Analysis Overview
SHA256
fb0b189acc6f75d161332d42b7808640fa75ce5fc22f7fcf87937aac94d2549b
Threat Level: Known bad
The file ec8135823ead5c4cac185e9584d692ac_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Socgholish family
SocGholish
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-13 17:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-13 17:02
Reported
2024-12-13 17:04
Platform
win7-20240729-en
Max time kernel
133s
Max time network
146s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F9A85941-B973-11EF-9B6B-D681211CE335} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000aa3e84cefc37b24cb655c82468081078000000000200000000001066000000010000200000007fafc009fd7a12a6327abd86187bac62481b4cf56e4778b4ce1a5e67180ab01b000000000e8000000002000020000000dc7941055ffca6d556ef527e29738b13c7be7c0d266fd3cd9dd2de91b45ecca8200000009f2c63705dbd74dbed80e587136de77efaf291542d225b150a9859e20f5ee93340000000ea1aa84caca7e41209d4ab775926cfcdc6fd770217a1ded7d9f8379ddcac7c1a65484738144e407a79227a33a0f913f7d3bd26263ebff46634ef944c5f3a0396 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440271193" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000aa3e84cefc37b24cb655c8246808107800000000020000000000106600000001000020000000ee25d1cb8cc6d5af92e0a7fc5c2c0ed2813365aebf90eb2f7efb0818703680b1000000000e8000000002000020000000917a49fccc31920dbbb34b5353259ec6ba792e068c34da91ebb2d8b1d6234cc5900000004a3e74fd5b67d2e78d78f6620800cf3b24914fab82d3b2f0c56364df43e3f9ef3e802a964a3f23c7231ce70e092dc1d917d034d8363f5d52d1180a5bc6d112c34a9f54e31d75ab59f02490ab5a333a6a77628bdabf970959d6afef01b304d73cb0544e8b25d03e657003f4867ed469d6c0d54e50bdfd3e79bf7221621a296432b20e7261c93606bffd0abb7aae7a73f540000000dad75bd22a456737b927d4843132c1fbf5c9d8525171262deec1d7614f250054ac5377e29239df4d618c01ecb1aa072558c5e91a927f7301bd87edd6909fac88 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1034ead5804ddb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 560 wrote to memory of 2944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 560 wrote to memory of 2944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 560 wrote to memory of 2944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 560 wrote to memory of 2944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ec8135823ead5c4cac185e9584d692ac_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:560 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 104.22.70.197:80 | static.addtoany.com | tcp |
| US | 104.22.70.197:80 | static.addtoany.com | tcp |
| GB | 151.101.188.157:80 | platform.twitter.com | tcp |
| GB | 151.101.188.157:80 | platform.twitter.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 104.22.70.197:443 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.213.74:443 | ajax.googleapis.com | tcp |
| FR | 216.58.213.74:443 | ajax.googleapis.com | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | jqueryapi.info | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| US | 45.33.2.79:80 | jqueryapi.info | tcp |
| US | 45.33.2.79:80 | jqueryapi.info | tcp |
| US | 8.8.8.8:53 | bloger-tkj-dos-q28.blogspot.com | udp |
| US | 104.22.70.197:443 | static.addtoany.com | tcp |
| US | 104.22.70.197:443 | static.addtoany.com | tcp |
| FR | 216.58.213.65:80 | bloger-tkj-dos-q28.blogspot.com | tcp |
| FR | 216.58.213.65:80 | bloger-tkj-dos-q28.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | blogger.googleusercontent.com | udp |
| FR | 142.250.179.65:443 | blogger.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | blogger.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | blogger.googleusercontent.com | tcp |
| FR | 142.250.179.65:80 | blogger.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | blogger.googleusercontent.com | tcp |
