Analysis Overview
SHA256
e544729af41ffbd4ad735fcc73fd8b2097e86f7bd845d2be226e0f4554471297
Threat Level: Known bad
The file dd85088dc2deb7bd5b58c92943cfb150_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-10 06:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-10 06:54
Reported
2024-12-10 06:56
Platform
win7-20240708-en
Max time kernel
142s
Max time network
137s
Command Line
Signatures
SocGholish
Socgholish family
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e00af987d04adb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfe2bb2a427e6a44aeae20a27146dc1800000000020000000000106600000001000020000000a634db2c4ea672c537d0edbc80af9fe56b45fe32505f3ab1c09ab35a9ec66623000000000e80000000020000200000000e6bd39af43e34c58ae67bddf6063f4caac459ff8484ef01910b3ae45957fa3090000000cc165ea95f424bd8dbf387e1a6fc6530a0460b943d1e5db4b78b814a03725712219f90fb460f48d6d597baa61d36893624770d0940cf9e956758fa0783581eac381cf9c4dbea8783af78ab0c7931b01f274e80a9fd350bdae035d7565b53183b56bbfb9e8f771fbfc17735ab2316c8923d18b6029ec4c71bc3a037a1011f79a2793c0225fcc59ccee0ac65a18caaef64400000003aacc3d8a2e9ce020931941897276f7f2380595221edd0c6e3bef7efd07357a7541dc5b0527dc30385309c2696ec366aae4fc70645c672cc11864e74cf5d3332 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfe2bb2a427e6a44aeae20a27146dc180000000002000000000010660000000100002000000065a4ee3b175e20e3bf7a3fbaaa866109392b058bf2932930d69ec30f29ccfecc000000000e8000000002000020000000eddcbfc65806a8322f3c664137095255743b0ef7540686e0d2a7ebebb718f5ad20000000a6f2d606ee682807048229fe31249e7a58f03ad2501af4e63ea50f260e8d189540000000e20696443b9cc5a30922549d17315ce450ca5566ae62e7e580c849de51f950a1931435a7b1e744d62af24d47771ed933475647d1dcaeaa2b87f03cbda5851ec3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439975511" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8AAFAEB1-B6C3-11EF-B5D6-4625F4E6DDF6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1716 wrote to memory of 2432 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1716 wrote to memory of 2432 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1716 wrote to memory of 2432 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1716 wrote to memory of 2432 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dd85088dc2deb7bd5b58c92943cfb150_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | bloggeradsenseo.googlecode.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | abuiyad.googlecode.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | im79.gulfup.com | udp |
| US | 8.8.8.8:53 | im69.gulfup.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| NL | 18.239.83.77:80 | w.sharethis.com | tcp |
| NL | 18.239.83.77:80 | w.sharethis.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| NL | 108.177.96.82:80 | abuiyad.googlecode.com | tcp |
| NL | 108.177.96.82:80 | abuiyad.googlecode.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| NL | 108.177.96.82:443 | abuiyad.googlecode.com | tcp |
| NL | 108.177.96.82:443 | abuiyad.googlecode.com | tcp |
| NL | 18.239.83.77:443 | w.sharethis.com | tcp |
| NL | 18.239.83.77:443 | w.sharethis.com | tcp |
| NL | 18.239.83.77:443 | w.sharethis.com | tcp |
| NL | 18.239.83.77:443 | w.sharethis.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | s08.flagcounter.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www.kirsle.net | udp |
