Malware Analysis Report

2024-10-23 17:22

Sample ID 240828-mca1tawenm
Target c6a7fa521a0b25222f73b3fb886fada2_JaffaCakes118
SHA256 41d6b3b8ea94f41013b9ae33ad056841ae5b0740cdd44bbf1ec0c35c269856ba
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

41d6b3b8ea94f41013b9ae33ad056841ae5b0740cdd44bbf1ec0c35c269856ba

Threat Level: Known bad

The file c6a7fa521a0b25222f73b3fb886fada2_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-28 10:18

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-28 10:18

Reported

2024-08-28 10:21

Platform

win7-20240708-en

Max time kernel

134s

Max time network

140s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c6a7fa521a0b25222f73b3fb886fada2_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb00000000000200000000001066000000010000200000008e0151a1a4496f4dec2225fd19f138ebe8b12787300b2292b10ec5ea1b0eac49000000000e80000000020000200000007e43dd1098e1c32889d8b0461c1f920803646dfe14f440a58ed7247e6995b09020000000b4c51f8bb45f2ee98a553915b2c8a44ebaca4247e77f8abdfaadcc41eaff3c9d40000000b1f759583778fe20c496feff5b87c6dbff7f23d348cd4584d6578cd94a898c7feae81fc5177ddbc24f6835dff7300fba202dede37f93308266a34e32201078de C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb000000000002000000000010660000000100002000000071e5f284b76ae0c35705dffe1b78a523af919d853c70077c6af262b4d48d3969000000000e8000000002000020000000694c83e5b88c3f9087a7ed20b8446cea98379248411245cf35ec6ce52b1fb3ba9000000083695758542dcb773f2a1ceef43c00b6f74aee71123683c972ad2f3ae433ac36e3d9c85d411ebe89e8a9a1714f64b4442ed4965753eea37774c3e35b4dc3690b684507edc4abc75db20e5ee09e4e51c2f52f5e97611dc60ebd03bfba2bd3e7bf0e63727738d28fe7478a1f07b18fd0e9f706ea88744cb1c20ffe4d2de5e31ef49a5a97641b57fd819bf69e012c041fd7400000007ad5537454aa39afe5457ed27fe6ff63c62f96307dbab272f18046d8220bb2a8be2a46c2aa3dcf919c318a516f232faaedb7b6839c34efee47e51d003bae2c81 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E71CAED1-6526-11EF-946E-F64010A3169C} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431002191" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0493ce633f9da01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c6a7fa521a0b25222f73b3fb886fada2_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 cdn.wibiya.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.intensedebate.com udp
US 8.8.8.8:53 www.zoosos.gr udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 i1234.photobucket.com udp
US 8.8.8.8:53 go.linkwi.se udp
US 8.8.8.8:53 s7.addthis.com udp
US 172.67.143.66:80 cdn.wibiya.com tcp
GB 142.250.187.206:80 apis.google.com tcp
US 172.67.143.66:80 cdn.wibiya.com tcp
GB 142.250.187.206:80 apis.google.com tcp
GB 142.250.187.206:443 apis.google.com tcp
DE 144.76.151.218:80 go.linkwi.se tcp
DE 144.76.151.218:80 go.linkwi.se tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
US 192.0.123.247:80 www.intensedebate.com tcp
US 192.0.123.247:80 www.intensedebate.com tcp
GB 23.36.249.243:80 s7.addthis.com tcp
GB 23.36.249.243:80 s7.addthis.com tcp
GB 172.217.169.10:443 ajax.googleapis.com tcp
GB 172.217.169.10:443 ajax.googleapis.com tcp
GB 142.250.180.9:80 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
US 3.165.232.11:80 i1234.photobucket.com tcp
US 3.165.232.11:80 i1234.photobucket.com tcp
US 104.21.70.210:80 www.zoosos.gr tcp
US 104.21.70.210:80 www.zoosos.gr tcp
US 3.165.232.11:443 i1234.photobucket.com tcp
US 8.8.8.8:53 www.tealdit.com udp
US 104.21.72.39:80 www.tealdit.com tcp
US 104.21.72.39:80 www.tealdit.com tcp
US 192.0.123.247:443 www.intensedebate.com tcp
US 104.21.72.39:443 www.tealdit.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 216.58.201.110:80 www.google-analytics.com tcp
GB 216.58.201.110:80 www.google-analytics.com tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 192.0.123.247:443 www.intensedebate.com tcp
US 8.8.8.8:53 en.aegeanair.com udp
US 8.8.8.8:53 widgets.amung.us udp
GB 2.16.170.49:443 en.aegeanair.com tcp
GB 2.16.170.49:443 en.aegeanair.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 172.67.8.141:80 widgets.amung.us tcp
US 172.67.8.141:80 widgets.amung.us tcp
US 3.165.229.26:80 ocsp.r2m02.amazontrust.com tcp
US 192.0.123.247:443 www.intensedebate.com tcp
US 192.0.123.247:443 www.intensedebate.com tcp
US 192.0.123.247:443 www.intensedebate.com tcp
US 192.0.123.247:443 www.intensedebate.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 142.250.180.14:80 developers.google.com tcp
GB 142.250.180.14:80 developers.google.com tcp
GB 142.250.180.14:443 developers.google.com tcp
US 8.8.8.8:53 r-login.wordpress.com udp
US 192.0.78.19:443 r-login.wordpress.com tcp
US 192.0.78.19:443 r-login.wordpress.com tcp
GB 2.16.170.49:443 en.aegeanair.com tcp
US 8.8.8.8:53 s.intensedebate.com udp
US 192.0.123.246:80 s.intensedebate.com tcp
US 192.0.123.246:80 s.intensedebate.com tcp
US 192.0.123.246:443 s.intensedebate.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.71:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 doglovernews.blogspot.gr udp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.200.33:80 doglovernews.blogspot.gr tcp
GB 142.250.200.33:80 doglovernews.blogspot.gr tcp
US 8.8.8.8:53 blogger.googleusercontent.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.187.193:443 blogger.googleusercontent.com tcp
GB 142.250.187.193:443 blogger.googleusercontent.com tcp
GB 142.250.187.193:443 blogger.googleusercontent.com tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 d76d3fc3d7bb49556bb74bca2bb90338
SHA1 57b9fff4ac995098b8318d34842b43e4a4eb975c
SHA256 884a7b4213c1803af40fac1bb6bb58ece151c608cb7abb353b4dd46b61d1b3c1
SHA512 cbe301e87ae952ddf43606494eb67679ab2f62e3e78a54567bd5b0a75d2a3b722ef7831c0cb29629134a90421227af069b558f16317650b1631cc633b9f2d1e5

