Malware Analysis Report

2024-12-06 03:20

Sample ID 241023-vl2h5atalr
Target 6ff7678e16d644b98fb1727832779cf8_JaffaCakes118
SHA256 ba8642b9e7d8395eedbb92496337f2d47a5e41cf952281fa1acf091d8c241d7f
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ba8642b9e7d8395eedbb92496337f2d47a5e41cf952281fa1acf091d8c241d7f

Threat Level: Known bad

The file 6ff7678e16d644b98fb1727832779cf8_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-23 17:05

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-23 17:05

Reported

2024-10-23 17:08

Platform

win7-20240903-en

Max time kernel

143s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6ff7678e16d644b98fb1727832779cf8_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 309eb0066e25db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000bf51616dfb5e79c3c3bb70c07f7b22da2c4fece97c2779a4f80bd60f7ce1d1f9000000000e800000000200002000000054a929a8bfa96c58e7c832d61067417c91416018601ecf9fbf2136df7d92f987200000008d7cc796096d8ec4be0a46e7333d703f0e639ba62b52e892325e3b07daa1556d4000000077264c760f0f39223f4d8408bbc75fd2b386ad9444d477d6b4434bd617399a1bd49ec904096a48eebac72070840fe16fe507bb731e0cc9b5a359d89c66a4d135 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000905f6f38cc91412567d3d3fa865713c596e64a501557457733742cfab8823913000000000e80000000020000200000001bcdd3093e889face115f2fea027efab8de8c41effb922727382a433c28e5a3f900000009bb5f0493f0e38bf40d2f37b181b26faccdee67eb88a644eb876ed2fd357de725cc60074363c300c4d3c4542dd685e981abbd2bfe53681a30265c1d4c61986dbc711e6a55b7320de8e2b054a2d70d1c9cd59092fe102108b541a98a46ab82316138c87bc8d6db5838c5f6115f0adb6bdd2f11488d3a3f09b3e6526172bcb5ecd052f239a6d5a0389fd07d9f790d702f8400000002674860e2eb9efe02bc049c95f6b4fb33267f8dfa4dace9d6b9b50ccb318f386e2bdd0a13d949ac804d9352b99aa2832cd480998970e7fe96305ab1856069e00 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435864996" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{00CBBC71-9161-11EF-8BDE-523A95B0E536} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6ff7678e16d644b98fb1727832779cf8_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
GB 172.217.169.73:80 www.blogger.com tcp
GB 172.217.169.73:80 www.blogger.com tcp
GB 172.217.169.73:80 www.blogger.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 iwebgator.com udp
US 8.8.8.8:53 smilecampus.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.200.2:80 pagead2.googlesyndication.com tcp
GB 142.250.200.2:80 pagead2.googlesyndication.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 172.217.169.73:80 img1.blogblog.com tcp
GB 172.217.169.73:80 img1.blogblog.com tcp
GB 216.58.212.193:80 smilecampus.blogspot.com tcp
GB 216.58.212.193:80 smilecampus.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
DE 91.195.240.123:80 iwebgator.com tcp
DE 91.195.240.123:80 iwebgator.com tcp
GB 216.58.212.193:443 smilecampus.blogspot.com tcp
GB 172.217.169.73:443 img1.blogblog.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 www.blogblog.com udp
GB 172.217.169.73:80 www.blogblog.com tcp
GB 172.217.169.73:80 www.blogblog.com tcp
GB 172.217.169.73:443 www.blogblog.com tcp
GB 172.217.169.73:443 www.blogblog.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 twitter-badges.s3.amazonaws.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 2leep.com udp
US 8.8.8.8:53 www.avalanchers.com udp
US 3.5.19.176:80 twitter-badges.s3.amazonaws.com tcp
US 3.5.19.176:80 twitter-badges.s3.amazonaws.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 184.26.134.46:80 s7.addthis.com tcp
GB 184.26.134.46:80 s7.addthis.com tcp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 172.217.169.73:80 img2.blogblog.com tcp
GB 172.217.169.73:80 img2.blogblog.com tcp
US 104.21.29.45:80 2leep.com tcp
US 104.21.29.45:80 2leep.com tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 76.223.54.146:80 www.avalanchers.com tcp
US 76.223.54.146:80 www.avalanchers.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 157.240.214.35:80 www.facebook.com tcp
GB 157.240.214.35:80 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.204.67:443 ssl.gstatic.com tcp
GB 216.58.204.67:443 ssl.gstatic.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.151.35:443 m.facebook.com tcp
