Malware Analysis Report

2024-12-06 03:25

Sample ID 241022-nse55svfjr
Target 6a4e10408f9f89b6d4c6acd55987c296_JaffaCakes118
SHA256 6bb364ee278167c4f1a6b3e5d417054d4a3d119c5da398f4419715a7ad2d3250
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6bb364ee278167c4f1a6b3e5d417054d4a3d119c5da398f4419715a7ad2d3250

Threat Level: Known bad

The file 6a4e10408f9f89b6d4c6acd55987c296_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-22 11:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-22 11:39

Reported

2024-10-22 11:41

Platform

win7-20241010-en

Max time kernel

133s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6a4e10408f9f89b6d4c6acd55987c296_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b960000000002000000000010660000000100002000000041830726e12c20b0e65d2e535797b6714db831022cb0372297b66986ac05059e000000000e800000000200002000000090b4e48efabaca30a82b731b2fa10606d7fa79601727bf81f1086010cee9e4fb900000002f591347b0e4d2a351332175d1b85688d77bc1263ec305b97bf0a6ff4eca5d7fcc2109f891cc3f837832821793a1e28b76b2b6c9cce573cf5b6f12261f5b5b81be5a894e8d475d8e2a3a865b98deb87a4a54f44267cccc3d1ff89369d6c9e59d83b86ad59221672022d93089dde8fb5029dc89c28b60c32dd6b239262a45749aab5c1da08739a1da0e3b4ef4abdc38b54000000027a8a47b8908bc36b71dc1e4968f5bac387a675a5991aee3c28c561f2521fcee4523511c2a915557ebf9ab81cb12dfb0f19a267b3f8a18f56cbea21f404efa9a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 808005367724db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b960000000002000000000010660000000100002000000033d1e74c6722093614a892ca847dd3c80a726ea70aafa52bfb25bbf76ef8c26a000000000e8000000002000020000000090d5eb08ad573224edf869a3e23f9313dac6388311c1d58fb64fbae61a475ed200000002204e451845645c6c851630e8c2b6d246cca34d42d740a85ff7d18b87e2e56cd4000000042b74aa6089e16e1d275142080670debb707ff9d76bece8b1397cfb788f7570ea68e5c4bb922461c66fb820daf642d9a986bb099a415de5e988b3fa898f391c7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{482852B1-906A-11EF-807F-4E1013F8E3B1} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435759030" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6a4e10408f9f89b6d4c6acd55987c296_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2952 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 pwam.googlecode.com udp
US 8.8.8.8:53 entrecard.s3.amazonaws.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 blogergadgets.googlecode.com udp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 lh4.ggpht.com udp
US 8.8.8.8:53 www.gmodules.com udp
US 8.8.8.8:53 static.networkedblogs.com udp
US 8.8.8.8:53 nwidget.networkedblogs.com udp
US 8.8.8.8:53 static.99widgets.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 www.lijit.com udp
US 8.8.8.8:53 bloggers.com udp
US 8.8.8.8:53 image.sitebro.com udp
US 8.8.8.8:53 www.sitebro.net udp
US 8.8.8.8:53 www.topblogarea.com udp
US 8.8.8.8:53 www.blogtoplist.com udp
US 8.8.8.8:53 www.topblogging.com udp
US 8.8.8.8:53 www.blogrankings.com udp
US 8.8.8.8:53 www.mynewblog.com udp
US 8.8.8.8:53 www.india-topsites.com udp
US 8.8.8.8:53 www.zimbio.com udp
US 8.8.8.8:53 www.yousaytoo.com udp
US 8.8.8.8:53 img1.top.org udp
US 8.8.8.8:53 www.rantop.com udp
US 8.8.8.8:53 www.freewebsubmission.com udp
US 8.8.8.8:53 www.sonicrun.com udp
US 8.8.8.8:53 www.links-pk.co.cc udp
US 8.8.8.8:53 www.123khoj.com udp
US 8.8.8.8:53 www.activesearchresults.com udp
US 8.8.8.8:53 www.hitagent.com udp
US 8.8.8.8:53 www.blogtopsites.com udp
US 8.8.8.8:53 www.blogflare.com udp
US 8.8.8.8:53 i155.photobucket.com udp
US 8.8.8.8:53 www.blogrankers.com udp
US 8.8.8.8:53 www.wikio.com udp
US 8.8.8.8:53 choenblogspot.googlecode.com udp
US 8.8.8.8:53 track4.mybloglog.com udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 tweetmeme.com udp
US 8.8.8.8:53 www.stumbleupon.com udp
US 8.8.8.8:53 d.yimg.com udp
US 8.8.8.8:53 orkut-share.googlecode.com udp
US 3.5.16.86:80 entrecard.s3.amazonaws.com tcp
US 3.5.16.86:80 entrecard.s3.amazonaws.com tcp
GB 216.58.201.98:80 pagead2.googlesyndication.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 216.58.201.98:80 pagead2.googlesyndication.com tcp
GB 172.217.169.73:80 img1.blogblog.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 172.217.169.73:80 img1.blogblog.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 172.217.169.73:80 img1.blogblog.com tcp
GB 216.58.213.10:80 ajax.googleapis.com tcp
GB 216.58.213.10:80 ajax.googleapis.com tcp
BE 108.177.15.82:80 orkut-share.googlecode.com tcp
BE 108.177.15.82:80 orkut-share.googlecode.com tcp
GB 172.217.169.73:80 img1.blogblog.com tcp
GB 172.217.169.73:80 img1.blogblog.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 104.22.71.197:80 static.addtoany.com tcp
US 104.22.71.197:80 static.addtoany.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
US 13.248.169.48:80 bloggers.com tcp
US 13.248.169.48:80 bloggers.com tcp
GB 18.245.253.42:80 www.lijit.com tcp
GB 18.245.253.42:80 www.lijit.com tcp
GB 142.250.179.225:80 www.gmodules.com tcp
GB 142.250.179.225:80 www.gmodules.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
BE 108.177.15.82:80 orkut-share.googlecode.com tcp
BE 108.177.15.82:80 orkut-share.googlecode.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
US 104.21.0.139:80 image.sitebro.com tcp
US 104.21.0.139:80 image.sitebro.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
US 173.49.115.115:80 www.activesearchresults.com tcp
US 173.49.115.115:80 www.activesearchresults.com tcp
US 199.59.243.227:80 www.sitebro.net tcp
US 199.59.243.227:80 www.sitebro.net tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 104.21.23.102:80 www.topblogging.com tcp
US 104.21.23.102:80 www.topblogging.com tcp
US 172.67.177.143:80 www.mynewblog.com tcp
US 172.67.177.143:80 www.mynewblog.com tcp
GB 3.162.20.115:80 i155.photobucket.com tcp
GB 3.162.20.115:80 i155.photobucket.com tcp
