Malware Analysis Report

2024-12-06 03:22

Sample ID 241023-zacsvazhpl
Target 70afd700699206f7f44a8452a0d16cf5_JaffaCakes118
SHA256 06291a72a9afc31a7d21479bd03a7adb7eb25d9de070fb6284e7850c73df4830
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

06291a72a9afc31a7d21479bd03a7adb7eb25d9de070fb6284e7850c73df4830

Threat Level: Known bad

The file 70afd700699206f7f44a8452a0d16cf5_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-23 20:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-23 20:30

Reported

2024-10-24 12:01

Platform

win7-20241010-en

Max time kernel

150s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\70afd700699206f7f44a8452a0d16cf5_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b96000000000200000000001066000000010000200000005b1622921319c75436c435901ebb17a2d8b2d8090c7eb609af075cbc8856d310000000000e8000000002000020000000509f0e1a6b5601bb8513374f108d3318281e313251830f430a66195fafca98fd90000000f40dfaf78f822e7f09a9c8805cfbe23f904ed4b71e8e986c104b7aa4a2d78877da02ca0d320d861ded9faddec2e9216eb222b9478e3d5c6b573e7b252db2c2a7946b4cac4cb408df6f95f67cf930f6127aa84dd9e0d830511a323ed0551be0ab27d16d0f25a2be53b4e12eecd1e847ef178c8e30345bfd1823b2e86a99b3ae50f03418f75447a82b524512e358caab6040000000cecba9741bb8d79799b411a75352d01fbea47caefb4f29a14454dfc3fa26a424c72c0bf712b0fad787ddadad67d8fa38cceefdd3863fb121fafd1420b73044cb C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4B0FFE11-91FF-11EF-9D96-D6B302822781} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b960000000002000000000010660000000100002000000016f34f3ecdb672890d84e1127f36676ccc89929d7960f4511fa1e8baeb241742000000000e8000000002000020000000ce3ad90794e0da6260f87440066c938405f8d2e0eafce528521b47f38ee22b6e200000004fce5deaed54cc3716629372266a6675cb7c0a9a2fdb3bbc8a64adcf2909b17540000000e834af471ddace3282171299431474ce22162050fbd4aa6217b98f65b5fc7bc5a448091465a0c8631db9bf76f1a7752ca26687d1e8d870eeb05fa564649625cf C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 407097440c26db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435932981" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\70afd700699206f7f44a8452a0d16cf5_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1600 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 www.deropoli.com udp
GB 142.250.179.238:443 apis.google.com tcp
GB 142.250.179.238:443 apis.google.com tcp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 172.217.169.73:80 img1.blogblog.com tcp
GB 172.217.169.73:80 img1.blogblog.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
US 103.224.212.217:80 www.deropoli.com tcp
US 103.224.212.217:80 www.deropoli.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 www.ert-live.gr udp
US 8.8.8.8:53 www.blogblog.com udp
GB 172.217.169.73:80 www.blogblog.com tcp
GB 172.217.169.73:80 www.blogblog.com tcp
NL 85.17.114.229:80 www.ert-live.gr tcp
NL 85.17.114.229:80 www.ert-live.gr tcp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i-am-totally-bored.com udp
GB 142.250.178.1:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 feedjit.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 172.217.169.73:80 www.blogger.com tcp
GB 172.217.169.73:80 www.blogger.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 172.217.169.73:80 www.blogger.com tcp
