Analysis Overview
SHA256
16775eb1db5324b57da3e56901143e66f03a471f535c8bf5cb6c8ef5eb782213
Threat Level: Known bad
The file 7db6cfe0f5885f3f0306a44a6ecbf731_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-30 03:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-30 03:18
Reported
2024-10-30 03:21
Platform
win7-20240903-en
Max time kernel
138s
Max time network
150s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436420192" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40609f987a2adb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A9158441-966D-11EF-9F10-C28ADB222BBA} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f542000000000200000000001066000000010000200000008bc67cba289ed10d33e0e96c9716e285032fd72cb62e43d7acc30f04b78a823a000000000e800000000200002000000024deaaef449379fbee556e2ece13d71925bda6126081b3595c493ca5f8671bc020000000d356e348d76b0d37a5a39d00ad8ab93e184f218fede97a1810c1815a0abb47a540000000e9d6e23eb0186cb93bd9911825e98c3582ccbffbd1dfabdbffb81e6b0c014709318b14af2b44f5797f4994c353916f6ccf5a9047eb359cbb5e3b9ff09c272aac | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f54200000000020000000000106600000001000020000000a972241ed3a220e360c5b398297071cdca0756de1cdd42e77b26f61813a58f9a000000000e8000000002000020000000c3fcbba64f94eaff162282a35420de017c9301165063af3815ad34a929bb24e7900000008c8f92d4f9177c65a374a2a00dd429643efb1c5fd13e0d8721d9f601581ffd19d04fc9ce9ae1445924a8c86e988414f438551ee846944e19d9ecdcee339cb5aaac224baa45852de17e0ec2d0229f40c283dad909bdd9cb6067aafb529cafa1ebab7c43b2599190f627ee707fd348d3276bdab6b9b5949059715be51ee1f6229db65d303d98954e493ce533ffda773b0840000000152f144a43287c2261bd30a60e47a6ae8932a76b82d068e6c66c1076f67bddd7b1aa0a2035c60c17d42a8a4338b0a5856080abea9f14f4f3670f2ecf6a3b4957 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2408 wrote to memory of 1708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2408 wrote to memory of 1708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2408 wrote to memory of 1708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2408 wrote to memory of 1708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7db6cfe0f5885f3f0306a44a6ecbf731_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogtoplist.com | udp |
| US | 8.8.8.8:53 | www.scrubtheweb.com | udp |
| US | 8.8.8.8:53 | xn--crdenas-hwa.net | udp |
| US | 8.8.8.8:53 | www.submitdomainname.com | udp |
| US | 8.8.8.8:53 | www.plazoo.com | udp |
| US | 8.8.8.8:53 | www.blogrankings.com | udp |
| US | 8.8.8.8:53 | www.feedburner.com | udp |
| US | 8.8.8.8:53 | us.i1.yimg.com | udp |
| US | 8.8.8.8:53 | buttons.googlesyndication.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | sm9.sitemeter.com | udp |
| US | 8.8.8.8:53 | www.topblogarea.com | udp |
| US | 8.8.8.8:53 | www.bloglines.com | udp |
| US | 8.8.8.8:53 | img.tfd.com | udp |
| US | 8.8.8.8:53 | www.bitty.com | udp |
| US | 8.8.8.8:53 | plusmo.com | udp |
| US | 8.8.8.8:53 | image.excite.co.uk | udp |
| US | 8.8.8.8:53 | www.webwag.com | udp |
| US | 8.8.8.8:53 | www.podcastready.com | udp |