US 104.21.95.51:80 www.wikio.com tcp
US 104.21.95.51:80 www.wikio.com tcp
LT 79.98.26.232:80 www.yousaytoo.com tcp
LT 79.98.26.232:80 www.yousaytoo.com tcp
US 3.33.130.190:80 www.hitagent.com tcp
US 3.33.130.190:80 www.hitagent.com tcp
US 15.197.204.56:80 www.rantop.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
US 15.197.204.56:80 www.rantop.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
BE 108.177.15.82:80 orkut-share.googlecode.com tcp
BE 108.177.15.82:80 orkut-share.googlecode.com tcp
US 34.227.33.210:80 www.blogtopsites.com tcp
US 34.227.33.210:80 www.blogtopsites.com tcp
GB 87.248.114.12:80 d.yimg.com tcp
GB 87.248.114.12:80 d.yimg.com tcp
US 52.20.104.98:80 www.stumbleupon.com tcp
US 52.20.104.98:80 www.stumbleupon.com tcp
BE 108.177.15.82:80 orkut-share.googlecode.com tcp
BE 108.177.15.82:80 orkut-share.googlecode.com tcp
GB 18.245.253.42:443 www.lijit.com tcp
US 104.22.71.197:443 static.addtoany.com tcp
US 104.22.71.197:443 static.addtoany.com tcp
GB 3.162.20.115:443 i155.photobucket.com tcp
US 172.67.177.143:443 www.mynewblog.com tcp
US 198.57.150.101:80 www.123khoj.com tcp
US 198.57.150.101:80 www.123khoj.com tcp
GB 18.245.253.42:443 www.lijit.com tcp
US 35.91.2.62:80 www.links-pk.co.cc tcp
US 35.91.2.62:80 www.links-pk.co.cc tcp
US 173.49.115.115:443 www.activesearchresults.com tcp
US 52.20.104.98:443 www.stumbleupon.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
HK 47.75.130.169:80 img1.top.org tcp
HK 47.75.130.169:80 img1.top.org tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 172.217.169.73:443 img1.blogblog.com tcp
GB 18.245.253.42:443 www.lijit.com tcp
US 8.8.8.8:53 o.pki.goog udp
US 74.208.47.213:443 www.sonicrun.com tcp
GB 216.58.201.99:80 o.pki.goog tcp
GB 216.58.201.99:80 o.pki.goog tcp
GB 18.245.253.42:443 www.lijit.com tcp
US 8.8.8.8:53 entrecard.com udp
US 104.22.71.197:443 static.addtoany.com tcp
GB 142.250.200.36:443 www.google.com tcp
GB 172.217.169.73:443 img1.blogblog.com tcp
GB 172.217.169.73:443 img1.blogblog.com tcp
GB 172.217.169.73:443 img1.blogblog.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.201.99:443 ssl.gstatic.com tcp
GB 216.58.201.99:443 ssl.gstatic.com tcp
GB 172.217.169.73:443 img1.blogblog.com tcp
GB 216.58.201.99:80 ssl.gstatic.com tcp
GB 216.58.201.99:80 ssl.gstatic.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.10:443 ogads-pa.googleapis.com tcp
GB 142.250.179.238:443 apis.google.com tcp
GB 142.250.179.238:443 apis.google.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
GB 52.84.137.125:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 www.zimbio.com udp
US 8.8.8.8:53 entrecard.com udp
GB 142.250.200.36:80 www.google.com tcp
US 8.8.8.8:53 www.blogrankings.com udp
US 8.8.8.8:53 gelgit.tk udp
GB 142.250.178.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 worldcutegirl.blogspot.com udp
US 8.8.8.8:53 widgets.digg.com udp
US 104.24.20.71:80 widgets.digg.com tcp
GB 216.58.212.193:80 worldcutegirl.blogspot.com tcp
US 104.24.20.71:80 widgets.digg.com tcp
GB 216.58.212.193:80 worldcutegirl.blogspot.com tcp
US 104.24.20.71:443 widgets.digg.com tcp
US 8.8.8.8:53 www.blogtoplist.com udp
US 209.90.91.147:80 www.blogrankers.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
HK 47.75.130.169:80 img1.top.org tcp
HK 47.75.130.169:80 img1.top.org tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2204.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar22A3.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45e0218eab2667c0e3e41e5246c15d97
SHA1 3deaa9063cc103304fe61177790c75e783ad55a2
SHA256 9e0acbbe2814d631a5bb7d3aa527927857f823b74556987861c206e468bcdbe1
SHA512 df6f16abf9762f166506dd5b0153efbcf0592f62664c70c0b3c4e078ad13a0434fc8e30c4b60c1c3d5f66bcf75f07ef5f48bcab91ca2c58ff473f9eec8fa23c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f5212d8c89fa4df66b82a6f3abd77f7
SHA1 20dfa01c6a3ff9d608f64b8cf3287a54effa8bd5
SHA256 d17ac975f0ad88fc4f9701814326c3ad1cf732129ed885be5a9b10b72ec8cc6e
SHA512 727363dc9d8d43e32eedc9d73dce42d8509e2d812fd6c10e0e75c85e1c755b8e8ffe4d89dd303e77323d7506fdc56c726ac702a39934eadde2c0a60448827e88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 f2f2d9c1e4522d8a1018ece128db8265
SHA1 a95ee44c0c0c226d4db45fbfd8bcce74e12f6021
SHA256 7f47250fc08b7e12a546b2cb961ccc6d09f93b7bf2ab43db0ff3f725a1d205b1
SHA512 1bcf41aad9cc8ceb3cdb7822c0c8e9ea913d088f473374d4fce1275a536b519907be9b0f502f289793315db5f0eee4ad72c2332a90373ae87c940c0594fe0dcd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e73c3dba9e649c0004bbc40aae9a628
SHA1 00edd27feb448d46dcc14c6a646dd358765a2877
SHA256 50385e5d1489855ad4dcf02ece3209c8e138d637597cf54545da78f98db86e10
SHA512 af164d6a6152d944b035227541d8110df1cfabc4d856294ed4bde76617fc7d2defa1a76154c2f7efb2ce60265abc0e5299cf611d9fb4ead6163c45aacb4979a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fde0e5ee171bb63d449342071d9edc08
SHA1 c702394315855d4fe2ef9b51524aa13bf9343894
SHA256 bbe6d8def5ab0de3b662dddfae697e86fec2764f1b9fd0c80059243baa427248
SHA512 867d9cb7f010ea3ac6f09ba5eb61dfb26b01c118ec8a730c2cf784e64a41edca7b2bac6bf6b8ead734ff2e0b5ef998d722c41132cdf6135518f14c18156ec6e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee7e671d9f0537ffc24c0daad9dc2f16
SHA1 f89cb01a88f91c8628f903edfaea4833fb276be5
SHA256 ed18db7ea4505a8d2cef42a60e2b7f5c802deb23fc57de5f1a966b698a839d18
SHA512 71f9dedd27280e46a7c45140adc0d838e3aff6774dfa981a555fa1ac7f2eebfb69ce128b0d8ae4ed6b1c19d16ac033413580e302bd23b6cb4804c6183c5dc9fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd833aea135760cfe9626b862d7e778c
SHA1 8881114833786918866b120b6063dfe4f05d3a4a
SHA256 5022e67718fa6521543d086a1721b85541da15ce06f54e37df3078af6a4e0bbc
SHA512 10f769157eae0386952d995362378f2eb19bcadd6d9a414827e45ef9ffc982e144876f113d1565d7c57e360835662edfaca0be1a8d7c4ee25bba723e48aaf764