| US | 172.93.107.85:80 | s08.flagcounter.com | tcp |
| US | 172.93.107.85:80 | s08.flagcounter.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 142.250.200.33:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| US | 138.197.203.11:80 | www.kirsle.net | tcp |
| US | 138.197.203.11:80 | www.kirsle.net | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | service.objectembed.info | udp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| US | 138.197.203.11:443 | www.kirsle.net | tcp |
| US | 75.2.37.224:80 | service.objectembed.info | tcp |
| US | 75.2.37.224:80 | service.objectembed.info | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| IE | 31.13.73.35:80 | www.facebook.com | tcp |
| IE | 31.13.73.35:80 | www.facebook.com | tcp |
| IE | 31.13.73.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | my-tqarob.googlecode.com | udp |
| US | 8.8.8.8:53 | www.elahmad.com | udp |
| US | 8.8.8.8:53 | 04pro.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | cdn.adf.ly | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 104.21.18.65:80 | www.elahmad.com | tcp |
| US | 104.21.18.65:80 | www.elahmad.com | tcp |
| US | 172.66.43.117:443 | cdn.adf.ly | tcp |
| US | 172.66.43.117:443 | cdn.adf.ly | tcp |
| GB | 172.217.16.225:80 | 04pro.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 04pro.blogspot.com | tcp |
| NL | 108.177.96.82:80 | my-tqarob.googlecode.com | tcp |
| NL | 108.177.96.82:80 | my-tqarob.googlecode.com | tcp |
| US | 138.197.203.11:443 | www.kirsle.net | tcp |
| US | 138.197.203.11:443 | www.kirsle.net | tcp |
| US | 138.197.203.11:443 | www.kirsle.net | tcp |
| US | 8.8.8.8:53 | im79.gulfup.com | udp |
| US | 8.8.8.8:53 | im69.gulfup.com | udp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.252.157:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 172.217.16.225:80 | 04pro.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 04pro.blogspot.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | tqarob.googlecode.com | udp |
| GB | 172.217.16.225:80 | 04pro.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 04pro.blogspot.com | tcp |
| GB | 172.217.169.14:80 | sites.google.com | tcp |
| GB | 172.217.169.14:80 | sites.google.com | tcp |
| NL | 108.177.96.82:80 | tqarob.googlecode.com | tcp |
| NL | 108.177.96.82:80 | tqarob.googlecode.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab99E1.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9A9F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e100d6efb45e3983c689e79f177a069b |
| SHA1 | b66420bb9eae1542a18fc457109df109bc5ab219 |
| SHA256 | 9cdd279ce8cbe8bb3882ca27a860c20224ee1157eb365a0485ea0c14beeeee50 |
| SHA512 | cc9a1c04db6f81042af5b6cce0b4281866fe403444afef997497eec0873b141e9396157235204c9c8791225652fdd3d05d4d982544a35420f25d759d019eaaef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77597b073492226b14f56bf381bb6f1f |
| SHA1 | ffb6c7dc91cd85a74f527efc260f83d053fcd9b2 |
| SHA256 | 985f55970dafce4adc7284a1f77ed467bf4315dfa0f4a7520a058d52f908fdf3 |
| SHA512 | c55c3794f482256c927636f113b379f305b52ad51d8f9365185e85559d98ac41f439bd84cd4a222c5a8de79ee7e1fd5c9f06cc36d5d8ea2ae2d92aa56f8ea6f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9db6521c81a23bec0dd8474c6d449b7c |