| US | 8.8.8.8:53 | www.europerank.com | udp |
| US | 8.8.8.8:53 | www.mynewblog.com | udp |
| US | 8.8.8.8:53 | widgets.5z5.com | udp |
| US | 8.8.8.8:53 | www.zimbio.com | udp |
| US | 8.8.8.8:53 | www.yousaytoo.com | udp |
| US | 8.8.8.8:53 | www.blogrollcenter.com | udp |
| US | 8.8.8.8:53 | www.blogtopsites.com | udp |
| US | 8.8.8.8:53 | www.britblog.com | udp |
| US | 8.8.8.8:53 | www.blogdigger.com | udp |
| US | 8.8.8.8:53 | www.blogrankers.com | udp |
| US | 8.8.8.8:53 | www.ontoplist.com | udp |
| US | 8.8.8.8:53 | www.sonicrun.com | udp |
| US | 8.8.8.8:53 | www.top100add.com | udp |
| US | 8.8.8.8:53 | websitesubmit.hypermart.net | udp |
| US | 8.8.8.8:53 | www.wikio.com | udp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| DE | 213.136.69.6:80 | www.plazoo.com | tcp |
| DE | 213.136.69.6:80 | www.plazoo.com | tcp |
| GB | 172.217.169.36:80 | buttons.googlesyndication.com | tcp |
| GB | 142.250.178.9:80 | img1.blogblog.com | tcp |
| GB | 172.217.169.36:80 | buttons.googlesyndication.com | tcp |
| GB | 142.250.200.46:443 | www.feedburner.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.200.46:443 | www.feedburner.com | tcp |
| GB | 142.250.178.9:80 | img1.blogblog.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 87.248.114.11:80 | us.i1.yimg.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 87.248.114.11:80 | us.i1.yimg.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.200.46:80 | www.feedburner.com | tcp |
| GB | 142.250.200.46:80 | www.feedburner.com | tcp |
| US | 208.98.35.225:80 | www.scrubtheweb.com | tcp |
| US | 208.98.35.225:80 | www.scrubtheweb.com | tcp |
| US | 8.8.8.8:53 | www.w3-directory.com | udp |
| US | 151.101.2.114:80 | www.bloglines.com | tcp |
| US | 151.101.2.114:80 | www.bloglines.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | directory.bloggerplugins.org | udp |
| US | 8.8.8.8:53 | www.ukbest50.co.uk | udp |
| US | 63.135.106.45:80 | www.bitty.com | tcp |
| US | 104.21.73.237:80 | www.blogdigger.com | tcp |
| US | 104.21.73.237:80 | www.blogdigger.com | tcp |
| US | 63.135.106.45:80 | www.bitty.com | tcp |
| US | 3.220.195.79:80 | www.blogtopsites.com | tcp |
| US | 3.220.195.79:80 | www.blogtopsites.com | tcp |
| US | 172.67.177.143:80 | www.mynewblog.com | tcp |
| US | 172.67.177.143:80 | www.mynewblog.com | tcp |
| US | 172.67.198.153:80 | www.submitdomainname.com | tcp |
| US | 172.67.198.153:80 | www.submitdomainname.com | tcp |
| LT | 79.98.26.232:80 | www.yousaytoo.com | tcp |
| US | 8.12.18.87:80 | www.ontoplist.com | tcp |
| US | 8.12.18.87:80 | www.ontoplist.com | tcp |
| LT | 79.98.26.232:80 | www.yousaytoo.com | tcp |
| DE | 51.195.17.238:80 | image.excite.co.uk | tcp |
| DE | 51.195.17.238:80 | image.excite.co.uk | tcp |
| US | 104.21.95.51:80 | www.wikio.com | tcp |
| US | 104.21.95.51:80 | www.wikio.com | tcp |
| US | 74.208.47.213:80 | www.sonicrun.com | tcp |
| US | 74.208.47.213:80 | www.sonicrun.com | tcp |
| FR | 77.87.110.40:80 | www.w3-directory.com | tcp |
| FR | 77.87.110.40:80 | www.w3-directory.com | tcp |