| FR | 142.250.179.65:80 | blogger.googleusercontent.com | tcp |
| FR | 142.250.179.65:80 | blogger.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | blogger.googleusercontent.com | tcp |
| FR | 142.250.179.65:80 | blogger.googleusercontent.com | tcp |
| FR | 142.250.179.65:80 | blogger.googleusercontent.com | tcp |
| FR | 142.250.179.65:80 | blogger.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| FR | 172.217.20.174:443 | www.youtube.com | tcp |
| FR | 172.217.20.174:443 | www.youtube.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| FR | 142.250.179.99:443 | ssl.gstatic.com | tcp |
| FR | 142.250.179.99:443 | ssl.gstatic.com | tcp |
| FR | 172.217.20.174:443 | www.youtube.com | tcp |
| FR | 172.217.20.174:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| FR | 172.217.20.162:443 | googleads.g.doubleclick.net | tcp |
| FR | 172.217.20.162:443 | googleads.g.doubleclick.net | tcp |
| FR | 172.217.20.198:443 | static.doubleclick.net | tcp |
| FR | 172.217.20.198:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 142.250.75.234:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| FR | 216.58.215.33:443 | yt3.ggpht.com | tcp |
| FR | 216.58.215.33:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 172.217.18.214:443 | i.ytimg.com | tcp |
| FR | 172.217.18.214:443 | i.ytimg.com | tcp |
| FR | 172.217.18.214:443 | i.ytimg.com | tcp |
| FR | 172.217.18.214:443 | i.ytimg.com | tcp |
| FR | 172.217.18.214:443 | i.ytimg.com | tcp |
| FR | 172.217.18.214:443 | i.ytimg.com | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| US | 104.22.70.197:443 | static.addtoany.com | tcp |
| US | 104.22.70.197:443 | static.addtoany.com | tcp |
| US | 104.22.70.197:443 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 23.192.22.93:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| FR | 172.217.20.162:443 | googleads.g.doubleclick.net | tcp |
| FR | 172.217.20.162:443 | googleads.g.doubleclick.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\CPZW5CP6.js
| MD5 | 67e216a27dda24bdcb086c2385b0cb99 |
| SHA1 | 17141c80f5d32bec3691c5ab24741d8b7dd5f0c6 |
| SHA256 | 9dc433b2142d3ba0803fcffa53f19d34da26996d20c829df6d694bc887325dd7 |
| SHA512 | 802319543dc64cb011bc2684004e878a842b73aa55e4da1141ccb8650cbf42fabbf2b46c730760bbfcc7a140e11700244b9f5da78bafe9fca7ec7825c12b4255 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\cb=gapi[1].js
| MD5 | b103bb58d9e7cecaa60bdf377d328918 |
| SHA1 | 0f094c307bceef833a64f408d2f749a10f79de44 |
| SHA256 | 81dcd274347bd909cf132d3c8bcc9924e41921c33eca07fd6fe5e2a59ca4f5b7 |
| SHA512 | b1a4fa329b76df7c861771e1dc36749155895dff623cd916811f2af8c95f3bcf9fe75a3b9a56833f066a227444982ff4883459e24f7eead79b521c2ffdcaa844 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\YYU1HF7E\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\YYU1HF7E\www.youtube[1].xml
| MD5 | dbad3e40ccf3f9919384406351028a81 |
| SHA1 | d715c6db654cb71865689d3ee18a4766e1800d56 |
| SHA256 | b7d8ddc7acac7152e284c2d61d23d5202b820905cd30809ed391a2ae668b5280 |
| SHA512 | 5d5114fe1885fbf68cd5cb523d3f48a8ed85dab18e577cdf65d641b59610b9a906377116a015d804ab99b45a709046804d47c82ff493ca6bcaa35b9eac02e33a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_2E8C46D6B6144EBA435CCDE0B3FD5C15
| MD5 | 1d2b34136d950ebb2e67d0da20fff33f |
| SHA1 | f71cec96e57721bb87a70d90bac2128f9bef7e9f |
| SHA256 | 31b4c5cc6667915bf8dea34194997dd6d854b1a483035251e5183579dc3ec00f |
| SHA512 | 7e6997151d1e0a47ed438d7af554b292dd26eed5311243608ed166bd6773c8ac4fd6baf64ddb1cc4aa3fd2d69ac62d2cfb68d05a22424843dc501aed674b7f28 |
C:\Users\Admin\AppData\Local\Temp\Tar7F13.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab7F10.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a783e43545c99229f0ad6fb5cedcc9fd |