| SHA1 | f5b26173f7aee25f79b77b214a1a33633abff897 |
| SHA256 | d04d5acf5e23a4fff939ec8f106a6657894b15faae2a8c6bd2e9263aa8e2bc4a |
| SHA512 | 066b1f84062c48aad3bcab7fdb383be75d5a3f00f0a02037b7dfe9cc296f62528d3a48a19ea588a6b8707dcf16c21bb9ce2f8feab64349a88ddda2d7d3464d31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 1e152dcb3e90db0b796a13523e82b8a4 |
| SHA1 | 90eb5d0b45998c27db283bba02daeda2b0daa374 |
| SHA256 | 70bf1c63086e045979d713a5a2bcde9fd301f45d97fd2851a218e5e3669627cf |
| SHA512 | bb7143d359037997d694ccf30b3bd63184a6b73ec9b7926a3111168c9262e557324002538547f5b79a263ab269c08d4841921acd99602479a463b27a1eabfb65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dba6faf7fcafa2f8f6930f5d0d3ff1d0 |
| SHA1 | 7e66d43361e0093187b7b3e2e4d4a5b4f26883de |
| SHA256 | 15170b68eee5549e193060a49a50cb9b6c9d965e454eee3148e6590aedd2a0d5 |
| SHA512 | f84c2f52bbbe1b8814b726439250e9de92a10cccb94906334c4663d9b951665f5d027c90fd13ef740361daa26fabea8bc6d4bd66225da944906cd52889397ec1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 8e607d4315e3d31b9618f586fedf8d98 |
| SHA1 | 69dd9f125b8fe4cd8b10c0509d176813751b68fc |
| SHA256 | b3a52eb31fa33e9c78330f7d0073e5c8768fd00ca51a56496a2829d82072f1d0 |
| SHA512 | 064c0352572e2d6c72b260d862e2bc0733beb188cd7bd4555c64a96c99fe2a6af6650773ba51bed897c222d2e3d005a52b7d03f1e6c61df5ca571b63240c5ad3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69737f1be8b5c71a859d92780ac67245 |
| SHA1 | 6c5de4d360010a186f56452d89420e2e2f474786 |
| SHA256 | b017baf7bb82bb9eb05f63f6bed50fdb1f08ae4e7bcfcd8a5a6eea058460cad6 |
| SHA512 | 278927a93d05f1615022938740b9e9c22c798d5b5482dfdbe1d077fe75c015010de06b92dced7c90c95a05f42a29e48d7078845c8636ab2b4faee7c0423e2dcb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfe168e53efc1be9240423f6dd05c0ed |
| SHA1 | 082c135ecc74717d4bbe2299e4ff33ce681690e9 |
| SHA256 | 114b42b9fdf7b4fef8967ecafdec10d23e5ca7eb14cf2aecb3bf757e2825b6b6 |
| SHA512 | 3046e6f26df5c2844da8a3ee521965513b7ef6d2266892d4b0968207e8442ee105005ac7fba606f4e132858fda6ed1c354994e2ec8eafd179850b3a845e71be6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 458d27b33f0fb8e82e6e45c1b0bcaeac |
| SHA1 | 0eb29af934c423e5b0f441f62658f7a3eb529c56 |
| SHA256 | d0e25120007d151cf817e28daf3a9fcbb6a570b351ca2992ca30e10485c9fc33 |
| SHA512 | 58038c310d2fc30d78106adbf4513b063273bd769ad55e9957a0f3591ad74a4b08ff822dd85aa406ffd1b48e3d1a4c3e2cc3bf08aab22b2cb04ad5c31ef0c6b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4d8efeba1a0778000f7ecf1e1a199fd |
| SHA1 | 6e326da2b8f9b0841e53cf291e92990d0d9e5636 |
| SHA256 | db7e176dc6eeed7bce6605a8d3345ed98feb44a41845526569f5c1ddf7f3541c |
| SHA512 | 1ed71f82f4833b6baca4cf135d0d088a8bbfe897ddb887dae94e143ac6712dbfdf7b2542a77de8f8aa14f10ce9bb388001d1173897b3d5e040066ac2cc83f941 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbcbfcf42d67bdb342a78ab925dcc8db |
| SHA1 | 3e3e0269baf368886a84b9b34393855d72faaaf3 |
| SHA256 | f4abf1e1b3fd0d5721566003feeaaadf20630de4206a5540b5fc54d9d217f571 |
| SHA512 | 571fd2d94fffe7616fc4ed76c85ee81f52ce3230e3df33b6a26710ed36385970783f2ffc332a6313294d6059cdbecf025d85461be343d750bc081abd852ac098 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 097f6c6b62e56d20c5847ab9edf2aaa5 |
