Malware Analysis Report

2024-10-23 17:22

Sample ID 240828-jp48mszglb
Target c674ba216150d0a97aa3fd5f9fa8c210_JaffaCakes118
SHA256 51c1b0a9416e11f22d8c4954020113497667076d96105c21bd613f01a67072a9
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

51c1b0a9416e11f22d8c4954020113497667076d96105c21bd613f01a67072a9

Threat Level: Known bad

The file c674ba216150d0a97aa3fd5f9fa8c210_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-28 07:51

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-28 07:51

Reported

2024-08-28 07:54

Platform

win7-20240705-en

Max time kernel

123s

Max time network

139s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c674ba216150d0a97aa3fd5f9fa8c210_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf710000000002000000000010660000000100002000000095d8370fd0cc6f43b84da82c60c5cbfe3def378e8b2f5c9e698c0bfd333178f7000000000e8000000002000020000000551a1be5e7858c12a97cd8cfbbebfb13ecd84391e1821a245c2f7371fa5ffa3a2000000094c3ba9685bedb0a1193cc256415f31c7b64f53ebc360573b56c19b01081e4704000000041d6e5a6331249b00f4af4551dbd0b69e9fc94a9a390c8c9d4f9f1987ad229aeaa64493a19fe1d629d4cc15175fc77e24de2f593902e24d442a84848d6685519 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf710000000002000000000010660000000100002000000024415066ba8ba8ecef3832c26d03c1d792202dc4610ca7ef8cd35894c64fcfe6000000000e8000000002000020000000e3a91b7110ffb77b6f6908f278e0e98e678d6fbc1c7d334c8da709e89a5971d190000000d738b752ad2cb3e88bc236e4ce4860e9f1a2d45c09403a6f41f4bd1b083959a9f0ba2c630b2fb60fc608b46e6b390afadc5996d42bff70e5c22436d0b7d0c3a740a7a21747fe0a2b7944f30eee0ffba253d23899e1aa538628482b548d9534f4c7201d84068eceb8bf09bac62ca6331ba7ba3cbcc734a8d9ffdbaf13fdd862081212f172d49db900060c4c41d697d6a2400000002d01af6085dc21ddb06b5ed3cebde6e21b47a6fcd84a3e27b7397f53fcc422832fe81fafb5e3fbe4053a6be6a861d76bea001bfbbf04e6d930a5ee43743abfba C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0db1f651ff9da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5D767DF1-6512-11EF-A504-6205450442D7} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430993370" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c674ba216150d0a97aa3fd5f9fa8c210_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1672 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.180.9:80 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.187.194:80 pagead2.googlesyndication.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 216.58.201.106:80 fonts.googleapis.com tcp
GB 142.250.187.194:80 pagead2.googlesyndication.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 216.58.201.106:80 fonts.googleapis.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.187.195:80 fonts.gstatic.com tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 s10.histats.com udp
US 172.66.132.114:80 s10.histats.com tcp
US 172.66.132.114:80 s10.histats.com tcp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 ftsignals.blogspot.com udp
US 8.8.8.8:53 ras55.com udp
US 8.8.8.8:53 fashion.webhostinpakistan.com udp
CA 54.39.128.162:443 s4.histats.com tcp
CA 54.39.128.162:443 s4.histats.com tcp
GB 142.250.200.33:80 ftsignals.blogspot.com tcp
GB 142.250.200.33:80 ftsignals.blogspot.com tcp
GB 172.217.169.83:80 fashion.webhostinpakistan.com tcp
GB 172.217.169.83:80 fashion.webhostinpakistan.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 blogger-related-posts.googlecode.com udp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 216.58.201.106:80 ajax.googleapis.com tcp
GB 216.58.201.106:80 ajax.googleapis.com tcp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.135.106:80 r11.o.lencr.org tcp
GB 88.221.135.113:80 r11.o.lencr.org tcp
US 8.8.8.8:53 translate.google.com udp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 blogger.googleusercontent.com udp
GB 142.250.187.193:443 blogger.googleusercontent.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 172.217.169.14:80 translate.google.com tcp
GB 172.217.169.14:80 translate.google.com tcp
GB 142.250.187.193:443 blogger.googleusercontent.com tcp
GB 142.250.187.193:443 blogger.googleusercontent.com tcp
GB 172.217.169.14:443 translate.google.com tcp
US 8.8.8.8:53 translate.googleapis.com udp
GB 142.250.187.202:443 translate.googleapis.com tcp
GB 142.250.187.202:443 translate.googleapis.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.71:80 crl.microsoft.com tcp
CA 54.39.128.162:443 s4.histats.com tcp
CA 54.39.128.162:443 s4.histats.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 172.217.169.83:80 fashion.webhostinpakistan.com tcp
GB 172.217.169.83:80 fashion.webhostinpakistan.com tcp
US 8.8.8.8:53 infoforextrading-advise.blogspot.com udp
GB 142.250.200.33:80 infoforextrading-advise.blogspot.com tcp
GB 142.250.200.33:80 infoforextrading-advise.blogspot.com tcp
GB 172.217.169.14:80 translate.google.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 172.217.169.14:80 translate.google.com tcp
US 8.8.8.8:53 forex.webhostinpakistan.com udp
GB 172.217.169.83:80 forex.webhostinpakistan.com tcp
GB 172.217.169.83:80 forex.webhostinpakistan.com tcp
GB 172.217.169.14:443 translate.google.com tcp
US 8.8.8.8:53 draft.blogger.com udp
GB 142.250.187.193:443 blogger.googleusercontent.com tcp
GB 142.250.187.193:443 blogger.googleusercontent.com tcp
GB 142.250.187.193:443 blogger.googleusercontent.com tcp
GB 142.250.187.193:443 blogger.googleusercontent.com tcp
GB 142.250.180.9:443 draft.blogger.com tcp
GB 142.250.180.9:443 draft.blogger.com tcp
US 172.66.132.114:80 s10.histats.com tcp
US 172.66.132.114:80 s10.histats.com tcp
CA 54.39.128.162:443 s4.histats.com tcp
CA 54.39.128.162:443 s4.histats.com tcp
CA 54.39.128.162:443 s4.histats.com tcp
CA 54.39.128.162:443 s4.histats.com tcp
CA 54.39.128.162:443 s4.histats.com tcp
CA 54.39.128.162:443 s4.histats.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 19505bb31c79cc1a7db2996333def5bd
SHA1 60430231312b7beb8dba1f58370a7af8d559fcfb
SHA256 583a644129508f37946dc725c9d5c11756b1b34787987bd3746477a0b5bcf4c2
SHA512 f7e2659a83eee5d4d4e843d83b86afd9f0d96c1e75f8014c129fc80d8459f5f19793e0029ff0fa86fb41fee090c522243c9639b2a8548331cfcd5c9c49bac5be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e88520584ccfa364f25f85c06f335281
SHA1 28e46869f612d04eb6e8df9831ebab6dd48fd0cb
SHA256 07f1c65ac4a22c1425e72249bb9b0a1e16f83c7582f9127409607daf0cefb4b4
SHA512 acf39a360c468a63b51bedcade93a187d726f2a832d18d732414fd88c8e3802788e6295fcc5f7d9db28c11e97d65f3b287bab8b6609bacd144ea68d529a7c2d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 dfb1ce45710a5b91dba6a8dc7de1fda6
SHA1 82bcbd2f47ffe57e8f2f776487630b81d29b967f
SHA256 236e0e62f8a63006f209c1fd4d836f5d9a9c48c28b1bda3d6f1b2acb394aa26a
SHA512 92341693b8fe5842288fd771ff090019a17cb12e3bc91d13a0c87aff387154d5197c589a96cfb0c1413f33ac486331bebc22fa07fd057965760d0c2fdc29b483