C:\Users\Admin\AppData\Local\Temp\CabD06B.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarD07E.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

MD5 9f265e06a118520f1445b1f3c87c2283
SHA1 b20f16c38bdf90f23e46b7f4a5c942fe48133e6c
SHA256 b2114c1ed72f0e2c406fd28dcb88ea23e13f37adcf58c5e550486b26bcdf494f
SHA512 322a5f5e6c46b362b7bb378b0be13e410c8dcad6f5c9179431e0bb014149567d10799adb569813bf9cc9cbc92ca66eefad6ba5221c1811c4dcd75da6a597e601

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9aaa2fe25c0f52ac54d57669d7cd7ab
SHA1 ed2e0f664633957c4cca187e4a3d8c960b40d496
SHA256 29bc5434bd68ff44c524821aa192c858392dcf64d86f7911028d1d12125768d5
SHA512 815650d5cada7a4815f8e6270cef0dee8c0606c36fde188b51b606663eac911e6ed893107d5cd226f5e15e154dd5f313f9309dae00051eff28e6fea0eba85bf9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b06c8de4ce4d1127496a6740c56ca89
SHA1 5b8abdceef2e72526cc7df59df45c9629c88c9e5
SHA256 5b5eed6156e628cf6ea3e761690bb4ee36d963d8b5dfbcc33a991c44c25b1570
SHA512 a6514ba973d3c99e45f04974876d4fefc96bc8d458788ca09a7e4d5b67cbad229e85d2e4c45102bd3f20c2065ce90bbe59a36cb843c2a98a09fcab961e12a331

