Malware Analysis Report

2025-03-14 21:43

Sample ID 250108-fgxbaavlhx
Target JaffaCakes118_8c42d7dcbf6e4f1ddb55d1a9cbf2355b
SHA256 f5427509d9d57597176e6673df1162a175ef57deccaf840297bccf7ae5a0c110
Tags
google discovery phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f5427509d9d57597176e6673df1162a175ef57deccaf840297bccf7ae5a0c110

Threat Level: Known bad

The file JaffaCakes118_8c42d7dcbf6e4f1ddb55d1a9cbf2355b was found to be: Known bad.

Malicious Activity Summary

google discovery phishing

Detected google phishing page

Legitimate hosting services abused for malware hosting/C2

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-08 04:51

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-08 04:51

Reported

2025-01-08 04:53

Platform

win7-20240903-en

Max time kernel

136s

Max time network

135s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8c42d7dcbf6e4f1ddb55d1a9cbf2355b.html

Signatures

Detected google phishing page

phishing google

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008ccb8a92d681224ea2b85b8965d6251700000000020000000000106600000001000020000000e5ad3a5d16e54d159b12df274971c9dff3ffca23c32a1e25b32cc0a017b60555000000000e8000000002000020000000a2677947f27eb32e73e45ab1deac3f50681f2f7362f22ff79bb1aefa4f5d6811900000005e308608b1898f4d844d03e66005152c1b5706cc8f0aabbb6d94499f604e426db220cf157974de106d5ae7d62af2fde20fbce58ec7c09f990e854a7ea2234fc53e88599950afa0c0729bdb34d83568d0fa0603ec8961f2a8f5212764fa5ff592825829af76315327c9105aef278503cb377d8532a3c4230e8585b48da045e0b2e1b81ffff92509e32322e62e7629bd984000000037fc5789fb7b54f91a341645fb8d3052031a92ed0e25759c22af4a0ea014a029c49cd98d61abb8bf324de8f5738a27feccb55aa1973d8987be2ef649521dd957 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008ccb8a92d681224ea2b85b8965d6251700000000020000000000106600000001000020000000463cb9fd064f3f018c4fe6ad48ef59478851ae0429a70e62921e26d9e4f272c5000000000e80000000020000200000007185cbcd75d27b0095c00fb92a7660bcba6e651b9177817700cb597b0b127e2e20000000f9801f5be0bb59a0c4053b134b2b4e5204761afb7204274acf4ea4ddd93388d7400000009643905f751ad6e01e684765f08c71e7248c596756c24bb1ebadf474c9a60d71cc6487dbb949354a49972ba4b110fdb843d0f0912e15383cd6f1b2b91ed6ee67 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442473741" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2FD03DF1-CD7C-11EF-BA28-E699F793024F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4002be0a8961db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8c42d7dcbf6e4f1ddb55d1a9cbf2355b.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1204 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 js-css-image.googlecode.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 dan14vn.googlecode.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 widget.adnet.vn udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
IE 74.125.193.82:443 dan14vn.googlecode.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 142.250.180.9:443 www.blogger.com tcp
IE 74.125.193.82:443 dan14vn.googlecode.com tcp
GB 142.250.180.9:443 www.blogger.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.180.9:443 www.blogger.com tcp
GB 142.250.200.10:80 ajax.googleapis.com tcp
GB 142.250.200.10:80 ajax.googleapis.com tcp
GB 142.250.180.9:443 www.blogger.com tcp
IE 74.125.193.82:80 dan14vn.googlecode.com tcp
IE 74.125.193.82:80 dan14vn.googlecode.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.14:443 encrypted-tbn1.gstatic.com tcp
GB 142.250.200.14:443 encrypted-tbn1.gstatic.com tcp
