Analysis Overview
SHA256
8bc2b313d0bc9073be7690aaae6f506d66947980d4c80836cf6b5bd02c8be5e8
Threat Level: Known bad
The file c6dbb2d23ad8026cedeeaece3b1f8770_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Legitimate hosting services abused for malware hosting/C2
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-28 12:33
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-28 12:33
Reported
2024-08-28 12:36
Platform
win7-20240708-en
Max time kernel
134s
Max time network
135s
Command Line
Signatures
SocGholish
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431010296" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C6171F01-6539-11EF-A839-E6BAD4272658} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3060 wrote to memory of 2440 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3060 wrote to memory of 2440 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3060 wrote to memory of 2440 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3060 wrote to memory of 2440 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c6dbb2d23ad8026cedeeaece3b1f8770_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3060 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tahasafeer.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh3.ggpht.com | udp |
| US | 8.8.8.8:53 | lh6.ggpht.com | udp |
| US | 8.8.8.8:53 | lh4.ggpht.com | udp |
| US | 8.8.8.8:53 | lh5.ggpht.com | udp |
| US | 8.8.8.8:53 | geoloc3.geovisite.com | udp |
| US | 8.8.8.8:53 | blogergadgets.googlecode.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | www.tvquran.com | udp |
| GB | 142.250.200.33:80 | tahasafeer.blogspot.com | tcp |
| GB | 142.250.187.206:443 | apis.google.com | tcp |
| GB | 172.217.169.78:80 | sites.google.com | tcp |
| GB | 172.217.169.78:80 | sites.google.com | tcp |
| GB | 142.250.180.9:443 | img2.blogblog.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.180.9:443 | img2.blogblog.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.187.206:443 | apis.google.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.9:443 | img2.blogblog.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.9:443 | img2.blogblog.com | tcp |
| GB | 142.250.180.9:443 | img2.blogblog.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.200.33:80 | tahasafeer.blogspot.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.9:80 | img2.blogblog.com | tcp |
| GB | 142.250.180.9:80 | img2.blogblog.com | tcp |
| GB | 142.250.180.9:443 | img2.blogblog.com | tcp |
| GB | 142.250.180.9:443 | img2.blogblog.com | tcp |
| GB | 142.250.180.9:443 | img2.blogblog.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| FR | 54.36.176.112:80 | geoloc3.geovisite.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| FR | 54.36.176.112:80 | geoloc3.geovisite.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| IE | 172.253.116.82:80 | blogergadgets.googlecode.com | tcp |
| IE | 172.253.116.82:80 | blogergadgets.googlecode.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.9:443 | img2.blogblog.com | tcp |
| GB | 142.250.187.193:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.180.9:443 | img2.blogblog.com | tcp |
| GB | 142.250.187.193:443 | lh4.googleusercontent.com | tcp |
| DE | 51.89.7.154:80 | www.tvquran.com | tcp |
| DE | 51.89.7.154:80 | www.tvquran.com | tcp |
| GB | 142.250.187.193:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.187.193:443 | lh4.googleusercontent.com | tcp |