| GB | 185.2.219.212:80 | www.ukbest50.co.uk | tcp |
| GB | 185.2.219.212:80 | www.ukbest50.co.uk | tcp |
| GB | 185.2.219.212:80 | www.ukbest50.co.uk | tcp |
| GB | 185.2.219.212:80 | www.ukbest50.co.uk | tcp |
| DE | 178.254.50.91:80 | xn--crdenas-hwa.net | tcp |
| DE | 178.254.50.91:80 | xn--crdenas-hwa.net | tcp |
| BG | 185.31.121.155:80 | www.europerank.com | tcp |
| BG | 185.31.121.155:80 | www.europerank.com | tcp |
| US | 151.101.2.114:443 | www.bloglines.com | tcp |
| US | 172.67.177.143:443 | www.mynewblog.com | tcp |
| FR | 163.172.47.39:80 | www.webwag.com | tcp |
| FR | 163.172.47.39:80 | www.webwag.com | tcp |
| US | 38.113.1.158:80 | websitesubmit.hypermart.net | tcp |
| US | 38.113.1.158:80 | websitesubmit.hypermart.net | tcp |
| DE | 178.254.50.91:443 | xn--crdenas-hwa.net | tcp |
| US | 108.181.102.67:80 | img.tfd.com | tcp |
| US | 108.181.102.67:80 | img.tfd.com | tcp |
| US | 104.21.73.237:443 | www.blogdigger.com | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| US | 162.215.117.222:80 | www.top100add.com | tcp |
| US | 162.215.117.222:80 | www.top100add.com | tcp |
| US | 8.12.18.87:443 | www.ontoplist.com | tcp |
| US | 74.208.47.213:443 | www.sonicrun.com | tcp |
| JP | 202.208.220.131:80 | www.podcastready.com | tcp |
| JP | 202.208.220.131:80 | www.podcastready.com | tcp |
| AR | 200.80.209.243:80 | plusmo.com | tcp |
| AR | 200.80.209.243:80 | plusmo.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| AR | 200.80.209.243:443 | plusmo.com | tcp |
| US | 8.8.8.8:53 | www.zimbio.com | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | blogdigger.com | udp |
| US | 172.67.193.92:443 | blogdigger.com | tcp |
| US | 172.67.193.92:443 | blogdigger.com | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | www.blogrankings.com | udp |
| US | 208.98.35.225:443 | www.scrubtheweb.com | tcp |
| US | 8.8.8.8:53 | www.blogtoplist.com | udp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| GB | 2.18.190.73:80 | r10.o.lencr.org | tcp |
| US | 151.101.2.114:443 | www.bloglines.com | tcp |
| GB | 142.250.200.46:443 | www.feedburner.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | i161.photobucket.com | udp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| GB | 3.162.20.109:80 | i161.photobucket.com | tcp |
| GB | 3.162.20.109:80 | i161.photobucket.com | tcp |
| GB | 3.162.20.109:443 | i161.photobucket.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 172.66.132.118:80 | s10.histats.com | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 172.66.132.118:80 | s10.histats.com | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| US | 8.8.8.8:53 | gelgit.tk | udp |
| CA | 149.56.240.130:443 | s4.histats.com | tcp |
| CA | 149.56.240.130:443 | s4.histats.com | tcp |
| GB | 3.162.20.109:443 | i161.photobucket.com | tcp |
| US | 8.8.8.8:53 | e6.o.lencr.org | udp |
| GB | 2.18.190.80:80 | e6.o.lencr.org | tcp |
| US | 8.8.8.8:53 | www.blogtoplist.com | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 2.18.190.80:80 | r11.o.lencr.org | tcp |
| US | 172.66.132.118:443 | s10.histats.com | tcp |