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 b5c392c6517564751607bc06cc9568bb
SHA1 8305238f237066a889f3cb0bfc671e90244e9988
SHA256 6860288be58dcb0beefc105dd79f2f510c80109afd95a39195c1116c95a50fb5
SHA512 b7a021b1276a2acc6dc35585c5c9b6b478065b55d01d7b2acdad5af9b49a3f5e5746e980cbc0fd0d0cfe43e21472960464caba2c038ba1935cf8d31dc5993585

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

MD5 9f265e06a118520f1445b1f3c87c2283
SHA1 b20f16c38bdf90f23e46b7f4a5c942fe48133e6c
SHA256 b2114c1ed72f0e2c406fd28dcb88ea23e13f37adcf58c5e550486b26bcdf494f
SHA512 322a5f5e6c46b362b7bb378b0be13e410c8dcad6f5c9179431e0bb014149567d10799adb569813bf9cc9cbc92ca66eefad6ba5221c1811c4dcd75da6a597e601

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_9CE832D646FBAFC5C4ACFC523FDD84AD

MD5 4c52ba98042ee398d3e3c35fa55d80fa
SHA1 7e5455d3660b708a20ed0a9967cbc92e323a8dab
SHA256 0f11c2d66c4cecf4abe9f2ee3c79d8ccae44e54f7a94dbab600d0e9d597119e1
SHA512 0c68c5527f780d906f5aa3f999550427412b1aae597ac586d689c1263d74d9dfd95d9d792475e5fad9ad7b0ab382e650b0186e8897a87462fe5dd95a41eb1c81

C:\Users\Admin\AppData\Local\Temp\Cab8CB5.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_9CE832D646FBAFC5C4ACFC523FDD84AD