| DE | 51.89.7.154:443 | www.tvquran.com | tcp |
| GB | 172.217.169.78:443 | sites.google.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 92.123.143.168:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 543a35893a20bca3ab859e6019359079 |
| SHA1 | 93786d950d053189a8ca5520f3f09ed7627c1b96 |
| SHA256 | fd0327d7a6a516e83ff00de678ccadd7dccee28dcac9e2b044b19692aa7470f4 |
| SHA512 | 942ecb3eace9ad6ae8d94dedc2cb8fab2db61bdb0c3ba482df1613b2ffb4e50f3b7bb272be23113adc8a928d911c63d2d54cbcdb4b110e295ba0764051fd3553 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 663ee07c8807871ba2db8d0d18d624e2 |
| SHA1 | 1a80120a888b4d4e2a9ff793345e568dad0ccb17 |
| SHA256 | a02f82e2b2020c8b7e114d4e36c73dd5257a6e087d7ab0d982aa82ad14f0fe1a |
| SHA512 | 03aaedffebebdba19a50115dbc63ee775593b4d4e05b6ed5cb403bf3efdd791f3e781a8d881da8de003801159c9ed9d0dc5c36589d03dde17f9c9ce37f2e10a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 19505bb31c79cc1a7db2996333def5bd |
| SHA1 | 60430231312b7beb8dba1f58370a7af8d559fcfb |
| SHA256 | 583a644129508f37946dc725c9d5c11756b1b34787987bd3746477a0b5bcf4c2 |
| SHA512 | f7e2659a83eee5d4d4e843d83b86afd9f0d96c1e75f8014c129fc80d8459f5f19793e0029ff0fa86fb41fee090c522243c9639b2a8548331cfcd5c9c49bac5be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 519b04a93360ed8627ca39533aa14004 |
| SHA1 | 18f0c5b08502979bb03fadb480ec5a7e16259866 |
| SHA256 | 3cb07a3b9bc18c704b88a8caa11149670739db71adf64b839c85fa6d84176bd6 |
| SHA512 | aabc4bfce8b856e96741cf024751b2e514c1de43202f9394ecdd0a2a853d2bd4e49f4ce903ebb40c61069f5f829b50eb1c123b759ebf232d5a33add56f81c770 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 678ee727c9c7e3cbf82991bb0dc242f2 |
| SHA1 | 1b49b33697b6c7795288bf86f2be0253a300ceff |
| SHA256 | 09e2cafde89d24057fe2297ba019f4c68acb1beab55b6c3c9da897f8f77ad51f |
| SHA512 | f04c90b2a70a4d208bc5a59fc86c853b59e9ccc95b27ff0b321ffb896b455ba17c8189a4605a7040716f4eb5518e80120929dacc6f702d636c371a27439ea127 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | bf5e0a4dc4cebb2b65be1c53bc6384d1 |
| SHA1 | a09e3c97f9e7b76a912b1b837ac04ca8e9b047f3 |
| SHA256 | a0705e3a314a1878e987a8e1f9d35837577671b2e6967fca9fa82f865325b955 |
| SHA512 | 6eb6627d2406b0e03f74cf56fb0aefcc826b915c2ddc67de5620eadfe7d5c3a90ad7fa71c2947c97fb46e4c52b9a0d0d35e5b316acbb4f702fcf1d02cc9bc0c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22
| MD5 | a7ecbc2350f865ba628321fe4db99afa |
| SHA1 | 8ecc3390d51a29965bc8c0aec9e72cea5d56a09e |
| SHA256 | 1b7329926351cc80b79ce93d7c97015dc69a434a8cebcf47b83fcebaff83895f |
| SHA512 | 7dd3969a18063d0cbed330ca1fa28277d6ed639964cb4b50f755f5c7cad87ffbc204d948b9ff629ad420ef995c5ac850742db1804eb16a910fafc218c483870f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22
| MD5 | 9f265e06a118520f1445b1f3c87c2283 |
| SHA1 | b20f16c38bdf90f23e46b7f4a5c942fe48133e6c |
| SHA256 | b2114c1ed72f0e2c406fd28dcb88ea23e13f37adcf58c5e550486b26bcdf494f |
| SHA512 | 322a5f5e6c46b362b7bb378b0be13e410c8dcad6f5c9179431e0bb014149567d10799adb569813bf9cc9cbc92ca66eefad6ba5221c1811c4dcd75da6a597e601 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_9CE832D646FBAFC5C4ACFC523FDD84AD
| MD5 | a2a476fd95372aa08ad3bca5364999a8 |
| SHA1 | 5b58e3d84cd3cc6012101fedf1b6fb374a38d93e |
| SHA256 | b63440231c1586de8e869c43019ca20fa304674345829f265f684dd2d926b536 |
| SHA512 | 7f35abab4365aeb633c71a51c3e9a7eeb12a4c76b11944023dfde2231e5f5e5f452c7a4232e5936749b73ee2e3e3e613e8a99ccf440aec038104c734d3acbad6 |