| FR | 163.172.47.39:443 | www.webwag.com | tcp |
| US | 208.98.35.225:443 | www.scrubtheweb.com | tcp |
| FR | 163.172.47.39:443 | www.webwag.com | tcp |
| US | 8.8.8.8:53 | musikschule-seesaite.de | udp |
| DE | 178.254.50.82:80 | musikschule-seesaite.de | tcp |
| DE | 178.254.50.82:80 | musikschule-seesaite.de | tcp |
| BG | 185.31.121.155:80 | www.europerank.com | tcp |
| US | 63.135.106.45:80 | www.bitty.com | tcp |
| DE | 51.195.17.238:80 | image.excite.co.uk | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| JP | 202.208.220.131:80 | www.podcastready.com | tcp |
| US | 208.98.35.225:443 | www.scrubtheweb.com | tcp |
| US | 208.98.35.225:443 | www.scrubtheweb.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.73:80 | crl.microsoft.com | tcp |
| DE | 178.254.50.82:80 | musikschule-seesaite.de | tcp |
| DE | 178.254.50.82:80 | musikschule-seesaite.de | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| CA | 149.56.240.130:443 | s4.histats.com | tcp |
| CA | 149.56.240.130:443 | s4.histats.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab985B.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9FAE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b17e743dddc8871751efef2fc8f2c35 |
| SHA1 | e31bd60aca9cba84582512d9932dde18f67fd49a |
| SHA256 | 92a14e746c7f1cc1aea93233f2c29d88c758ad7d1d38c711a54111aee72e6cb7 |
| SHA512 | 2cd5c55ff8838cd43fd55e602f1d4a9ef3604df4c73bde23ff630b0b5e97b60bd0af1a3ff0a113dc088fcc8db15c2de71070efdcad6b77bf39b798f98de8e839 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | c5dfb849ca051355ee2dba1ac33eb028 |
| SHA1 | d69b561148f01c77c54578c10926df5b856976ad |
| SHA256 | cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b |
| SHA512 | 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | 33455b6efba446d217eb2b43383f4b69 |
| SHA1 | 41507e9d6f711976996f7104c5d81838a808bea1 |
| SHA256 | f81a5c1d77d4a49c0f42b4744c7bcf51539be108474b9e59659f6facf9976e83 |
| SHA512 | 149923d7560b10006b7b8275a2a604f6d2f596d0a59c172eb4ac267a9a1d56cf604d46c72725094582b98a524571bd10ae036415ed36c32c0689167a9018a362 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 935726718bab170eb3c2d64d4fe9e249 |
| SHA1 | d0356a76c64ece860ebe43dcbbb852c82511c661 |
| SHA256 | 708f62460957e37885e177fa6973ed179afd35d50eec5872d6ccacf500f9225f |
| SHA512 | f7bb33c0555d7f6a37445778116cf7feff4bd360fed99bade9db5f3ee879165e856d2423a580e278332fe7163be671c1c0796de2729cff53ae61a6cd55cf3cb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d381c9a770886a2ee68123ffa3b4647 |
| SHA1 | 1bffbc2c00d6c874d7ba407b6c58913e61e8f2a1 |
| SHA256 | fbbd3bdf85110aedd195f08978e60af088d817131720e71c1d08dc715b1e6929 |
| SHA512 | 065b7b8651c3898f4c2c34a5e99a5479162b13cf4783b23a8beeb8f28d12fcfb6c6499622f084a9e720cc6a7511620f27f493d1b85bf4e047fb210d2e7510f1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbab01fcc24114002cfad6258fc53051 |
| SHA1 | 220940828e4a1a2bbf295fd9cb3a0956b2c66230 |
| SHA256 | b0ec01c0bb7a530b404d1b28b529cfb211bc25c53d7dc841845e25a95bf55ae4 |