| SHA1 | d878cd6266b4c798930300ee4c7e68f85d17363c |
| SHA256 | cb27d1618395e57e7de215a3f9e48d4c1903a1864a1a52646dfdf37bd38bd6a2 |
| SHA512 | 9a2e75f83d9bc073b58042ab1debe4fd0453b6591548dc2259e61c6743c5866b42e4da2a4edc0e3bd6ac446dcd3578151f71baaaef9113c178646de3cbdd6f54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e582d25bbb8cecb11eae149b630a114f |
| SHA1 | c6fc084dcff230ffec316e7dd896aa6d6307b2f9 |
| SHA256 | 942a94eedc90b157f9ea227975913e0608f1da3fc4c3d204b801208e2c7bdc35 |
| SHA512 | c92ef1fcf625dbeb66fbec52376ee1ccfa559b58b7e0af96e687a5c3b356d21b09d7dcb6cdcfdb44e04266bcf9c9545b3702436c53de9a1c0cb85e971b74cdcf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\plusone[1].js
| MD5 | 2693cd35d818b48f4cd562c6abe0db29 |
| SHA1 | 131c844eb658219966c722b60cc12c8a542ebe06 |
| SHA256 | 911fa262008c6ef2bcf8448ad83a5aa8129c39355b98d957f5c7dde2babf9b7c |
| SHA512 | 4f692bd49811addfe89d14b156fed6513f04ec4be2629086a8b66ddcd6e7b8b7df149fa017173824c30f7492c2320a3d7b9c0344d5e1f7074742558125654f1f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\jquery.min[1].js
| MD5 | 10092eee563dec2dca82b77d2cf5a1ae |
| SHA1 | 65cbff4e9d95d47a6f31d96ab4ea361c1f538a7b |
| SHA256 | e23a2a4e2d7c2b41ebcdd8ffc0679df7140eb7f52e1eebabf827a88182643c59 |
| SHA512 | cc92cf5a9b3a62a18af432fdffb81b76da84e2f43ce3c7800a919c10809118d0611e29a47f103ff3df18a54d5331bc5f06ef4771dc406cc763b30ff2a66a3e81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc0fc46aa5dc5cc7323be16468a884fb |
| SHA1 | 740cec804eb90ebd30ce8f21708f31f06d256828 |
| SHA256 | 2ba3daecbcbbfd54838ce57840a45fcb96705b88c756d651286ed918b069f601 |
| SHA512 | 3c24f1d61d35fcaaa5cfdac53e7d5bcad7816985fafef02e97f3899496c4b19f8fb46c92406784c4bd0dd3fee88f96a1b819bcddae0510bb1dc730d7b9ca156a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25782351eb04be2c61d01e4a9390d3c1 |
| SHA1 | f6d2e4f3a3268d42127b5956b58ea9000921d8c9 |
| SHA256 | b15eeead37a699ec014b1ace2b4747ab49a0e18668bc9c0ba8beb8589ac69d0b |
| SHA512 | 4d14149b7fa7c511c3ef2c43d7f10c43e305c557b5a9404dd3c633ebde0d471855f831ce9dacb9cba97b761c466cd23331ef6a22c69fac9ad2d92754f2383eb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e100e2da10fe57dea9e07db336829d23 |
| SHA1 | 3d038c71e687011b665e9ea61dcef8ac9414027f |
| SHA256 | 7fdedddf5c7e8238ebc0b2502cbad07c20081d83902284291f18660900d7778e |
| SHA512 | bc7ba78b7f51fe6f1f5fa83f7144df07d022c7c9d4c8cab8fea0d21f89d5e738c05b8cabd1f99f481519bcbb9e1b2c7b4f510d1d9b0bbd50165255bd93a0276f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee429978f3367a5c0d968ba6493c5879 |
| SHA1 | d2af23fe3b8354835db02e1770e3448842121b6b |
| SHA256 | ec7a8603e4363bda6890af186fa6bd5e919da0c9d7febd8af1a1bbab3b69fd1c |
| SHA512 | 9b6f60c5aa5074ffb12fc4a1381c18f72c20d42749a4032743404bbf554f80088ba7c0944bb0d1c3cfd5ede0f43c26dde009fa715303cee4cb8abd34a2298d6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f49fd40d309344fbd54df3a4b73fd79 |
| SHA1 | 6d59a2ba43ea7475b6adbd3682f8b8f8be42e0b9 |
| SHA256 | b554f486d9ad34d47d5cd5f888587129aff404fa3082aacb13d694a458bf5ed3 |
| SHA512 | eb7311ac11ce6dba0ea56afdf211a2420dfb7420a1d4a5164b8a4c87c3c2ecbb40eff6965155d9b6fd86a2dfe4b5e461e4e5cb51745a65ec4d86fde1815f38cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b041fc3cc629c763e8c1117f616af13 |