GB 172.217.169.73:80 www.blogger.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
US 103.224.212.214:80 i-am-totally-bored.com tcp
US 103.224.212.214:80 i-am-totally-bored.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 static.networkedblogs.com udp
US 8.8.8.8:53 nwidget.networkedblogs.com udp
US 8.8.8.8:53 je.revolvermaps.com udp
US 8.8.8.8:53 www.e-cy.net udp
US 8.8.8.8:53 i50.tinypic.com udp
US 8.8.8.8:53 img52.imageshack.us udp
US 8.8.8.8:53 i.imgur.com udp
US 8.8.8.8:53 i1086.photobucket.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
US 38.99.77.17:80 img52.imageshack.us tcp
US 38.99.77.17:80 img52.imageshack.us tcp
US 199.232.192.193:80 i.imgur.com tcp
DE 185.44.104.99:80 je.revolvermaps.com tcp
US 199.232.192.193:80 i.imgur.com tcp
GB 13.224.81.93:80 i1086.photobucket.com tcp
GB 13.224.81.93:80 i1086.photobucket.com tcp
DE 185.44.104.99:80 je.revolvermaps.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 199.232.192.193:443 i.imgur.com tcp
GB 13.224.81.93:443 i1086.photobucket.com tcp
US 8.8.8.8:53 eortologio.net udp
US 8.8.8.8:53 ypokoultoura.gr udp
US 8.8.8.8:53 jf.revolvermaps.com udp
US 8.8.8.8:53 rf.revolvermaps.com udp
US 172.67.202.89:80 eortologio.net tcp
US 172.67.202.89:80 eortologio.net tcp
DE 185.44.104.99:80 rf.revolvermaps.com tcp
DE 185.44.104.99:80 rf.revolvermaps.com tcp
DE 185.44.104.99:80 rf.revolvermaps.com tcp
DE 185.44.104.99:80 rf.revolvermaps.com tcp
US 172.67.202.89:443 eortologio.net tcp
US 8.8.8.8:53 www.incognitostudios.gr udp
US 8.8.8.8:53 img155.imageshack.us udp
US 8.8.8.8:53 img693.imageshack.us udp
US 8.8.8.8:53 img198.imageshack.us udp
US 199.232.192.193:80 i.imgur.com tcp
US 8.8.8.8:53 i1110.photobucket.com udp
US 8.8.8.8:53 i44.tinypic.com udp
US 8.8.8.8:53 oi51.tinypic.com udp
US 8.8.8.8:53 img5.imageshack.us udp
US 8.8.8.8:53 www.neemo.gr udp
US 8.8.8.8:53 img709.imageshack.us udp
US 199.232.192.193:80 i.imgur.com tcp
US 199.232.192.193:80 i.imgur.com tcp
US 8.8.8.8:53 img257.imageshack.us udp
US 8.8.8.8:53 img831.imageshack.us udp
US 8.8.8.8:53 img.bizinformation.org udp
GB 172.217.169.73:80 www.blogger.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 8.8.8.8:53 www.conduit-banners.com udp
US 38.99.77.16:80 img831.imageshack.us tcp
US 38.99.77.16:80 img831.imageshack.us tcp
US 38.99.77.17:80 img831.imageshack.us tcp
US 38.99.77.17:80 img831.imageshack.us tcp
US 38.99.77.17:80 img831.imageshack.us tcp
US 38.99.77.17:80 img831.imageshack.us tcp
GB 13.224.81.93:80 i1110.photobucket.com tcp
US 38.99.77.17:80 img831.imageshack.us tcp
US 38.99.77.17:80 img831.imageshack.us tcp
GB 13.224.81.93:80 i1110.photobucket.com tcp
DE 116.203.113.104:80 www.neemo.gr tcp
DE 116.203.113.104:80 www.neemo.gr tcp
US 38.99.77.16:80 img831.imageshack.us tcp
US 38.99.77.17:80 img831.imageshack.us tcp
US 38.99.77.16:80 img831.imageshack.us tcp
US 38.99.77.17:80 img831.imageshack.us tcp
GB 172.217.169.2:80 pagead2.googlesyndication.com tcp
GB 172.217.169.2:80 pagead2.googlesyndication.com tcp
NL 195.78.120.66:80 www.conduit-banners.com tcp
NL 195.78.120.66:80 www.conduit-banners.com tcp
US 199.232.192.193:443 i.imgur.com tcp
US 199.232.192.193:443 i.imgur.com tcp
US 199.232.192.193:443 i.imgur.com tcp
GB 13.224.81.93:443 i1110.photobucket.com tcp
US 38.99.77.17:80 img831.imageshack.us tcp
US 38.99.77.17:80 img831.imageshack.us tcp