| SHA1 | 1612d6514987e5bdf1daf37dc7ce801b6dcb74d2 |
| SHA256 | 3729a7edf58c7ca316c6ec96002ef545f22c9999b5ce9bd7178ef401f00eed59 |
| SHA512 | 3d2123e5b75b2a62528d86176ced489861195d1fb420e63d243c2f04cf7b57c9f90acb2b6384cdeb0cbede845e1396393f4eb1724cc44b415782837033c3cbcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20f6e35bc0a282dd636fbef3ddd13c0a |
| SHA1 | b18ddbe05df1fc0b7e8b0be737c9c6bb4e62a442 |
| SHA256 | cba5ebae062186036ec45a651a2fb1dd355d6edc3755d4eb7a3dab794dafa03c |
| SHA512 | 476c6d80fc83fc9523885a8248833ed1755b4ab99972185decee038f0fdf36f810026f126dca5bccc20b5322ae5b22e0b06d53b0610b0a8cfa37a8dd9dc66840 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7de7dbfcbf485b9794c1b35c0ddc9f13 |
| SHA1 | 4a443df5c5542ef91f8d3ed62668b609ce2ae64a |
| SHA256 | f563f53c3a9e87bb7ed08d0364fb42b59f807fd4839e301a553fa060350d72f2 |
| SHA512 | 8a6edfea9d3393d5ff23962e8a430ebb92f43e8c7846e98a2c0b643ed6d42d5f45d71bea9443e207f99dec809613bcbb23917af40381fac04bdde7e47db0c7cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae31268b7d60143bbbe2cd214b8a6b39 |
| SHA1 | fb33b3a4f7573dc4fa490914fbce2408c04b5b8c |
| SHA256 | 1908cc2912021ca3b33378c8164d85ffc3e53ebad85bee86270a55737db6cedd |
| SHA512 | c16416433f443543a3f0a82d45ac6a5da3f06d88420d44de36a6e2ff721263178330026459061f6a3c08297f4e0bb398b539dff0f54fa43cbc92196c23e91c2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24878cc66401bd95cd278a2c22ee6b72 |
| SHA1 | 27fe4a62c902b89ca3628eea557c18429a69a140 |
| SHA256 | e230577a95815585f4232e5c571cd8c05b2258db19a944fbf13d1683ec5de5fd |
| SHA512 | 46772bbc283ad24545ebc3b846f78ee908c4d1ef535d7a809b7afa5d0fd04aa7778cb554b30e616ae70a39672fc251ddb8ca5e483688946dbcd070e0826cc82e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a97eecb323c6f1c846b6718237a0a014 |
| SHA1 | a31ddb05b43135a291f702d46377677d11b1e58c |
| SHA256 | 962510e899018ea00352286b76e03132045c34415c68a758e48ea1b1b52fc466 |
| SHA512 | 474303f3471734bc2cf7b600726ecfdd4840fa328d532afa8089fc37b96b5d05ba7a5dc7e5ab7a7ce5f03e03c40b5600c263cfa3009a02d00d1167bcda5fd201 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91a7a110793388ec66a984533e21e762 |
| SHA1 | c621ef23a7ed81700a58a25a78fb56f601e2ba57 |
| SHA256 | a3b6b4307e2baf546adc4268c2a9ced3aa7bfd7b6e2b2e3598d174075a0a0d99 |
| SHA512 | f93d86bb7a68573e5ba8803918888129de6df8bf07185efbb2da9422e0e8e0a05e79ddffa71c2d54b9eb0c90ffe3b59a261ad95f2d82ffbc8d23d85a8ef4467e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | dc0f53473419bee495f190524f7f311f |
| SHA1 | 0b4ca32c61f660dd1582d8516374c214be622bbd |
| SHA256 | 1deddcced5c7dce882e2b1951e02b9a1ee3b4a25bdb523332259e82bbdbca372 |
| SHA512 | c9df8042e3d8cb80c47cc9fd897a60b80e2d491814b3a33fc113e8cfbc0ec43f0288f0024b2875e88f024cf6195ba98759fa4b00c5fe09f083246288abd61348 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\2254111616-postmessagerelay[1].js
| MD5 | c264799bac4a96a4cd63eb09f0476a74 |
| SHA1 | d8a1077bf625dac9611a37bfb4e6c0cd07978f4c |
| SHA256 | 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d |
| SHA512 | 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\rpc_shindig_random[1].js
| MD5 | 45cbe9a36a384fe9273d25ef64ef8691 |
| SHA1 | 325026cc1cb9022ccd8c9c2089597251419201cf |
| SHA256 | d9959cd6fb35fa6a7aef91a5bb9bb5358e7f91271d84130de6d06910076c5c5c |
| SHA512 | 0a70b1b12658418caf529a01ddc4d7fd6c59276c4658028ce2b5f7dcea64ef91f353fce7e67349c8534b68fc53c0ff23c36a7260337dcd307b836e55bec43dc6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 4825adea66cb55060afe1eaa11960eee |
| SHA1 | af61dc5c873156db2e6ef872aeecfc0c742e407b |
| SHA256 | 045632f9cc842d2dcccbbd85aac0cd441bbfd6f3d6b4bc6e9aab8cf3fa9d4bcc |