| SHA1 | a7308f4a3acfd15658ddeea6c7d34f4757d1ca8f |
| SHA256 | 2ebfdd57a8aa9bbc9bec47b62c8759f970e9d5af5cb3cef0489007aef9981a4f |
| SHA512 | 617f0831cebef2da1fdd30c331ec70f8cb75c050978c6286527d9cce3c4c5aff6dfabe07686f90f92370c49851563b34e920a06358792bffa8c975397d7e4070 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd7f3442070d4da32a18b15826421213 |
| SHA1 | ece471ce88767283737c41d9afe4037aae4b2acc |
| SHA256 | 33ad0c9f5a153a7159c3a711215cfbeec0bd201799d1f3eaf06c173c8b7ec245 |
| SHA512 | d71473a8d195f40e37e18e2c7b37e8559c609f2e91d3389c594d3befc4d9ecf71989cc2fb7c8ff4fabd1d63a6eb0e6db15ee7aebac4896cdd650bfc401d6c091 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 311df71e80e5e3c406a4a8a02947bb09 |
| SHA1 | dcb3ea3b86ec98b681d9ff57caec9828344668f9 |
| SHA256 | 500af5f6889496795c2b020f85dc258ced6325b3e478775b7f412bf4062839b9 |
| SHA512 | b35de42bdbc0d7d24a466e7bd2f40cc2f5bd5457771f50e28dd193ff8f6cc2a866a744e63da8b544ff50265f9eb08a625482669db35405b73e439ddbaad69e9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a52430d9d0a951bbf5e8a30ff41b4c5 |
| SHA1 | 82c6a5ca6ed87a9e3c387dfaa9a1bf73eb33d37d |
| SHA256 | e4a55bf7d2e519f8ab3d15599df7c54e939ff785eae6370449af3dab2ad9e2f6 |
| SHA512 | 1796fc47709f912b1dc195b88101613e3dc970346dc813cc2e0eb9fb08aeeea41e8ccba4f291aec1e5d16bc076688a50ac13fce8d5751c5e75a72d35cc4feb9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75c83fc7dcd59da0c50fc62f634568a9 |
| SHA1 | c7381ebc7be67608ef2687b0eb91e5cab163dcc8 |
| SHA256 | f3bf305801b717d43db71a7da3373227aef317af09f5dfa9b7ffa64bd8f219bf |
| SHA512 | 7cacd86dbf2b6c4b5b2462cf710468fb94afdc44fd16d480947afed7fba045c762367def5a6e0a8dc55f75ea8c32868c159c4a06582fb4c477bffc52e33c0caf |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-10 06:54
Reported
2024-12-10 06:56
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\dd85088dc2deb7bd5b58c92943cfb150_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9264246f8,0x7ff926424708,0x7ff926424718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | bloggeradsenseo.googlecode.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | abuiyad.googlecode.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| GB | 216.58.212.226:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| NL | 108.177.96.82:443 | abuiyad.googlecode.com | tcp |
| GB | 172.217.169.74:80 | ajax.googleapis.com | tcp |
| NL | 108.177.96.82:80 | abuiyad.googlecode.com | tcp |
| NL | 18.239.83.44:80 | w.sharethis.com | tcp |
| NL | 18.239.83.44:443 | w.sharethis.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 04pro.blogspot.com | udp |
| US | 8.8.8.8:53 | my-tqarob.googlecode.com | udp |
| US | 8.8.8.8:53 | www.elahmad.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | tqarob.googlecode.com | udp |
| US | 8.8.8.8:53 | im79.gulfup.com | udp |
| US | 8.8.8.8:53 | im69.gulfup.com | udp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| NL | 108.177.96.82:80 | tqarob.googlecode.com | tcp |
| NL | 108.177.96.82:80 | tqarob.googlecode.com | tcp |
| GB | 172.217.169.14:80 | sites.google.com | tcp |
