Malware Analysis Report

2024-12-06 03:17

Sample ID 241030-n214zatqgk
Target 7f1ac5c635064226be652395968264f7_JaffaCakes118
SHA256 277baf0aec691a022883f9435a55726dbaa5ab53c99552b55ea6826978cf9631
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

277baf0aec691a022883f9435a55726dbaa5ab53c99552b55ea6826978cf9631

Threat Level: Known bad

The file 7f1ac5c635064226be652395968264f7_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

Socgholish family

SocGholish

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-30 11:54

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-30 11:54

Reported

2024-10-30 11:57

Platform

win7-20240708-en

Max time kernel

138s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7f1ac5c635064226be652395968264f7_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436451165" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ae53e857e97d9f4586a966efde2e770600000000020000000000106600000001000020000000f9b3decbfc028810ca1631e0762ee225b31cf1b7f48f2a417fb77a53fd43a8af000000000e80000000020000200000000051954816f2be7213a810a5affe0497cf8da36da4e4ebff48641e1b04afa8de20000000101c7c93bb5ba75d7fa84dfd59b261c13fad751f2a1ae406e5ae80838f14e178400000001d6b990837f864cb81095058208a318260e11ddb5e1aa152eb9d4c4273502b8378d21612c96094b68180a3b167010ae3726433d17816ef3b9a38f9752d8484fe C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0f8d3a0c22adb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ae53e857e97d9f4586a966efde2e7706000000000200000000001066000000010000200000009c7060c3126d463ff2bd68065205ac4e4700313380cf23ea3e3cdd5e435568d3000000000e8000000002000020000000e3958e8096da3c9a01fc42e0d8370a71dac2d2bf86304bea9b3b55fe9e92cdc59000000070678b93897dde9cbaf72645d26ce0759ee125924f5149af3c470e5552544853725e0afd801f6f78d68d264ab01b45ad8b6202549e4a52b77be2c1b47218f5ae6c62d525112c4ae58cf73648eac364913289f3518a0c255dfb1c72395ca5e4f6374e3f327a6191aebd5b7e4968625dce3382a834526947ba9dd27b2dcfcc6be26350a5b8d1b2eabf806b5d93656df85a400000009b094dce5dafacd33b9a70f7186bebe077e0b75439cd5395499a97714129271be011de364bc1c1b711a88f390e1b73495a40ed0a38e45bb74903b73a87c7c15e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C6915151-96B5-11EF-81FA-CA26F3F7E98A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7f1ac5c635064226be652395968264f7_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1508 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.intensedebate.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.bloglovin.com udp
US 8.8.8.8:53 ambassador-api.s3.amazonaws.com udp
US 8.8.8.8:53 www.bhcosmetics.com udp
US 8.8.8.8:53 ad.linksynergy.com udp
US 8.8.8.8:53 images.julep.com udp
US 8.8.8.8:53 images.brandbacker.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 greenlava-code.googlecode.com udp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.200.46:443 apis.google.com tcp
GB 142.250.200.46:443 apis.google.com tcp
US 192.0.123.246:80 www.intensedebate.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 192.0.123.246:80 www.intensedebate.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 52.216.213.89:443 ambassador-api.s3.amazonaws.com tcp
US 52.216.213.89:443 ambassador-api.s3.amazonaws.com tcp
US 172.67.199.136:80 www.bhcosmetics.com tcp
US 172.67.199.136:80 www.bhcosmetics.com tcp
US 172.67.74.169:80 www.bloglovin.com tcp
US 172.67.74.169:80 www.bloglovin.com tcp
GB 142.250.200.34:80 pagead2.googlesyndication.com tcp
GB 142.250.200.34:80 pagead2.googlesyndication.com tcp
US 35.212.34.244:80 ad.linksynergy.com tcp
US 35.212.34.244:80 ad.linksynergy.com tcp