GB 163.70.151.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.80:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.zaparena.com udp
US 8.8.8.8:53 www.yousaytoo.com udp
US 8.8.8.8:53 simplehitcounter.com udp
US 8.8.8.8:53 blogginggratis.org udp
US 8.8.8.8:53 www.bloggernow.com udp
US 8.8.8.8:53 www.getfreebacklinks.com udp
US 8.8.8.8:53 www.mynewblog.com udp
US 8.8.8.8:53 www.blogflare.com udp
US 8.8.8.8:53 www.top100add.com udp
US 8.8.8.8:53 www.india-topsites.com udp
US 8.8.8.8:53 www.topblogarea.com udp
US 8.8.8.8:53 stats.topofblogs.com udp
US 8.8.8.8:53 www.blogtoplist.com udp
US 8.8.8.8:53 www.topblogging.com udp
US 8.8.8.8:53 www.ontoplist.com udp
US 8.8.8.8:53 www.freewebsubmission.com udp
US 8.8.8.8:53 www.sonicrun.com udp
US 8.8.8.8:53 www.blogtopsites.com udp
US 8.8.8.8:53 img1.top.org udp
US 8.8.8.8:53 www.blogrankers.com udp
US 8.8.8.8:53 www.blogratedirectory.com udp
US 8.8.8.8:53 img.britishblogs.co.uk udp
US 8.8.8.8:53 g2.gumgum.com udp
US 52.71.57.184:80 www.zaparena.com tcp
US 52.71.57.184:80 www.zaparena.com tcp
US 104.21.65.154:80 www.getfreebacklinks.com tcp
US 104.21.65.154:80 www.getfreebacklinks.com tcp
US 172.67.177.143:80 www.mynewblog.com tcp
DE 162.55.172.212:80 stats.topofblogs.com tcp
DE 162.55.172.212:80 stats.topofblogs.com tcp
US 172.67.177.143:80 www.mynewblog.com tcp
US 172.67.210.120:80 www.topblogging.com tcp
LT 79.98.26.232:80 www.yousaytoo.com tcp
LT 79.98.26.232:80 www.yousaytoo.com tcp
US 172.67.210.120:80 www.topblogging.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
US 3.220.195.79:80 www.blogtopsites.com tcp
US 3.220.195.79:80 www.blogtopsites.com tcp
US 8.12.18.87:80 www.ontoplist.com tcp
US 8.12.18.87:80 www.ontoplist.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
US 172.67.177.143:443 www.mynewblog.com tcp
NL 212.8.249.233:80 www.bloggernow.com tcp
NL 212.8.249.233:80 www.bloggernow.com tcp
US 162.215.117.222:80 www.top100add.com tcp
US 162.215.117.222:80 www.top100add.com tcp
HK 47.75.130.169:80 img1.top.org tcp
HK 47.75.130.169:80 img1.top.org tcp
US 8.12.18.87:443 www.ontoplist.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 8.8.8.8:53 r10.o.lencr.org udp
US 104.26.6.37:443 www.hugedomains.com tcp
US 104.26.6.37:443 www.hugedomains.com tcp
US 74.208.47.213:443 www.sonicrun.com tcp
GB 2.18.190.73:80 r10.o.lencr.org tcp
IE 34.253.247.92:80 g2.gumgum.com tcp
IE 34.253.247.92:80 g2.gumgum.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 172.67.155.157:80 simplehitcounter.com tcp
US 172.67.155.157:80 simplehitcounter.com tcp
NL 185.182.56.134:80 www.blogratedirectory.com tcp
NL 185.182.56.134:80 www.blogratedirectory.com tcp
US 172.67.155.157:443 simplehitcounter.com tcp
US 8.8.8.8:53 js.gumgum.com udp
US 3.165.148.95:443 js.gumgum.com tcp
US 3.165.148.95:443 js.gumgum.com tcp
US 3.165.148.95:443 js.gumgum.com tcp
US 3.165.148.95:443 js.gumgum.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 gelgit.tk udp
US 151.101.193.21:80 www.paypal.com tcp
US 151.101.193.21:80 www.paypal.com tcp
US 3.165.148.95:443 js.gumgum.com tcp
US 3.165.148.95:443 js.gumgum.com tcp
US 151.101.193.21:443 www.paypal.com tcp
US 3.165.148.95:443 js.gumgum.com tcp
US 3.165.148.95:443 js.gumgum.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 151.101.67.1:443 www.paypalobjects.com tcp
US 151.101.67.1:443 www.paypalobjects.com tcp
US 8.8.8.8:53 revuwire.com udp
NL 188.116.45.164:443 revuwire.com tcp
NL 188.116.45.164:443 revuwire.com tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.18.190.80:80 e6.o.lencr.org tcp
GB 2.18.190.80:80 e6.o.lencr.org tcp
US 8.8.8.8:53 www.blogtoplist.com udp
US 209.90.91.147:80 www.blogrankers.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
HK 47.75.130.169:80 img1.top.org tcp
HK 47.75.130.169:80 img1.top.org tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab73FA.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 206bbf8e7f912100d19314498ad29b2d
SHA1 fa2790bb71d3185ef78ec9842f274d1f3380b640
SHA256 c84da78a4e9c6efaf94f7c7fb1dd692b56e70202cef709f5445ebdde6ad8613a
SHA512 143b3812f4a74d46bdb7458ebbfef734479b9f1b4f5ffbc20cc149b3009aa07bb7e3025813a4e34f1cef6714eb3b8d5eda01c59c232071d26874174e1866b802