US 8.8.8.8:53 www.eortologio.net udp
US 104.21.52.177:80 www.eortologio.net tcp
US 104.21.52.177:80 www.eortologio.net tcp
US 104.21.52.177:443 www.eortologio.net tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
NL 85.17.114.229:80 www.ert-live.gr tcp
NL 85.17.114.229:80 www.ert-live.gr tcp
NL 195.78.120.66:80 www.conduit-banners.com tcp
NL 195.78.120.66:80 www.conduit-banners.com tcp
US 8.8.8.8:53 www.greekbloggers.com udp
US 8.8.8.8:53 www.blogtoplist.com udp
US 8.8.8.8:53 s08.flagcounter.com udp
US 8.8.8.8:53 referringlinks.com udp
US 8.8.8.8:53 www.dokimio.eu udp
US 8.8.8.8:53 www.thewebpower.com udp
US 216.239.32.178:80 www.google-analytics.com tcp
US 8.8.8.8:53 ticker.agones.gr udp
US 8.8.8.8:53 www.kickstart.gr udp
US 8.8.8.8:53 hosting.gmodules.com udp
US 45.58.124.226:80 s08.flagcounter.com tcp
US 45.58.124.226:80 s08.flagcounter.com tcp
US 104.27.203.89:80 ticker.agones.gr tcp
US 104.27.203.89:80 ticker.agones.gr tcp
US 172.67.179.193:80 referringlinks.com tcp
US 172.67.179.193:80 referringlinks.com tcp
US 76.223.54.146:80 www.greekbloggers.com tcp
US 76.223.54.146:80 www.greekbloggers.com tcp
GB 142.250.178.1:80 hosting.gmodules.com tcp
GB 142.250.178.1:80 hosting.gmodules.com tcp
US 104.27.203.89:443 ticker.agones.gr tcp
US 8.8.8.8:53 www.kickstart.gr udp
US 172.67.179.193:443 referringlinks.com tcp
US 67.225.208.65:80 www.thewebpower.com tcp
US 67.225.208.65:80 www.thewebpower.com tcp
US 104.27.203.89:443 ticker.agones.gr tcp
US 104.27.203.89:443 ticker.agones.gr tcp
US 104.27.203.89:443 ticker.agones.gr tcp
US 104.27.203.89:443 ticker.agones.gr tcp
US 104.27.203.89:443 ticker.agones.gr tcp
US 67.225.208.65:443 www.thewebpower.com tcp
US 67.225.208.65:443 www.thewebpower.com tcp
US 67.225.208.65:443 www.thewebpower.com tcp
US 67.225.208.65:443 www.thewebpower.com tcp
US 8.8.8.8:53 www.blogtoplist.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab8539.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar85E7.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45d5d12e08688015b491d09b841960bd
SHA1 0a766443adfe47e60fc82db2e482130b1f89d6c1
SHA256 5e5171abd621c4c11384a89e730f56493917a3331337c09e1d1ecd2e3c5918d5
SHA512 bd0f953ebd0f5f89a2852ee925dbd439ec4fa87693ece0ab66cc244abe4aa75956b114a431b2749bb14b08b9d41eddb8ae51544f7260b74e17730dd4470f5df9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 735b3f04bf67302957b0748846fb48bc
SHA1 ce1cdbfb923e8923b02e081cb647c895f907fd22
SHA256 92ac4f2ce11e3fe8e5215e337f80175fb15317743c67ee2eaa9dab914e50c0e0
SHA512 a72c151d345133af4f916c99dc6d79d91e1f751d669d993b8971bbca84d89017d31d0f9f095739820cfd20f7c5c1c23de659897b004f75768512a0ee7c9c515e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e28b513ee7e1bb419df10b640411f23
SHA1 668a317bd638f43168820d3207bc10a3056f1eb3
SHA256 f06ba321951f5909318f08eb2724853fe7bef384c7a5b25aa35175410ec655ce
SHA512 3ab9898f492b89b0b881719edb1fb3af54c6ac5b0bc87d8f8aed8825e4ded8b011befad6dc3ccaa890dc7e0c781ab2ab8c0fe72a2ea1171f80e147bd4495fd12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b86df94038921953a33bcb763e904838
SHA1 311824454b100774344ce4093f4bce640601c8c2
SHA256 174c8fc71d2dbbb4309646599809fd6b3be922b64bae3467ed37e642ade664e8
SHA512 3d37c1688ac63f2758be0501b54d547db36caa1a7f2866dd58f1b64a4e0954d65986e350f4132899180376d342b0450699d234b1b1c77d05cbdbf41c667fcc85