US 35.212.34.244:80 ad.linksynergy.com tcp
GB 142.250.178.10:80 ajax.googleapis.com tcp
GB 142.250.178.10:80 ajax.googleapis.com tcp
US 104.26.13.230:80 images.brandbacker.com tcp
US 104.26.13.230:80 images.brandbacker.com tcp
US 35.212.34.244:443 ad.linksynergy.com tcp
US 192.0.123.246:443 www.intensedebate.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.195:80 c.pki.goog tcp
GB 142.250.187.195:80 c.pki.goog tcp
GB 216.58.204.67:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.187.195:80 c.pki.goog tcp
GB 216.58.204.67:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.187.195:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
BE 142.251.5.82:80 greenlava-code.googlecode.com tcp
BE 142.251.5.82:80 greenlava-code.googlecode.com tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
US 192.0.123.246:443 www.intensedebate.com tcp
US 192.0.123.246:443 www.intensedebate.com tcp
US 192.0.123.246:443 www.intensedebate.com tcp
US 192.0.123.246:443 www.intensedebate.com tcp
US 192.0.123.246:443 www.intensedebate.com tcp
US 8.8.8.8:53 www.revolutionbeauty.com udp
US 172.67.74.169:443 www.bloglovin.com tcp
US 104.19.147.50:443 www.revolutionbeauty.com tcp
US 104.19.147.50:443 www.revolutionbeauty.com tcp
US 35.212.34.244:443 ad.linksynergy.com tcp
US 35.212.34.244:443 ad.linksynergy.com tcp
US 8.8.8.8:53 r-login.wordpress.com udp
US 192.0.78.18:443 r-login.wordpress.com tcp
US 192.0.78.18:443 r-login.wordpress.com tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
NL 18.238.246.206:80 ocsp.r2m01.amazontrust.com tcp
NL 18.238.246.206:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.180.14:80 www.google-analytics.com tcp
GB 142.250.180.14:80 www.google-analytics.com tcp
GB 74.125.71.84:443 accounts.google.com tcp
GB 74.125.71.84:443 accounts.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 developers.google.com udp
GB 142.250.187.195:443 ssl.gstatic.com tcp
GB 142.250.187.195:443 ssl.gstatic.com tcp
GB 216.58.212.238:80 developers.google.com tcp
GB 216.58.212.238:80 developers.google.com tcp
GB 216.58.212.238:443 developers.google.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 172.217.16.226:443 ep1.adtrafficquality.google tcp
GB 172.217.16.226:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 172.217.169.1:443 ep2.adtrafficquality.google tcp
GB 172.217.169.1:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.80:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 184.25.193.234:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 74.125.71.84:443 accounts.google.com tcp
GB 74.125.71.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e39e101c0ba524efce907390f28e6000
SHA1 5ab40cc2f23230c4f8b23323e80bfa0274d7dc6a
SHA256 3b45911529afefdc951e230dc4d8c65a6147b0902f4a53733a5868db6a06c7c4
SHA512 13cc512c718647046d5ea46a2b16ae4b99491fe1ab9ca105b6dfac15939034145bc23bdda352d4a85c826e99283687833c694712cc7ffbd26206bd9845d68e6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f049932aa770b09985672c911c536812
SHA1 2dc022527d46718d8b66f74059e7c23bf0685146
SHA256 cee5561828e3458572c5915bdb5ff66beef7661fec2eab6839575d302513fc14
SHA512 de5515e6d51ac02ef0c233cc862b7e3a440fbfc7be4a3980a6a80af259615d32e901a1d9026b120a5c185347e9e0d85e7d83dbc3338cd05c4361d69593080e2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 73e12bd3680902c0a3646727870a56ec
SHA1 420cb971091cd91090cedabfdbec42419fd82db5
SHA256 5aa8cacb01fc206ae7ee2cc44a1b6d1a25544db8c24e7182e7a66d9c51d06135
SHA512 8f6bd893e125a434750a36965b14fd20a50cd91f01cb4cfe84e84e7474ddd702fe122bb83854f95ac631fa4e65162d584ae9c05b44e3b0fec4302a383913c81e