C:\Users\Admin\AppData\Local\Temp\Tar744B.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d8d5428a8fcfdc8dcb813fdab562012
SHA1 6ddf87baeb803a3389f3a59b8496f9399325b1a7
SHA256 b62598e1ea0215279c13549182b5b8e223c763e185694fac9d7d1e5399eb59d1
SHA512 9124bebf403b1ad9ec13c2c2b7459ddc8f3417474c780274db8d00856d1b6d8981bb58479b7cc9d119be099236b39dfa2806057be73000c51cb2f2180aafc5ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0WBLVJY\maia[1].css

MD5 9e914fd11c5238c50eba741a873f0896
SHA1 950316ffef900ceecca4cf847c9a8c14231271da
SHA256 8684a32d1a10d050a26fc33192edf427a5f0c6874c590a68d77ae6e0d186bd8a
SHA512 362b96b27d3286396f53ece74b1685fa915fc9a73e83f28e782b3f6a2b9f851ba9e37d79d93bd97ab7b3dc3c2d9b66b5e8f81151c8b65a17f4483e1484428e5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_8D7E0F93FAE4E7E876B7BDE1483A0BE1

MD5 9786d560bf9709f7ca72aaf7e8f3b1a1
SHA1 11b12273c7bc97b6822932c3e63a6a3861717fae
SHA256 e4d1bbab03b4e70e3ff7142943d0d9e20d6022f4f51ecad771a600c0b8fed89f
SHA512 ff4a63ec775977b0fb9afa9e9a5a2f75ebb2ff9ed6d9f5c718f48fa88e7b2c3aa09b255d352a7cf4460d8d20b1909821590cb78986e3fac051214b04a1cf23d2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXRG2YQS\f[1].txt

MD5 bd6b979349270fdc04f850f767ac439b
SHA1 0006b0eb396c08bef19739f60dc16286b68d9605
SHA256 ecb62a841915a0c5a66614cd2c644c707f6057f77a4661c5144ae626d2f555a8
SHA512 5ccd7b605db4e3ae4d837becb7464ba725f374c0bfcd170c72334dc3220b6c48746f50b154772477975d6ffbb8a80e19858958042c9a8c74f0b644dd9e99bd82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccd788275a867da18f2446cf33a69c12
SHA1 bda674e901ccf3fe3fe66538fc1e3aa699e99b50
SHA256 f18a1f4c0a254634f9326d7d40ef2b7cea69462475948e98c660e4ec56eb273f
SHA512 d8ece5004be984e7bcbd3c2e8d6654507bf7bf651c98475f9bded7ea8a4b0c8c5f1a1cf0551cfc22297973f8d79766b0f865b4e190dbe8214132721261001b4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5538ef491f069d19a2f5361b7881beaf
SHA1 e5eb2f4e9801570c241dff6d2a86bac7c1fa8684
SHA256 6495dc24b443ef03d2a9815e09c6cf1b1ba97edc354d3c174b8b7e64f559bdf1
SHA512 3851d62981330d5d7b7349e3f0e7e265ec723f3b6a0586c0ea97272d72dd89a2a1c5a69283b012365f7e191fcef39c65973672b0ff246850526ca85db7de4f71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 7d99db0ac87c85af68bba595c970c644
SHA1 bce4144e0bfaabf49c3114101cb2b6445b1e28f3
SHA256 93e2b8420957af62138395ea0474434a3c65d08ace929745ad9aa4d1af218aa9
SHA512 f9de5722dcf81cd8591d75909c22b4badeb44d38521c14f3dd0d7903c05d43742b4af64f9512f31f658d6233c2004b2108450c0768f69415676af188ea0916d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afa6ec1b0e9d11ab19f5584417ff96c0
SHA1 5550a39545ca76fb64f79515b68515efce6485a0
SHA256 13efca158fe8c18e4a43c383d036e2a9521018a41876b46e6a8163cf55ed49eb
SHA512 8a1ee5de928e39e495f567b122f3a396325daecfa6b25802c7756dda655e4484c5232816e4a6aa1567143ec94689d41ca0d6594b0696277473fdde08b7132998

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f6c93cf315a549ff6f1e21c84a06a89
SHA1 55ea88303841cc74c3b7151019d8e5c8520d4f6e
SHA256 4398a5a580de0e3b8757c91b2371cd87975c6fcd86ef89778e88c05dd6f67b08
SHA512 df2b91c010d7c6719b03cb64ed0c333542ac7b62ba56f512ff42f971b4fd98d9dc5eb39d4f7126ff700366577fdf6d61ebd138f0498eee8d0e88e80e40ec8ead