GB 216.58.201.110:443 encrypted-tbn3.gstatic.com tcp
GB 216.58.201.110:443 encrypted-tbn3.gstatic.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 s0.adnet.vn udp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 142.250.200.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.146:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d957c2e26b9f550aa081dc98cc3c3def
SHA1 825c0ddb8d57380f82bfcd3b986f32599dbc2eb6
SHA256 f52931edc292aaa84656c8e1eb7407caf4d64cb218c2c5c8fb0e83cbc0cab0d2
SHA512 b546894f635de158f74d26bc6fb7a5b4ac68eb2bee6537186cb47d436a979bfeeac2be3d3eb7aaff2957afe8c64742f8fe9f5d0422756799cbc2936f7d6c6af1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 ba0b1a00e1dc69bb6ee9d9a541c428c9
SHA1 95f6aae63d3dd44b16473ba22457c4e285b1aefc
SHA256 52630f94e63a66c6b60beca4570739a877bb1166e1670b2a7a7ef8f0c97a817e
SHA512 5a8257dc27e62248b9b4d7768322d937bf44d7f352fec1e7939d09623f164cce5f2f0f3d74df23588e91c910306a4ffb869b5b198cdfd33386ca242a289716b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 3c00c865909bb2e764808296eaade4e9
SHA1 b5632e591e0625d1f93c03b631b67ce924096777
SHA256 305160abd2b0530428caaf3088b650dcf6d7ad98b832ae2b5212959d3b4062c1
SHA512 c110a3ace3b05650141c25677f4fe7078543cd2697725fb34df8cda70516b56747ec235a78fe218d879af0ae5499b7a2cec864e5b19a76f531557404b5c9464a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a938df68be87ba84be60dba62ab31eb2
SHA1 cd5ff4c798564e91cb0b19f5161d64ff676f8b33
SHA256 a0cb5a86f651eddfb23379f69f1edeb9d550d587fc81e7615361b30d3fbf5dc7
SHA512 849b49a34279acf183cd3b1ddcb74ae1d3809d5ae173a07db281aa97ded46ca1c97dece153f49cd0e95d02632b66882ade6c2cff6073bb1f8e06af023e35fc9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 1afc7adff5f3db185ad4ddb2f4f3f602
SHA1 bc070d6a0bd4bd1cced06e43a08ac614faa15435
SHA256 cf8891b07b287e22a126109241a4ea6487db8dc50e1e95bfdc579bcde74830da
SHA512 3a7078a1244c0b2830cabab6936653171ea234efc6fcb1183827704608015fca744003c4123dc2749ef1982f7bebee68866389fed99be0f55117f112395bba41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f2ba532306b88505fe4bfb37ca97ce27
SHA1 fdb6e15ce0f5f494a2529dab30c88b286a32348c
SHA256 9e11da332c5fc3be1918936aa1e0023cdfb2e729723ce51047f4b29351e42420
SHA512 15ea4e901464dc147024809b92c404741a91605b5e043982ab87226e102e75b4fbbe17928f563592ecbb4503541e2d15ddecc46981daaf8e5ec57f2ca5a6d13c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 617477aacffe5a36933c117b6d2eb14e
SHA1 c5bb7a7aedd52adc9114fe66ea47571999564e38
SHA256 3672072e0502c58e7ccb3da9010c1b72411ab5592658a6074492936a930de8a2
SHA512 30d6742b892be98659f8aef28c4c39b5e775c7a9ebe50690ad945403cc2bf7ca69fc0781ad247a9b2f2f842a841de9f79e868a4f64d53adf40f3b5e840dcaa1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 a69585c2d03390d5d2a86315c0ea0ed3
SHA1 70d1f3f4d06223a0280b2005613f32d02c68bca2
SHA256 f0aa8d78ad5a1deff94d794761ec69aa5c4bb7c45976933b439816fc2750db3d
SHA512 6277fd20c09ce11bec3160501b33dd958d61c26016f0502f5bc08074ca54f91dba7e53fe811670e496c069153fa328ee5fbd17eaccef8adf64fe67e8a5b1d439

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_CB0386D01AD4CDBD503575C3CD1660FA

MD5 a5922e9da9d2060afa8b7bf0d46a128a
SHA1 574569dffe3cb0f530cf8a8faf58ce9517b5667e
SHA256 2731b9dc400304b2c3ed20cd96426fd4f29e09fda27be719bf3d2c245ed510a1
SHA512 2c5081da02d815bdf37b0effd75e40168865e2248ddca38fa30fcdfb5006adbd98f0ee9f50d8dbff644d2924d7cb14ff0b6b23b0d090f506ff8bced93bee4b05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_449C1568AC7FF091AC6332B7D71A1467