C:\Users\Admin\AppData\Local\Temp\Cab6AD6.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar6B84.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_1D349A035F531E40CCCF658F74AE70F3

MD5 bfe1904777b2587e8b1855207a9c6a64
SHA1 e6b3fa746da3d5f0ad35a3a85d662316f7ae3a06
SHA256 df6977880434b6cce952e370f84a6370108becfc0139a802a7cb4caab582ebe1
SHA512 6055acc65a04ab2c29aa2a5e81746df1bd76722dae4ee4336d39b8eb522422282fb32c0ad4dcf42d273c22f9cd4b9939c21dad1126fdaa1876ea2319023048d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_1D349A035F531E40CCCF658F74AE70F3

MD5 ba4b25cadec7f3e38aeac46d9106e299
SHA1 cdc91cb530b8d103ae39ed486620c3e64000fcf4
SHA256 66a13fe3652645715c7efd36d01ba4a1c32563f60e89c0b0887ac17a92b5b874
SHA512 521bbd3d256bd02fceb4e9fb0d392be0159b086f3a8fc6e47c796ba04e5d989bba6dbf82dab6863a797bd2b58dfb475caf3c37b71104988be749800c8cb879b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3d29c9796ed456ba9992503a02229b4
SHA1 34978261c4ad23072d04bcde8dd7f7131aaf65bb
SHA256 f7f77e6d7312d7469f5114b2a0ccdccd318b9e5717e5af4d2c5adc49ebff617c
SHA512 6b3ef6947472d301d1bdc84bea639339571293edf4883aaae935df89c92a0b45d0480ae94dd9c6a28ab28d6ae4bfbcf6225aec1e5b2adeb05f151c0b0e44e0ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 814fd809469dc140120922747de001b6
SHA1 268d50926c5f313e15ff82a7d288d9cbcacefb55
SHA256 7fddd917aec042e177f3683cb55243c47f9dd6b81658fae93aabb9509020c67c
SHA512 5369cbfa3023fdb72b7e868543d2692fd55532aa8f89a71a4edf67b6b6d424bf5497f0060a9206c1a793928b6c9c76521a06c105fe758d06d411fdd111901585

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01254d7026b1b3ef1f2eea00678186c4
SHA1 973e2a2ca0aaacbcdf5da174090660a637cd8362
SHA256 7d5488ad56576459ca887efd0b15bfdbfccda883402e5ddc0e3a40ff4b519942
SHA512 eef5f91d73942d0556b43438496cf42c0171909350cfd2d6bda333a31082ba04a3dce285a644ec90ce5315d51769de64fe280a71649cb9e351bf35c3f5fc617b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a72d05e30a9f517976d88257993976a4
SHA1 5217a2528d0c15abe46ef9ef85fd4fa835e6bf96
SHA256 f4e492509a62d3ae076d6f2e6dfb6884ec8c71d34896129a3768d06febe27933
SHA512 c441b0f6377daab825ef9375ee36f4e6b6b4b03c04b64a2c3ec04cdfdbf9b0234654c394080bc2a961cbf9a8a97c739eb3985b557411c4a5e944e96e58a40c8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ac7a6e2befafe240645b544b8249a99
SHA1 c2393460d91003f28aafaf64ba072f7bb418f98f
SHA256 e41fae4360b501bcd40cdce0f2713036d5cb6cea2f154885ac1a16868faa24db
SHA512 b967cfc1346e190fd1ae73fa1554c181035dcc8a8646aac1d53702d75bbcaea71d2e5038aa5311a7747b7a2f47d1fb79364f7f86c6929ccc8c1ed950b2f922aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b118f5c888be45d821b65f7447f5927
SHA1 4e7b937d36fffd76f93a5fb320a1e18625f1b65a
SHA256 1fc043e65ee6c5b8026fe1891c04300d0880f12bb7aad21159683d4dfb68dad0
SHA512 0b652e7a33c1642379b1384401a7b6f43ebc3e5dae247f6f35b099d737d0ddbfb2f9446578e4adb552cd41d6e0e0080b1256cafc085f87110e380a24311ed1ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 9158c2cf870030ea49f02d16d7974e66
SHA1 f056954ad1b0cbff1af2117dec5182639bc192ff
SHA256 a4460f1f421f4716bf4bf7e402393bdf531afbf7a2b94e122f5364eee1cc2ba8
SHA512 1773fa05dd8b5911ceafda1c750ee645351bdf644c34370fa643378888670e22b714f5fd56b814484e5f179270245c65dc4eaac12d1b1dd50c80f510410f2cab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ef47f218a2c940195034a731133dce7
SHA1 2fa31a393a7a735f934ca00809906d5a51e44e29
SHA256 1bba498565c43b70ea891784f5626a234ab2d08a32a04578c93a72484098e64c
SHA512 b91b5ff08fe3cea33611d14a27f9373a15fd5ac76e67116cc8c6e17cf1433522ccdd9135a8dabb69dbb7191363f09ea2d83d7fb04773a10d4772f3629b90fc3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b1007ea3fd4c69ced83b2caa250d52c
SHA1 e633cbded00eb7eb68a42d588a94dc1fff51b05a
SHA256 689d0e92fe7bf868e2bf1759254be9db98e7043efc215df115078063f889c153
SHA512 5cddfa7fcc0c75a8a9cc3afd17427ca7dc3ab484d2412c118bf487c40b7d1927eca65a66714d5a7ab6f86e33bcb1f2436b69645bfb087f43916ceacb1a2f817f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\plusone[1].js