C:\Users\Admin\AppData\Local\Temp\CabA785.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae11a0969e29b5bab919a67845bd6090 |
| SHA1 | e76efb94a02933d9d62422eee55a865efca14a37 |
| SHA256 | b37dfb6a5872442e6b7cfe965a1df666dbb3d2b88525b443d3afc02fd2466676 |
| SHA512 | 5da97cb531448f0ac9ef723eab6c2d878064de96866c4f01ed2a3659ab77e837a4262fffdf8f275494461c2a188aa47ec789f49b3da9c124aefe00ed8031ca08 |
C:\Users\Admin\AppData\Local\Temp\TarA798.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | d45ba69d19c91016f16a5aa08f82840e |
| SHA1 | 147c13845aec941c8c121f8956ebfe7a5b20342a |
| SHA256 | d4b43b916c29376f2e8a479667347980ae1ccdf85dafb88404718df12c293ad8 |
| SHA512 | 0d9a9ca6a63af6c90d2bd90a4ffa49f187a434d61e701827e9f7798bb29f51483447975410e55808bbb0f63a94a5931ad72c989a143b1013502f9945bcfc0246 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6885d5135b273a9da24d2c52661b29d |
| SHA1 | 2f5244f964ccfa34cd4c8c7268eff8bd5fe38939 |
| SHA256 | 6afd50670e6e213130ec75821f7672f5ec4af372eaf06ffd2647611692b6caa0 |
| SHA512 | 8c6ca4b12e04c4d96b0a6ca691db4231dac856bb476a1e2d5986a650fdd4a8f2f045ccc4fc158706869e1c70d846e8266c85e7c539248b3b378f3c8e4429d0c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bce157109433e40dd9598550f4561f8a |
| SHA1 | e832201c54ab664c5d666e5443ddb513addcf7dd |
| SHA256 | 3944ba857532fc298d9a8db04940278630f64e0da9791307c5f63104c29d49a1 |
| SHA512 | 97fab6b57fa72fbd57ed60efc6922515c9401874704facdf7834067ecb6385a667b9dacb142721b462b465a5ae85df5ad08d50412bd54a531fabc005669f78cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b70d350a847df2aa4f72893da7c189c7 |
| SHA1 | 9f98f0041199abe6b5c8348800c63e1a8d4b3b6c |
| SHA256 | 8d8360fa353ac0033c8da7dd1c180b578a6c92c8bef558e34fc36274a40100ed |
| SHA512 | 99ec68e45c15ef357c2a99911c2800b51d3bf99ba174836cf754d36ff5a0b58d5516ad604648a10a47a6d9b56120502b60b3d2a95e69aa5fadf0d8bf946d0eb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b1e252f4477833ad99bcff28d59dcfe |
| SHA1 | 06090c7b8452be389e85d7492dbe9485b051bbda |
| SHA256 | 1dfb1b9894c7bf1aa35ef0c8abb72b517a14ceec93ccae9c6fcb667de5318520 |
| SHA512 | f32877fce2aa9ccd6d3afe36b20c499d65878490b75941eeeb18fbfe0d76aa697a531851929bb553a8a74cff78c6fe6f0e1ac1b2ed6b22e356c32e2017efde10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a19eb1580e79d0d671ec398ba5221a36 |
| SHA1 | e8943222bdb323fdf6ca38ab4a99b967e2c4597c |
| SHA256 | 377769e22cfa70c159766c20c703efaad83f0b32b615f98c8f03ccdfeda98430 |
| SHA512 | 39b20e4372a3b56e641079c639031a4587a29cd736f283db4aaf1646160ff8edad11c65de05457403807e9aa8e9e0461fdf36b8153cf80d214c13ed9c327563a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c482fa378d48a62788459c1c12743b2 |
| SHA1 | aeb12eb66e2322c81fe6f24206582b3768cf8edd |
| SHA256 | ffb4d49cc6e579e80289258569e65683465362db95d5cf08b3ed3b9942219a2f |
| SHA512 | 41dd5215e0e2ea1f1f87e6d2196707375ab2e79fa4ca240445cbd2d0aa16eac0088f40a724b636bd9d8a7676a4102b57ed079cfc2af8abcf579cd824f70ddb7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 24f5719180e3760486e29192c342dadc |
| SHA1 | 40fcb1fe49182584d15a94e8489367563b22a35d |
| SHA256 | 8c1f66cb6f3c7e13480258746086e24178faa9ae242465a0f061b7816df1223a |
| SHA512 | 9818aaf00d720476e32de98f45d3432a7c1e5456240edc3b94b1ae913ff9b11c1c35c5f5671364041dd1ddc727de60404f3b0f9f00dd3f9da5c76c3b5a0f9eca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8322edbdbde20df87f5567f7cdb8c7d |
| SHA1 | fe12ecba445abc252876e699f1432cf7d6c0d8aa |