| SHA512 | 76821bdfe7c67a6bf5826415e2bae41b4822ef6080a071c8112c47735d8c2f38cacca352a1f460c78c2a561061a30ae7274f7398b4136135df0e1d223f0fb9d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49883baf70e4625a310658314f2a8541 |
| SHA1 | 425fa02831c09fc941b1264f65c540ada6318937 |
| SHA256 | f3bda39a8bc7f9ad9fafc4b9ef48a2f4136e42899c6948fcd8f52cd845f9fda7 |
| SHA512 | 74c7681db2a7be7ef5e60efa2dfb76d89890a797c15d84ff287daaab082a1d8c80df91f438c757d3694f094e3fdb8195614c8d5736ece7b9c19e2832167bd76d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddf50234a8c10b5df79720b239b4bf02 |
| SHA1 | 8d23f53ff3125c3074b47147f494abdfd7101c79 |
| SHA256 | 4de520480b4a009a43669e0a95deb66bf64da5ced9f1aaaf8c7c62fc83a5a1a5 |
| SHA512 | 0639d3432b09b685f497598fe2000c12ae6643a266ec2f872b2951bbb06270f0f31af1d4fd75af8aac787c3147cfa73bc573e2fa72d82f2a7a6eb4a32a45b385 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffcec8e934ba5a84dfbe88d8f5be486e |
| SHA1 | 9a6c19c534f414d2143d3a30cede1dcf9f01da72 |
| SHA256 | 64d4d8bf3b2d030ca3a133468293d9ca4cc07aa315b7ac1894a80190502d726e |
| SHA512 | 4241bc14830019011eb1eb4b86836477128a34bc359f47e62be5e6b0486ad247ddde66c0beaf05de0ae64bf5e027d00d1a77fed5e52fce045a66e044aa27edb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 84b0fe83c5a29fd0057693a35d1effba |
| SHA1 | caab60e67fa67c82c615e63d65cbee844f7ef332 |
| SHA256 | 38ed5fa84f0b635567cc98ad1e98dcc539503eb7ff0dc847d6634fffe00dab16 |
| SHA512 | aba0ac28611773af72737530acedd17421d3d8232b7219fb1e010238dda3bdd10e38c9a18e5a6acbd5ecfa548817f1ef03e09054bca536b6bd6464b53433163e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ac022b63de47177ad97804cbc423951 |
| SHA1 | f4fb5b26cbfeabd9058bd13ffc30f3fdb7d3738c |
| SHA256 | 9c92ddee40e11501899df3dc050d0f7bf532c8022fc7a30e55ae99d253c7d8d7 |
| SHA512 | 73ae1c0d3a70a08c8e654ea2ae56b6c47a61cce12d47c4ed5fef95bb616e5aaaa586dc326030717a9f3d75717c2df38e917d4dd426c2dc8108bd47a461612166 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69b73c7af69a08a370d6c9cf8570b69f |
| SHA1 | 339c4581d582c7c7ff3c761d2b058e695405e5b9 |
| SHA256 | 9dc5b6e1e361ebee3fb55b19ed47e4c894d9e129a01be67417b230d8c4ac205a |
| SHA512 | 1cd0b86ba8edff92ceb7dde351981ec32d74a078f33c06a1eb74f318bdac6b0959971b862ef64d40d3bf315e8baa3c5438f5e4610875ff39e41a0cdcb89bca2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa5968651820c568e61bfa3d51c0f035 |
| SHA1 | 36974cd88bef03b937dc3c5fb235df7e46f2d85d |
| SHA256 | 678b7209134d0cfe6b43ce02bf5adb6f874edabf227b7356b00ddf6ebe6305c3 |
| SHA512 | b648f66aede7c0c6851a3773d81590b6bdca9cd744d5a4b0fbe8f252323680b8c7c5ed348cdf69447d2830dd9ed7a86fef5b02531aa19cc817b174b0881aec75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 9537fa793a0fd61b8cf6d30e8372bf41 |
| SHA1 | c6c903687df5dab3cff91422c4078401a7519eb6 |
| SHA256 | ec85b6363f07cf26110e6f415cc49c0e52b3a236daab34fd289bde2685ffb073 |
| SHA512 | 1d0dbddf3bc69a832afd9c9bebdda655ae22605d680090310518698e9e9f73383a9e15e0b928538776e702bb8840bb4b8704eed35ecad094bfe989f31658044d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e7b4a8ad1a44e05ca73f999207d85f9 |
| SHA1 | 741dc502bc0bb6d503b250d8b02c813211c11e67 |