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a95666792c82f8a2bde57a2b02c649fa
SHA1 96f967482def9de1c76d8a87975b19c923123cab
SHA256 0bd5fe15c5880027e4abebbaccbdd960974f73890b62c4bc22523c10799ecb90
SHA512 50e4ecefc6d42ef99600a987894c5d415b80d23df6012877ca97f7951d6464035e605cf5504417c31cd0454041acd1d2467322a30667e7d73a9aeee143988057

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85b98c2ec260301a1af603b6451f3c99
SHA1 71d3c7a256a69170d2981ae027add4793ab06daa
SHA256 8d3a2393a028ab75a241ec14c86d4b9a836600cbac5547685713f2b45067d25a
SHA512 0fc758f50898850232f876bf14de710b691ded8d40c4b2cbb0cb2bce2d4cc9bf7c0457842d1998d5aa5726a63f134189a2d96b049ba5b58a742d85827fed1da5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aee4a89b2637b5fad532e16d3c84e1d8
SHA1 583a0fdb16000aa3fa7053a40e9a7dbe7e090e2f
SHA256 4e6d97735a8314123a17ae0f32c164f067be50d1007420d1d26d8d42162fbc73
SHA512 2f767e6fe37be8bc9e4325340575a2acaec001c27f335ce4735349c54ac2cf7228602d78ade4a26a77ea86d26f33bce90dd51b83705787f764e194ff7f67ea7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94acee67b9e18459c071aa07e9e5dbc3
SHA1 a08fb58dc365aa93d82fed5157c1598b294625db
SHA256 5383714bf1df52187b4493a03ab0a0774623d1288db7606964dd6729a5b1227f
SHA512 ff4220151b5c3ec353b9cd9fe3480fa4458cf88035cbcbd94c936b97ebc9a2474eea0cbadbf50c148175500f2a3e83bf0edd4d647875589fdcf1d2ed3a62f0d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e64e526f9f68e0a6f42d788cadbacff
SHA1 08f63efdae2c848c5435b444c7b5ee0707fadf88
SHA256 020bd80fdfbd878e132406475fbea36718aa9dd63f07ea58407789a28d2d9201
SHA512 aacc819c7bd146c0eb90b7003b2f5e6d4ed1e9a8008dd93f1ce85d5ffd6fe065b2719b92c8e5b49d7b4c40cb9804304ad04c71f8ea88f833ad64902ee13ac197

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01a063cce52b351ef50dd926f59117fb
SHA1 8a91bd5b37ef034a43679a713a503b48e7670d3e
SHA256 3c185df21580d5d59567f081f4f853d86aeb77bca49b10f035b250d83dcc3c5e
SHA512 11d5c4a557e1bf5592eb704e1386498b7c04223ae2743625c07aeeb2d7ee98d753b8503470665a10a727f71d985a9be0c217983cf356ff1796f59e1d1f917091

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ed29f701a4b8e152d54071c66c8469f
SHA1 459446c6f0ac3417e3698baa6e7f57bf791d6170
SHA256 379086d90d8204b599d2803b59f2ecec06051e899b19235a4485e32c9e28a427
SHA512 a602801614b0b44d467f10b31cc6ab6a6b8dd2c1d737d82d2ec32ce39393a5731375d57c3a29d9a6aedfea72008843f0e74cf2c7e61105c5ae4ca3cc1c846a2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c723470762d914fc3e611cad8f006a5
SHA1 8dbaf852d3b009e43a8805725d8afe430d73f6aa
SHA256 13acbeb9f860f2b77a47270302ff64eede4d9a0e0f31c550b86e65eced1745d9
SHA512 a4625d93598d2d2f7604872641d0dbb8f708a8f4bcb6031e809d5cb3ece730f1d89557b0ba8c2051c2d71a4532f23b50e4fc0d037947a6f81a11c00baf6b30ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d6ab6f8ff697211e16e15367916cca8
SHA1 832e8090e4d61406735c013d2da9a42481cf189d
SHA256 af8b4ba44d6db3e52489df22153632cb4204b1b4ac05549ea40636ae601a9655
SHA512 2c313d1474b291228fd980013514a9d8cf79a29db26dadbb985600d346a413ef3ecbf916d52b11ca6097a04a186bfc501c4de55e12df36989d47ef0c25bf479b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef429305870710e3dfabbb98716a6aa7
SHA1 ffdeb1464e8f213ed365430f064b836a8f1c32d0
SHA256 b1ed6b6c7915b7181c30e40606b7e1f8e3332b345f048b7b1eaf58cf01c300fe
SHA512 ec34a141e50109c5b43699264255c69c3122afb00bf75bce2c6e38384d39d4831df0ea60ecee03b1cee982a51db2806ff8dd666e334184a3eef7759cef0d69af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44af751ae0e719c6fab0c7609e23b88e
SHA1 b4d8039c360be61cccbada8ee43232d60f6512d7
SHA256 62e1bd656d152b38b5b15c6a508c3ecf68f1c9a76eabbe7bd471e604f321274c
SHA512 289700f6e03420203c69d33e95dd7d10571d4cf4c4ccce1baa2d35a976c35ab679b2f4e664dab4c075a725e88748fcf76774a4c9e038d07891afbf02a35bd19f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7414f53ca64097a5f7442a163825d638
SHA1 770a8c95542e7f78cf32eceba66bebd867032679
SHA256 09f409fd6836fda0fa242d5bdbdc92dfb4be98d57bb02abfa20fbeb881f2fd3c
SHA512 8a7eb6a888c96edd1d11a2645e3d6287824a9310d37ed297706cf3934956f465509841bdafe04426c6e6b0e65cfaa89970c00622af5e0e9b775e70c5fecb9247