MD5 1106da066ce809fb5afe9c6c1b4185b2
SHA1 3b64d3a7f52b4c07047fa8727db4207137733bf8
SHA256 d0f3af1e716ce7846e7c252ace160c12480d41eecd5a7e7917ee5b2ccde62b51
SHA512 3f0205b89d5293f14d863e344680a9d8518e5d4ee3b981dc5981106534bd597ed6b388eecab1385320f77c8d5a46a4ce5b64f03f4377b8ea13ecf9b569878fd9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\cb=gapi[3].js

MD5 1d4cb29476060a1b3681fdb681200b11
SHA1 d541f88bf8d4fd98b9e0e723e050c47d4d32c18a
SHA256 5930e64b0cbf1dc5922f65060422fcf822870ac69439450ee3cb134365a51a82
SHA512 85575c3656c8e0d70cbcdf76194e37dbe3f7bd4535221a8f51fb6b51266fd682809fa86bc556c27d127f713a6ff75290ae1fbdcd8e589211e1685f82b99d93cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 060fc58979409196ccf6aff20b929ad6
SHA1 04052fed6931391c15761e57d7ac17de9d824c17
SHA256 3606ea4e18b2533f68bd9fa5f1d99c698e2f8e869d69d4b1cee43402aea4c9a4
SHA512 d09db36d49e21ee6875167d3e04e34752aee9128e32032e20c2723176110da17b0cdc45a9aed820f28246f79190119641f311fc8d128a5eb0317b794d572b04b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74926e35ed15ca2e36a07761a4a863a3
SHA1 7969428050aaf182f5ca2a58d3f8c6a2de595d1a
SHA256 411c3a4d3ed8182f6a7fbb924b9e8e275d45085924f92cbdde97e2a2042b1b6d
SHA512 971f9dc7f31b299d52efbe0b01aa9664f290ac8c1c9264f940b9e3b2d263b685a045e9f9cb056e29afe40e6820c3fadc520b8a1adc63aa4a2d1a54fbd58ce8c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 274eae53b601273afd1001738d8bd735
SHA1 c18ce35babfcd734189624cfb7f13b935e349a83
SHA256 0fd3917e215c46e201aa67fb8008b9efd68494c330e63923c2780771c481298d
SHA512 5bf0570c8fe1e1697d4c9e43ce391c28ba535f4c9b0e1056dc09a2a261e109428180db46b7e8cfbee4201a7fb13b7e1d9df7f326ac09bf30e22fc38f097b71a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4f834f670ac2eb5a63c64725aaaefb2
SHA1 e36331cf2ac9bfce5c31c4068ceed5cbeadadf9e
SHA256 e51f1c7a899474a2cc4e540a6ec71bcbee7c3fe35cf0d4d6392e3346ecc0da3c
SHA512 82c08ce83ff48b683aae0bc27c0ea8858ba3731f5db33450db0f9db8f6a394eb2db5b662e1114b300020cc286f90d5be306b454c04162be6c28beca396acb17a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82921d0d6cee8aef313afa79c9506e74
SHA1 20073d3a9031ed64b01e0187012587d618c8e06c
SHA256 95e524515583ccfa4ac283a2613253ba5e8bdcc6ef3027f61455c0d84ba72511
SHA512 4f35220a435c0fd268494f2fab6cd090d2d6abf75a5b3d5539d5468904e071d496b0691053932362794ddf3eb001480fe0434b2e2fecb0f73367f4dbb79f5da4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de23333a6a9901b409551d3f5f5ede42
SHA1 a2ecde924fe3f7194fa9cbeab8cdfb2b03e6df54
SHA256 da2f3379ec69a9b3342c849d9f27c53b426b113cb6ead18c62ef379184432103
SHA512 31440e694cf805b9814acc350fa619b74de43ac6275a772a78ed908072a97a566e10773c627c41afc4bd9c1f1aaa189cfd8ca90e085ed38d23cb129b0b963564