MD5 d6c412ac9dfaa94a45f3421625c4e162
SHA1 3e532bd22c8aeb6be66364a6959b826aa47055d5
SHA256 ba865b0142cb2df2a678f3a2d59b36cca95e513159fa5f1f8b2dc857052be38f
SHA512 cf7de70ed9cbc13a238ec68f2ba45bd9ca832c6f47a7c8c7d792a882e4f6ea58a63c76596173751f7f3ac9fb125adb4f2b9ecdff84c28599937f8a0d9337986e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\55013136-widget_css_bundle[1].css

MD5 e3f09df1bc175f411d1ec3dfb5afb17b
SHA1 3994ec3efe3c2447e7bbfdd97bb7e190dd1658f9
SHA256 1a2eca9e492e3a21e02dd77ad44d7af45c4091d35ede79e948b7a3f23e5b3617
SHA512 16164d66d452d7d343b1902fe5b864ffdee42811ee90952cbfe9efa9847c58c0403f944c8e29db2bc2384ccd516b629cb8765e5e51de37da6efd75962cf82530

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\authorization[1].css

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8I3CVQY\f[1].txt

MD5 dd45ad54aaf0ad8cfac671fdfe75b2a9
SHA1 9e5b80482b7a6d2833a1bd5ddbaa18b57f2931f7
SHA256 6d830a1ef1046b61663e1c2fca88b26e7105f78d352364c0ddfe687d9e98741e
SHA512 9b751ff63d337f0f45c1b5eea354d09af54e7e59c06edfc11086d02f51655485e60a37bc99099d4691b8882f84be5b08b5639ab5f6e43e2ca96a5974885fca75

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\js15[1].js

MD5 4beb0b1c8bbca69316e6eadcd83b1bf0
SHA1 602491c5f60960bf4ba7c3d2e600681a06ffcaa1
SHA256 429e7004f3f8fbe42cacb984c36a9cda33efdacc100a276b12e82c6ab78bf7ec
SHA512 3bc8560d56f39ba09da8a3582587b9ca727dd9fa60582892a2a8a2d7de42fa0fa057b28986a0975b84589d8e9ef320f976b3731a19ea17c83388c1309041b8f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\0[1].htm

MD5 6c9fcaae9f204d3fbdc498c8e897142b
SHA1 08744da6568aa66865b7dc089fb5a6c0ec59943b
SHA256 8a5ee74a0b0652d311ddd54c2c6847c2d38b6db8fbfa55da5d029b3c2185873e
SHA512 7dad025ccd87f91f8affb1949fcd8e86cb1f44bfa70749ab3300d07eed2d6e44f330224fe8f8d61568bc290003daf947ee5982b331debd69a1e6927f8332a77a

C:\Users\Admin\AppData\Local\Temp\Tar8872.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed34384d6d9de34dbba31d268451638d
SHA1 af9c3cef2d6aabac9951222d67802faabd17ada9
SHA256 b853b8ced558e9850a98c5be3d5ecb5f36ea49b2b5de742f719dbaecd727cb1c
SHA512 63f7a234528887547c95a8c7101364920bb89392044f29872c187124545b41c3181672bd348cd0a81d4e046e827636a6ccd5a511f8d832bb6dbb566e08be7dd7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58054adebaf2f619bd66671722ba7d7e
SHA1 d6d48dde85cc4f335280c8fdd40c13956d907a0b
SHA256 13cf671420a1b2284e489de5e3624955bfb27e02a924c0602a998a269db164d2
SHA512 565d384ba63596dfd2aca4c4e0e19542fd6e1502cc35cf2897e34f4abda5794ddc2d6f836777fdfd2ba6b0b3740ef075ee8486592598c969cf9d95847cb02f6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 3495d5d1702eb6b94ef2637803bf5767
SHA1 3c5ec59078711d9eda8accb70ec5a3586088b855
SHA256 134f030c44b924e12e73e58899b3a7b78090bfa5986216d1b50610f0e20aea03
SHA512 37d483fe514225f0bebbb6e73e6bf91128ee4b57df0fd6266351e4465d6c975a4114ee668402fabfbb1fe11ec247e550013570cf467a95b382274c1abd20c3af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67bacb59a5b16b077db8e9d190947c0e
SHA1 8a26c298b0b8bc697ead7ccaaf1689714d9dbc38
SHA256 b9eddbe7247bbafe73ad986d967beb365e53a2eaf9c4d792ff84f1c10c09ce34
SHA512 33482fdbc50f6b76f2f9732c162baddfb77df5bddf502d68aa85c8ea7094d2a825e0c08f128af777b64df2eb9e255d87d73662400fa0b9e265f207bee2f58146