| SHA256 | 6e8f6cf270eb28462e042ad9618f32a54fcfe3a46c7a9ff09ed9f2a249e82296 |
| SHA512 | 95d0db5849d93294fa805ad0b34e40fa0ca873bc38769ccac873000259309424a7d0d10cd3e85b4d765c5cb454cb9a2021b108b78fdd9b7a9d2558a35910b6ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a8b21e75a416a894a682be697395251 |
| SHA1 | 497bc76d42d7c1c881a54a8002cf353d31ffd04a |
| SHA256 | d15f47013e3cb7fed2d11b62ed06c5f78b3f3c89a00c9714ec839364381f283a |
| SHA512 | 05f73861fea3565559a983f01da5e079dea1675a8b30b9f56b854f7049eeb9f4f37364badd569acd7ba32d0564a456f66cf9257a4daacd8b1ddf91ff200facf0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54f498a5631ddebebc9a47bf06482fc8 |
| SHA1 | e06849f5f4189fe10b4df305b58e9953b4cddb76 |
| SHA256 | 15f22fe37cb241de004bf7a4fbd0c4f62f04c23e4fdc2b0d2cae38b41cc1fd57 |
| SHA512 | b258a529aeb2a7cbce0286816380f45c1a74f208c5bf132907b1744ecf7042540ec6222a7fbc640bed37fcecbc17f53555ae6f929a7840164240415910cb429b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-28 12:33
Reported
2024-08-28 12:36
Platform
win10v2004-20240802-en
Max time kernel
140s
Max time network
144s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c6dbb2d23ad8026cedeeaece3b1f8770_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9feca46f8,0x7ff9feca4708,0x7ff9feca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6680 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tahasafeer.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.187.206:443 | apis.google.com | tcp |
| GB | 142.250.200.33:80 | tahasafeer.blogspot.com | tcp |
| GB | 142.250.180.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| GB | 142.250.200.33:80 | tahasafeer.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 172.217.169.78:80 | sites.google.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.180.250.142.in-addr.arpa | udp |
| GB | 142.250.200.33:80 | tahasafeer.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.180.9:443 | www.blogger.com | udp |
| GB | 142.250.187.206:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 172.217.169.78:443 | sites.google.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 216.58.204.66:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.9:80 | img1.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.180.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.169.78:443 | sites.google.com | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| GB | 216.58.201.98:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 84.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | lh6.ggpht.com | udp |
| US | 8.8.8.8:53 | lh3.ggpht.com | udp |
| US | 8.8.8.8:53 | geoloc3.geovisite.com | udp |
| US | 8.8.8.8:53 | blogergadgets.googlecode.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | lh5.ggpht.com | udp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh5.ggpht.com | tcp |
| FR | 54.36.176.112:80 | geoloc3.geovisite.com | tcp |
| IE | 172.253.116.82:80 | blogergadgets.googlecode.com | tcp |
| US | 8.8.8.8:53 | lh4.ggpht.com | udp |
| GB | 142.250.180.1:80 | lh4.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh4.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh4.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh4.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh4.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh4.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh4.ggpht.com | tcp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | www.tvquran.com | udp |