MD5 59d9a21abf020a52a47440a4549b1ddb
SHA1 2278f6fca77f757d9f1bff60d4e26d17b5c334a0
SHA256 98a4170b9c0f81f0aac998ec2715b78a7aa23d671be198e1c6ffc4923e6d7439
SHA512 2e7a98b299a5d882fc48c57b08c506fe2fb36b4eec05d590af2f38ca77ac9f09f8a2b2dbc730e0f42eac0a6f38edddc958b86ed023c30da34100557f584f4121

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQQODH7V\plusone[1].js

MD5 3c91ec4a05ec32f698b60dc011298dd8
SHA1 f10f0516a67aaf4590d49159cf9d36312653a55e
SHA256 96b335b41362fd966c7e5e547db375ef0be7dcb2aec66bf3646782eeaed4b2cf
SHA512 05345e754b39e9f83514bc3e14b52f3cbf321738fd7d973da55db99035b11b4152fedce2c203eb34376cc9e18571db514ff9fbcb4174a2dd7cca7e439cd25944

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\recaptcha__en[1].js

MD5 19ddac3be88eda2c8263c5d52fa7f6bd
SHA1 c81720778f57c56244c72ce6ef402bb4de5f9619
SHA256 b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6
SHA512 393015b8c7f14d5d4bdb9cceed7cd1477a7db07bc7c40bae7d0a48a2adfa7d56f9d1c3e4ec05c92fde152e72ffa6b75d8bf724e1f63f9bc21421125667afb05c

C:\Users\Admin\AppData\Local\Temp\CabC4C7.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarC4DA.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e50c134f4f394a63870b54fd171f336
SHA1 31925e4880924d31e74620d317cae0eb92445cd4
SHA256 9eb3d3ac0a6c38526e23acf08e0cd0244478940ed0d53ccbe93bad05c5bf6fa6
SHA512 fc45850ea9d26357ca0575960a46a9be2a4dd75187bbed3935ff57fc522846a4fcee4b49a8029849a26b4bdf18ae07dd705d6226129ee014b1bd1e35bd7b05ad

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\cb=gapi[1].js

MD5 b103bb58d9e7cecaa60bdf377d328918
SHA1 0f094c307bceef833a64f408d2f749a10f79de44
SHA256 81dcd274347bd909cf132d3c8bcc9924e41921c33eca07fd6fe5e2a59ca4f5b7
SHA512 b1a4fa329b76df7c861771e1dc36749155895dff623cd916811f2af8c95f3bcf9fe75a3b9a56833f066a227444982ff4883459e24f7eead79b521c2ffdcaa844

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58900bd13513963affc64e4db1631ac8
SHA1 1bc590ef79545b4c2a83870b03972316c3dd2980
SHA256 04ae8dba9e3607b73973d69a909e2269cac1f16aca92021a261f38913d34c7d1
SHA512 23761dbc531e9763c27fcaed69793f6a211695dbc0a8f350f92292823fea4060375c642af3fd059de0850c7086cebc5863679142ae194cc056ad3308ce949ff1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39bdd32855e717103f41b70f1f624bd9
SHA1 4ddc49391c846a9ea6804ac013f0a3037eea6cd2
SHA256 c4bef9f33b4a62ee8796cdeaa55cdf10dea27fc07e2cc4f50ad4ab916868e91d
SHA512 f12594b503f3c13f2d79acd53bf1194bf09fa39434398bb130d55b24696a3e1cbfa5ca7847608224e7f98dd4b143d9b2c6fe5804c754ad8b3a4fbc200fd3f793