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cecff7dcce0fa8eacb3e73468614834e
SHA1 64d5140e74d71387974cb1e1ee956cc1ddb60233
SHA256 e7ddf16b634a86df4117827edca4e086c5dab5c73e9247cd5c2c685a7767086b
SHA512 6f65027bdbddb3c0f78752295098a3bb37098381f8275c88cef1374a91c548fbb634fcd8a372da7ecbc83879e127f74c51b57308137d74da67e5acd89c69ba83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b63264cd6db6739c5b77d149401eb6fb
SHA1 851aa0912ade039eeb1c43780643130e1fc0318d
SHA256 4214590e411da8b28ca1d5130b490c7859fb54618d9ecce139ba07966156c8c3
SHA512 7e340765a8ad003caadde5de167cb74222dec43f28257f631192ba5f7f6bce9dd5c4e6a44f6edc0b3acc6db718089e3cb65b93397caaee8a8388e607b2f352ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 ba9857007d749cf0dbb01dcaeedb9a98
SHA1 954c0e8255c789ff3a31c6d511668579eb7213eb
SHA256 dfe0e168a5404fa5f8864396511946dc443e00e6c5c041f4f1aa760b26affca3
SHA512 d4630e3ab38b226ca50c8dac93e059d282fd06cd81bf05550a12b2f861f5876c4b8cdeddff93641646170947fa2128ff101df6ffdf0db3f4ffb5effccc5543a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 544fb3b21d8f79ed53ee38eae38cd52a
SHA1 79320b39a8f622317f11183b642c4c26b5e40172
SHA256 6b1cb461f5d1d3dd5993d660d0b0ca53b1c518b3f5e5273974161d6ac92b244c
SHA512 82db5bb84bda4c8a4729d5752227bfeefa276ea820526251b9a164df5e0cdadc899fdb22ed3bcc69e120df52f42199a4705e6fef4bf9a519c23c2c4e51422bf6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E1IWGZ4\plusone[2].js

MD5 65d165a4d38bfc0c83b38d98e488f063
SHA1 1c4ed17c5598a07358f88018a4872aa37ae8bc07
SHA256 b1320e0dda0858c87971f7baa0d53063ad2a429d232fd06b0067bda8b9eeb0ec
SHA512 abf4c755d88193e7e05398b6f934fc561d8e2adbee7d2170af399e145e54a4a8a93988e4af4e28d6240c0bd1bda7035ae97f67a85a471088820baae8d89f3d41

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E1IWGZ4\crl[1].js

MD5 bf85596e03bb78f777a0594c86522ebb
SHA1 68fbaf69eb6745adcf32669e6f97e616847d6ed6
SHA256 15928aa05f60c793d4dfcdc4ed2ffad125b78face4c755cb5c2bec4d381e935e
SHA512 c4bfe5207728937359efbdc0ca7963a348dc8fb31e9f3b003490a3192edb2ddbe4199660d8010b196d514e7908f5f1527b6ea705f0e720a327f2029f58fe8860