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a14a6a66f9a156ced1a79efe3fd9473
SHA1 df970d031550ceec95172058c77fb5ec1f479aca
SHA256 6870b05a1c81476a9bb0838c4b0233218f44cb127fa922689f8208b2a33a34e5
SHA512 a4ed10d6c77c06641bd45b87844b941534de5937d55ebab66375d6f9cd5a6f19b0fb52ab759cf91f69dfe7f77c3fd31effa63bd9bcce04ec49b59881c8114f2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 997d1c001aada7419e7d2f3490713ee9
SHA1 5dc00c3f5dbfbc050207fbcecb51b4536cc6744a
SHA256 d51b62b3cd2032cae109a1bfcfb0119c70db3394d4c2fd2a55da218c72b9d87e
SHA512 17adc5f6f04a2a2a828b0e6975e17d3b83405e75d22b929f24fc0a55f254688f711688b955071615a6826ea9dfe27b2e88c8f91e7b90f6b66ba44685e6b0adbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d54bf7075f9b901b226bee0e047e038
SHA1 45be2189432173b195d2b7fd46e83ae420b2a50e
SHA256 5dc76e4aebf8269af79665ac61679c75a769d48325f1d8b8e7b7e22b8daa673f
SHA512 e568da05a4e2d1fbd2fff73b7fd7f95552d23a5af63b8bfa2438ce6ea0dc28db2b653e7f4cbb043f868d76ad2faff53c8bb311b526f2a4efc47db1cb55613060

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8146a7183906a6f2f950e3df1fd3d02
SHA1 13a05b26cdfe3d0f7d581008fa874ebf1726cb1a
SHA256 d36ecf6103b4399312b0d78866a04895ecbbf22c7a27dd7039a83ed0845a4ac1
SHA512 2e84ba41001605d1dc2610f0e47c3a19ad5080db4a1a0871a87b183f71a51c6249b6f9d3925ba60a4d31f04241fff194575d2146638b8f444fb68a58a4327e3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 957b1aabc89f59c80d100dfcbcbc0311
SHA1 ef287197a25cd59252773654b7f3e555ef3c8c30
SHA256 5510a9addfee1abb60844cd4649e63011de1c1414364d9b3feb7c078084eae0b
SHA512 8b61398ce7a4dd2af8895022b7f4b206319a9117f231daf9172043bcfc777bf9c99fc0ef1f0fac53360e3ed5cdf626e3bb574f39fbbcd5b78d7ac1bc90d366ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 249002b57b14fc3ea3bc469d2b22b553
SHA1 2093dac5ad0b52f1acd4e5249b7733cf2a1ab6d6
SHA256 e04a0a24e091892e3aa26a76a6e8c30a689c09b4a3d9037f060e0f4879937049
SHA512 639f7cdc2e2bcbf174cf29baabe25bd9a4dae604e9661fd2a99c00f64d137b15f486e72dedb5ff939ca8e972986a68cb2aadaff740cfb6a730f538aff1b60b49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e693caf73415005c0f5ae384b7142f76
SHA1 1a39f413fa304372c69c719865f7f63eb04eeaaf
SHA256 2a6813aa4bcd4e4ddc16d560c3d9bfe71e7b8db475e6672e7c1d480cadeef1cb
SHA512 5b3941f11f76605b873996ad88a95a1292f8e074b2f351a4f88daafb918e569e265e365b9bc16b358f4247817d1c6c0f2599c1ca02f7e143628fc38f460bd8a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 eb704a8c979bad7ac1697e9cf8658d5d
SHA1 8a14be85a1bf6aec28090648af792cedfef82ea3
SHA256 bea66c7a4cf94d45f7d01b0d973ac66b58e363e1b1fd4cf753a913b2c9ba17fd
SHA512 1087bf408e816f8e3f5dba24f3630cb6859e1642dd9215d5ffbf52a498fba93cbb78d8556eb8cc44d6ff5184cf1128a168b80bfcbf80a641e5e087d909eb8753

