR 142.250.178.142:443 apis.google.com tcp
FR 54.36.176.112:80 geoloc20.geovisite.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 54.36.176.112:80 geoloc20.geovisite.com tcp
FR 54.36.176.112:8080 geoloc20.geovisite.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 137.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 112.176.36.54.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
FR 142.250.178.142:443 apis.google.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.cebr.info udp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 54.36.176.112:8080 geoloc20.geovisite.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 fadjarandryan.ptp33.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
FR 54.36.176.112:8080 geoloc20.geovisite.com tcp
US 8.8.8.8:53 developers.google.com udp
FR 172.217.20.194:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 accounts.google.com udp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.110:80 developers.google.com tcp
US 8.8.8.8:53 www.paid-to-promote.net udp
IE 74.125.193.84:443 accounts.google.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.110:443 developers.google.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 216.58.214.163:443 ssl.gstatic.com tcp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
FR 142.250.75.226:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 43.56.20.217.in-addr.arpa udp
FR 142.250.179.105:443 resources.blogblog.com udp
FR 54.36.176.112:80 geoloc20.geovisite.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.paid-to-promote.net udp
FR 54.36.176.112:8080 geoloc20.geovisite.com tcp
FR 54.36.176.112:80 geoloc20.geovisite.com tcp
US 8.8.8.8:53 www.cebr.info udp
FR 142.250.179.110:443 developers.google.com udp
US 8.8.8.8:53 fadjarandryan.ptp33.com udp
IE 74.125.193.84:443 accounts.google.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
FR 142.250.179.105:443 resources.blogblog.com udp
US 8.8.8.8:53 geoloc20.geovisite.com udp
FR 54.36.176.112:80 geoloc20.geovisite.com tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.cebr.info udp
FR 172.217.20.194:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 fadjarandryan.ptp33.com udp
FR 54.36.176.112:80 geoloc20.geovisite.com tcp
FR 54.36.176.112:8080 geoloc20.geovisite.com tcp
FR 142.250.179.110:443 developers.google.com udp
US 8.8.8.8:53 www.paid-to-promote.net udp
IE 74.125.193.84:443 accounts.google.com udp
FR 142.250.75.226:139 pagead2.googlesyndication.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2783c40400a8912a79cfd383da731086
SHA1 001a131fe399c30973089e18358818090ca81789
SHA256 331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512 b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

\??\pipe\LOCAL\crashpad_4816_JQEZXWVCDWXPPXKX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ff63763eedb406987ced076e36ec9acf
SHA1 16365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA256 8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512 ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2c4851cb01e8f044ab13d820e91ae84f
SHA1 ecd6b20ba149acf63f9132d59f7849c938634ebe
SHA256 9b9866eddd5a7791390d936821a69f2892186967830884fbb264202fc97cd85f
SHA512 1cfeb1aa3ac2f6767f084bd8d279c464ebfca06b3f973deb755c025ba0383c35161498a21baaf24c55866cc0bcbcc5984bdd02299d3cbf3616f0ae7612cc1d3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 33a83c16527e4531fbfca2631f653674
SHA1 87a63514c262ba4bffc52d2ceebb3ca14353507a
SHA256 1156bb50a264543f6a9dc8922dd2c65d444c8bb11b3b18be95d5adff840b33b4
SHA512 f1dba28d0f81aa0894436ae7b4ba76a2e635f002f666d17d31b8b21500dc2321d7862ca8dcfd22e44aab4d1f33112c076dc95191c889546a40f9c6197cccbda3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 a0423f1305547bb6b8f5a4fb1a9fc2d8