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 385dd467e2183b139a3f6b222f3e0fc4
SHA1 8fdd2e4b7fbc8d1e35d219400f79612f6debe9ae
SHA256 ebe5cb55f49d7971c0805eddc8025811442894da4815792de85035493d35185a
SHA512 ce52ff40a29b82008b8646732b458e2166d06c5aba52d9e21a11bad2a86c2a52d05ca6a3ca190a9b2195d7322268ca6fa451fa5c1b51de417d5beda284c5ec34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a99be19a7c426b13297c4d73ccb79a12
SHA1 bf4bae89e583ee0191aee229455b17347c91978f
SHA256 1ee8108bbcd4aae059e36a2a16e307bae1ef56c751e926c94517a6216c3fb94e
SHA512 1b136b63381a61f9cf70f9b3f7859a0c148b2a7ec628db8771cc65538c0fa86b6defe114d2a72f3306e5d9e4a3924878861168555120e4d1141abe5e927c04cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 969831a00f4040407c570f09f9ea3030
SHA1 ded982316cd9fdbd866330bf69a670b5d6aef2b3
SHA256 f7dc3dbbece4b152470aa4da8169b900fbc1c58dc6890e0c99715c1401fb692e
SHA512 b8c6483ebc7a76be97b1768042bed80298ccd23bb71f5173939757dfafbb40ceb6b6ae5687813b8d0ab571866adde44416df14c3bfe0402adb9cf8a8ecb1e566

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d6f1b03b40e4c33e44a004d3451dca4
SHA1 bc004b94e67355f3afe9447a3198fd1a0a4793e0
SHA256 a61c5f2fcc96f2bdb8831f69279e943c030b914a76454e97dfde8881c6fd1647
SHA512 98f27b7e2ad7b080a0f058b3fcd6f4ae9f7b6ce4be902f9e53cb7262c86380f69dcae95426b61713c301f96b033393ec0a65ea73408738b046e8f6c48211e1db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 5d3a0eb5ae05664da59893e982cbc08a
SHA1 064946aba3bb04f5b6a46ca616f07f71cd3ba138
SHA256 cfd42329f69e92cb40f839d3a36ba155a429a62a0d5bfe86a18b5f325e508c59
SHA512 43dfcacefb7c5e8368ac8641c75152a41f23b484b5603ad75cac1f91b11fdba94fb550a05dbf995ef3abd08178c47ebcf693ab54ad4f7f1bfb60ac2587a57ef5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7191d3398fb67f7d6680201c1e1ae110
SHA1 0951cf0cfdc167e17ce221c44189b2ce5cdcc566
SHA256 45f5f5639ae3d8654a173d211f4106abafc1f1a5a0a17d96c43ee9d93bc3f710
SHA512 50e0d3aed357c89b7de76d791ae0029b2d203f4471f16beb0789420f176e495b39d0502a014a170661834d3a4ed775d03db68f68c99c7ad2f6285cca989b748a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 368c26efc2e8f9d82b438d9ad1fed8f5
SHA1 1171444d2afa3a9d62f32d6f13b91706330cede3
SHA256 09d0f23f2506db5ea579d67613b6d6dc462c982e4c91cb29a1cf1b6a67a8b51a
SHA512 d3e46ba7e42f1246ae139357ac5d500b36318f3205be60ac404b359c66e2149b7dbae3a3d55b2053f97f87fcad3f6eb118e34ce46d00d1ea5f6989fe5980d65a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99c40a85a7bf650b7a8c0ead27c6db8b
SHA1 d81fe8aee6b72646eca869ed43b787a146b9cff6
SHA256 8c193f9234954d15dfd210e44d1d473daf49889ae187f522a652e0a8e468490d
SHA512 e4999d9dce6523afe223d5c78ce8bd37089bd2c1255b013dc76ff2e5f3e32a980de3bc5315f8fe8a2559f13fd6140e37e98137147af00f23fd07181212f83f98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4abb7515bd250e8f88589f58324e068a
SHA1 d731276b01f762ef1510892d7ae5ec523caca60b
SHA256 65d8e15c8716e3d50ac00690fa20aff964f708bd291aaa5ff6fc5ace536c02f8
SHA512 973035f2d4ad016b4bf83194c49b612a458825790f8598208bf5ea7898604b84a751ae4595577d0f6beb79db2cf73d6c0b41ee36607173d7b15087bd3c3e93a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5648371c3855125c0844b1e43036d8c9
SHA1 49185ec44dbf63e76d048f02358ff7213ddda616
SHA256 f1e5eba577cff7fde88a6ed1529312d84f64f0e241edfbb0f45cf1f2c0076f2e
SHA512 3571f8500e06036df7a43cb18f035e78b4197518544a2dd19d5dd15debec96edc244524cb35518964ec0f5126ca61d12de63d736bf9fc9861ac73eac663e7ed4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 144c2778447c7faf57ad49a061b3198a
SHA1 9106561ff0e9c2ad17257968988094d12959c4cd
SHA256 4a1229fe9b00cda24256e14ca3214603b2aa2aa6ebdd0d02246b5f674517fba8
SHA512 8e6560975bb214764814292c5c1c376656c3a0884f4c9f706bc9e409fcfa32c1dc029faed8e2b0b16ce0f0db741da823a1e068d6e540be84e1316221047697f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 755b16bc4fef82bfee5bb6e2df5dbd39
SHA1 adc6b55048588c99d8e571930c7f8dbcb446819d
SHA256 1d807866eed53644390a96a1922756c79bee0d353040836401286cb3f340c7e7
SHA512 b23bd45d69cb887c62e44c120da3afb7f5ee70680a9477dcd67451f8b54452cf47d405592a154b0d48934ca2c9de754a4e039d1fd3e1263b65e5495e1ab31d27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2674693359783359d9d265cf19e2317
SHA1 5b2306d72186abcbd3d2ece99f6b6258341f401a
SHA256 2bda8039ef51384e8053430d3442a2e32869603b34b895147f44d1cba418a333
SHA512 0756c8713db667b3649f4ab6093dd65fb6052608ed08380e5aad5c3c84127d94c8f9a8d49216748d7963d85fcc9100d9a30e19ee05c817dea998028c95dfe133