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e40e47b8b499adbfb024b4be674083d
SHA1 0a1ac0146df3589db01c9c2d14c5c0c923d9f68f
SHA256 bab10511a019e57ca139c2fe5deb765df354c268c5173f7ce9943ca7c078a2d1
SHA512 4dbe058eb2fa87a2ca318f03ae7464e97f0cc4706abe7a9cc683ea688890fa47e10d00cac226faa4b54b4509ca6b04dd54ced2b886cb50bb86d2090e343edd57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76d38988eb889757ab49bc375ce7366f
SHA1 19a2c9c3617f316eb3902220beea51b9005d18ba
SHA256 de9fce97042e0bce7768b10ee95908e6b02583ca8ccc2bb30b92ff833e19287d
SHA512 2bb4940d40251bc5d0b3986eef3c6bdc5687d89200942664a173014eb56cf3f3ad1fc44843fe21f7d2620b821fd0de683728bb5b8c98c5ee3d1eb12c41162c90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 609fd94e959b026a6db6e2e003893a51
SHA1 2118ad475218df0a46f0c70ff8f3125216e5f78c
SHA256 b304f49258493feabed90082ca183b93917d0a9aae86b709069b84d78117a1e3
SHA512 7108aeebe45bc591217e111a612e943df79bbf2b53927aaf753ede626b63e12b756f5c845bad16c9a82825d367123a64f55ef04ea5c000dde70154cfa3f0f942

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df335bdfd8aa90c10dcd4b4e7e615450
SHA1 e7e5f1e7b350750df7b6c65e592a2354b60c86f4
SHA256 d46fd1eaebf567da3af806795dc8b27895fed84a31c50e1d36c1535b030269be
SHA512 a52b05b2473e5bd986107cc3af6af2d3bb558be193f07922fdfd0471e8335a6f7fbbebcbd2db9aa8bf71fd42dc7fd04ff9223744009e264a88249c5b668857e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b99d178d5b598cf7f93d0b437e1f2676
SHA1 214f33b7336f4cb38925071e71848d51191fca93
SHA256 b5edfb862062d957520cde71eda01f274e3bce8058ff3b6eccb9953554d622c2
SHA512 31efc6ef5fd479b83ab2776ea8e87a5483afd099b2fc1e4205c0228227ca1a420d0e087561b9691d6865d28c0c7a70ab08a542d240ce8086c3011fb52647b37f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bef4c422adc714921b8f56eae891b64
SHA1 b8e97ebf4d65aa850b6227feeb6e72dd0dafe509
SHA256 d407a9e284deed0d605fdfd19d09011d08149ae9e51b97e750e512ad5b069eda
SHA512 7216d0a7e72acbef69324af59d17d6aa4ef71e7bf1606460921dd9a7069b261e91197c251329d87c310f2336caab9d6e6d76e68c0d8d261fcd9cc4cd47191866

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0482c7728fefc912c95c9554c5dd00ac
SHA1 36cf4954cb9d07d00ec36d3b0fe7d605b35f2c53
SHA256 0d0e48191133672ed7ef3e4b568ee110be2490889e13def0491dfb57ecaa166d
SHA512 e813920aa3d3edded772500ae3b6ccf378c75e7b0e67b4922b96d71442d76ea685185304a8e09f5d508a333133588f49bf531a93a0130e2dd0c9450e4788c00b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 685d5a0212ee1d3be0c2c05cdd16a909
SHA1 46b3fff35ec589a2b8699d5995710834f5b477cb
SHA256 bc1a0436d7c4e72e780665cb082eab92a184aa12a83e3c01d7b38d081cb5be23
SHA512 6c2ef6a10f1565a1d2fb8ed2f4c3bf65d6267587c011aaf9a1996aba9c13174629f9a8a097c3b1fa14216a854b6278471111a6c9c6f3abd4e30d90616e37af43