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a81bab0ae5e8d0601990391a39bdcc06
SHA1 47cc9abe0af96cbf0cd67e4b15b2d016efacc8d1
SHA256 39d0e0a1edd6132ab569033db511eaeef6be883e01de4f50513e7e85a52194ae
SHA512 8a39231a92e59a0fceeaac11d9fed22ee0a51f88b70978a1f6dcf42e45d8072127d67bb54eb1c39ab7dcb0752ceae7cf54cdbfcea52952c4e8fcc8703a8a9d2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb30a90512d861a5f2d63e8d8470689c
SHA1 06def167946ae14c9b3a42ec9a592b354074078e
SHA256 b64b906979914e8cd2b3851784cfdea24acb9684447186715cb77eaf246d63e7
SHA512 316cfa668ed7dc82d14573e85b092e7a0f2ee8654854a039afa9e601ba8ea7f12bda59c19fe2792d131ff6c9ca0c897979ec502096a4baaa8b37e4ab1cfa4c47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60f52ec2eeae11b4781aa3a8ed30bd06
SHA1 a4ba56e6b3645ba20e262741dbab63d5b54fd442
SHA256 16e0caaa84aaf7bdf7a06baad4d0b8b0bebe4e34cd7a7a95f8eeff1a7d5ceed3
SHA512 bc2b8bcc3a986550f2625c305769302d0030b6678d37e84d3bf90a157fee554a057e0f123a2b6f6ca5c0c5c4eb2c4be017a8850853e46ab85d3b7656ad528626