| GB | 142.250.187.193:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.187.193:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.187.193:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.187.193:443 | lh4.googleusercontent.com | tcp |
| DE | 51.89.7.154:80 | www.tvquran.com | tcp |
| DE | 51.89.7.154:443 | www.tvquran.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | 112.176.36.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.116.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.7.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 172.217.169.14:445 | translate.google.com | tcp |
| GB | 172.217.169.14:139 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| GB | 142.250.187.193:445 | lh4.googleusercontent.com | tcp |
| FR | 54.36.176.112:80 | geoloc3.geovisite.com | tcp |
| FR | 54.36.176.112:8080 | geoloc3.geovisite.com | tcp |
| IE | 172.253.116.82:80 | blogergadgets.googlecode.com | tcp |
| FR | 54.36.176.112:8080 | geoloc3.geovisite.com | tcp |
| FR | 54.36.176.112:8080 | geoloc3.geovisite.com | tcp |
| FR | 54.36.176.112:8080 | geoloc3.geovisite.com | tcp |
| GB | 142.250.187.193:139 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | islamqa.com | udp |
| US | 8.8.8.8:53 | www.islamway.com | udp |
| IE | 31.13.73.22:445 | connect.facebook.net | tcp |
| GB | 172.217.169.46:80 | www.youtube.com | tcp |
| GB | 172.217.169.46:80 | www.youtube.com | tcp |
| GB | 172.217.169.46:80 | www.youtube.com | tcp |
| GB | 172.217.169.46:80 | www.youtube.com | tcp |
| US | 104.21.48.89:80 | www.islamway.com | tcp |
| US | 104.21.31.28:80 | islamqa.com | tcp |
| GB | 172.217.169.78:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.31.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.48.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | ar.islamway.net | udp |
| US | 104.21.13.253:80 | ar.islamway.net | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| US | 104.21.13.253:443 | ar.islamway.net | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | udp |
| GB | 142.250.180.9:443 | img2.blogblog.com | udp |
| GB | 142.250.180.9:443 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 142.250.180.14:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| IE | 31.13.73.22:139 | connect.facebook.net | tcp |
| GB | 142.250.180.14:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | 253.13.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.201.99:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | ar.old.islamway.net | udp |
| US | 72.52.116.66:80 | ar.old.islamway.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.187.193:443 | lh3.googleusercontent.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 216.58.204.74:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.204.74:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.204.74:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.204.74:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 172.217.169.86:443 | i.ytimg.com | udp |
| GB | 216.58.204.74:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.116.52.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| GB | 142.250.180.14:443 | developers.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | static.old.islamway.net | udp |
| US | 72.52.116.66:80 | static.old.islamway.net | tcp |
| US | 72.52.116.66:80 | static.old.islamway.net | tcp |
| US | 72.52.116.66:80 | static.old.islamway.net | tcp |
| US | 72.52.116.66:80 | static.old.islamway.net | tcp |