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2abc10b49f3a18e4bd602232df63c0c3
SHA1 d4b1c0c7dd1c3d890c1e3014154bd0b1a9ec0891
SHA256 640ed2eb66f03e058cd54eef8f0d12d7bb0516ae670b4415d56cc5f91b1227c6
SHA512 80fc2e29fec957d21e10471bb31a17261ad0b8d791ae7abc67b6b629d19ee83c38f2179aa62eaefabaf910f32eb8f8e7cc59f787e43d911bb9b72982e2df2288

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6846b1fc62b4b46bde28dfc0129f1e56
SHA1 bf668577e59541701dfbd5cc418c9453ebcc182c
SHA256 b07172e39bfb027278f7fc0762a17204aa292d1ef52bdebfd4f1a7aa523cee05
SHA512 ac50d8d71a54299ade9ec27e55ae21705f19fd655a9f3927ece0e265cec31ad09ea0fbcaf4e4c84efd6fd82be5ed431cfb654fa03fb56d00339c7614922d3233

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bd1771c756336f63eb62247b926b2cc
SHA1 980ad714396c65efffee3bda112affc4a235879b
SHA256 fe89412ffea9d98ff3a653c4252a3577f7c3784e2f1c71ccaca2c5a1f517197b
SHA512 17d775d9ae651edc3d88b2e429333b707dcc9dae7b850ba81bdfda28ac4a6b9f912c701b25b617ed9475bbb70ff45e72449d9fca255b9030d9601de026e71ff0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89ff488cf4799a1f11c49205978c5e97
SHA1 348b87528da4a53d76d965b119e7df4e3a1e5f1c
SHA256 da3f707b95debf059f71b652d08ef723b46b6ce2caff35f1f02f7c03eba94c66
SHA512 80bcce900054d631c37ac49ac29e6fe17b5ab69fbf8a1f2154f48e2c258a5846ce0b05015e810638cc5d74528bd26d6a722903b707e38986f7c9d8eb7b1e1d94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 976740745e4f12af557fcc17eb5788db
SHA1 641f54b3e2562f5d5e03821565546b11ab0b6e25
SHA256 50f74a91c3d3251e7beb6f3a80808f9edaf09538dedd13379f1b19e13b774ec3
SHA512 3aadcdfae808d231ad09242968f4caa74a21c2e4601057b429ef275cc9bcc2c01281d199250ec5d377a73c878111da85303e3b6a0646c254a5d8731c707180c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88c106a599fd1f5673b4f4cc61a2cc82
SHA1 ede1d944582c9eb0b9c1616e32a85303ad97dec5
SHA256 a8b1d726a1b6a31cf8e6952adb205f2cd3d8e31ce7e40d49391fdd73e613608b
SHA512 f118ca841249d08519c3b4edc74a2e0d5e4db757ac870bdbcc9f8fdfc17b21dfd6b17603a12a87a8969ab590a873a59889ffc0f4f41a77e227f84aad85d4aa7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3c07fadb1272115c23be697d9277e38
SHA1 3a006eba4771c1d91f25577939296b39f9ac95a5
SHA256 44f2057dbb415b9c66a7943d5bc9fa94b949b5d2142d7a96011351ada05bb2fb
SHA512 fe222a8f08e51124e5768300cddc276a6687548fa6debfe549a1e841904fd7f21503ddfd8d7d1a16b05f7e6d46ed91878718448d39f227ea85b1ae8bfb7787c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73174429edafac976d1d37624f6a1ef8
SHA1 c814f8f3d5fade22b25cbc8ae8c1a28a89e01ccf
SHA256 5a6c5b4e79d429fb58a949b2c0b1b0c5b301fc9e6d027b285730113ab74af68a
SHA512 6d363f94f230a09131e2384669200ed0e17f6194f216e7c11a7a9098666af208f0354f5413873ecf2e72c88a03ea90532d0af9151e3feaebc85a290c5b630efb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\cookienotice[1].js

MD5 a705132a2174f88e196ec3610d68faa8
SHA1 3bad57a48d973a678fec600d45933010f6edc659
SHA256 068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
SHA512 e947d33e0e9c5e6516f05e0ea696406e4e09b458f85021bc3a217071ae14879b2251e65aec5d1935ca9af2433d023356298321564e1a41119d41be7c2b2d36d5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8I3CVQY\css[1].css

MD5 a8aa26addf3c87d9f58374f6ea73308c
SHA1 32e6214b33a369b8d766e6cac55f757e0f7776f9
SHA256 5f76b4459b4391e5a30677a87065c7775d9b085b6b3652e1146b03f1b6b8c306
SHA512 c358b2cb834a9f417357168683463a1ddbac13555cbffb4bb0255761c6e12632ac4ad95bccca24be20bbda2cc21593629d57ddde7cecd01b98c18511c31558df