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0PVW9XR\f[1].txt

MD5 e4636a4d3598c3828478d5c4c41e320b
SHA1 cd24ce897aa2a17ab43416168b5414bcab86e1af
SHA256 f03f2b6312537f46171cdea01fcbeca6d826d0cc1ecbbd106036c355de8a27fa
SHA512 d2f461d07da25c944d104ab853e9383053d1437714db983c39ed5aa7990ac4c4a173056c85330acbaf790f7f416c392d76c610895ceb1705786f2c09006a1449

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc5d4633b366a245a6e8972f72e06ed5
SHA1 aa2d717d530809966a288ca9c40215a6a2bef847
SHA256 06235f4e6c21383255daa9567919265738e8917ae5769a6b8fc901626e92986d
SHA512 324b5f5901399117cf3da386ea71f439dd3fff92ddecee82c0e27471a750005189b9c4f33bc4757837f3706f0e448071cf99eadbca199a315bfc80ac806e5e0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f42102eeb25d9e37855ffaf91ea16e73
SHA1 b36a588fe2f4c1b71b295dd7e5577e38abadb3dc
SHA256 807d47bf0c9b1662938865af6f30f5d9b75ba91760489e83e09211d9fa49aef1
SHA512 721dae32b4010dccd4851bd25e5d7e5b28ee9953a3e278af3ba76070cc9d239f4ee9e28c5ecbd4cce757d5776f988d251aced08fde5c04aa7bf201b76c39272b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72e7a081644ce00fa433a712981effa5
SHA1 108f231f514b2be8cd983cbebe3c11a6346ff2b7
SHA256 fabcf6612f2207c30e4e4c7e4c7a049e5566a97a96b3d855682507e5ac71f8f8
SHA512 8d6c2070deb7b71fb1008460965696d42fb9be5ea81edd270a55fdc8ee606b8e9c57ca6eb89454dc4040ddbe554b0267020d6ae0d992d37d6302a66c57207952

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 907eb8b565b7c82e185de76aadf38f8f
SHA1 6de12f99bf40f58de3ab85b859dba735017c66a5
SHA256 4a83e57403da3efb00a4c2bd02412d20f95f1818533890906570f7c087744846
SHA512 fd23885285b98b0ae5c943153dc7f84d392a74ba5f1a5eea3954fed276a609d14f79e288e7cd5d95562c12412fb61ff48282a2a41613d1f96cd0443f0ac3286b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6bf29a6d812e435477f314b21401010e
SHA1 6ca98f1255b290ff1d9068277c61073bf01da66e
SHA256 1efd3b447f48dcb38a94f9d8d5e50efb925414787838fae60d4ee781fec4d3fd
SHA512 baf1f20b80b05cb3ca65ebebcaa2a2783974967ee8120805fb3a779dd1785f2152057eac3bd9f4c9081611d931cadeb44e79df93bab1a4fc31409e75682b124e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e54c212aaf17f5e895f5303ee2cb90f
SHA1 71a7222c43ae624c9f92023027caff51ff133cb9
SHA256 ec92d1d77eac390ced8b79e75716f6cc146e8d8b3e3124209d40bc44f54d048d
SHA512 a67992c5140bee74e691c852cc09541e108a682e2a2d95a2d3e3ba2dcc63da5384401ecabf6d98ee8645757091840788f033be348be17f8190f22670619960ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c34b6ecbd8829be6ea274d8f0e5ea23a
SHA1 cef285b7975ff7e34e010499fecc77d5dc4a62ea
SHA256 fc717d2b28ccf4df298cfa398a289b2503900bf8325c1254098c49e907c5c44a
SHA512 cafc4d7cb7a27b8b27be3368b6a85a11193a3b3e0a2bcb9283d0b51d1d68a68d2b0fed010f8cf0ec8f37769a03d4060fbcb8c3435343ec72ea870c2fcc397b3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 816cadc7e5fb0fa47eba9b4af8ad8e32
SHA1 cea13149484e0ad990c4d0380079cbb34f5e3203
SHA256 6ab544be663008c42943e7988370f6ca8fab6b9b00b59008df353769bbed3eef
SHA512 bc2d690ccb2aa51e2cb6c581e6f3e7fc518291214e21240a143d2288a87ad6dea074eea97babed945271e7f00c9f3b1844f5882d47b34b97ba162b6d69038476