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd7b59173739b1959e6054d4536c014e
SHA1 148dfab9e027c5ac205077bb84ef4c63c7705b6c
SHA256 d4768a867f55160c2069e1dabaf113a080e679f3e2179289959e6991f219ff09
SHA512 e5e084eaa8ea6da4ae01f9eb83239a0a652338c24efda705bab7bee7982a76bb7a786679de03c959ab840520d53f430812acd100948c4457ae3ffb5ff9a1d8df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5391c6643ad938f2cf03ac2ff85ac2c6
SHA1 e303c31356f062cfb6d24e7b7043e8954ede61c6
SHA256 5454bf70a84fb7a5cb2000c01ca6fd639045518e473763e40c3caffab019895d
SHA512 305b71980bcbf2c3ff7508ad3a466dad292f29e0c4b62d3cce61ce93c7baf66c3cac311cd07e97005ec12abffe9b61733cf0f51cb109238dde7dfae67f74b840

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3893f894f1a1980f5153f8f079c836e8
SHA1 5731e869933789f402230803cd9e0d89593eaf0f
SHA256 5188e4f97291107bcbe51b987295e6cf44569a5fb7db3a4443417ab815d67687
SHA512 d6b8c4f5ae93ca1b818866dc733fda47f8ba933621051deb324f5e78418fe6e695a189451f2c3aec59152214c5be841cdb3a443d0dc1735f8f24671c34e14c00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76459d58ac4c170c793dbbd0a356140c
SHA1 54f5582b629f5fd5777481307c67f152c04a7cb9
SHA256 a37a2000258a9474f6f393d169ccd35e8acd44f3d9f8c79e6ddd52f8dce6d0a9
SHA512 b977dff4ded8ded4d2524a375ee8a7498ed96ca25f9cb99408aa2116a85e6e0da3cdb71d6a5333f67d4a4788949e5c012759ef9ae4e8ff1086db9d0f830d03fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07ced95c2eb1a54752e1693ebd4a2dea
SHA1 70aca9e81639d2430ec41d89ee3a8e48fdc38e56
SHA256 f638c01b44ed1f0095a99d2f63742aa5271132c400ecc81ef44eb5a2864a8951
SHA512 957b2d6f08b94c33baff9f11896a7ab5e72c17da402280294d5ef1fdd4a114eb0a65e4f7817ebc25a4c5cc882b81cd4e43619680ad9e868ceed3f4db6a10d9f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6e90f489b38ea00e5d918fdbc129a81
SHA1 fc6d737d3ad7fe7fb26f74ab8cc3a32c5d186a7b
SHA256 7a139785b97f04f226ca157352d0225e904717bf0d06d9c06081537bbeeeb768
SHA512 5d0fd24b5b202de30573256dcb399caa901f2a8ef997753ece052a440e64d1a88be22bfc306a44990cf20d33a68826e0e69c0507ee59c88776833d7794dc0de5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c2e93cf913f8021d04cdbd5a37177e9
SHA1 8bec22dfa702e9dc582c1960104dbcf555c468bb
SHA256 3d08f80ceed1c6db3fbe7ce1ec211afff3b863551c8442f9bca46267b6dc6fe2
SHA512 327dd446094f0cd5908321f344d3ce5e866795f6e69384c46507c2f30e10fbdcc79e61a9e12312945d3ae7f5694e9b9514fa7363ead69abd5e285d88452d9b97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f562ee9bfa89a27dc708fb3ae630256
SHA1 23924aa3fcf18315e0f0f9ea20c523543d227587
SHA256 699041d27387adf239fe1ea15b75fc86b06f00d9aa9129fd568f1def4884bdef
SHA512 89922c875c20fe16771aa4764b4b81ec8d4426b5b2b2ebe1c2154a085359548afe879277b6347796d7be299f8122ade0faf5a554926eaf599c16c1371732a62a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8717e6efe9ab567884d5503cf04e9875
SHA1 32405c0bd533f903a8eba3514fa7609fd05b7152
SHA256 5c3638c93d9adb3fca057f13c2c10f611eec1b519b61234d99401a8e7bc0477e
SHA512 6458a5e21a1fbf31cea424515a322712a7e86af0e7d9b36deceb71f423a92373f96ee557b427a9ad8a146e44103ca1a948caf7d612679b95a22b9786d1008c6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 61a6cc0b932f36038bbc58e53045ad55
SHA1 03601c57676397835e6b3815d6771f763d165f36
SHA256 5da36f0439f102dfc02259e39e6845b357ac1facaffafae3e25438a2e3dbb394
SHA512 3f5aa2fd808947261dc07e6221930347b92f7eb6ceae115a35c9534d35349b3b6b321d1beee35735b53d350bceaf7d567d2763d759401c300139667d1411fda6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37e7fa9d00b97a19497e9d728e699f3f
SHA1 8bf46477fe69900e778d7b1d51bd3b2653f8ecc1
SHA256 dbf780c5b53f031cc90a9031edaaf38a88f78bfccb066aabc7476c9185303d02
SHA512 b6ef490db06ffe6db19d9028f05be7881b11ca0f680197bd0bd118401782b20658dc234e29d31a9bf6818966ad5ced7ac2dcee581c0480e929d2b28f5a2b8de5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3afabb136783ef3a6a7c65c7c778325d
SHA1 5a95b299ae40049666cc8d8642e96e5b0c854317
SHA256 fe99a37823255e395f4fe2530d70ae1fd6c603e265e5ef466975e3fb1592bca6
SHA512 5488589a300dffb81066e2e19637cc23d862d09ad544e1ff9b11c2fd1db516b5ce54129f89dba05948cc23be21424384d5ee27274c41d7b95942c45cac3ed07a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b358389725bb003d7dee4f03a49303e
SHA1 657ad6381723951bb8700784dbf8f0ec376c0214
SHA256 8f814e9a7342b88439c7c8e557ef197e757660660555e8b70934f449763b2a8d
SHA512 e63b27bd72d0ac8924bd33805fdcaace1db8fcc06c497d9fdfe3a721a8b088d84eb56ba087b17c419dc17483bdcec7dabd71d22f6ba6d80a21ab7633d0cefdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c712140db43749805dadd4ce33f8af9
SHA1 21730f0692dc46b6ff28b3561e60e1163226f94a
SHA256 249525378b43ce94910651dca71a3606e7401c99f5f8184153cec4bb59cd3f28
SHA512 22583c8565ad51775236464b05d5df19e95854595e8555c4e2ab5f1c662c1a684196fcc11f247570ad91705368df5656754527e34494a3b3286a70ee02a96541