| US | 172.67.180.182:80 | www.elahmad.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.200.33:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | s08.flagcounter.com | udp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| US | 172.93.107.85:80 | s08.flagcounter.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.96.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| GB | 172.217.169.14:443 | sites.google.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | udp |
| GB | 142.250.178.2:139 | pagead2.googlesyndication.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | cdn.adf.ly | udp |
| US | 172.66.43.117:443 | cdn.adf.ly | tcp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.107.93.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.43.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| NL | 108.177.96.82:80 | tqarob.googlecode.com | tcp |
| US | 8.8.8.8:53 | ws.sharethis.com | udp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| IE | 52.31.109.99:443 | l.sharethis.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 4youpro.googlecode.com | udp |
| US | 8.8.8.8:53 | 99.109.31.52.in-addr.arpa | udp |
| NL | 108.177.96.82:443 | 4youpro.googlecode.com | tcp |
| NL | 108.177.96.82:443 | 4youpro.googlecode.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 142.250.178.14:445 | translate.google.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 142.250.178.14:139 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 142.250.178.14:443 | translate.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| IE | 31.13.73.22:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.69.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| IE | 31.13.73.22:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 142.250.200.33:445 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 142.250.200.33:139 | themes.googleusercontent.com | tcp |
| GB | 216.58.212.226:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.178.2:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.178.14:443 | translate.google.com | udp |
| GB | 157.240.214.35:445 | www.facebook.com | tcp |
| NL | 108.177.96.82:80 | 4youpro.googlecode.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | udp |
| GB | 142.250.179.233:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | udp |
| NL | 108.177.96.82:80 | 4youpro.googlecode.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.200.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ws.sharethis.com | udp |
| US | 8.8.8.8:53 | torchsadrain.blogspot.com | udp |
| GB | 172.217.16.225:80 | torchsadrain.blogspot.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
\??\pipe\LOCAL\crashpad_868_TEKQWQPXGMLZYCWP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 63a6e393e7158780c5c8dc3a7168f4fd |
| SHA1 | 3aff58698ee169ef71ded1bb1baf5c84efcfbfc3 |
| SHA256 | 468e30b658f52671fb96237ef972b58e08a138092dadd277369d85422bce9958 |
| SHA512 | a5d01fa6effda5ba64a8ab378fe85465e193477ae98950a3e5b952e3c072080d9aa24aee67c0f1f0279ae52816f9691ab6a3b162bcc481c6872322cac7f2966d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0c333cff-4033-48a4-b43c-e2ced78e6ade.tmp
| MD5 | ce5c866434ca7c034ceff1028bed9fdd |
| SHA1 | 64a8c57935eb7d163e505e0a99ae07c68c9d3ff7 |
| SHA256 | 941d730d1a62048136bf249f5c492d78a4a5552a51a0c97a41992a8ce5972c7d |
| SHA512 | 6cf989d26efc93805985cdee85d7d334231b3f8f6e5b0a5012ee6b1267e772c60392b2db79cee76af69ba94c5ba4477feebd688ab51b75620cb0964f513a95e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8e15074c0dab1bed5bd9f45c6b3896a0 |