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4a6acb86e2eff993b41a9411db15e62
SHA1 ffde5d96efc3ef79ef8d69ffe6765f2105b3c443
SHA256 9374d093fdea74529ea56f88270a25f84282f8ae6bf51c12f976d859c46efeac
SHA512 53112a542af1b42d574ca9afa52a952a2c4071a01673ec648258fe00cb874090e260048922853d9e4a69d8c7d53487f7a873a2aafb878e38d6cb7aa2efdc71dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f1421c1b6ef2bbc2ecfaad23a2b216e
SHA1 3fea1e329982a0462d02932f897f77ef78494c23
SHA256 c4df3b5304769555f1a17b380f5d2401b76036cb08d81882b05c401996b208a8
SHA512 c866fc1418f03f200ff9379cc84f12d432c44ce5e543061328cef9763c1df4998ca15fc2958d6be4d6ed66da220ca32a1ad77e93a289f06b424f411b36fce39c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 191057326fb664dfd819335a4be4fbc5
SHA1 302d5d8cca069a6364f2dc1cba83142f216fb42e
SHA256 f6739cd1984b105c4df0a6cc2859ebba46d8a96c5395017d83d2bb461589de60
SHA512 78dcad789b2bab69ed683bc0e40432d85d79dcbdfcb6d9b85e1206860bbc6261886ea49c6702d12dcf58904425f317a28c041b993aceaa1496e4eed7d5e05af1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be96029d8545a6688317a1736daf4b49
SHA1 3e97ece8783985d4e63cae8b3ecaf28ddd1aa942
SHA256 6508c71b4e2a3285ccd097a4f945a53fc3bdc44c9df17c18a5b7d57363043c8b
SHA512 a615d777edd85e4e17acd5f6fe1cb4dfc8c4dc98cf4e9fd54e71ed525583c0d3ee6443dbf3a23226d8cab83b722a900ccbfced1bb75540df0a761953bf4d9d0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 acf2dc52d20566097bbbec6e5496e16e
SHA1 0e58b266ac9514ba2ad580edd1ee019089693bc3
SHA256 694c83ee9855b31d4619ed2f89f58e38c085a7cd07dd04c1fae51f948dc178d0
SHA512 14337c7bcf423d305b84dd99e58d3584ee67592f881abc8d9ab3d59aad0fc9e8aea65d19ab72133f01d68f93ff9dccb198731eb9db08c8c73c2cd3e044fddfba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 738fd8244c39bbee2ccd0a25091e82e1
SHA1 7d73f142c5c3fcbb3f3e410e1cac6ab950eb7c4b
SHA256 c80beeba35cda9c5cf4fe66f0dfe1c7c05393345062c480017dbd21dfd19bae4
SHA512 1586645cca3eb2c29a075a3ca395d9361f189c2cab5d1d223c571e3a5edb1add0c35afd17f802799da830508bfcb1e6ef72cc2b22cbe2cfd8683104a97d239db

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPQ313RR\rpc_shindig_random[1].js

MD5 70116351ebc507731f11cfb8653f69bf
SHA1 667d48cd3c244c41a84302056e5b14140045acd3
SHA256 e3fff060584ca9c8eb12a6925252c8c6333622f4e6aeae8417449bf0ae355020
SHA512 a69875a52b635e7a561cfe2c7f4639bc122be434989dd39b37ab8dda08b49aa4bfd681c572628e9dc056c69808d0a03e2c6b4fef88db20a59ca73f097870aee9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\2254111616-postmessagerelay[1].js

MD5 c264799bac4a96a4cd63eb09f0476a74
SHA1 d8a1077bf625dac9611a37bfb4e6c0cd07978f4c
SHA256 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d
SHA512 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-30 11:54