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1efa4f0e31a4531b4dba10e2bf286bd2
SHA1 e515b52d2b492b0365694424a005ff197813ec5e
SHA256 958538449b2b41133852981c3a151d5ad9d93b11db6540108613738ea45c3eaa
SHA512 c59a6fc3a2306c3f541efb68e6c09a759b14ad475acb0ec367144590866d3ab83119778db7be6f8f281fcc7d609a9d8ee895e494e1760483c1c66358bfbbed9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c8c192b8a4fd54d0a598df0a948901b
SHA1 04a8f5832af5e36388b522e44c71641eacecf9a8
SHA256 3869b1489cadfeebd2e1dd622a4d0e8cf79dbcedb4a8e7e1a3f38f1e68d52fe4
SHA512 628dedc175a5e7d02bacc0c13f6283abb47b9027c52b7ecea04bce82f371bec1db67d2594f290976f7a18a89bc8a840d3f4db3a9640f4d9cb7d4d83c2561d9f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ce6e04c6a15cb2f768ea35b5ffa061a
SHA1 7fc7e5b0f43acc3a900916367de115fe752f07c4
SHA256 c81ab22379e10cedfe579a3023df777841c33d704fc7fd35ba9d1c63b478fcf5
SHA512 4b6e91eff8419789402f7f77d0e3d78bfd5ac70482b3c1f4c71572ca20bb010c08d40dc737d88a3c4482c10f7a52446b6bcbe0824115745ddc5aeb65edbad6c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab1619651154feaf18ce43a5a35174ea
SHA1 360cd7c945f6be464608789cadf11bf4e309cedf
SHA256 5600db05b0f2e9d0f8f70e2ce7c922b4ee342f4df628c34b682cb188f3bc5985
SHA512 eedc0ea497d12aafeb8edef8dd0ec4f250b686df0c562f1bca6acd868659664e0cbbab32d9fa5485265aaa16a40efd4d99d5c3ce3d4e97647118e29f1807cdbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a11f8db3c5c850014f5af7a495a2de18
SHA1 4ad123b545dad83634de37ef3b24bd16003e0a64
SHA256 399b295b1d20bbb6d7139daddd47d1ad5f8ef423a0b68845e06a4f2c58aa03f5
SHA512 e9afd1bb5dc4d468e0d155f2c4f8d244e96df214d0543da72742001e1b9530e33595d4b4ad5e3ca0d9e189eac731a76005b9cfa692b63eb48e91ff4bda85930b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2da0abde34b40e1e889ca591c5a36e36
SHA1 d0aa1cbbcf3725d152d0bf75763cfd1bc199ab67
SHA256 a3a7a5cd165ddb73664cecdd1816292b236d3263961d5c7541c020d0e491a30d
SHA512 c9fb6ee7ac6c714b8465f7c2525b00da559c47b69a954affdd0c6052342bf8bcfe61507989a0c908a7f0fdb7f28f952b57daf83e233e5b22ef088127f61bc4cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1a07e2a4acabf43902e484f729c0b9d
SHA1 0c8c7d08ff544790142eafcf2bc956def4bd66f3
SHA256 39c881f7bc11ac505cef4b589dcff5dbfe6646f4379d34c8446dff48317b49d0
SHA512 061a5933156db8ac9dc9c99696e68c4cd819e298b0bb4a6cdf792912ecafffaa2cace842d6a62fc1af2a4cd0a1a344dfb7351646a852193368227ef3e3cfc2df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a83db16f1020a398baf381a1c214ad0
SHA1 26ff5b67cd7af423ecadbe24b5aa26b459899632
SHA256 db1ce360e582d28f68f06998338dfba25fcd01e673f73adeeb84cd45cc99559d
SHA512 c3e395e9ef54c6fe7a78ebbe411776783c9b517ec0440429ac71b83255972698f5afe1835e8b9fbee26206622bee337a82a2df52ae965ecfc07c37192da0ba01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a71cd9605827959ad895519d40e847c
SHA1 10bb2995916ac560b19943385abab1fac229b100
SHA256 7c922254c3913963ea298a70dfc2dff539443f7def092b203f0d681575aa6773
SHA512 bb05a57ebb438b3c1761546647985d760ff817198767891ffab1ed45f0347a867a16ff7b08852695a48a90d3d8306476df8b8a59ad89fa7a0ab96861a5a21698