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8I3CVQY\css[2].css

MD5 4169d4a8701b5c253cfb2178415997f1
SHA1 24cf6f697756068ab04519c74ca82ce0abb5f9a8
SHA256 e2ee45552145cf81c35e596d9b6cb6cf60d768675a1e4521ad265d41b9cc7cf5
SHA512 03c1aa85db284040fecfc9f40f5e04342b7d203e3a87d7c4f1c904d5a6e27bc095ab86c0d2ca286afdffd78294727d810f4763fe06e2e701342a61208c0044a2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\3618731732-widgets[1].js

MD5 2f03eb183c84a977c14e9e2b57b9e89f
SHA1 55a186e6ffbebc43c5c7addf0e320f9250310725
SHA256 70b7f058dd01599c07fc1141c6e197849e2dd18d82c12faed0dbcc151bc5acb0
SHA512 449f0607cccb521a1734d21f177e3d444ccb8517a77d85f91a5f3bcd47e9872f99de2254f873850eb5d7eea88f3934b2161ec8ae7b6b57272ff7d7cfd1befdf9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8I3CVQY\element[1].js

MD5 e46db40dff180357ae86c3c0922ed39d
SHA1 263d0489d344e68d9aeb5ee29efc566df3e20279
SHA256 0fc105dcf81c380187c5d2ed6a91202b9b068a17142f6645c05d7aa19d3cc62d
SHA512 eae27fc565def8d185cd1d1d143265b836859af3ee2969836355a46014b43abe0d5db8d05d91cd8079e7435ca8e6ef3beb323c628ab313a67d46821e5e8b64f0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\m=el_main[1].js

MD5 989f9c5a8dcf28324c56d891eaa29d05
SHA1 cf67d57282207f5fd43834c3cb943805dcfa3d3b
SHA256 d219f28d683e530c4085057f45ada38c5dab9d81983d6c65eea7a149ca0f85bb
SHA512 05886e3f43bda60eb82061c2496022108b062361e54d83ccf305bd066788af257af898fe2630d3b03c54fa18d2c192d2963c38cf48594d2b200c3ce00e55d553

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\0[2].htm

MD5 9365ca6400e4ce16cf430fa899ed669a
SHA1 8747232ee83787b89752a56a540872805679eefe
SHA256 1de16d4055c4ab4aef199682255aea51de5088308e41a7a9a1d0931a2db8f381
SHA512 94a12c2eec3b3cc78f29b66782f3a81d70b0c2b068eeab2a4fd68435d2fa9fcb4c9e1fb193cdf197dda77293b97eab750bc89e63e7352b960e88472838c932f2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\dnserrordiagoff[1]

MD5 47f581b112d58eda23ea8b2e08cf0ff0
SHA1 6ec1df5eaec1439573aef0fb96dabfc953305e5b
SHA256 b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928
SHA512 187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\errorPageStrings[1]

MD5 e3e4a98353f119b80b323302f26b78fa
SHA1 20ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA256 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512 d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\httpErrorPagesScripts[1]

MD5 3f57b781cb3ef114dd0b665151571b7b
SHA1 ce6a63f996df3a1cccb81720e21204b825e0238c
SHA256 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
SHA512 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4fe22915ca5da88efb8a5b2f038e11b1
SHA1 e0a9a67a19c46a87d4b3e64987a71d869c467021
SHA256 13b9a205cd071d9be100c009e657f638cd32f1516093185c58a5b2b14d671439
SHA512 e886445b8cef1357e7b16c9e2d36a6e546fc6bc158f1cca299dbe3f3d55e57442ab8b4969a5135f66b53bf810191690f91f8cc4d5de31948e49949ff39855e86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf720590017eeff8ce16c6ca56d258d4
SHA1 06ddcec01f3ec03f1ac77cf256b799610f4452e6
SHA256 c9fa77606cd05a2472e783374b9f02992452f41d7361ae575ac4e15aef91f9cb
SHA512 4ce9b0475fb1d2f81f741810dd25e0076b863f9f64b3a30e8e3074bf844f6c0bdaddaa1b905cd6489db553d6b367f34b76eb462cde548268aa847ea6b739df66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7484709ff75a2b0971f77cbf9a223b3d
SHA1 574d9baa8331ab071bb29c9c0f9c1476456f60b9
SHA256 33fba359ce4e93d491b9bc37af758d4ca7381d06fa7540c10cf19dfe9f29201d
SHA512 12856ef5a338a4226dc8c43f310a898766fcf570685fc1bfb365c7af1209b9c435fd5c079d842b72a3b5d9ed48f540b78c72275af5ed361d3b95e33974c69ae1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 407f44ad24b72b11751985850fdabe16
SHA1 0c74314a39e52b4f326abaf7d89b6ddcba54361c
SHA256 3a6a237ab5fc1745d0953182d210475ceacecff9a19591b0bf2d28327ff6b760
SHA512 4d0984c74bc865d9f57bea5481a8bd423eebedd3cda2f1fae81c1105f75f528146939d9cf77df2166e2fc38629c62dd5d1b88fd37ce8f9d58a36da98c5d3e6ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8300932ea26f2668b6eb6710de568563
SHA1 da1e87c30cd46850a37eea5bf3f7bacbba0f5bc7
SHA256 70f426f4309bb529b1e7bdd6456696b765a0f6ad858d6dc9574eaf537f7754ff
SHA512 3dbe1b74a54aa1f71ee4f18997d347df5e37afcd6328096273db0abdef4ae8734c29bbfc03da8ae1cb469f150141b51503165557d74833a642a4fb75ff190769