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2946401c4eb23d077f06e65a0dc039a
SHA1 a58f602ab0eb60013578f98ed12ed59d310fce91
SHA256 8f2207c4685263e11841a19c3a24fdf3aebd9dfd4643b1c835a9e11892872c16
SHA512 592f440d61edc38d7a88c7c9e0d7070d4087ff1e5f1dc2d98cd8fef73ae1135513ebb67be7dea51e05c2c255dbe4d876fe69d00414c4eb55833fbb1291b34a25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfaa33dd4f2b77331a2933cfe697bcd6
SHA1 ea42051a1f2b53834d3bce153ab26be447a23166
SHA256 85f9949cae56fe9fb2b5e8fc04dc5224fae57fe3e3ebe627813898589da0beeb
SHA512 47c7c27d47601b8367ef154959e98a47aee7531f13d67d59da4ed095108eee80456e767e26d526665150988bb29c8e5200fa9f749b56bb462e068ad90b38484a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86944ab4cbd0b1be769dcba247d76e21
SHA1 47268da6ba9c4aa8b5028a9460e0ea0caca19aa8
SHA256 82d0a47b686c196d8a95fa6da4e2d9d10de8cc01f5f9d0d293f43a54b4987631
SHA512 0e70fea2f58efd361cf4d7544f43f4c65637a49fa1936bfb48233c9e12cc8087854573d8b11993d8c9ecb186b77584bfb070b4824fe68a154cb23361c9450fbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 297ad2f99b3778b26313199820df0989
SHA1 415c85ffaa061e887a574a6eab8a519da654449d
SHA256 eee061db3c4b2c5ee6d6d63464b789e7b9618c5bf95a2be44208fe7569c369e3
SHA512 d6c4477c192786f29e9b6ea8758715c719ec52f4998087f993d2b220025acc756146a4acb9bd5314069c92f6d56d2b52567d376349b3ca176f6547706f156a8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fd7fbe9e475465c06682d02362e2e9f
SHA1 89c72011b3919ff3b14212b2b978582b14120aa5
SHA256 a1f03d1839e5ad1ec65281a7c2c9460c3fe544472c64d97dadceafe58e1d27d0
SHA512 58c7da133faf17c7ef9622612bcbc6acc0b62866ead7e466d67d9a41a59a1c8355ab4522c89a972033afc1ef3fb2f37d4f8ed07f79d36a23f53f4f8a5fcab44b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37aba719c1c03c5bcc39277d48ce436f
SHA1 99463edeac2e7e8c6fec4824b783c461c13a43d0
SHA256 d30f97bcaa2a3d755699ef89adcc556b08397f609c538bd15088c67ba3d609f7
SHA512 2fccb921efb5bae29436d1183a1aee2104006ffb3bfc64430031c4512643191e5b9167fb2194e0d9f225c54113a66bb7739d16c4d43d59af8ca3bfcfc182c1bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2fdc57c046888cb90236be2dc7c6040e
SHA1 d0bb58f5ad1aabca4b25279aaa7b6305297899c1
SHA256 fc1b6e678f7b4f74db311c39e65fd275ee6a8327ce9f542e7e8a82c102ac2942
SHA512 6122038f5f7c4802cab0cddc417e25d56f9f239381fed071870d9796aaba010bd902bdb199a9528648aab0c9a5d2f6a522db89f99cc92f3d252226575c97a18b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b38bcff08b38936c7fa5f1b4a13d1eb
SHA1 0a7bd1ec058544b746feac12b40a30696d452e45
SHA256 b37f729abc42bd0dded01a9298be77d442355d1c07be18bcddf3c2901ddee2cc
SHA512 34001a57ef2eb3c4934e06db64aa31b52f403db89546ad96031d4deb8a56f91c93e62f2f07e11979336aac373b267a8c54ad26dc42f2b91bac9e5cf6588a4340

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e5aa9a5e4ea99800711f5ad4d9b2ba4
SHA1 d8371c884022cfe8719a443bdeed5e2fe4f76082
SHA256 87e3ec4dcf99e72d60a5989a074f1319662051b5e4e21de3e624200aadc61b29
SHA512 ebb0adb69ebac1f3e6249469cf017a4f7d5c8784562fb59ba4ed615990efed437fcc615b124d648a9d576734440f8140a75ba420f55ae5c56096c03d358f94aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e522537721fa83d50d304312143e6d71
SHA1 47c4e078c59312acbcf66b91c8516d3005f406a8
SHA256 37c7eb9288b11bd2c44582e7ceef1c5e394497134c1ced36a80e8dec5d2089f9
SHA512 5427d638f90b1004ddd1d0040b3a8005e1c761eb5c7c5c69d120d40f8a14b8c920b099586146c72fd8deaed12eb000904298c89784d2c2b6834cc51b0f413714

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08ca66e785e3af6f7ba0ce2e176ed7cb
SHA1 8f33c574913d054bace81fbd8dff5204a0453717
SHA256 65a282189b2454c0c42436ce5f37c3a462e8cd4d62a775ab1355e27cd1a79c5b
SHA512 7dbdc104a8a17d5375079b7f35be5cbaba16699e509c383aeb72aeb2f4de2f16a97d9ed884b9c6ea5c66c525806e87333c2fb0247dfd4c0a8905631b1fe8247c