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2da37c98ac2f4489419f1fd5039e552
SHA1 3dd24202dc04f969f8d2dacc43720396c922666d
SHA256 edadcd61e6d29b379b7e1bafc707a758621bd8da06cbd4f8db68acfee58b3778
SHA512 e4ecfbd604eb65f1e295b01eb88b47577d3a073fba0b5cce2edbdd6be182e3b649ef1264e3b2d3fb3a5d82a8b4273afce5221ae4780feb000984dceb96486f2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cd4bce2aa939a6ab1f88e74dc95f905
SHA1 e171ae4375d0a94f4f8bc1fd0fb8f4b1b75d15b1
SHA256 9cf3dbef033071f5034f1f2a56919ed1a1a5de22777aaba0b3926c371c4df64c
SHA512 5ee4851779e8e89f286f18d87d2111603cc7dc9d2598c943eb511ce897f3cd82d8529fcb105464a19c6d2945f70710ea8990e83af5d77d9132537ec00125abe0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1cfdef7775852f5f45a1d689873a24b
SHA1 1084a0ac38e01e2ed01bddcffb293cb5ae355e97
SHA256 3cf07a3bef153921fbc7f01454ee0c3b8397ec9955b759be16ac0f802c90af15
SHA512 358ec23fa3883d28fcf7d0903d17fab157ce1a344cf19ef72b607c7b2d849689ec6ee590eb069fb6d29898b9fa0def2e8a2e5a80fa4eeff5fbb09c9a5d2f221d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53f051e5c77f65e18e3ffdf10136449e
SHA1 7f84c9d1e558f1ab99785dcc6219d26f72ecf613
SHA256 9b51c96571baf888e828fc9071ddd57f7c33f7a1c5e1e6c6be3269455192f04a
SHA512 e7dc256aeecd01829b026c186587b6bea7ce5506ab07e7326568247907bc9aba345133ef214d6860c4cedb92376342e995ef0541c52a0abae1e7119526f3dffb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 427b10b7f9afb06461f0534c2be26223
SHA1 0fb1011efa3bc26719fd41f18fcb1cda2655ee84
SHA256 541b6f333f493d9c95b9b01144c9eba19fdcaa4f22fe0d711ad85f9790c6b389
SHA512 ddcfc8e91d951f4eac8fb68775400d97cf78cf257c8f84a347f1b6068cc85f8fb3991f40f19289a23810041a07d44dba6ab06def6c270a95728711e838cb6f0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e3f5302e278cbe824929947e25253e9
SHA1 f8ed5919710736ae86b06de24d2051120d1ee95e
SHA256 e6eba4f1c0f24dd2fcec82846fa762864fce9cdfce50165805f0630438eb96ec
SHA512 2d55c73ca5973d991e081cc4985a7703d7b0d9b74a14b10a493e9ca8ea902e8d68158409e4a201184aafb4891614ae1fb6c50b0a7be57023846fcd63652ac783

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff384a3ee941a456d98d93c92f5fb345
SHA1 ace17956990b1dcc3037a147f36c2d65d8da7687
SHA256 d36e0374912ccde79a4f772103a14c97a4ba915bf8a85096fa65b62cd1c059a1
SHA512 7207ad0de6124ee918df5671327c43a05737482060521f1de1744069afec41826a27898bb312649cc58cb7cfbea504018ae9dbb9a497b38c67c2da91282311a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31c23bb56a440936e2f667e4fd553aae
SHA1 9f5fe7abe98206fa2c257eaae5552d032d9d7087
SHA256 ca378468932d6f771457fa0f2a37c7797ba69eee0ad1eb2a477469ba65d2606f
SHA512 8c46ff4de01e5974d7b3bf3e96ba0b374769a2a69892432d5501d3f5d98ae63260d22b0e0aa4f8cea2e82480e4dd87c9ccf4c1d65e77b5ef35c3516a95137fb1