| US | 72.52.116.66:80 | static.old.islamway.net | tcp |
| US | 72.52.116.66:80 | static.old.islamway.net | tcp |
| US | 72.52.116.66:443 | static.old.islamway.net | tcp |
| US | 72.52.116.66:443 | static.old.islamway.net | tcp |
| US | 72.52.116.66:443 | static.old.islamway.net | tcp |
| US | 72.52.116.66:443 | static.old.islamway.net | tcp |
| US | 72.52.116.66:443 | static.old.islamway.net | tcp |
| US | 72.52.116.66:443 | static.old.islamway.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:445 | www.google.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | tahasafeer.blogspot.co.uk | udp |
| GB | 142.250.200.33:80 | tahasafeer.blogspot.co.uk | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e765f3d75e6b0e4a7119c8b14d47d8da |
| SHA1 | cc9f7c7826c2e1a129e7d98884926076c3714fc0 |
| SHA256 | 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89 |
| SHA512 | a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079 |
\??\pipe\LOCAL\crashpad_412_SZSALRDJGINRSNKD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 53bc70ecb115bdbabe67620c416fe9b3 |
| SHA1 | af66ec51a13a59639eaf54d62ff3b4f092bb2fc1 |
| SHA256 | b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771 |
| SHA512 | cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3acb4011f46645ea3c0daf4d6ef9ea1c |
| SHA1 | d58c5c7af0a259713afbcec45427dcf571de8cf4 |
| SHA256 | bd0d6867783ebfa879c76a475844a67f4444b380f4b3913a038ff5cfc12911a7 |
| SHA512 | eb012826c6fac64604077bc751079c61c756c61f64b5a22e3b7ae623d4625f8f4eb0dd436775176dcd5089ea19dd612ea0df7e58434b30735b4ca23bddd08c47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9c0d0fe8826491fb40f37de0ed8730fd |
| SHA1 | e35ee3c8a9497b2705ef39e8a141fde963eb3eb2 |
| SHA256 | e08420820c77b9f61f2d63e9cf985f380b69ea5dfdc284d9e3ad4357fb6111ff |
| SHA512 | 3f0778aa49b39cb47e312509a8eef99fede3dad05fbf9c1dc7a3b383c56cea32a2e220ebd0cabe7cff1e8c2bc406d64fdf12d2070508798cd0212c4ad5e44289 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\98267329-8747-43d0-8b57-0103b3273593.tmp
| MD5 | a453d8c58147219c0edf90afd7e3f89f |
| SHA1 | d8d8e4c93e5322dc20a8a59c21962f8a5a201044 |
| SHA256 | 9501d12ef56a2a1cb83d149bae14e0e82cc7cbb71d88e8ad5896314b55cbcd10 |
| SHA512 | 2ca8cb800440328c2129ddb6de30b8fffc79bd88d5e00a651d91ebbfb1936f094e0933a27e6ecc29efa6953ef1cb13e62fa31baffcd53ef4d30926b722d579a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b29e914e7baa0885e0bbf90d79afb22d |
| SHA1 | 44945e277bfe81c5816ea9ccc29918ec885108fd |
| SHA256 | ea3a1f6dee9d8337e58bcad9ce6a7c8c45fa82e4539c8693210aed0fdf7242aa |
| SHA512 | 89feea64369e0633c6476a46e6ebafbb4cd4ee586563aed5fdea791095d3eeba57f453425213d49f5e82c51f3e7609c64fa03dde7c799a1aa012e00449a82047 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0c637395c112e69183f51d94cfeae760 |
| SHA1 | e6df33f31690f14a3b520d37011d0c1d67d8768d |
| SHA256 | 96f0cfd17f3eb0e57cddf8eae3d485ac18df5601fe53ca3769388d488685910a |
| SHA512 | 33aa71ebf62f941e330d4be7ce2885cc51c2737f33d85d9172962de1045664043508e4f02ee9ccb28fb00c97a60e5565c4647df089e42cfa52347e8e79c21f27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583999.TMP
| MD5 | 02b8c892e0001d92c09333ab80e11318 |
| SHA1 | 0d0a1afe0b8c8e9efc51ca2f9a03178ee6f5be99 |
| SHA256 | 484c6559969ecb98442ed08081583f6dbd4d45e84c02488cc0efd525e8f51055 |
| SHA512 | da6c456df802562e4bc321ec74bdea8357953cb28bc432ab5802b8c64b7f05457b11b2129d70a3590ec907253af277016c60c149e7d14fce76f65aacb7a4c0c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038