| SHA512 | 438de2b6e904771a6f38da920e256c756378c372611cade5786d0b8add60897deb0bfe416e0793575542749abd4c0b258f8c822c4b7cef327250fd58987160ce |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-13 17:02
Reported
2024-12-13 17:04
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\ec8135823ead5c4cac185e9584d692ac_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce47c46f8,0x7ffce47c4708,0x7ffce47c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8567815728555715340,15834505865805788014,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,8567815728555715340,15834505865805788014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,8567815728555715340,15834505865805788014,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8567815728555715340,15834505865805788014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8567815728555715340,15834505865805788014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8567815728555715340,15834505865805788014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8567815728555715340,15834505865805788014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8567815728555715340,15834505865805788014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8567815728555715340,15834505865805788014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8567815728555715340,15834505865805788014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8567815728555715340,15834505865805788014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8567815728555715340,15834505865805788014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8567815728555715340,15834505865805788014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8567815728555715340,15834505865805788014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8567815728555715340,15834505865805788014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8567815728555715340,15834505865805788014,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5520 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 172.217.20.170:443 | ajax.googleapis.com | tcp |
| FR | 142.250.179.78:445 | translate.google.com | tcp |
| FR | 172.217.20.170:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.136.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | 170.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| FR | 142.250.179.78:139 | translate.google.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | jqueryapi.info | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 104.22.70.197:80 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | bloger-tkj-dos-q28.blogspot.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.179.65:80 | themes.googleusercontent.com | tcp |
| FR | 142.250.179.65:80 | themes.googleusercontent.com | tcp |
| FR | 142.250.179.65:80 | themes.googleusercontent.com | tcp |
| FR | 216.58.213.65:80 | bloger-tkj-dos-q28.blogspot.com | tcp |
| US | 104.22.70.197:443 | static.addtoany.com | tcp |
| US | 104.22.70.197:443 | static.addtoany.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 146.75.72.157:80 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | 197.70.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blogger.googleusercontent.com | udp |
| US | 8.8.8.8:53 | img.youtube.com | udp |
| FR | 142.250.179.65:443 | blogger.googleusercontent.com | tcp |
| FR | 142.250.179.110:443 | img.youtube.com | tcp |
| FR | 142.250.179.110:443 | img.youtube.com | tcp |
| FR | 142.250.179.110:443 | img.youtube.com | tcp |
| FR | 142.250.179.110:443 | img.youtube.com | tcp |
| FR | 142.250.179.110:445 | img.youtube.com | tcp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.72.75.146.in-addr.arpa | udp |
| US | 45.33.2.79:80 | jqueryapi.info | tcp |