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 288105fd3482997d69ac9c911548d931
SHA1 034ec37473daf3bf0a8155370a17eb4b50df5f31
SHA256 ac512375efddbb0cc6bfcf565a77591aed3b25987ed2364479a0ac9dc70c203d
SHA512 2f5fbd8d0fa52d27a94e9d890d8bf564a7b11db3cce07389f1ecde71bc86b866541f280bd4e4e582cd724c9e9c1d54158bd5a9425585a46695a50e237bffdfc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92b51e65a4d3326ce850acec832adea5
SHA1 eee68ee5b5a1da56bf1f61b9e35acdb9a241629a
SHA256 3a6856f0acb73164172ad4f97e4c9971643545688b91dcc55fe8f206f18d69b9
SHA512 0302c71cbc1d2a7afe8cfe52e7e30e16a14836b012ed12b071ac601d4900fea72ddec9c6c3f22d28b58b0eae2ae8f1872db9fb9bf502632302634598f8b40358

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c3db1f4379983a00876cedbec889670
SHA1 47b1bd6d3184ab7946caab56fe3d5b049fd9d2c8
SHA256 33e592775abe23eff6f8f11942e691768056f24dbecde27ba8b32ecc0a8e3eeb
SHA512 b33e80c1b43b38f21cc036926f07ba62c97875ad9a72403bbec0ec7de87d532421cd4319ec347a4cc0f3d0c42cf6111e58e80c1ba8d5b5e89c70512e47334ae4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12f299d537fe0dd3b093c367380be0f1
SHA1 a59f9961eaf34adaa527f9720a8a032430ff219f
SHA256 eccde0b74bcaaddf7491dde630e5069b04d5261019cd02583dfe0c9fe6c98f75
SHA512 5808d7170b97d05212f02ca8f67dd29eaec80a49aa7bfd12c02e0756213134399d1910671cd6d092b0300570fc93d0d0ff9843cacd8abfb305ba19982eddce1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e70f73e44a9374371f51c72815c75fe
SHA1 e78caa29fdba17a26525593a981b5b9be00d9bdf
SHA256 ecc776a72d919f8909646faa467f19dced87194cdfc5b33e9a32161036e8b064
SHA512 e080cfa161d7f8784c63ee1ba47e42cfba1465b465d55986a98aa7a52293c043e2cd74f9b323b9410f5aaf74ce15fa4917ce3ba0380cd05afd3664bd5852b8af