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-23 17:05

Reported

2024-10-24 11:02

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\6ff7678e16d644b98fb1727832779cf8_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3656 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 4076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 1176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 1176 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3656 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\6ff7678e16d644b98fb1727832779cf8_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb93d546f8,0x7ffb93d54708,0x7ffb93d54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4900 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x50c 0x320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7404 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7404 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,18185343172353301300,1454750909351385385,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7092 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
GB 172.217.169.73:80 www.blogger.com tcp
GB 172.217.169.73:80 www.blogger.com tcp
US 8.8.8.8:53 iwebgator.com udp
DE 91.195.240.123:80 iwebgator.com tcp
DE 91.195.240.123:80 iwebgator.com tcp
US 8.8.8.8:53 smilecampus.blogspot.com udp
GB 172.217.169.73:443 www.blogger.com tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 73.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 216.58.212.193:80 smilecampus.blogspot.com tcp
GB 142.250.200.34:80 pagead2.googlesyndication.com tcp
GB 216.58.212.193:443 smilecampus.blogspot.com tcp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 2leep.com udp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 img1.blogblog.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 184.26.134.46:80 s7.addthis.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 172.217.169.73:80 img1.blogblog.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 172.217.169.73:80 img1.blogblog.com tcp
US 104.21.29.45:80 2leep.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 172.217.169.73:443 img1.blogblog.com udp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 123.240.195.91.in-addr.arpa udp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.134.26.184.in-addr.arpa udp
US 8.8.8.8:53 45.29.21.104.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 twitter-badges.s3.amazonaws.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 52.216.170.115:80 twitter-badges.s3.amazonaws.com tcp
GB 172.217.169.73:80 img2.blogblog.com tcp
US 8.8.8.8:53 www.avalanchers.com udp
US 76.223.54.146:80 www.avalanchers.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.187.234:443 ogads-pa.googleapis.com tcp
GB 142.250.179.238:443 apis.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.187.234:443 ogads-pa.googleapis.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 115.170.216.52.in-addr.arpa udp
US 8.8.8.8:53 146.54.223.76.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 video.xx.fbcdn.net udp
GB 163.70.151.12:443 video.xx.fbcdn.net tcp
GB 163.70.151.12:443 video.xx.fbcdn.net tcp
GB 163.70.151.12:443 video.xx.fbcdn.net tcp
GB 163.70.151.12:443 video.xx.fbcdn.net tcp
US 8.8.8.8:53 12.151.70.163.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 69.190.18.2.in-addr.arpa udp
GB 142.250.200.36:80 www.google.com tcp
US 8.8.8.8:53 www.google.co.in udp
US 8.8.8.8:53 www.zaparena.com udp
US 8.8.8.8:53 www.yousaytoo.com udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 simplehitcounter.com udp
US 8.8.8.8:53 blogginggratis.org udp
US 8.8.8.8:53 www.bloggernow.com udp
US 8.8.8.8:53 www.getfreebacklinks.com udp
US 8.8.8.8:53 www.blogflare.com udp
GB 142.250.200.35:445 www.google.co.in tcp
SE 192.229.221.25:80 www.paypal.com tcp
US 8.8.8.8:53 g2.gumgum.com udp
US 104.21.72.215:80 simplehitcounter.com tcp
LT 79.98.26.232:80 www.yousaytoo.com tcp
LT 79.98.26.232:80 www.yousaytoo.com tcp
NL 212.8.249.233:80 www.bloggernow.com tcp
US 172.67.146.176:80 www.getfreebacklinks.com tcp
US 8.8.8.8:53 www.mynewblog.com udp