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb8d99d9ee78f68188828b7fa7896081
SHA1 714dadc94fcf4625bac03ab47108dad1d219485f
SHA256 31f67e7d39769f01d9f00f5214232476d7b4eb200de420778836aaac54f8f5a5
SHA512 29fe8182eabdce2a492bb947b427a991e05419a8eba54764e13cca7a52827d952cecf3d323a42f1e4c245c7cd9371be0ab2e3edf7a4b3553ea5b772487e88ae2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04ad8f6c47be09205f89951e6d35a3b6
SHA1 437143ca9250d22e26646198b16726a44c43133f
SHA256 16fa081de7c012b913b0bea2f4ac96e8df28685a74db7f45dcb568e562c16c78
SHA512 df78a0cdbd5384585f4fd6a0fe37822153af59db9ff20120bb0beae3e2e11002b7710336abeb0420e5e04071e86185673c5a3d3d278e31e9211e1affd2f604eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b9850c8c979f8ad6d55ad23943a5dba
SHA1 f79a58a65912564e56d549c73ed2c41cc516444e
SHA256 f76561883c38b25d3d4749e6b73dd400a2828f0956873f3fae00d79b7f42448c
SHA512 3d5afef1515e313814199a4be7ce4cc7ad75886b5bf8b6245bb5598083643e69ffecc48331fbf85247e8a8b68338cd48c37cfa09e4a70506e88fe02684b3b3d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 30b2e9e1581c7045eeef0e5d376eea46
SHA1 b327622c948b4021a7d50dfc3ba6bff77ea84470
SHA256 f817391aff5c164163842de5daad2c5d79021bc5ed193ffc65d832b9ba98a09d
SHA512 d39067dbf156dc48d396b6e64aa014a234a6496427c457fbdef34dd5c2c21577948d8d9d5ab17444d3b68505e85340f5dce3533814d127f10c337a63f9ed160a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff2e02eec2e994eda6911bfaab5598f8
SHA1 cab966427de57195e2dbb7aa8c2bde8767898910
SHA256 c965bad9036def0432c436895de310e99395f2d367c82e0e5cbcc0b24f22a502
SHA512 3988800e7252462f59af3e2a4364dda27e4ce648628d5c4417777a688270b4fb7200159b57c5af5559e62d319884f4c133ed856074d04c63aadc416a9cd0453b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78738f0d37f87dc5fee70ce1adfb3575
SHA1 2f254fb93f9f4fb082791c8ac00ae8ac360fe17a
SHA256 fe920ef930ba2d52fae92415a2fe056244fc4d7a5754911897b1603e8c84a87b
SHA512 d08d7d58cbcfd18d95d6cfb13ef5228284be37c56d09c872c7c76840339a53f02abf77e4c4afc1cf57078254578b94c465d225b23c4db789d8de509458be4d0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0386a395a7e3960d0c63d44c84b50c3f
SHA1 9ca77f83f0a975b66eccd28ca6e33d9e07c1fd49
SHA256 5aba89642430c26e4a1403e556d622d43735519968d73299818dcd7e54a06954
SHA512 4db1ef75b1054cf8d396008cc5dec4fb02d4c5fc565a849ccbbf7cf81c4a374e82e6882d2575c7d7b92485e61d2d7bd1ddd89503706400fd81ef1a91f9875d4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c9a65d0daa18c9be1603d61481987d6
SHA1 1cc19123623f5f0971d4f0341904b53d6aad44db
SHA256 83fa5084ec915e831f92954b0eb3cb44b687418180f9851119034ddf4b163b33
SHA512 7542a81d15ab3c79491c012afb9711d384f8f45338e3af7e1660cb0483bb9007426bc034db5d148d87987d91e232c69613ace9b57b19bbf6de1bcbc9744ec83e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eed76c6da6f4767ee98f85470086ac96
SHA1 33be47358d5a03ddfa139c23e5990e48e456b800
SHA256 61a308af684955d33e3ae8e207d740a39851e15a5e9e798a0ac523291d3b8cac
SHA512 e8d272e1e8e8e91221bcfef2386e0939f859fe3694eed9c8cdd19a500b82c5ef435158b2812e74b37e9addd224cc0a1178ece4391e60c7edefee4c9ea9405dd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7f89e5dd224d01d17bc2bcf29ff1a6c
SHA1 c1f3590857ff83e3c94a11716c671f7f235ca80b
SHA256 f0b56b358f1ae5ce36f701a75ca7caca8d9ce2b25942d54c65e47fccd15a1b56
SHA512 ce7e20d94a49f28a78dbab5ba113b4ad270edc7e441ecdb0d136cb292a8ffa3a5e87d7efa9d5a015595b791b9946a0bdccf25692095db2c12dcc709bbc4fa069

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 4fe3a3bf7fedf8082f0cf5206f309361
SHA1 d29e1daa54051601225a697c4a0733f66dd78b17
SHA256 1ca1dcf0a4baea06dec1a7eefcf5854d482cea7570765c694e0bdbb56bea7e22
SHA512 22a3338872eef2a6183aec2cfcaf0bea2238b340d9f1a37f6db2c01283bebc73cc0d7b14b1f5348e1492384aa3ea4879f3c2b88e42585499f73269f07479da36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7575cff77511accc1ae64758182acb2
SHA1 2beb5769429645213772e91d411907a0e02c4efa
SHA256 60b45cc896d5cd05ab8d0909b367af03232c69b7d9e0ad2f11c46727fe3682bc
SHA512 08324c9952aac497f743377ed0a99301ca39dd49732cc3c553effcef95c75ea0d4b249bd6cd6f49b5d2b86daa2b5f35b9ed8a598547dd7fc5aad2b7717a7afdb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 308fcac437f5273e8505e75269196f49
SHA1 0258c5f6fa8f303ec83e689e5c89deb29c8657a8
SHA256 53261980eca96c60bba011eedf2bb7260039b101271bd553fa947c375d074c07
SHA512 830bdab471c1db86e9625a91678d9a5417ab54ebf6f9aceb02bc8a8d8d44fa695c0ac27949cbc0402085eb7fdf4155bb7c77b3326127a7f9433f99d5c6f46dd8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a3a8ed116649f56c0d3a28bfb47ef82
SHA1 9218db6b448a8553f0940e4e64f474bdc6b7e017
SHA256 3608008a303dd2def3f642f2d7f685305f724c1b549095fd1f9c01acae4b6196
SHA512 423e90c65e0f00f878b9d52461dd85f1418b1ca924ff81e9c378e1b599ddbe90b46516f62962b4d187e4c07a4bc863ce9dd245972e4af6f3ff3793e286d55522