| US | 45.33.2.79:80 | jqueryapi.info | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 79.2.33.45.in-addr.arpa | udp |
| FR | 142.250.75.238:445 | img.youtube.com | tcp |
| FR | 172.217.20.174:445 | img.youtube.com | tcp |
| FR | 142.250.201.174:445 | img.youtube.com | tcp |
| FR | 142.250.178.142:445 | img.youtube.com | tcp |
| FR | 172.217.20.206:445 | img.youtube.com | tcp |
| FR | 142.250.74.238:445 | www.youtube.com | tcp |
| FR | 216.58.214.174:445 | img.youtube.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 146.75.72.157:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 157.240.214.11:445 | connect.facebook.net | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 216.58.213.78:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 142.250.201.182:443 | i.ytimg.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | 78.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.201.250.142.in-addr.arpa | udp |
| FR | 142.250.178.142:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| FR | 142.250.178.142:443 | developers.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | tcp |
| US | 104.244.42.200:443 | syndication.twitter.com | tcp |
| FR | 142.250.179.99:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 157.240.214.11:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| FR | 172.217.20.198:443 | static.doubleclick.net | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.18.202:443 | jnn-pa.googleapis.com | tcp |
| FR | 216.58.215.33:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.179.250.142.in-addr.arpa | udp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 216.58.214.174:443 | play.google.com | tcp |
| FR | 172.217.18.202:443 | jnn-pa.googleapis.com | udp |
| FR | 216.58.214.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 198.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| FR | 172.217.18.206:445 | www.youtube.com | tcp |
| FR | 216.58.214.78:445 | www.youtube.com | tcp |
| FR | 142.250.179.78:445 | apis.google.com | tcp |
| FR | 216.58.213.78:445 | www.youtube.com | tcp |
| FR | 216.58.215.46:445 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.129.81.91.in-addr.arpa | udp |
| FR | 216.58.214.169:443 | resources.blogblog.com | udp |
| FR | 216.58.214.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 121.136.73.23.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d22073dea53e79d9b824f27ac5e9813e |
| SHA1 | 6d8a7281241248431a1571e6ddc55798b01fa961 |
| SHA256 | 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6 |
| SHA512 | 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413 |
\??\pipe\LOCAL\crashpad_4860_IDWXFXVIERNXDHAN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bffcefacce25cd03f3d5c9446ddb903d |
| SHA1 | 8923f84aa86db316d2f5c122fe3874bbe26f3bab |
| SHA256 | 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405 |
| SHA512 | 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dcf3136f4bb39cc00c4b471a69d86774 |
| SHA1 | 943d6a34792d751f9ccc5229408ad2b429b09ee7 |
| SHA256 | 200a131307fe19002bec38859b63520e2d37ff2013e07e6a5a35218a620f6356 |
| SHA512 | a2892549c6aa17d891aa728366211c63902803de556b98dcc0f94c4b59af2a7f79f96dcdbd497fb05eeba4d28fd1c9de1ae58780b5d9141c812bc5115fc4570b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 39c175fede307c44711f094cacf30345 |
| SHA1 | 91ac1e91e296f7deb18b21c017f1b9ca1401a935 |
| SHA256 | 994f0c36d43f7e4b68a1f14540e27512f9c1ac7e9ff3ff0cdeca00a55d20e6cb |
| SHA512 | 223fcb3293eca486190a6d12cd90997eb3b476f590215abae95f6bb903357c4695c95de8d1d9d2c4e91bed50eb73675a547be9076f926e4b1d70736f5a93c026 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7d7b91ea804a8d5530d71c10cb1ee8eb |
| SHA1 | 257be85a7b3e29f954e007d08c3ae44be18e4761 |