US 8.8.8.8:53 www.india-topsites.com udp
IE 63.34.190.112:80 g2.gumgum.com tcp
US 54.209.32.212:80 www.zaparena.com tcp
US 8.8.8.8:53 www.top100add.com udp
US 104.21.56.47:80 www.mynewblog.com tcp
US 8.8.8.8:53 stats.topofblogs.com udp
SE 192.229.221.25:443 www.paypal.com tcp
US 104.21.72.215:443 simplehitcounter.com tcp
US 8.8.8.8:53 215.72.21.104.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 176.146.67.172.in-addr.arpa udp
US 8.8.8.8:53 232.26.98.79.in-addr.arpa udp
US 8.8.8.8:53 112.190.34.63.in-addr.arpa udp
US 8.8.8.8:53 233.249.8.212.in-addr.arpa udp
DE 195.201.124.255:80 stats.topofblogs.com tcp
US 54.209.32.212:80 www.zaparena.com tcp
US 8.8.8.8:53 js.gumgum.com udp
US 104.21.56.47:443 www.mynewblog.com tcp
US 3.165.148.30:443 js.gumgum.com tcp
US 162.215.117.222:80 www.top100add.com tcp
US 162.215.117.222:80 www.top100add.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
DE 195.201.124.255:80 stats.topofblogs.com tcp
US 172.67.70.191:443 www.hugedomains.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 www.topblogarea.com udp
US 8.8.8.8:53 www.blogtoplist.com udp
US 8.8.8.8:53 www.topblogging.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 104.21.23.102:80 www.topblogging.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 151.101.131.1:443 www.paypalobjects.com tcp
US 8.8.8.8:53 www.ontoplist.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.12.18.87:80 www.ontoplist.com tcp
US 8.8.8.8:53 www.freewebsubmission.com udp
US 8.8.8.8:53 www.sonicrun.com udp
US 74.208.47.213:80 www.sonicrun.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
US 8.12.18.87:443 www.ontoplist.com tcp
US 8.8.8.8:53 47.56.21.104.in-addr.arpa udp
US 8.8.8.8:53 212.32.209.54.in-addr.arpa udp
US 8.8.8.8:53 30.148.165.3.in-addr.arpa udp
US 8.8.8.8:53 222.117.215.162.in-addr.arpa udp
US 8.8.8.8:53 36.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 191.70.67.172.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 102.23.21.104.in-addr.arpa udp
US 8.8.8.8:53 1.131.101.151.in-addr.arpa udp
US 8.8.8.8:53 87.18.12.8.in-addr.arpa udp
US 74.208.47.213:443 www.sonicrun.com tcp
US 8.8.8.8:53 www.blogtopsites.com udp
US 3.220.195.79:80 www.blogtopsites.com tcp
US 8.8.8.8:53 img1.top.org udp
US 8.8.8.8:53 www.blogrankers.com udp
US 8.8.8.8:53 www.blogratedirectory.com udp
HK 47.75.130.169:80 img1.top.org tcp
NL 185.182.56.134:80 www.blogratedirectory.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
HK 47.75.130.169:80 img1.top.org tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 8.8.8.8:53 revuwire.com udp
NL 188.116.45.164:443 revuwire.com tcp
US 8.8.8.8:53 79.195.220.3.in-addr.arpa udp
US 8.8.8.8:53 213.47.208.74.in-addr.arpa udp
DE 162.55.172.212:80 stats.topofblogs.com tcp
US 8.8.8.8:53 img.britishblogs.co.uk udp
DE 162.55.172.212:80 stats.topofblogs.com tcp
US 8.8.8.8:53 164.45.116.188.in-addr.arpa udp
US 8.8.8.8:53 134.56.182.185.in-addr.arpa udp
US 8.8.8.8:53 212.172.55.162.in-addr.arpa udp
US 8.8.8.8:53 www.google.co.in udp
US 8.8.8.8:53 gelgit.tk udp
US 8.8.8.8:53 aba.gumgum.com udp
IE 63.34.190.112:443 g2.gumgum.com tcp
US 3.165.148.30:443 js.gumgum.com tcp
US 8.8.8.8:53 c.gumgum.com udp
US 8.8.8.8:53 gumgum.com udp
US 3.165.148.15:443 c.gumgum.com tcp
US 3.165.148.93:443 aba.gumgum.com tcp
GB 3.162.20.56:443 gumgum.com tcp
US 8.8.8.8:53 103.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 15.148.165.3.in-addr.arpa udp
US 8.8.8.8:53 93.148.165.3.in-addr.arpa udp
US 8.8.8.8:53 56.20.162.3.in-addr.arpa udp
IE 63.34.190.112:443 g2.gumgum.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 142.250.180.2:443 ep1.adtrafficquality.google tcp
GB 216.58.212.193:443 smilecampus.blogspot.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.200.1:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
GB 142.250.200.1:443 ep2.adtrafficquality.google udp
GB 142.250.180.2:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f426165d1e5f7df1b7a3758c306cd4ae
SHA1 59ef728fbbb5c4197600f61daec48556fec651c1
SHA256 b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA512 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