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 058ca6cef8e249f15b5d1f3bf026eade
SHA1 8d99243b21a82d28bd16273fc701a8a88d482364
SHA256 7abcfdbaa13adfefb8f9cffcfbf9d9ac271a1840ff72ce274e53fd8accc90339
SHA512 f473caef878e6dba54b6f293766d18432a174ec8a2f45a4b7dd94cb75f604d1143aad12232b59a8a1c15c778cec58b05220f87271d6466f7fb06d421d777fde3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 adae0c2a18e2ee333d7612ea8451a751
SHA1 8ac96f88ca33784c24b099a1f3a1fe9b38f9128e
SHA256 f70379a0855e75f05c622c0e0932811f5164bc7476865fc33865066455461386
SHA512 0f3c98f5efa35128e04b599e8c43e397e5fb1e97e21bfa1f6ddf3a81970c9ed5a725033026d623ba70232750bd9d7fa17d93c73d7a0e52325155915466f9260c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4cf6e6caf12e2b0a13793bfdf99385df
SHA1 a8571212b92d9b1bfa5d58a3535fc22818940150
SHA256 6520b3cda253aa64d905e3504ce13aea04f0ad9cb47787d5ce4b3416c5f48dc8
SHA512 3ced3e507f06363982b00e1d754f8de591485505fe6d2748e7becc3a5e690701e1133e9746c9862742f9d7dfe6f888545f1a9af43a06209a51ba619e8802dc3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d63480f00229133ddf09a949cb4be5ab
SHA1 b9a32b6668b488cd4b9e05bb4e9464fa9c84372f
SHA256 5ff413e03e4fda34186e2b721366f885b40f03ffa62f02b4492833d8f1cb41c6
SHA512 b41aa6fc0ef577db4fb1291f6737dec4a14daaf267f404bb159a52bab5399d8740ea4f57c7cc944f8114e4b43b05f55c15d29f79a9a646475f44ff5e55abb1af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70fa2557735bbfe7c63452e9cdcdaaab
SHA1 ec255f0eebc7a189f11f04fddc99fc716df646b3
SHA256 585ef85cfac372636197a436f96e0a6214d9a7451b9baaed86a592d034d21be1
SHA512 14a3452b31e7c6c28cfad57967cb7eb8c973c11e5ad2a515782d70e51d7169612f6635bde9b29e5cd9001b5f0eff2c2812982e7f93229b9196312a280e92a6c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc73ab8d665b133d8c39ca619772d782
SHA1 c417abdcfbaac51c92f117ab107a11c378e05f27
SHA256 36e5128fbceb98faaeb349c9a1237ca134b539943cd1a6b674ffb1410d2920ce
SHA512 da98af09400c7b8e403e0cdcc753480162302380b2c2971c4e084191559f9bc62b3824b926cf29398bf831ee792151a7c6a8d185a2c245b41585b079cf02d51a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 915fff4ce7c22b672413032e11a80a1d
SHA1 247567f03d779f87ddfb942fcdfd3271cc67ea47
SHA256 adc00a980e02e28d0d178621ca3c46cfc0e1d256b27c98b083035ab8bc3aa0bc
SHA512 6007528ad9d5318d6802c1e14cdcc2c6ba32f154c2689c06e86f1adb8ed1a3daa5e95655da09a38818611569a28412e901291d709b0c2c1a8f8b9d39a975f8fb