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-22 11:39

Reported

2024-10-22 11:41

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6a4e10408f9f89b6d4c6acd55987c296_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4408 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 3728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 3920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 3920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6a4e10408f9f89b6d4c6acd55987c296_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc27df46f8,0x7ffc27df4708,0x7ffc27df4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14855012220770244056,2568568289518785553,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,14855012220770244056,2568568289518785553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,14855012220770244056,2568568289518785553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14855012220770244056,2568568289518785553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14855012220770244056,2568568289518785553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14855012220770244056,2568568289518785553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14855012220770244056,2568568289518785553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14855012220770244056,2568568289518785553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14855012220770244056,2568568289518785553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14855012220770244056,2568568289518785553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14855012220770244056,2568568289518785553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14855012220770244056,2568568289518785553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7256 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14855012220770244056,2568568289518785553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7256 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14855012220770244056,2568568289518785553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14855012220770244056,2568568289518785553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14855012220770244056,2568568289518785553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14855012220770244056,2568568289518785553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14855012220770244056,2568568289518785553,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=180 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 pwam.googlecode.com udp
GB 216.58.213.10:80 ajax.googleapis.com tcp
GB 172.217.169.73:80 www.blogger.com tcp
GB 172.217.169.73:80 www.blogger.com tcp
BE 108.177.15.82:80 pwam.googlecode.com tcp
GB 172.217.169.73:443 www.blogger.com tcp
US 8.8.8.8:53 entrecard.s3.amazonaws.com udp
US 54.231.194.161:80 entrecard.s3.amazonaws.com tcp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 73.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 82.15.177.108.in-addr.arpa udp
US 8.8.8.8:53 103.208.201.84.in-addr.arpa udp
GB 142.250.200.2:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:80 www.google.com tcp
US 8.8.8.8:53 static.addtoany.com udp
BE 108.177.15.82:80 pwam.googlecode.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 104.22.71.197:80 static.addtoany.com tcp
GB 172.217.169.78:443 www.adsensecustomsearchads.com tcp
US 104.22.71.197:443 static.addtoany.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 entrecard.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 static.99widgets.com udp
US 8.8.8.8:53 www.gmodules.com udp
US 8.8.8.8:53 nwidget.networkedblogs.com udp
US 8.8.8.8:53 blogergadgets.googlecode.com udp
US 8.8.8.8:53 www.lijit.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.sitebro.net udp
US 8.8.8.8:53 choenblogspot.googlecode.com udp
GB 142.250.179.225:80 www.gmodules.com tcp
US 8.8.8.8:53 track4.mybloglog.com udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
GB 18.245.253.113:80 www.lijit.com tcp
BE 108.177.15.82:80 choenblogspot.googlecode.com tcp
BE 108.177.15.82:80 choenblogspot.googlecode.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 tweetmeme.com udp
US 199.59.243.227:80 www.sitebro.net tcp
US 8.8.8.8:53 www.stumbleupon.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 104.22.71.197:443 static.addtoany.com tcp
US 8.8.8.8:53 d.yimg.com udp
US 8.8.8.8:53 cse.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 52.20.104.98:80 www.stumbleupon.com tcp
GB 18.245.253.113:443 www.lijit.com tcp
US 8.8.8.8:53 orkut-share.googlecode.com udp
US 8.8.8.8:53 img1.blogblog.com udp
GB 87.248.114.12:80 d.yimg.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
BE 108.177.15.82:80 orkut-share.googlecode.com tcp
GB 172.217.169.73:80 img1.blogblog.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 161.194.231.54.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 197.71.22.104.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 113.253.245.18.in-addr.arpa udp