| MD5 | a0423f1305547bb6b8f5a4fb1a9fc2d8 |
| SHA1 | 092dcf1fe57e6bb53821eb754e04188ee70602d5 |
| SHA256 | 6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8 |
| SHA512 | b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | 33a83c16527e4531fbfca2631f653674 |
| SHA1 | 87a63514c262ba4bffc52d2ceebb3ca14353507a |
| SHA256 | 1156bb50a264543f6a9dc8922dd2c65d444c8bb11b3b18be95d5adff840b33b4 |
| SHA512 | f1dba28d0f81aa0894436ae7b4ba76a2e635f002f666d17d31b8b21500dc2321d7862ca8dcfd22e44aab4d1f33112c076dc95191c889546a40f9c6197cccbda3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 222564e1fd5a2e14474b5e3be33fc375 |
| SHA1 | ff57dcc1b4749d95e934bde11fd0562e81bd71eb |
| SHA256 | 34d349c054f5436992abf88a6a005cf6eeb4d71c4db2f3dd3d0fe29a83366827 |
| SHA512 | c15927e93cb5adcd92a0f08ab45f3f560bcb7a884e4b66b28590b441b61b0df6b55a78e08cc2bfa86eea64e3b646c0cc2b6fbbb9616aacf7874bfa8b7d9210c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | 2b5dfb1918c67607a49e6f784b48797a |
| SHA1 | a8830395cceb8de7687b3b751c6626546f307d47 |
| SHA256 | 5aa5e0d95839092c4545fea0928eeffac76690e8adf533d97b600e97250dac8a |
| SHA512 | eaab7c07e1dc33f43aae512b77a2217af2189aede83c97dc73f2be7a17da5b1a242f47c7bd272ab13c9513d837fce6ce0ed0114b27971543370413b2a9c5dcfa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 019ec53a080185a7e8c78b82786d3c6f |
| SHA1 | 667726b2158a57f230654fc756c35ccbf4dc1f0b |
| SHA256 | 75cdcb35b5469d7eab99f82f525c358e35e2edb91c9b7f63073e7371d64559fe |
| SHA512 | ec2632dfb1bb39709cbbd21e12bbbe06d08293f1186bb8dac97a84c9449d113d542d3192e038c8e1be2f4d15e464194b016d684973d7232375756891877a7435 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 217c0a601d0ec0844637d710abba72e5 |
| SHA1 | 561128861b7e41e7093dabf8efa5fff35e63db17 |
| SHA256 | abbd183595aaa600aea79079a5de3662fec5e2a99831c8aeb49e24ce4d8d9228 |
| SHA512 | d90c42189e7666208425eb264c5073eb0c55f3c73d679fe0a8b64b22667a4a59a28b6762a54796d62ac284d1b45c20164d1737bc31a53f6c6d01a0fc19be3e7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 66749d987b5fd5acfcd4fbcb6f37f3dd |
| SHA1 | 4758a6eca7802280a548a95b0ae045ebcc565abe |
| SHA256 | d2b61b3de200730bdd120e1b77a9fa06276236b1031660eed15d145a89029028 |
| SHA512 | a49c2ce891dc1d7673591ac4c004217e2b788846c5684e87d26ea4141bfdaa930b389113d1bcbe474e9ee711b127e264ff61837afdbfd25160bb6f65f67d5067 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cf8fcf51d2422586000ce6ee267cb111 |
| SHA1 | bec48ee41febfaa9461d074ee1f71d12c4190729 |
| SHA256 | 3d33001f729fed5e3d055805e3209cb0e2210885d40c37955c72918d52bf6b68 |
| SHA512 | 1c86bee204be8b6e419a7f3bd92e2dbc7b04168c73aab7e7d3e2bc2715a0d21d51ca5c9a3a4fb92a12dc8fa5c555a6ac306a2d66939bc135f5e56601f3dd00c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 88939777d016d654591c3a6b3837ba7c |
| SHA1 | 20fe748b50ae63354249cc1908acbb8f81f30799 |
| SHA256 | 5585a728b542ebd510367cf687cdc73ad868ee8c063298ae81db46ade5d11a82 |
| SHA512 | 1e8f07f1abfa250388c7f50a49950a0a1e012a0a940721f14a9e78d441ea80daa353eff17424c48e4580f69607a819b9de0321df3991367da7663caaef563327 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1eea1c2f924a2d0d9627b0d0b4f6efe9 |
| SHA1 | 9c801bd1288e71c8ae54bbfb36ef92aecab98023 |
| SHA256 | 2d32ce37761cd4c60adf239534dd30bfff124caa86ff01ed6826ad9cd5f317d8 |
| SHA512 | 69d6e69c03acce182a90c8138e64824f1be3a5d79bac014dcdfeb7b799afd302bf91cfcd1ee8975d492d37494b764d7d2f41aaf2d4af253631159eea5985dc00 |