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ebb2ec805c94552282ce9fa12b45364
SHA1 125fdb29a73a4c7323a394dd533b9ba37551ab7f
SHA256 1807b4ee5cbc81aeb22c29c479570ae57b2534a3829ef055a09244e916fb5e01
SHA512 484aa4f05aa59129f8f67dd6f48b1b5717ea696a6a87849e90b8dcec951a35b1e1e6b35b29e1b20f52fe859422cd53f21d8cb15d54bfddb322b72a3f6f5a8ce3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63d926ea933ac26bac2f18ca6e11466d
SHA1 80596c078694f4feb3cac0b3292c8a57b98f00fb
SHA256 8abf6b4e3288bbe62f5487ace024444cc31f9ec033b70a45626b9d13f172f638
SHA512 a6adfaa445a3f6f271644da4ba190577272535893c0a284a6e5239b7dd7d877e4c20f07de8a1cd82310989018fb19ccc2e0cb86b6a2358023418a473eb2736d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 47d31ff5883dbc40235071aba216b2f7
SHA1 fe1e885285d551bd50e2647c69a0640a3ed79e2e
SHA256 d973c82558b41a787b91ab7c3ed87314af73ab75f6b7bbb9760db20d0f0f1079
SHA512 24345fca31d3c4e9741541ee4615b1e9526cf7da981e7248cbd155bbcc6ea9066095f60fe946dab744761236c73d732b24763f35509c978d96c95fa55b51cc11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f90ff56ce0885ec1ae12a998676ba1dd
SHA1 4562549b8d9df5361e3bcb640cde1e62ae49b1a3
SHA256 048fbe682d4fb9e3c33aa24e10e1cbed8e0a4398e1e05af7ae2c0a40354840da
SHA512 109e63832dd75902f1353d3dbd84dfd422f42f1e45881e59e5fb8aa6efa15f23ef136aa250f08928e823f6dc649a950fb683d82894bdaf8ba10d765077dfb851