US 8.8.8.8:53 227.243.59.199.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 12.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.104.20.52.in-addr.arpa udp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
BE 108.177.15.82:80 orkut-share.googlecode.com tcp
GB 172.217.169.73:443 img1.blogblog.com udp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 52.20.104.98:443 www.stumbleupon.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 lh3.ggpht.com udp
GB 142.250.178.1:80 lh3.ggpht.com tcp
GB 142.250.178.1:80 lh3.ggpht.com tcp
GB 142.250.178.1:80 lh3.ggpht.com tcp
GB 142.250.178.1:80 lh3.ggpht.com tcp
GB 142.250.179.225:80 www.gmodules.com tcp
GB 142.250.178.1:80 lh3.ggpht.com tcp
US 8.8.8.8:53 lh4.ggpht.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
GB 142.250.178.1:80 lh4.ggpht.com tcp
US 8.8.8.8:53 static.networkedblogs.com udp
GB 142.250.178.1:80 lh4.ggpht.com tcp
US 8.8.8.8:53 71.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
GB 142.250.178.1:80 lh4.ggpht.com tcp
US 8.8.8.8:53 bloggers.com udp
US 8.8.8.8:53 image.sitebro.com udp
US 8.8.8.8:53 www.topblogarea.com udp
US 8.8.8.8:53 www.blogtoplist.com udp
US 13.248.169.48:80 bloggers.com tcp
US 104.21.0.139:80 image.sitebro.com tcp
US 8.8.8.8:53 www.topblogging.com udp
US 104.21.23.102:80 www.topblogging.com tcp
US 8.8.8.8:53 www.blogrankings.com udp
US 8.8.8.8:53 www.mynewblog.com udp
US 8.8.8.8:53 www.india-topsites.com udp
US 172.67.177.143:80 www.mynewblog.com tcp
US 8.8.8.8:53 www.zimbio.com udp
US 8.8.8.8:53 www.yousaytoo.com udp
GB 142.250.200.36:80 www.google.com tcp
LT 79.98.26.232:80 www.yousaytoo.com tcp
US 8.8.8.8:53 img1.top.org udp
US 8.8.8.8:53 www.rantop.com udp
HK 47.75.130.169:80 img1.top.org tcp
US 172.67.177.143:443 www.mynewblog.com tcp
US 8.8.8.8:53 www.freewebsubmission.com udp
US 3.33.243.145:80 www.rantop.com tcp
US 74.208.47.213:80 www.freewebsubmission.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.179.238:443 apis.google.com tcp
GB 142.250.179.234:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 www.sonicrun.com udp
HK 47.75.130.169:80 img1.top.org tcp
US 8.8.8.8:53 www.links-pk.co.cc udp
US 74.208.47.213:80 www.sonicrun.com tcp
GB 142.250.179.234:443 ogads-pa.googleapis.com udp
GB 142.250.200.36:80 www.google.com tcp
US 8.8.8.8:53 www.123khoj.com udp
US 8.8.8.8:53 www.activesearchresults.com udp
US 173.49.115.115:80 www.activesearchresults.com tcp
US 35.91.2.62:80 www.links-pk.co.cc tcp
US 74.208.47.213:443 www.sonicrun.com tcp
US 198.57.150.101:80 www.123khoj.com tcp
US 8.8.8.8:53 139.0.21.104.in-addr.arpa udp
US 8.8.8.8:53 102.23.21.104.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 143.177.67.172.in-addr.arpa udp
US 8.8.8.8:53 232.26.98.79.in-addr.arpa udp
US 8.8.8.8:53 145.243.33.3.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 213.47.208.74.in-addr.arpa udp
US 198.57.150.101:80 www.123khoj.com tcp
US 173.49.115.115:443 www.activesearchresults.com tcp
US 8.8.8.8:53 www.hitagent.com udp
US 8.8.8.8:53 www.blogtopsites.com udp
US 15.197.148.33:80 www.hitagent.com tcp
US 3.220.195.79:80 www.blogtopsites.com tcp
US 8.8.8.8:53 gelgit.tk udp
US 8.8.8.8:53 counter.goingup.com udp
US 13.248.169.48:445 counter.goingup.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 www.blogflare.com udp
US 8.8.8.8:53 i155.photobucket.com udp
GB 3.162.20.23:80 i155.photobucket.com tcp
US 8.8.8.8:53 www.blogrankers.com udp
US 209.90.91.147:80 www.blogrankers.com tcp
GB 3.162.20.23:443 i155.photobucket.com tcp
US 8.8.8.8:53 www.wikio.com udp
GB 142.250.200.36:443 www.google.com udp
US 104.21.95.51:80 www.wikio.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 8.8.8.8:53 115.115.49.173.in-addr.arpa udp
US 8.8.8.8:53 33.148.197.15.in-addr.arpa udp
US 8.8.8.8:53 79.195.220.3.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 101.150.57.198.in-addr.arpa udp
US 8.8.8.8:53 62.2.91.35.in-addr.arpa udp
US 8.8.8.8:53 23.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 51.95.21.104.in-addr.arpa udp
US 8.8.8.8:53 counter.goingup.com udp
US 76.223.54.146:445 counter.goingup.com tcp
US 76.223.54.146:139 counter.goingup.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
BE 108.177.15.82:80 orkut-share.googlecode.com tcp
US 8.8.8.8:53 worldcutegirl.blogspot.com udp
US 8.8.8.8:53 widgets.digg.com udp
US 104.24.20.71:80 widgets.digg.com tcp
GB 87.248.114.12:80 d.yimg.com tcp
GB 216.58.212.193:80 worldcutegirl.blogspot.com tcp
BE 108.177.15.82:80 orkut-share.googlecode.com tcp
US 104.24.20.71:443 widgets.digg.com tcp
GB 216.58.212.193:80 worldcutegirl.blogspot.com tcp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 lh6.ggpht.com udp
GB 216.58.212.193:80 lh6.ggpht.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
GB 142.250.180.1:443 tpc.googlesyndication.com udp
GB 216.58.212.193:80 lh6.ggpht.com tcp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 73.208.201.84.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 37f660dd4b6ddf23bc37f5c823d1c33a
SHA1 1c35538aa307a3e09d15519df6ace99674ae428b
SHA256 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8
SHA512 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