\??\pipe\LOCAL\crashpad_3656_BGPPSSYFHOUBJMCE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6960857d16aadfa79d36df8ebbf0e423
SHA1 e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256 f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA512 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 41cffcdde3f100a52d51708f99aa4c45
SHA1 9be54aa8f2c0ef17e2c309c172cac83fb6fb0969
SHA256 2efc42e854cd9de896d50f6cebdafbaeb31bc5535409d9e9a0194f0e9ddeddc7
SHA512 95888fbc77990c2b7583599010843d75630cf35e5e73618201a4d5f1015174b8ee632f963406284e2139e1ba404bdebb1597785bdf0f20aef86b0ab2fe6aeed9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1198bd7286b1d16590278b6bfacfb637
SHA1 c6cb59b36120386952a89536e5422314c46d5bfd
SHA256 fb47123fa2e3a55493fba2a814e45205a4b6586c884e409fd58391e9f147d057
SHA512 3841b9af7d21b83398ed0c02598e30fa8b011987d433a539b7d47e3ce02fbb2b503146d41be8527bdb1cee1957510e4cde8b2a9988a80526acfb129ff74e7498

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aab16f4f52cbd3471b6db27c09530fc6
SHA1 97fefe26f2b1aef1c06d5d7c988e1a5a7077e6d3
SHA256 545f155c2ce67149b97cfa7859d370386151b1cd6879dd9cb467bc195148c0d0
SHA512 79be2ba3d7d9283f4d5ab8c6a94737238aefe63f3946f447e5c9e93857067f2fe02a953ed0136239895065fab5d3a5c9603c5c2d27c7c902121181b78b60e2b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 be17c1f83934162434b00399fd42f9a7
SHA1 645d119a4de93544b265e7519f82cf86c56ce1f1
SHA256 d0620adc8a82f6ef643fb721cb66cdea5ab26eae6533878b64911ced18440fae
SHA512 3b491076deeffee0696eff8f5f818574c89ff0afdb5434d3bb365fd73c1f91f66f0dbc301a8e42100bfac0b07a3f1cc8471ad01f27b3cc1fdfe08a4ba4721d5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 15d429f4dba6e5c4a4337fff27a4a21a
SHA1 bd66e7cd43224f056cbd3264a621a11d71e54893
SHA256 1b81570408827639fedc42dbe7c259370030a8819e409651286e78c3fa2be6b7
SHA512 c6f3237b23d06ca6060bb5edbaffb8f6fd1744c05a3b4545b7e125dac40101b1f1dbeb2e64ad0ae77713e6d05d46f38d7d6a694a63b3102f7bc9f7e1531675ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e986f6b58ceb4732ccceedb3ba6cb97a
SHA1 50e3f96117f3fdac37fd060dddd10032780754af
SHA256 b37ad8996343959ec0d442684c23e1d777d79332e0ce0689b8b03d6dcac8fa88
SHA512 0fd73d02c4c6fd72c2d0892f492ddf6652b85eb4173329ebef53657907cf599469a1b1e0b6ebaeccd4afacfadd9a6b744786991ce171270818bd431bf7f95164

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 83ed51b92ae551c54ad3a1e4ee1b15e2
SHA1 750c3108ad0135c5d9d53cbfe368ba71df4679d6
SHA256 bf0b4df9ed942b18e2ae7d22ca80871486db53368c166e03feacfc8c5e0d17f6
SHA512 ace518f1224d10d7381f8f6db1ded8a621cbe8d6b93aae0d7e21235fa56715fab391c3d592bb3c56433a900bd84af66d339fba1fc583f79dd90fcd5ee660d3b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ce80c9a04a8b1036fb53e8d244bb5d39
SHA1 572d76a1e23f017adf228a51c06235a336aad076
SHA256 2f5592b1789b8f017be047c6bcff1a6ea97f41528143947f23e829123a71d5e0
SHA512 e49899f261ce2968492d2b004a3e20d06acb429ca9d8b92e7b84b9e142d1f14f9be0e9302d5b64dd66586f802573a0a5cbb2ad55ff2b88e44ab16c6cdfe0fca2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 086ff668358409a33e4e715051ef2fb1
SHA1 7aba1eb894af152185b837449f2eb3f6c83e981a
SHA256 03c855df77983715a9cc55fcdb1142e2ad48ed02ba5ab40466ab5c9a6c4b9c4e
SHA512 0f5f43d85aa71c4c4bc017f647ccfd4a5672d39de589738957b5bb49eae6afa0fed7a989bdae58aeaf3fda605cad98a546d1357200677140b45d2a21996f2238

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4dee002ba8a1ba10c773bcdee9e2be7a
SHA1 8e8e9387bfbcf55d436f001eff5e49f1a603017a
SHA256 37e05ab055995cc278ed3a4fc0cd84fe16850060d65abfefd1d4605b406f84bc
SHA512 03bf4732f7ea49a0bd0ce7e7ab1032b35536cc6386d888df5c9843986b0e8e49c6974c21af4b3d160304a9f962a1cbdcb3f4ab39eb13a166702bccca0ec65ba1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a1c5f8402e74e5cd5cccb099a2c40683
SHA1 91f24e3fe48f76e7ac500df802c276bd7a5fbe02
SHA256 6423e0aa7593112b33d938f216b789637c4c0dd74f90b1958e56d02b1d5e9f5f
SHA512 ae1ccbf955b3020ac55e2149c68fee72c75ae88614cb7471012491c0066501b85b83d368441c8ad2196955f857ad2a04b139e69fd66aa0aad0a13fbe60a8e8c9