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-28 10:18

Reported

2024-08-28 10:21

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

146s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c6a7fa521a0b25222f73b3fb886fada2_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2204 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2204 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c6a7fa521a0b25222f73b3fb886fada2_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb150c46f8,0x7ffb150c4708,0x7ffb150c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12408395149535712905,14678565526997825675,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 cdn.wibiya.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.187.206:80 apis.google.com tcp
GB 142.250.180.9:443 www.blogger.com tcp
GB 172.217.169.42:443 ajax.googleapis.com tcp
US 172.67.143.66:80 cdn.wibiya.com tcp
US 8.8.8.8:53 www.tealdit.com udp
US 172.67.174.110:80 www.tealdit.com tcp
US 8.8.8.8:53 www.intensedebate.com udp
US 192.0.123.246:80 www.intensedebate.com tcp
US 172.67.174.110:443 www.tealdit.com tcp
US 192.0.123.246:80 www.intensedebate.com tcp
GB 142.250.187.206:443 apis.google.com tcp
GB 142.250.180.9:443 www.blogger.com udp
GB 142.250.180.9:80 www.blogger.com tcp
GB 142.250.187.206:443 apis.google.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 go.linkwi.se udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.zoosos.gr udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 i1234.photobucket.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 216.58.204.74:445 ajax.googleapis.com tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
GB 142.250.180.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 66.143.67.172.in-addr.arpa udp
US 8.8.8.8:53 110.174.67.172.in-addr.arpa udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 246.123.0.192.in-addr.arpa udp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 platform.twitter.com udp
DE 5.9.46.15:80 go.linkwi.se tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 3.165.232.110:80 i1234.photobucket.com tcp
GB 23.36.249.243:80 s7.addthis.com tcp
GB 216.58.201.110:80 www.google-analytics.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 192.0.123.246:443 www.intensedebate.com tcp
US 104.21.70.210:80 www.zoosos.gr tcp
PL 93.184.220.66:443 platform.twitter.com tcp
GB 23.36.249.243:443 s7.addthis.com tcp
US 3.165.232.110:443 i1234.photobucket.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.187.206:443 apis.google.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 243.249.36.23.in-addr.arpa udp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 110.232.165.3.in-addr.arpa udp
US 8.8.8.8:53 15.46.9.5.in-addr.arpa udp
US 8.8.8.8:53 210.70.21.104.in-addr.arpa udp
US 8.8.8.8:53 66.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 61.39.156.108.in-addr.arpa udp
DE 5.9.46.15:80 go.linkwi.se tcp
US 8.8.8.8:53 go.linkwi.se udp
DE 144.76.151.218:445 go.linkwi.se tcp
GB 172.217.169.42:139 ajax.googleapis.com tcp
US 8.8.8.8:53 webobjects.insurancemarket.gr udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 www.facebook.com udp
US 57.144.120.1:445 www.facebook.com tcp
IE 18.66.171.31:443 webobjects.insurancemarket.gr tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 developers.google.com udp
IE 18.66.171.31:443 webobjects.insurancemarket.gr tcp
US 104.22.74.171:80 widgets.amung.us tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 104.22.74.171:80 widgets.amung.us tcp
GB 142.250.180.14:80 developers.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 syndication.twitter.com udp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.200:443 syndication.twitter.com tcp
GB 142.250.180.14:443 developers.google.com tcp
US 8.8.8.8:53 t.dtscout.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 141.101.120.11:443 t.dtscout.com tcp
GB 216.58.201.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 31.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 171.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
DE 5.9.46.15:445 go.linkwi.se tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
US 8.8.8.8:53 r-login.wordpress.com udp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
GB 142.250.187.193:443 lh3.googleusercontent.com tcp
US 192.0.78.19:443 r-login.wordpress.com tcp
US 8.8.8.8:53 s.intensedebate.com udp
US 192.0.123.246:80 s.intensedebate.com tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 11.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 192.0.123.246:80 s.intensedebate.com tcp
US 8.8.8.8:53 www.facebook.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
US 57.144.120.128:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
IE 31.13.73.22:139 connect.facebook.net tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 static.addtoany.com udp
US 104.22.70.197:445 static.addtoany.com tcp
US 104.22.71.197:445 static.addtoany.com tcp
US 8.8.8.8:53 static.addtoany.com udp
US 172.67.39.148:445 static.addtoany.com tcp
US 172.67.39.148:139 static.addtoany.com tcp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
IE 74.125.193.84:443 accounts.google.com udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 cdn.viglink.com udp
US 3.165.232.120:445 cdn.viglink.com tcp
US 3.165.232.52:445 cdn.viglink.com tcp
US 3.165.232.21:445 cdn.viglink.com tcp
US 3.165.232.125:445 cdn.viglink.com tcp
US 8.8.8.8:53 cdn.viglink.com udp
GB 172.217.16.226:445 pagead2.googlesyndication.com tcp
GB 142.250.179.226:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 connect.facebook.net udp
IE 31.13.73.22:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
IE 31.13.73.22:139 connect.facebook.net tcp
IE 74.125.193.84:443 accounts.google.com udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.75.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 104.22.74.171:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2783c40400a8912a79cfd383da731086
SHA1 001a131fe399c30973089e18358818090ca81789
SHA256 331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512 b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