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48d69b55682094b200e5304e04c430ed
SHA1 b30a3e878a20f10a2fa6e84cdcc522613fcaad00
SHA256 2045d3b99484fe9f4dc570d91c839ed41c6f9b796961bf5f77769305de1e5525
SHA512 b3870515d0d96c045de46b18727ce660061dc0987036e811e5afe1ecb1516ac836f872e5126d91451a686cd1b0aaab6203e2a618e3d0d8d54acae2ad017cd4d7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROLMKJ86\2254111616-postmessagerelay[1].js

MD5 c264799bac4a96a4cd63eb09f0476a74
SHA1 d8a1077bf625dac9611a37bfb4e6c0cd07978f4c
SHA256 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d
SHA512 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\rpc_shindig_random[1].js

MD5 25879c1792060210aabb2cc664498542
SHA1 349848a5e88088b22fb4762ca2a619d1a7f40d97
SHA256 1c0dff80b0111b04f387f0c39fe8d199e909c285f5471da80d6da78c79f9fc79
SHA512 845cb435d102d39b001e7f00d7528dbc3f8505809f5fbca039587ed82d9790b16c9179de8877fd48f2fdab11e7308ad003303821217213a2b99e60d9915a9c88

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-08 04:51

Reported

2025-01-08 04:53

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8c42d7dcbf6e4f1ddb55d1a9cbf2355b.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4700 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 2672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4700 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8c42d7dcbf6e4f1ddb55d1a9cbf2355b.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce47c46f8,0x7ffce47c4708,0x7ffce47c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,16329846073575001778,15414165434181796083,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3020 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.180.9:443 www.blogger.com tcp
GB 142.250.200.42:80 ajax.googleapis.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.200.14:445 www.google-analytics.com tcp
GB 172.217.169.14:443 sites.google.com udp
US 8.8.8.8:53 js-css-image.googlecode.com udp
IE 74.125.193.82:80 js-css-image.googlecode.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 dan14vn.googlecode.com udp
IE 74.125.193.82:443 dan14vn.googlecode.com tcp
GB 142.250.200.14:139 www.google-analytics.com tcp
GB 142.250.180.9:443 www.blogger.com udp
US 8.8.8.8:53 82.193.125.74.in-addr.arpa udp
GB 142.250.178.14:443 apis.google.com udp
US 8.8.8.8:53 widget.adnet.vn udp
IE 74.125.193.82:80 dan14vn.googlecode.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 216.58.201.110:443 encrypted-tbn3.gstatic.com tcp
GB 216.58.201.110:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 142.250.200.14:443 developers.google.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.14:80 developers.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
GB 142.250.200.14:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
IE 74.125.193.82:443 dan14vn.googlecode.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 s0.adnet.vn udp
IE 209.85.203.84:443 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
DE 157.240.27.35:80 www.facebook.com tcp
GB 142.250.200.14:443 developers.google.com udp
DE 157.240.27.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.27.240.157.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.27.27:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.27.27:139 connect.facebook.net tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
GB 142.250.187.226:445 pagead2.googlesyndication.com tcp
GB 216.58.204.66:139 pagead2.googlesyndication.com tcp
IE 209.85.203.84:443 accounts.google.com udp
GB 142.250.180.9:443 www.blogger.com udp
US 8.8.8.8:53 phimhaynhatvietnam.blogspot.com udp
GB 172.217.16.225:80 phimhaynhatvietnam.blogspot.com tcp
IE 209.85.203.84:443 accounts.google.com udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d22073dea53e79d9b824f27ac5e9813e
SHA1 6d8a7281241248431a1571e6ddc55798b01fa961
SHA256 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA512 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

\??\pipe\LOCAL\crashpad_4700_GNHMODPFERDVJGBY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bffcefacce25cd03f3d5c9446ddb903d
SHA1 8923f84aa86db316d2f5c122fe3874bbe26f3bab
SHA256 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405
SHA512 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3eb80dfd7aeac6b2695c3373a77c8486
SHA1 ad88898d935e57424933bfca2fde8af5db9b3487
SHA256 3a742fed1e1be6b705b4bd0f176b39e54faf8cb97513561eb264a8e86b08d0d3
SHA512 9d8fe591de76f443a0b913ec86479fc5fd7b233da8c74595d78da5465a89e17e6eaf48272139d82e14c779aec787ff620b1f189c538ba0dd9f6d4bcb678af912