Reported

2024-10-30 11:56

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

148s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\7f1ac5c635064226be652395968264f7_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4584 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4584 wrote to memory of 396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\7f1ac5c635064226be652395968264f7_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff963ee46f8,0x7ff963ee4708,0x7ff963ee4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,13452164041055336394,14509893914766665814,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,13452164041055336394,14509893914766665814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,13452164041055336394,14509893914766665814,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13452164041055336394,14509893914766665814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13452164041055336394,14509893914766665814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13452164041055336394,14509893914766665814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13452164041055336394,14509893914766665814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13452164041055336394,14509893914766665814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13452164041055336394,14509893914766665814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,13452164041055336394,14509893914766665814,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13452164041055336394,14509893914766665814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,13452164041055336394,14509893914766665814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7536 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,13452164041055336394,14509893914766665814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7536 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13452164041055336394,14509893914766665814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13452164041055336394,14509893914766665814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13452164041055336394,14509893914766665814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13452164041055336394,14509893914766665814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.intensedebate.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 static.ebates.ca udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.200.46:443 apis.google.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 192.0.123.246:80 www.intensedebate.com tcp
GB 142.250.187.194:80 pagead2.googlesyndication.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 23.208.247.247:445 static.ebates.ca tcp
US 192.0.123.246:80 www.intensedebate.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.bloglovin.com udp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 172.67.74.169:80 www.bloglovin.com tcp
US 192.0.123.246:443 www.intensedebate.com tcp
US 172.67.74.169:80 www.bloglovin.com tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 246.123.0.192.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 172.67.74.169:443 www.bloglovin.com tcp
US 8.8.8.8:53 ambassador-api.s3.amazonaws.com udp
US 3.5.12.53:443 ambassador-api.s3.amazonaws.com tcp
US 8.8.8.8:53 www.bhcosmetics.com udp
US 172.67.74.169:443 www.bloglovin.com tcp
US 172.67.199.136:80 www.bhcosmetics.com tcp
US 172.67.199.136:80 www.bhcosmetics.com tcp
US 8.8.8.8:53 ad.linksynergy.com udp
US 35.212.34.244:80 ad.linksynergy.com tcp
US 35.212.34.244:80 ad.linksynergy.com tcp
US 35.212.34.244:80 ad.linksynergy.com tcp
US 8.8.8.8:53 www.revolutionbeauty.com udp
US 8.8.8.8:53 169.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 53.12.5.3.in-addr.arpa udp
US 8.8.8.8:53 136.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 244.34.212.35.in-addr.arpa udp
GB 142.250.178.9:443 resources.blogblog.com udp
GB 142.250.200.46:443 apis.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 developers.google.com udp
US 35.212.34.244:443 ad.linksynergy.com tcp
US 35.212.34.244:443 ad.linksynergy.com tcp
US 35.212.34.244:443 ad.linksynergy.com tcp
US 104.19.147.50:443 www.revolutionbeauty.com tcp
GB 142.250.179.234:80 ajax.googleapis.com tcp
GB 216.58.212.238:80 developers.google.com tcp
GB 142.250.179.234:80 ajax.googleapis.com tcp
US 8.8.8.8:53 greenlava-code.googlecode.com udp
GB 216.58.212.238:443 developers.google.com tcp
US 8.8.8.8:53 static.ebates.ca udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 50.147.19.104.in-addr.arpa udp
US 8.8.8.8:53 images.julep.com udp
US 8.8.8.8:53 images.brandbacker.com udp
BE 142.251.5.82:80 greenlava-code.googlecode.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 82.5.251.142.in-addr.arpa udp
US 172.67.73.101:80 images.brandbacker.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 101.73.67.172.in-addr.arpa udp
GB 142.250.180.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 74.125.71.84:443 accounts.google.com tcp
GB 142.250.180.14:80 www.google-analytics.com tcp
GB 74.125.71.84:443 accounts.google.com tcp
GB 74.125.71.84:443 accounts.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.178.9:443 resources.blogblog.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.187.195:443 ssl.gstatic.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.71.125.74.in-addr.arpa udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 142.250.187.195:443 ssl.gstatic.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.200.46:443 apis.google.com udp
GB 142.250.187.195:443 ssl.gstatic.com tcp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 r-login.wordpress.com udp
US 192.0.78.19:443 r-login.wordpress.com tcp
US 8.8.8.8:53 19.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
GB 142.250.200.34:445 pagead2.googlesyndication.com tcp
GB 142.250.187.194:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
GB 142.250.187.227:445 fonts.gstatic.com tcp
GB 142.250.187.227:139 fonts.gstatic.com tcp
US 8.8.8.8:53 www.blogblog.com udp
GB 142.250.178.9:445 www.blogblog.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 74.125.71.84:443 accounts.google.com udp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.9:445 www.blogger.com tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:445 www.google.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 www.google.com udp
GB 74.125.71.84:443 accounts.google.com udp
GB 142.250.178.9:443 www.blogger.com udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 www.polishjinx.com udp
GB 142.250.178.2:443 ep1.adtrafficquality.google tcp
GB 142.250.200.51:80 www.polishjinx.com tcp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 51.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 172.217.169.1:443 ep2.adtrafficquality.google tcp
GB 142.250.200.51:443 www.polishjinx.com tcp
GB 172.217.169.1:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 1.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
GB 142.250.178.2:443 ep1.adtrafficquality.google udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 443a627d539ca4eab732bad0cbe7332b
SHA1 86b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA256 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