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-23 20:30

Reported

2024-10-24 12:01

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\70afd700699206f7f44a8452a0d16cf5_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1200 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 3732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1200 wrote to memory of 800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\70afd700699206f7f44a8452a0d16cf5_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a7b946f8,0x7ff9a7b94708,0x7ff9a7b94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2460 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,5131771763606304187,10062977877095335495,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7712 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 img1.blogblog.com udp
GB 172.217.169.73:445 img1.blogblog.com tcp
GB 172.217.169.73:80 img1.blogblog.com tcp
GB 142.250.179.238:443 apis.google.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:80 connect.facebook.net tcp
US 8.8.8.8:53 www.linkwithin.com udp
GB 163.70.151.21:443 connect.facebook.net tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 73.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 142.250.200.36:80 www.google.com tcp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 nwidget.networkedblogs.com udp
US 8.8.8.8:53 je.revolvermaps.com udp
DE 185.44.104.99:80 je.revolvermaps.com tcp
GB 172.217.169.66:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.conduit-banners.com udp
US 8.8.8.8:53 referringlinks.com udp
NL 195.78.120.66:80 www.conduit-banners.com tcp
US 104.21.59.153:80 referringlinks.com tcp
US 104.21.59.153:443 referringlinks.com tcp
NL 195.78.120.66:80 www.conduit-banners.com tcp
US 8.8.8.8:53 www.deropoli.com udp
US 103.224.212.217:80 www.deropoli.com tcp
US 103.224.212.217:80 www.deropoli.com tcp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 99.104.44.185.in-addr.arpa udp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 153.59.21.104.in-addr.arpa udp
US 8.8.8.8:53 img2.blogblog.com udp
GB 172.217.169.73:80 img2.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.178.1:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 217.212.224.103.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 i-am-totally-bored.com udp
US 103.224.212.214:80 i-am-totally-bored.com tcp
US 103.224.212.214:80 i-am-totally-bored.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 214.212.224.103.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 static.networkedblogs.com udp
US 8.8.8.8:53 www.e-cy.net udp
US 8.8.8.8:53 i50.tinypic.com udp
US 8.8.8.8:53 img52.imageshack.us udp
US 38.99.77.16:80 img52.imageshack.us tcp
US 8.8.8.8:53 i.imgur.com udp
US 199.232.196.193:80 i.imgur.com tcp
US 199.232.196.193:443 i.imgur.com tcp
US 8.8.8.8:53 i1086.photobucket.com udp
GB 13.224.81.90:80 i1086.photobucket.com tcp
GB 13.224.81.90:443 i1086.photobucket.com tcp
US 8.8.8.8:53 16.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 193.196.232.199.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 90.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 22.10.230.54.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.incognitostudios.gr udp
US 8.8.8.8:53 img693.imageshack.us udp
US 38.99.77.17:80 img693.imageshack.us tcp
US 8.8.8.8:53 img155.imageshack.us udp
US 38.99.77.17:80 img155.imageshack.us tcp
US 8.8.8.8:53 img198.imageshack.us udp
US 8.8.8.8:53 17.77.99.38.in-addr.arpa udp
US 38.99.77.16:80 img198.imageshack.us tcp
US 8.8.8.8:53 i1110.photobucket.com udp
GB 13.224.81.90:80 i1110.photobucket.com tcp
US 8.8.8.8:53 i44.tinypic.com udp
US 8.8.8.8:53 oi51.tinypic.com udp
US 8.8.8.8:53 www.neemo.gr udp
DE 116.203.113.104:80 www.neemo.gr tcp
US 8.8.8.8:53 img5.imageshack.us udp
US 38.99.77.16:80 img5.imageshack.us tcp
US 8.8.8.8:53 img257.imageshack.us udp
US 38.99.77.16:80 img257.imageshack.us tcp
US 8.8.8.8:53 104.113.203.116.in-addr.arpa udp
US 8.8.8.8:53 img709.imageshack.us udp
US 38.99.77.17:80 img709.imageshack.us tcp
US 8.8.8.8:53 img831.imageshack.us udp
US 38.99.77.16:80 img831.imageshack.us tcp
US 8.8.8.8:53 img.bizinformation.org udp
US 8.8.8.8:53 www.e-cy.net udp
US 8.8.8.8:53 s08.flagcounter.com udp
US 45.58.124.226:80 s08.flagcounter.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 www.greekbloggers.com udp
US 13.248.169.48:80 www.greekbloggers.com tcp
US 8.8.8.8:53 www.blogtoplist.com udp
US 8.8.8.8:53 226.124.58.45.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 www.dokimio.eu udp
US 8.8.8.8:53 www.thewebpower.com udp
US 67.225.208.65:80 www.thewebpower.com tcp
US 67.225.208.65:80 www.thewebpower.com tcp
US 67.225.208.65:443 www.thewebpower.com tcp
US 8.8.8.8:53 65.208.225.67.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
GB 142.250.179.238:443 apis.google.com udp
US 8.8.8.8:53 www.ert-live.gr udp
GB 151.101.188.157:445 platform.twitter.com tcp
GB 172.217.169.73:80 www.blogger.com tcp
NL 85.17.114.229:80 www.ert-live.gr tcp
NL 85.17.114.229:80 www.ert-live.gr tcp
US 8.8.8.8:53 www.blogblog.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 172.217.169.73:80 www.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 146.75.72.157:139 platform.twitter.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 eortologio.net udp
US 8.8.8.8:53 ypokoultoura.gr udp
GB 172.217.169.66:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 rf.revolvermaps.com udp
US 104.21.52.177:80 eortologio.net tcp
GB 142.250.200.36:80 www.google.com tcp
US 8.8.8.8:53 jf.revolvermaps.com udp
DE 185.44.104.99:80 jf.revolvermaps.com tcp
DE 185.44.104.99:80 jf.revolvermaps.com tcp
DE 185.44.104.99:80 jf.revolvermaps.com tcp
US 104.21.52.177:443 eortologio.net tcp
US 8.8.8.8:53 www.revolvermaps.com udp
US 8.8.8.8:53 www.e-cy.net udp
US 8.8.8.8:53 www.eortologio.net udp
US 172.67.202.89:80 www.eortologio.net tcp
GB 142.250.200.36:80 www.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 ticker.agones.gr udp
US 8.8.8.8:53 www.kickstart.gr udp
US 104.27.204.89:80 ticker.agones.gr tcp
US 104.27.204.89:443 ticker.agones.gr tcp
GB 142.250.200.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 142.250.200.46:80 developers.google.com tcp
US 8.8.8.8:53 177.52.21.104.in-addr.arpa udp
US 8.8.8.8:53 89.202.67.172.in-addr.arpa udp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 89.204.27.104.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
GB 142.250.200.46:443 developers.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
GB 172.217.169.66:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.201.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 232.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
GB 172.217.169.73:445 www.blogblog.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 e-cy.blogspot.se udp
GB 142.250.187.226:443 ep1.adtrafficquality.google tcp
GB 216.58.212.193:80 e-cy.blogspot.se tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.200.1:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 e-cy.blogspot.com udp
GB 216.58.212.193:80 e-cy.blogspot.com tcp
GB 142.250.200.1:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
GB 142.250.187.226:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
BE 64.233.184.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1 010da169e15457c25bd80ef02d76a940c1210301
SHA256 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512 e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 85ba073d7015b6ce7da19235a275f6da
SHA1 a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA256 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512 eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