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-28 07:51

Reported

2024-08-28 07:54

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c674ba216150d0a97aa3fd5f9fa8c210_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4504 wrote to memory of 3428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 3428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 4000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 1044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c674ba216150d0a97aa3fd5f9fa8c210_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab4c846f8,0x7ffab4c84708,0x7ffab4c84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16159272580084879373,13128655543107107201,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,16159272580084879373,13128655543107107201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,16159272580084879373,13128655543107107201,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16159272580084879373,13128655543107107201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16159272580084879373,13128655543107107201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16159272580084879373,13128655543107107201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16159272580084879373,13128655543107107201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16159272580084879373,13128655543107107201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16159272580084879373,13128655543107107201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16159272580084879373,13128655543107107201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16159272580084879373,13128655543107107201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16159272580084879373,13128655543107107201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16159272580084879373,13128655543107107201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16159272580084879373,13128655543107107201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16159272580084879373,13128655543107107201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16159272580084879373,13128655543107107201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16159272580084879373,13128655543107107201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16159272580084879373,13128655543107107201,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2436 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.179.226:80 pagead2.googlesyndication.com tcp
GB 216.58.201.106:80 fonts.googleapis.com tcp
GB 216.58.201.106:80 fonts.googleapis.com tcp
GB 172.217.169.14:445 translate.google.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:80 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.187.195:80 fonts.gstatic.com tcp
GB 142.250.180.9:443 resources.blogblog.com udp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 9.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 translate.google.com udp
GB 172.217.169.14:139 translate.google.com tcp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 s10.histats.com udp
US 172.66.132.118:80 s10.histats.com tcp
US 8.8.8.8:53 ftsignals.blogspot.com udp
US 8.8.8.8:53 fashion.webhostinpakistan.com udp
US 8.8.8.8:53 ras55.com udp
US 8.8.8.8:53 s4.histats.com udp
GB 142.250.200.33:80 ftsignals.blogspot.com tcp
GB 172.217.169.83:80 fashion.webhostinpakistan.com tcp
CA 149.56.240.31:443 s4.histats.com tcp
US 8.8.8.8:53 118.132.66.172.in-addr.arpa udp
US 8.8.8.8:53 blogger-related-posts.googlecode.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.linkwithin.com udp
GB 142.250.187.193:443 lh3.googleusercontent.com udp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.200.10:80 ajax.googleapis.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 172.217.169.14:80 translate.google.com tcp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 blogger.googleusercontent.com udp
GB 172.217.169.14:443 translate.google.com tcp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 83.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 31.240.56.149.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 82.116.253.172.in-addr.arpa udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 www.alexa.com udp
GB 142.250.187.234:443 translate.googleapis.com tcp
CA 149.56.240.31:443 s4.histats.com tcp
US 8.8.8.8:53 webhostinpakistan.com udp
US 8.8.8.8:53 www.histats.com udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
GB 142.250.187.234:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 infoforextrading-advise.blogspot.com udp
US 8.8.8.8:53 ras55.com udp
GB 142.250.200.33:80 infoforextrading-advise.blogspot.com tcp
US 8.8.8.8:53 xslt.alexa.com udp
GB 172.217.169.14:443 translate.google.com udp
US 8.8.8.8:53 forex.webhostinpakistan.com udp
GB 172.217.169.83:80 forex.webhostinpakistan.com tcp
CA 149.56.240.31:443 s4.histats.com tcp
US 8.8.8.8:53 draft.blogger.com udp
US 8.8.8.8:53 hit007.webhostinpakistan.com udp
GB 142.250.179.234:443 translate-pa.googleapis.com udp
CA 149.56.240.31:443 s4.histats.com tcp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
IE 172.253.116.82:80 blogger-related-posts.googlecode.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
CA 149.56.240.31:443 s4.histats.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ras55.com udp
US 8.8.8.8:53 xslt.alexa.com udp
CA 149.56.240.31:443 s4.histats.com tcp
CA 149.56.240.31:443 s4.histats.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
GB 142.250.179.228:443 www.google.com udp
CA 149.56.240.31:443 s4.histats.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 216.58.204.66:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2783c40400a8912a79cfd383da731086
SHA1 001a131fe399c30973089e18358818090ca81789
SHA256 331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512 b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

\??\pipe\LOCAL\crashpad_4504_XHTTQLXDSLQGKSDN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ff63763eedb406987ced076e36ec9acf
SHA1 16365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA256 8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512 ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7635db222f1560ea5d99e0e451b75f20
SHA1 204a19654e484167a7a1d3d1fe454547135c97aa
SHA256 a36103d968ee863007ff4dc954eebf20153838ecb53db73c189d1a39ed582316
SHA512 85e72c1e648ce20b4922742d7019730e3ae129d9ee2b824d6b8a4dab4930ed124e928a4299777c25e37940c468a5cbe866303bc48e67b3a583944b98f5706e15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 09d9ba081f10a1a95556bc107919aaa2
SHA1 3b4515f28b738ca1334264032d10ae587071ee02
SHA256 fcd83076a6c40f79fbbdc73cd30340fd895dc28d9b9c5254ba2a2a93d5518f2b
SHA512 a298a33c5a6c17305743f79e0e62978728f3af24a49d174937a3f5bb39e38d1ad0e0ecdd2abd5dc95215fea9855de5c72b41a099a9ad58e6a2dff5ea10ff9511

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9a66a76f14d21f7fb966b10feae2b745
SHA1 94d2bdcd4ccb93bf689a166091ded19a109b5d90
SHA256 19c57efbc2691c9c0ddc607bf8a5b79c7f26bd38d66680e2134c8dde5c11f0ad
SHA512 e3c75c795c8104f89da7258c507555e964070437ee0af6f85877dd1ade1f0c4a6becdf59f6ce1584c3608e1b120296356b4e65d0a04ed20662e0791ceb7e25b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 73dcfbeea9bdfc86f43ec635269956f1
SHA1 c1dcece28a45b8d168e1a7270b2084af30c04d5e
SHA256 227977f705e1535df37e883324ba90da7e7f83aa12001f0665cb16df6f38e41e
SHA512 2ee9c19d21a707ddd18d7172ec8beaadb2dbf4c04fb7690d73d800bd95b946ecd34636279cfba3c2ea0344ab66fbbd9a0acde41dec671c7ffceb128bf3557a5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3c8c76fc4f6a0610254433da60fb3d0b
SHA1 ab927dff68e309d5f208b3c14cf00078ac79581a
SHA256 5b284bf004d72b05f08b43dc1a9c472a05e4c18d3dcf8ac5096e562cd613f174
SHA512 c9fb1fcad17b6b652a23b159dc582e248ed3642b3a5032e2ef799976be0bc091ff361302097ee6ce17ffa8348faec78084609b3fdae495974899c44739192170