\??\pipe\LOCAL\crashpad_4584_UODUKEYTELHKDASE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 99afa4934d1e3c56bbce114b356e8a99
SHA1 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA256 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA512 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 60589026dac7b98489f8d003eca6c166
SHA1 cf046d0e196ff21f1e5dcc7bfce5743d928633de
SHA256 53e711915c7a30f1395d4af464d7fbcf44af85f435402fb595eb073776159a91
SHA512 0dd7654c1ea658d7ce3dbeaa7aa0581de633e9b3be16b7ea0476015ed24ac717b1b738f384d4efc49502c13fdc1a6770950a752a1a005b01882e4c69804c6c7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 05197e9427acea2ac4dc812f97a8f078
SHA1 3d2a38b79da52e57783360f195ac3e7c85edefd8
SHA256 7bdfd36b4f017340dbc84a310014381bfd3028416ff21c54f7ce0a35cfd38191
SHA512 084d4febc28358d3ba6b0bef400f637b7f350381b8b592b1e412dd860d5aaf034c03ecfa87a064cb19dd8a42faade23c260e35a8660791011b7e51b726418ead

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 875389cfa80bb20c0818b8321458ac00
SHA1 8cb3266659ff41d87e9015f2c8583036756a68ad
SHA256 c04d34c154ef2025ba094f6e961cb69d37e8c0aaf824daab5a87797af1bf3b3e
SHA512 66c292311d36404c46ea6ed5798d5614936ee780d06a4456dbd3f4017560b365cf02dfdf64d51f96b0c6b685a7fbb8b269f05df757909352e867886a25b9ffd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1219ecf390df9e600134547a93902a3d
SHA1 ef4392e4a242767119af7d67aeeb7c0a15f721af
SHA256 12b9cc081a23998a63353ff311120d9b927e2349480ba6b44c7c016b68237ed5
SHA512 d3baf502f53716df1cdc06d74b6596dd74f41324132c7a8bb98d72915abbe529857906776aa5097955c1d30d7594a703927a974798ef3875b9aa349609f1f3b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7e0d5fddc651dc21b48e993256dec802
SHA1 00e2b354d581636a37a257545cb7a706e2ae8086
SHA256 9c040e7e47f51fff295cdf819e8a712764ece7d664be772d72a1ac5b0bcf7887
SHA512 69fbe1bf909a411f3443c9f2d7ab8c68f3dd2461e9e18da6aa1fc9aa26616dc2805d6907ba0de8d2249748f4df2812353bb30a9bb6be2e39d70ad08051c180c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e1a62ae2e17b5efa18b6e07e89d503de
SHA1 1fa1eae50f0619aa671a00913efd25b9cedc9ad5
SHA256 04693fb4f7874120e605e31e7554acd5cafce64d65f3fb7c99fc1d572de9641a
SHA512 3d60101fdad490347fdf5725f122c63c06fa7cd042a3ded1496d864ef5ebdeb34004be56fbb6c320c7901bcdc785346a3cccfa55b6dae05f84d9d4f56ba7e9d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 589acef3b2b8400d811c2af870f1aa15
SHA1 d02f5c6d6be6fd51c8d85810945de0cab960ecd3
SHA256 5646f61d27f04229450fbf0bd86f6d8f7284d23c4b5bd43c57f2956e79623b05
SHA512 affcdb65dadd1e5f548a5fbb434dcc55a017c0af8ae01fecf4742ee509d0b3d76fe37ba48314add17a284cf19533a3e7abedef8da998e5a7325fd145f8695dcf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8119e750264b651d53cdf6e20fb94f1c
SHA1 87b338c7b0d8ea9c379c08a7293393c66361c2e0
SHA256 066bfd74da02329b5b941966c47d29246a5c7a178f1829aff674ef9a8fd68e8d
SHA512 be532227ffa77dc0a5d61cb45b4110c1e1f3b92742754f91bd12ec6cee1f2d9c631b0b42c1ae83a4816a9e10a655bf1876f2a8dc5b3cb2405e4e15bb742cd3a3