\??\pipe\LOCAL\crashpad_1200_HNZAOAYJXVKUGLZA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 71909663d4fff443cb8eb75a940b498f
SHA1 4d67e64f6cc62f2fd901a41459e823bbf7e81388
SHA256 3ee906fa7ffef04dafa76286beee006288feec09c4d4a845d4cfca665f7d0e7d
SHA512 014bb3ff5e7608aa3edbade2a33afe24d31cc2d491b2bd731c0771a6637b5874b902fab9179aabba841f4f3fe9dbeac4bf7a077e9f0927f28cd1e1234b0a5cb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c7c3734dbbdb13cda5423662075cdeb0
SHA1 e9aa4c9137cb559e1a83598de707613b760e4a7c
SHA256 48b1f5af5e4ed612e8cf3741c54729558fbb0e284ebb9b4f5a27b4c229ee8f14
SHA512 bf1a5604ee1a6d64d122a7c068ce06e470805d66dba737886e941823fae7a90a9b930c3351fd3c194d5959f17a8fcd10608deb59a4fc5143df79dad5e5eb8702

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d6c934c86902d8a148aaa306ae28ac99
SHA1 e46749328da8f2a78ac65272a320fb03a53d6a90
SHA256 9f262fff34740a58e8df6b63ea5de52de1d4fdde07f5e24ad41a8fffb64e2054
SHA512 7e6903bc51d3a3a570e20536a3123ccab22c1caae47536837fce2dd785d2b827554093f84e19facecc9b8552fce55e2c58f555a24d1e6b880f77d48ee5b2cb1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ba804ff12047e04722e1af38a6e48b9d
SHA1 433719dfe587f1069f30fbe82e8a3dc6824d5db4
SHA256 421b51cf8590b4a7422fff3ac3afdf6cb7951f52497cf1c8ed5787cca7864e40
SHA512 bf9c52d38055bb59ff4f653a47a678ec0ba6e2ccdc953f3ec5e9ff2f0c90f8bb01c762bfd3fe68363bd38802536558d15225f4da1bcfc8a0710277522b86678c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f23f.TMP