| SHA256 | 36abf859966983adb4f607060808735893ad00663874ce94363a154a991061a3 |
| SHA512 | a69cb1b2f4991297775acef24c457ef4d429c2f524a5e3cd93c90683b2da204529c30f6208d6d41e4528080001d9f11e1caa94e02aff8a273195262bf12e37aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c33671801f4e2726c6352470d6be0d7f |
| SHA1 | b77b7e3ffe48b1452b82ab17d358945e3f3cfe32 |
| SHA256 | 6799bd3c5dec353d526ec8904ae2eca020f4239741e21e7f6df666b89cbe290c |
| SHA512 | f10a0f5a4a5a3eb6de03e9ab968b4e5220d54704d5e8b056414a88188ac9b90990db878d4cd27800130b3c148a1a2c74e8a86e7bf7fb73f3a2b6192b89e90854 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9359db8d18ca9b077d7f3e88838ac27a |
| SHA1 | addbbfa3f49df6b6e4081f671e453b0e1d3df9bc |
| SHA256 | eff5088a8daa31594203b852dee86365b3fe0bab24d76b63b3a82098b029689d |
| SHA512 | 6c5041d519d5ea12d1a67caf97cbf9afcab25ad1a9a29d0229e329111bb6cc788e3ab3e44ad1b13b44279749f5ed5a8335cb50cd949158f5b57b04a9a9ad66f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580450.TMP
| MD5 | 6a24e60a6dae736873bcab6ad550bc18 |
| SHA1 | c17d1c4467a2bf704339e28bfb7ea8e0a3a71f8c |
| SHA256 | be6a0c31d5ae2c61f4978c7814aa6f35214cc8a6c282d27467a2255acac8f886 |
| SHA512 | 8957f93cd79afbcdb1758c8595b5b34ade263524fd860d324f0d60e71d8c2915e4edb3ab810ed4e342fe62ad8a0f0a42f2ef25c68b772e590e729168df4d6d23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d0e9ce831c142b6c3c85ee8cb9fa9ae7 |
| SHA1 | 876ae7d90c2e724399f4054add2f8fde030b7d91 |
| SHA256 | cda1c88a2b3cc070932cbcdaf30ae709a8b1a80a6d88620ca5082e507f5cd27d |
| SHA512 | 71bbbfae88e90228a6cc5863916dfbf6b0511f160b86d067e6f9214df86c241d4ac0730b72b2554af8797b3928fd0705f2ccf721dca56220cc83e12ba5e41702 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 708241c699d7659b31268018c1e0761d |
| SHA1 | 222662eb2d16575496d6e1ba9f0e3735b93b84a1 |
| SHA256 | 69ab080cac0bb7547e244678190243a31d303b0e3fc4c1960ee81a2962f42074 |
| SHA512 | 59fa4c9a73e3fbb85808859127a42272e7cded6016470818f2271b02873bee829f4fa5650452c96d4dc013faa6e61cae745bcc1a7efe88618b65a13e16df63f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3b7d206d566fb062612abef923b0c624 |
| SHA1 | 52599137696c136b1e8319710072d8b56da4fe80 |
| SHA256 | 379243d9605ce8259c458a0ce048fc23cfdb272ef2f2b7d9ff23ceba606eb6a4 |
| SHA512 | 7a46e471525d22c8a71c6d8c29dd6ef5430e1010bc2f85077020c5d07be294290afe9fdc027bed9dce1e6b1e5333acd54b1f43fe87ead7b952b3f62c9ea1f5ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 2ebfdbd309ee762211b4a2ac39708c4d |
| SHA1 | b002922c672dbe1dd4caa02af24d0b1e7da616af |
| SHA256 | 54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797 |
| SHA512 | d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\626ba276-8332-4bed-ba10-135b4c0506e6.tmp
| MD5 | aa256226d9df085972aa797163467e1a |
| SHA1 | 89a673318d30abb47c78ee11b4810a07feaaf00d |
| SHA256 | f19e7d660709c08900413345dac240b6e8d96b03cb3986084d81df5a32365c66 |
| SHA512 | bffa7ffe7a4c5813ef69798cd400d25be8d77c860319b1100e69a9fbb97ef3f71b8f12f4f6770eef6b28bae526ea6d61b97a4bea763716141d4edd3b920da84a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c5ec28d2fe96629bfa6332684fe2bd08 |
| SHA1 | e2b79bc4dd5b8fcfc19e4487da89cdaf8acdac14 |
| SHA256 | b9e2a4ba5c34b9fac56cf45dbca9c28c67982bf85f7280cd71681fc59c418cbc |
| SHA512 | 8e9109297492f6d3c73c03c56fb023f33bc5615fb633fe466e86875fc3ad145d1b9c01e05383e8d291438df3ba6dd5ed7a381369e22927a15d8dd543fc147e48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bcc0e55d740b2fd8ba14cc830ab272d9 |
| SHA1 | 72319b173152ae63a4dd8fa2e79ef1be9c951b31 |
| SHA256 | 6706194909bb50aeb3c48b808af7925a31f4dc3f8c455e10b180b65c4f841138 |
| SHA512 | a07c30e58b41b0ceb617435eb4ec72185a753edd63448776a31342c83a1c3b7827083fce5354dccde6416c3bf6228f15f27f8412126cbacb5d9ac137072bdbbf |