| SHA1 | e65d0d9269d0db8fbdb61cb80bd6d8db6c519589 |
| SHA256 | d35f96a207547fb3167d1b45deb1a4f62d29ef0031e8464d99b37ef7b250ef19 |
| SHA512 | 4f6f6f3a5b06fe402634ea0e044845501e5882d3628a8f44f865b9804d8bdb21dc194259f10db70754ba464ef905bd0896f975e36faacedefa0e8edf75b550cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b03b5eb3c385f7577e91aa2d9c1a1c70 |
| SHA1 | e646ac4f5d0def4899b7f56e685f1bac96e925ae |
| SHA256 | d110bf040b7981195db02fc4da1ac9002579418c216036edb7f555406b1f134f |
| SHA512 | bedb28337eff34043c0594a49174b513fe07530674f9a2b7880f0316be050fee5481215141da99d68fe56188a1e4fce92f7b1658a825505c24fdcafb532baa74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585484.TMP
| MD5 | 99a5b0c4d851ee6c7b01ca0f54363796 |
| SHA1 | fa671055d164d0388cc7c96e711b104900fbecb9 |
| SHA256 | 17bd075eb24f938ad67f0826fed56336f7c0255a66f8264535b3f0ccc02b2ce6 |
| SHA512 | 2641ba3284a075302e352c3d90ae65936ee7cec71f21c434739c52c873a8585173f156bcd40bdd1c2c03faac3d2904619a2fe82fcba8996d28c8656db7d6fdc2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5721f966d3c80791e94daf43725320d0 |
| SHA1 | 20a77232099de7a4f75a0ba6e3b023ca81197b8e |
| SHA256 | 29789360a34ef879f3ce8414a3b5440d17095dc6b45f00a344d99b318a29a8ec |
| SHA512 | 87f341ad9b06a5906a48a4c34f91c605f678ad90bdca3158884bb91dc9dfeebdaa9b8c00e1447e63bc8c179fad162ac8f41fcb0dd0f6308aa9962f5a87df805c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 4b3121a05808b99aa6e0cc12924f77db |
| SHA1 | ee5805bb76c384d1e1667aea2976bd2f4f94c7cc |
| SHA256 | e4fea32bac89d9ad34b13a25b0b4da1321920b2c6be2cabb75ff91bf6109152c |
| SHA512 | 9b83d55691b41d2a45a542d163c1b6a47208969720ec1fd15233f29ddcef2243e79895cfcb008767f91b3d1cf3a6288248e8b1ec50027eb96db04cde56cb2605 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 640fdcf56554df43d9e3b0233542e473 |
| SHA1 | 30bbf9f38db9be4e30e1323f9c61e6e46af411b4 |
| SHA256 | 6d9d954bbf7dd1af7ea43a3c9b8728cc0c1b8b3b91ed9a5c8bcbc768cf76585b |
| SHA512 | e46cb263474879660112fca9b3b16d070626cbc7fc3834894653186c9602ae2184a5d074f7fa7c250d7971a32928a11e060bcd94730e40c960abfff083fbe85a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f7f577bd75a27691c5e49c9be07bcfe9 |
| SHA1 | 9180147afb6aeed4475fec374af9b5705d19616f |
| SHA256 | 65523974ea8d3b445d0f4e932ee503b11298983b11488bb3cb4c5395064863c6 |
| SHA512 | e999191c932f984d297f1cb4a51f184b98e7690b41e9bbc6aa904b40e4d9b7a5165d06b94f42f1f783519e0cffaae0ec18138b09264516a6e81552b984df7dd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b4f2d5d12eeb6895c960d4bebad059ac |
| SHA1 | fcb2dd926ed0ae0788845e433028075bf49db897 |
| SHA256 | 20bdeaba0251db1f45a018730a7983aeb86e5c793bc56a4f32d465cec92d390f |
| SHA512 | 17d294fa646d8a1141b1878420e42a152467584f5d3823c5a7393b65a2ddbc5eddcadef3f8df3e657cf557337bbcde4941e3567b85f5cc7681837d060c538d70 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0e39950c5941abb22f27e456c0324f85 |
| SHA1 | d9c36eecf4739452e579d35f094cf64684d596a5 |
| SHA256 | 59315dd63b6b38d064f5ca641611145a5bbb1bef0aa2aa6b6bde700c44c32943 |
| SHA512 | df6cafda82d9897857e8671500c309a5e1cc8ce2d7a5af11bb7398932ef4f05c70ae11b5c6e86d6a6299d5e5f0dc04a38d13a5735494c856fcaf3d9dbc27f7bd |