MD5 7fdab925df35e0e6d38b048220d10f1e
SHA1 2201b37c26d96d40110174089a0eca89ac66ee4e
SHA256 206c3203c8fc21034b8f414903fdb461c541962c00d5b0dff1fff842439dc450
SHA512 aa2510b2c220864cbdac9935f9ac290ff70763f8b8ad3f8709729a8624242942cecaa2062c40690ebb3a78a926388855ab607290262f10d9ac188871651b8c8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fbaa4686084376d38b25bcbacc2bf3cb
SHA1 eee64c22abf9e69ae0a4d4577f29d179ac3431e3
SHA256 eddac05718a7737a076095a3d5b0fb6797185107b7e5f091819c80cea810564c
SHA512 43f010cba36378f9d22054edeb1bc8b0de93ea9ee1afcd7a0e4c6b220aa0a24e126dc1ccb378d3f3fd4705a38abca97cd9b9d3f219ae006f0444a976428a3351

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 be433fceccd7e1520dd9adfc518dcb96
SHA1 8d935c34b22453f90b0b1bb2a5657bc02b26b20c
SHA256 2144f78f9f10277732bc7f0e9c3b92453f0754ed5b5ae495896653cfab12f228
SHA512 098337eae698352aca9cd6171432ebd9cda2bd628ac7fe76324d0de64c084f9db3d263f3147dea2c02140c153f49ac2cb41c7fca432515a1a1bcf64f151c5ff0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 28ae38e3230a2994297e70a832a7cae3
SHA1 862027a1797dae8d3f20f2baff44b334b9139e1f
SHA256 b0e7f9c0ce4e97ef96e199c6a2d3c5080a9a702867e635324b932428060ebde3
SHA512 793668aea92148ba84aa417d8c3d58ac2bb602378e658e2f0edbe44f9cbc2e637a17160554ec9ec9e5f03e43de708a3d64c4f98f0051caea51d437560e353fff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 29fc2f21d86c97558902ffebe94e9b4e
SHA1 320dc2f1392ada2d82883a72223b06982d89bd03
SHA256 9b1ebb96b606b9f65f46ecc89b1c0274d837da852fd63ba0ae612f4e282c1ef0
SHA512 f6597cdc2ca850aa2e3d38bdf764045c90aac76a5f7224de51f406b29dc2b78a848bdd71186af9b7baa499530729852835be42cbfa1fe9604381864761f7c659

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4d0eda74bb289200cdf2cfa2694633fa
SHA1 1ad33af734f4963804f6f9fb95368f3e6fd02999
SHA256 3121213f8547b09c431d698055c413d8f821285feaf6e59b2febcbc24df4a8bd
SHA512 d0b24a5116efdc38a932c48492e7702832993da684de0612ade08e75cb8ace1747225f384569b2cde5cd0f775ce1febaa09598fc5480015805155a55dfebbfc5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 05197e9427acea2ac4dc812f97a8f078
SHA1 3d2a38b79da52e57783360f195ac3e7c85edefd8
SHA256 7bdfd36b4f017340dbc84a310014381bfd3028416ff21c54f7ce0a35cfd38191
SHA512 084d4febc28358d3ba6b0bef400f637b7f350381b8b592b1e412dd860d5aaf034c03ecfa87a064cb19dd8a42faade23c260e35a8660791011b7e51b726418ead

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7f037f4a7e038071faec7925dd6a5405
SHA1 d142d99374593ad9dd82569eac656b39a8ef6ffc
SHA256 d1bb74c1aa80a1639aaba40baa44fe505d2751cc12d7a954cb4675c5b608a1c7
SHA512 b0fffa9366295595825ccf1c8090f1e48f90a0fa5968dd18880e51c2c2b5dccdf172b05fbcffa82ade08f45d4f689c60468e505c4600079cd60cedf2ce4301c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6867eb222ba088e772f65c5322f6a0af
SHA1 1c274f6993649ea3142b558832b230af19a6afc4
SHA256 358c479aca4bc979612041dcba1817e2f4c3811d7a18b1de26216b5a25b379cd
SHA512 e16443d08634533ba75fc60d463d2f6b87084f52a91747fa85e892acb444ecb8ece258e3c3c05f057f41e022961b7f154ccdc8c43c6965ab087321cd20eb152a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d0411317b7a92ded34642f90bd10f03c
SHA1 2859fe412e1563074eb1ab6b3fa93a12317ba16f
SHA256 9fdf33100d1ea10165b98faaa4e25dbecd17440ba3cafbe4516d2f8104a833fe
SHA512 01b562066ff856dc2935ce8fbd40cd503a8917ec86cd50d70a5a2ea8d252057679ca16f355594f5fd28149fa0d8aa6932dbaea1dc3b55c1de29d1d4b67a59bec