\??\pipe\LOCAL\crashpad_4408_HLCOILWGOTWWXKKZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7cb450b1315c63b1d5d89d98ba22da5
SHA1 694005cd9e1a4c54e0b83d0598a8a0c089df1556
SHA256 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031
SHA512 df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c0709978c140adef6becb85ef446509f
SHA1 b72f75ed5d625dee102a682d6dc6f8439b4ff47c
SHA256 86a4ecb32cec9deb93d8b7480e54ddae615cb23124b2853c30f25dbd3edd03d4
SHA512 fece0bd1718367cdee2bbbe3fe913510bd544359975ea48a57f82091c3dd02034dceda384e1d427504f47ab05a88afbfd67dbb810db2a9fc219737f96e7ff953

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7f3dd2896345a09f8b9836f3422fd0b2
SHA1 d66a2fbb44c80209798c940e55e42e7a4ba4ed77
SHA256 eddf54bb400a7efcd92cf20533ee0ca6ed5546589ac8f478ad0a594a17d1f49b
SHA512 c2858ad8c82368ead5a39f6a9e73d53703177cb52fa016fc6f01390912925fe2dcfc70aefc42a5383fbc81b9a477a2bf3c5295f91b770c1329775c8d4fec91f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 558c2646e4db4c41572153e4c9938063
SHA1 32da791cabf0e60090329cc8b78bcb5e7532f529
SHA256 b14a0827966785a870b5b340179df2f85e99fe1a8edbea16886ce5cf61579bef
SHA512 b0c2e2f6e0d1567eb21c231995be9e837900e1f8260892d3e1f2f05ab4029b82341f2f3bc3bbe3fee4e36a6c0171b58a3a46c5cb1c74cd206d18396d4288b87a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3271344c7986f149f8f0c648ca1347db
SHA1 b83688991d5c5de9b6c609d287f1d587281b540f
SHA256 4023229d9fb375b3158d650d673b01bd880466dfc2b6d7ed4facd92f2f8d2539
SHA512 4a78824fc29de9a3ddad496fa4c8c61ed6bb685234f3c0f88b7109fb0ee907b37bb82032b236c16ea74917bfe53a107f7bfe7072a7259dea3e45c5384746b234

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e665bfe866bd96c6f285b5742b450b78
SHA1 62c784acc08433366ffbae23b173fa6916f9f90c
SHA256 20bac62b1ec4b1de635a7e6fade31bfe34997607d6d3fdffdb7bd59d57c9c15e
SHA512 66ae8b2bae486b75c11e695fea019664bae0fff5eecc99fed2402ca0a153544da60532a096664c937a9327fd855e5a3d1d817ecbc203bb937fff2d038ce42ea4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7e0de80b6b5be9b087f4f4db40e5aac8
SHA1 c19ac805dfbc10991bb46d7b2d48369c9cc983ca
SHA256 0b8a9ec7161c0506beedb6db2063e42be403b40d50cdd4815f8a288cdc7a7b6d
SHA512 bb1b73c1c363f30e049dbb500d8e86122598494b5aa026d547d7f2851b46c842cf677ce28575999e36d072174c251afc42399c48d20bbb34f52e4c4308256621

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58170d.TMP

MD5 ed48dd38a81b26594692134e71fb9197
SHA1 06e0fa8b7c1b8a6273918c7e109b65ac008982da
SHA256 f1507047c2646c10370f04934a6b11e1b3e761a92fcde2f86a31304adf6d0cfb
SHA512 bbd15f5988f173f5c8ca093bf3f3fb0688684e6d56596c1a5847f85887e140c66011d420b18fbdcfcb71d1a2a718a527d2d6a5feb9166b929542c94bf29c05d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1b0e2e3002a371eb9953a1272a7ac39b
SHA1 6ac6d86db5f96f0b56d49bf0ed6fcafafb539dfb
SHA256 117b48b1792421b342fadd4bcedaaa53e62639f1ed023ce19d1d9434da9a7216
SHA512 cb3d74f230b50e95f4c99e0451c4ac76cfcde18e45e17e49992ff583ccccb26fe52bdc645961e33d9dd671f92b4c2351f8e99d323b2d4697645342ade4bb6086

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ae0b8441001d8df3bc4964d192b95717
SHA1 b9dd65c69ac9cdd697da78dc8b06f234a0a573b0
SHA256 b78bbd6fe3985cf2d9075dbfe3d22781f66f45955cf87d5f1acfe45510bd9e12
SHA512 f66569ef48818428b5c5fd9248b1e37d3b62c8200f60acba3b5771a199e6535ec482fd91404ed39715696842edf0beeb7c9d6d09844f7c4e4513164b136e66dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b90fec59a93c4863b54440ac41fdcf8a
SHA1 0180df5119b181c7091f0018aec44a14935567a2
SHA256 c8a872f753e25a7157937d958c6211ce7bf37a468fd95b10d6e97f763cf0c1f1
SHA512 945372f9576f3b32de21fa27457f3e51384061a34690ca05d925da081c86201818406ed8d3d67484d44ecce66fcdccf65a55eadf700aa690239b0b4aec2fe2d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 85ca397f61b70a5a36a36548b1134790
SHA1 e12875b46657b9a91e320481481db4dfa9a813a1
SHA256 4c5020dc9ff297fe2e13232db564e509c0b284d0107d907a1eedaf8ce03d6f4e
SHA512 7994ce2caead9867843b86f0fc03538c9fe7caceb84a26e3196cdb932723ccdb13017fee0cc37a033c9297e87e974ff3d4ab6bfc15262ff4e0def712a5fe4d33