SHA1 092dcf1fe57e6bb53821eb754e04188ee70602d5
SHA256 6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8
SHA512 b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e3fbe3265fae778358db8e078fc5fb90
SHA1 a4ff9ba237dce6047f0026f23ba83663e9a2de4e
SHA256 8b80f7da93d3b4429b9458777015c3d0d8764de934281eb15817e93749c54a26
SHA512 33ff7f25b0dc6f9353680f2e36306cf0df5056041d505295785cbcac889d29e09d590a5c4819decc1f2663ecd4e3f8a19361d0c4ff6869dd41b7eb632682425e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5a03cec646659748d5f3f00464f9b22a
SHA1 0da7ff2a12a4fecfa05aedef6913f4c99e75b7ef
SHA256 d10dc1d61344995a2306da8001f4ff606969c9b6b6f1e44ffd73b2ac80938cb2
SHA512 f46bc9a133e882527c0d00aab7ed12f20107b5102e1c68cb33a99b016791c645053f23fb9e7e55f7dc519e5e4d6f68e98614d734439e138267a4a44c58cbbb6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4417761d2085b8bd4e2438e8dc38a328
SHA1 e533589942a7d21e86692876a83045df5facc3f0
SHA256 a2db1ac00ce94e07656e5fa024c5d4f824f34957332345562c07c5b8deaa5661
SHA512 34e3fb69923cd7e1259adabda0514994f1a0fd547a41acf1e17a0355e8308152080a1ca33788d223bd37d5d57de8b5c41829f1deb0c58fe6b1bbdea8dd985d7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 25963721d38c407c5722bd8e1d46e7f4
SHA1 4572f1ac45411d16964ca8f68910be5d86da7c7e
SHA256 b2de78a66b9cae72aa4a9ac5769488a331c9224610780355bc8e1fa3eed27272
SHA512 ada8cb20fbd81e8b8d5abfaddf31aac43c06090dbe59ee4dfcf2beb619f9ea460dbb5b68d4d16b534b38c5c072121324da0698ff112efb72888b8fe04a653fe6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 95ddf917a3c522d3250a40723c293020
SHA1 244841e5c5d33074e44a79257ac278e833557f7e
SHA256 31ac09556f64973d1a685f2dbf7a2efc392c4b766a6dfc85808be638482244fc
SHA512 e71bd2adfcabbdcecb15b9a6d69828c27e8b483bf4aa57168fc40428ed78ec6324217415f346f3976897923d6931d1561d2f38d918e2f74c4d5cc6450bdf797a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3690bfac73a98a18440a7c4366501cf0
SHA1 8d7748ef495c40180ae8b034508246234c550484
SHA256 6ebd76cd7644ce36174183f04a76a0b1cc573e8f97edac177e0a92fbb9dfac5a
SHA512 a4d2bdf7996762d1f5b952132fcf676b0213c9bdd5dc79e3a1b94fd88e9f83c8b755fbacf53a05bc6992cb13d56efb072b5368aee6e3b17535d51ac22cc3ab73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ce09.TMP

MD5 6e00f177e138ff34b8a4021362168ac9
SHA1 5c462a55ca5a1cd132e7880480e8c277598fea57
SHA256 56bc5646b0768984991b8f9069fc6370c9410415a6c250d7f88f16b864f75ddf
SHA512 398315a7761bf50fc2f05ee31457ac63c898dda5f33c4d59927ae88c78dfbd916495d68ab1629dbcba1ad22a8d7763975fa17a4b2bc1651c274a37625fdf5bca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 62f15006a84ebe87650d451fff0229d4
SHA1 bd06aa1944a7dc3d2ab0aac48b79039e8df7ca4c
SHA256 54e1bfe798be9552b7f2be5146d0d7c0d630069470b3126439406236b5c3bfaa
SHA512 ccd2b822d5544e5e119dabc4f78221164ae32df3f8f469dc5aecf7f41082b62776d718e2af6c99ca9d06ecc55b9a34f4a2f0f06338940531c30a29f195c89405

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5b0de579e17c4fbebbdd1293c439749b
SHA1 65b4c912704556ef8c87744018d4e029b0322444
SHA256 dd53feaed49c776a395d9a626f1ef561be037c7f2f9c53bbe88f104a90d273b9
SHA512 9d3ec4e10f582fcd528e74442f736a5a8a7ebbec87261eb262893cb560cc5fe6a0338288654948b3d1309a8227b9e6ebb57060c5cc00afe37083d17d62c550a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ab50e40c6ef9e2fe4454ffb8c799e2c4
SHA1 cb4a549ab9182cfae2629f9ca242fedddac832d3
SHA256 09ddda3e98530a7d8da4e31ef7cd123d1cb72e362c3fefe9e90451ef3445fe50
SHA512 32d3343f612e62afffa747aa40a7c01fab5107e13ece4acd2a22bdfd0ddbc3e577a28323e229f42ec626b5b5d9b76a1e454f78e3e94c9947f91c219b2d3cfcf6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 430d0f52546401d2f8c037bb84952ebc
SHA1 446c9de67e5cc8c01e2108494fa0055693dc6993