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 8da65dd6e50b9ef72cda55d9fd1a165c
SHA1 eeecd39c1791af50dd31f13a0e4690b6aabe436e
SHA256 49987ef89c76396545bf199f5aaa680e770178c4c876cd524204c72d7da9a6dc
SHA512 5d8f02576775437d5103727bc32ed9313e52a556a70e7d6d485e0165764891d25c70e1bd023a88cb24f9c247689fd407578b5e5729330d81e4951e9188d6ecb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 af1cff2a14baf4450f5a8f421aec6746
SHA1 db60c06b8794739f5209c46f4c1dd0158f78de99
SHA256 3e364a2efb5f84a48d0b869b8c75b2ba15beed9dd7accfd391e3f9e80c9c9c57
SHA512 235c2699dfe3173e93d028fd94cb3e887af50cc01625aef10b81aab06381caf7bddedb52bb40fc7170e49c8556caebc1f021e2248f21076ab7be40362a896641

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\04c5f9142bc83442_0

MD5 768ae45bd252f5cc679be2d4c2e15442
SHA1 63e592f06d293c6619c27650f38e20a6151414ca
SHA256 4b5d68784e543c8efcd6cb790ce78e3e6781d071277520995729af114d5f509c
SHA512 6cf8ccc5a64523f93ca9975be49c466bdff984a25c268527c97b2d5151a622d508e9e67ac5fcfa2152fa44fae0a077e1dda1f2b99ccf420ca66379047be3b342

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\484d85c51128b078_0

MD5 798d9950268f6a285ae6e496cd75a16c
SHA1 f58eeb2dcb7479dcfa2bf759a0f8a8ef61994b32
SHA256 abd4890c999133b58bb8633ada5fb065009bfbaae69f6724904640454ca4862b
SHA512 cb4a04e27ffc6790932f71bd40258813cc1600d4dc90c54f4991e6f28300bcaf3d5c65d06138a03fe5534678f4f6cf7234277de1dc573bc0f758fed9812c64e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8578d161554ddaec_0

MD5 5ff0afbfc51a8d65a2a66e4b3769401e
SHA1 3c34029a05643d873cb2bc278a28a19bedc4aac5
SHA256 9af2e1ad16f7a98367a6ea95599a89242e442816d72c726e4c4ade1a8d0d24e2
SHA512 7747e626db9a6c2bd516c8c373c4baba1bdc79a17aa7ab3f7018c4da921f9d7f04679fd1026b27a4d482102f5511ce1dd71748741faa364a28bafe82071d8777

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8babae10a3a0ac8ea23db93be706f2d5
SHA1 30e33d0d7950a69c5e8f6dd6d2750dd751410d83
SHA256 c70c1d03a219a4a99352f3f285fe57deeb766169dcadcf5babdea7c441b410a1
SHA512 4593bbceef2875e153ec9c1afc031c776aee5acf9147cdf8dac37462186dbfbeaadbaf3fd331d72c8405ab7e62719ac536210738cf008e5a6f17406a61199341

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 99a04c2479b3f40ff5dcb77fb3fa739b
SHA1 6bdc0e97640cba384c8276ab7b3bcafcd5e99825
SHA256 ba79bbdcc754a1d37db28a773b8c6bd18e105ad390a3857393edffc191c38e9c
SHA512 c7b6922d8a401d82480e21a1edb0880f88019f594698699f44e3879d7ef69b8002e9e70a3994c56dfa6abed76c7da46d3fb7ff9ecd1d273d141b7c56bb2fd928

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 60a3de5017826b8a54517246f64438f8
SHA1 244251f71ff7edf0c0f86a7675bb041b7f480172
SHA256 ba2a860c591fdb686ff19cfc7b8c05d191044fe027e950317d72b12bccf60d92
SHA512 28e3c2da2798ed720a508e9e97e040d21eaf125259642dd37ad8c53b19ac7a96c4f00cf697ca051cdc714feeafaaaa5445c43b9368e273513b0f76da53c0115a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 72855061fb9390ff8a0c7783885b77d4
SHA1 8a4d98d335398d883a1cfe0d31b173fa0bf9ba0a
SHA256 fdf152367c71bb710f21c11253d31b59bcf466f54b62c7467289e8f6506c47fd
SHA512 c8701c6151f1599675ea293a7a21234102aebd681f53c44c34925307dcf5d2330179c94659d0ceda04bf386e2a8dcc5c9afa315fae9c845eecac483259082eef