\??\pipe\LOCAL\crashpad_2204_EXVRPKUHDWAEFAWP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ff63763eedb406987ced076e36ec9acf
SHA1 16365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA256 8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512 ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 92f9013ca3e5476b1cc6cc2986e675f1
SHA1 5ca58ee88a3a02d99d954b50c5b1dc3bfe807dd9
SHA256 9adaeaca95d2bce6f2dbbf43303f86da7275551b4ca8a3611bf30008988dd4e3
SHA512 5189bb13204fda89c97c9b7d3700f023444986a764118c7542cd821cc1abef3cb12d5fd7229c36578108fe9d43b446c4f689cf5d7c5014bb744abb841bec6de2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 33a83c16527e4531fbfca2631f653674
SHA1 87a63514c262ba4bffc52d2ceebb3ca14353507a
SHA256 1156bb50a264543f6a9dc8922dd2c65d444c8bb11b3b18be95d5adff840b33b4
SHA512 f1dba28d0f81aa0894436ae7b4ba76a2e635f002f666d17d31b8b21500dc2321d7862ca8dcfd22e44aab4d1f33112c076dc95191c889546a40f9c6197cccbda3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 a0423f1305547bb6b8f5a4fb1a9fc2d8
SHA1 092dcf1fe57e6bb53821eb754e04188ee70602d5
SHA256 6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8
SHA512 b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 66a1ead3514e010c718318a46d3061fa
SHA1 7c759f0198b43b24771b5860d70c940696977d51
SHA256 fde21cf040900f0d26ec86f79c31bace14a54a3ebd7624bdfdbeae6b2efb672b
SHA512 705dab3ca6833cc09d4b6fb8afb8289fc0fedb504937e40a0db881f7ac6f7ef7156a1ef712cfd28226ff4173d2ae776bba7d5ef1e1599f096a1354900d7c73da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e706cc326782ca7732a5828f7f57ad30
SHA1 2e409516034d01fa1a19edb6b1087ef1fe24e359
SHA256 1f1bf9781077cc1215a40f949b749059d343ef5d4ad23575318272e4fdc8c07c
SHA512 9734a4c0dbb215b9562269853d41781474e9bf4bbc2bbb584469b25c70be99deb59563943f2466639814f294f7e6429871c37ff559f8b3f93fdd351cbd5de585

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 215d003b6dddaa0c7bdec4a3bf8bd395
SHA1 98af44ce726e13e2a1cb9f561aeced4a464eb1e7
SHA256 4fb294cba949241b03811c7e9ce0a27cc722ab8f95cf736a39745c43f2a5a63c
SHA512 09714c25554e4f216ebc5e61d52f24cb7ad7d6d1070aa19cc0d2b79b7fb9505cd33f6a6792c98bdc46e9198cc2ba93978d549fcacd917ecb209f3034e8369ccb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 625a6425a842fbbd5d1fcce3f94a9e79
SHA1 6fc4c7af00281fedba9ece1f3a82ba1593342e2c
SHA256 4086d356f6aa5c854523e72c0bf18fb098d0014acbecca9fd98fcdf0cfc5d629
SHA512 0ad401b41d865e31fe2cc3bf32b0042a305254f3ee20c651c9036a713dd556de2b15bdf4bdcd07c22b6ef6268fae97bc75a27a24943b7499bef4192a23bdbdb9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f76a7f4899afe43154787ec294360e23
SHA1 926728e3ae21efead917aacaaaebf2eecaf4d773
SHA256 b243cff0dccc5a63391df64662a35a3f9269c7271113c18e9d843cf5c107f8aa
SHA512 fc6dcb18755d9ddeb325bfaaaeb99ba81369a4796c388a8a82511db8347656785add01c1ec2f3f3de58ad6b29143f809340a8a56e568be2432e9273c6625af94