SHA256 fbbb7e598e30407bfbc0e1415bff3127bf07ff9282937b87330bac620e919696
SHA512 6b9f3d0332aedc15d05e0f574e8710678898355cca6b16ec452fc9c3fc80cd4a7e7b45361f0a4f7faf55edc5f6c0c76efbf235b022a895e3aa5a06a4bc843830

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 468446a7240461af44b59ebb2047c231
SHA1 47b7c525dc91bece99df0c414960b9490b986ba8
SHA256 ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6
SHA512 ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 da52e38c98b0f2047abeb07609608ab5
SHA1 da1210caff36df73e49a0c271ff7d573c2d20d02
SHA256 726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b
SHA512 35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 072dc3be9042b863f465f570fc3efba9
SHA1 0323377816ff6d31dc7431bb702be82cf0653764
SHA256 608f0e85d175cd5a7c54e11d519f682ddd1fa886df48be30f91cc72c4fa7f08c
SHA512 361c56eaeec2205a5cba71ae7f26949d80b12a8cf451e6f0b895eeb40eb8700ee5c0fde8cc34d881c304e655ef168b91b3bf241b58db29876e18f6e24cfc42bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 cd05640564742b1a72a818d15873a1c1
SHA1 4673e5731f755d45d3899550cc48cb79a40585f7
SHA256 0b940c2b7629585e9b218cdd1762c3c79003dd2ac37db8992ecbfb3728359e1d
SHA512 b2df34cb210457ed5371085ca2cdfc59c0c1aa291865ff0760805a464f3e6a8ba26e77c5bff1e0ebbcd5973fd85833ab9e71ad2b1a2e2594f7a49c6fd7baa6b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 651759109c0101a3622ce3e8d4c98be5
SHA1 aa1838164412bbad08112a0895754c54ffd132d7
SHA256 01318a80813fcbf44ef73a52bdd7c85b69bef8edda8d63a247bf6db8e2068a06
SHA512 6313df038c265f147a5954d2ed69ea61431795e005cbf25dda05128adbe668a194c73322727c65201ccfda5ba2252fe9f6cee88b96485b85940b83254d0220e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 e99f1712e9ab2361d5bdeb29f499183c
SHA1 aa1ad85ed4ca152a807101ebfbf7636c49495236
SHA256 9d34a303f8c67d6d63830ae852e3368ec97c8237e82672fa2a144352d1ce9460
SHA512 686620842f086366ae8132128c7fd2e7037d2a319d975d5f633ba0160143567d10880e11027df2da4dbecb150991680c14a2773ba810c1560d69742344fa0e8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 8cb8f1d27f7825dec81278d4c100cadc
SHA1 e9f50d73c41d766d7cb31eedd0b4ee3b4b09df4c
SHA256 8b5e5ad206556948105a7d13efb0aa96ee50aa62a0c1c2ad83fd7c8415a270e6
SHA512 eab9260f80e253123c478f0ee45ec9dca208d6e21782256d0ad5cab727b1e18c5c4906540019001c939da79e52b482e5616115f6204607a884dfe7271ac5c77c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 4651a4bc4ceaf8d1811aea20ab8584cc
SHA1 e9ba2c1e8b5f2391eac8fce3567c920a68391c11
SHA256 73cbb0b6d9c83a076751991cf4db53e24f0a83a6124d74d5fd66cc1d830ba138
SHA512 0e2552bdeed8ca32fdd2d9d90c1dfac85514ec4f54840778566b9cd37649109487473b1cd234c0195ddd17e127e185f8782914b2e7dac9bb26fb8233bf615fa1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 413c52129766b82ee5dc8e01b86517eb
SHA1 2ca13cc9a3019c54c28cbb7bba6c813ebcce12ba
SHA256 705ccf71daf5b5689a682f6f9d7d45e7ce7eafd4700aefdfcc6e07712167fef8
SHA512 0cdc76f25519b6643779ba116e3047d0ca32a852079cbc3e160d41500039c9ef125c8916ce275ded591a5fcbc1c2b30f138634844b3b9164099de0d6d5cbd9f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ca09f9780c36a0f1c8bd65c298ac75bd
SHA1 40a3c0167c97b9caa322c62fbdba1e3a23e8c891
SHA256 939d8f4e0ca0aaf6a2495aa8018a707d5a859689b02f9aaacee21a59baa5aaba
SHA512 0805f145e4db1466764c9d394e590641dd6f1ace6db5baf678f3faecf8891535ac948f37a1e2d2acc4aef6e1deff68ab171eb483ab2ce6e9744a8b6402efebbc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dbd35819c265bd7aa57b43c7408032cd
SHA1 fb74d29a19f42d6ca999bfcef84c7a21ce86ede7
SHA256 037b5965dc0cc1fd37cc44c2f2d84c182157e478379fb7700bdab2156094d53e
SHA512 88f5b657a2a82c1fd8630d634d9c8ba85a67e303cb81fcc287fab17e48d45625fa95bc62c0c688575187394e30f474d727754fa7025e53a5520afb1e42de27a4