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 2ebfdbd309ee762211b4a2ac39708c4d
SHA1 b002922c672dbe1dd4caa02af24d0b1e7da616af
SHA256 54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797
SHA512 d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 d79b35ccf8e6af6714eb612714349097
SHA1 eb3ccc9ed29830df42f3fd129951cb8b791aaf98
SHA256 c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365
SHA512 f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 680398ad5ea85e7f4f2e11c471664fbf
SHA1 89c6896a29286d5651b59d4cae716cf3bc3b1fc3
SHA256 2cff296c46e92a5c88a7830c8b8fedca856c561e9d4e487f0575a422243f4fc7
SHA512 ae6138b8d351bab5920a6547b2dfea3b5b5e21c3af50e16aae68f4a1dee05a8dce23bdc13129991757176f2451543c3e0ebc9d77e7895dd16ece389d9ce66b46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c8dd77e1eb2e4252c239ba7df0dcae19
SHA1 e024a8a4491df21ae3ab0e6962f620e76f95967f
SHA256 9e965a280fb271583ceeccb407c40a5070d6a4f530ff7a3a5f1db718d5918719
SHA512 05e9546c8c699effc5331b3b1bf03a830edc196262cd0d29c225629461203eba1b805ee41a77e310b80752362174d99ce3ac95025b0415e2e5c3f207cfc45d6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 97b7e52915ba51a70ccca751a8570fcc
SHA1 e1a797b398a0e48e1c7a8d84d60401d9a8a74aba
SHA256 3f86dab6b95bce29a969f3e804657b614103ec045b6b347f913fcfda91e29fdc
SHA512 973d32a23641a497c81699862df7dfed43486e0ac1c8edbcdc4cda61ac2f55f64b4b519cdd359345efa5a37571bb6de8d461e09a25e81ec1be0d61c7bd0cc8a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 108bae0889eddf7b5087e5b3adf11b1c
SHA1 d73e25e3f1c38ec1af66e212e7a9188a9eecdd52
SHA256 7c6c5d31d5618a2f596a5f72982eb2c2e65326b4c5e214aa9a64a1ff30f06739
SHA512 127e1c214cba1698273149a98386b34c9c35673eef9df1f19ee82567b501e537d2e339c53f0af155bebf65262ab083bce8793575bf23f9335efd3f8ede5cdadc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bf60bb4b497da34ad60bbe4e798806f1
SHA1 42df39a5c153220ae076325b89971b3d11fa44dd
SHA256 9d26a1aeb9e53b15654f0cd0100809c5abe203af2785a6c113677e488064de03
SHA512 0fc51166f629a20b69ca035f0902f7fc713f8dc4ad0009f3ee7906ad42893215664f16e0fea9edce1c056bb508bcd41d9c3f1ee124e3b8e2052bdaa4fca7bf36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 012333089169addb8bf5c470b3461dfd
SHA1 b9c33fec3f2ca6ffcdfb8b8b72242aa925d9d6a8
SHA256 71009f4a559672eefb9d69b8ded8e61862ffd98688802fcd23bda800406fa886
SHA512 e234608001ce75ebe4b4e24181a4b92509fb52848fb8d13cf7a80c5580aed76908c7794cf50881e3084787eba2416891e59030fe70815bc2d13d57e3a23812b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fb72d9e7a292b9e3d7d65bc6a343cf94
SHA1 9f117ad71aa13feb04184fb0d1a147e84390e645
SHA256 1aa7f883a87bfccdba981aaf73dce68e2954ee5b9da5695ae71ad1df165d5f22
SHA512 4d2e46a5503f2f57cc8f4cd66a3b538a45eec91c0be2ec4f00541e19fe46ce275e05a3f4d56b5078b4da07fcab5a74573a1f9a79affbb847b1328c0dd2bab578