| SHA256 | 2ae40cc7d60ebdfa0274aa030e74b0f189ef8f319ae6e8ec4cf5cbf025fe063d |
| SHA512 | dee200d3914918ddd325849ea50d7422d6021fe9a3e89b379ee8a353478af1756ec62061c8fcd17f6bb2d1b5e870fc1721923eb840fd9d07ff5f01f0dbf1b8a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e567efe6efdd40b0a587a41164541020 |
| SHA1 | cdea4cf108cb7c99854c306a24a5c0079a95b219 |
| SHA256 | 16dd13b70cf796c887fbf2e7b1af24c2816d90e5f6b940c306834161e70cdc95 |
| SHA512 | bdf4b0b6ea9598f87a0eb788c0eb465927c64f6640f345ba853593b0b2ada8e556078e79932e4322216b86d14085b290998c1bd2a1b99c6dad6167327d6aaf53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c25a0a0a52d4bc0dbcfeae7b18f98894 |
| SHA1 | cc3ba510620ca6264f014e33078f83cf1c6a0e36 |
| SHA256 | 116c93c102326369d1a525a7204ead5f1b748592b60c4c6d17f843bd055e4433 |
| SHA512 | 874e9bb98540657d4736a50add9cef474909426fea5f8756f52393e2ea65045f92a34fbdd72f2e605ef24d7b5d6e8fc708c27c0513417cab35d9b5469d537f3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 354e6c650df3323ff49fad1e124230f6 |
| SHA1 | 3e4f4793dc863f2797d68c8eeafc2c06730185f3 |
| SHA256 | cd06ef7889825469c41a3c0a34be2830fda7a4fdd97028be63e308cad0fc9802 |
| SHA512 | 8610cd99f057155e5dd9bb9015800ee808ca4a8647d990a98675ece16b11e288c1cc23216aa5737cabd08cb79106807bb7a8148840876744b0359812a473d19d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf1c2ee8ffb0974e464b699ddd2bd64d |
| SHA1 | d7ffc4a7aee443a4897bb907c32c920dd17c8589 |
| SHA256 | 9a6cdfe7d36a5c801935e3352a4c0a454c54ccb4f404ac56475da3463f8d919a |
| SHA512 | 6ed1d251d92994243e6f37d8ba55a28fd256a718d9776fe52c954fa00183fc8d14fc55556afbc081fb67216bc8f052a74e6830d01a519bef1187d5f22c8c7c19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf92d6f886f164712ed304cf320ab609 |
| SHA1 | 6754f39aed9caed8dcc14adccf78338f225df9cc |
| SHA256 | 0a00ddeee0bab85d6061c3daa10bfcdd4c32acd410b2ffeb399aebabec31ee12 |
| SHA512 | 0ad0df446be27557968472ad77b3e5f62a8a3630da6d4ff40c0f7b12353de80163b1a28a1623fefd099cbc23c2a829fc7ebd74428833b1e6c6448943fb916bbe |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-30 03:18
Reported
2024-10-30 03:21
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
153s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\7db6cfe0f5885f3f0306a44a6ecbf731_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba9dc46f8,0x7ffba9dc4708,0x7ffba9dc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3224 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3224 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3244 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.200.46:443 | apis.google.com | tcp |
| GB | 142.250.178.9:80 | www.blogger.com | tcp |
| GB | 142.250.178.9:445 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | sm9.sitemeter.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.blogtoplist.com | udp |
| US | 8.8.8.8:53 | www.scrubtheweb.com | udp |
| US | 8.8.8.8:53 | xn--crdenas-hwa.net | udp |
| US | 208.98.35.225:80 | www.scrubtheweb.com | tcp |
| DE | 178.254.50.91:80 | xn--crdenas-hwa.net | tcp |
| US | 208.98.35.225:443 | www.scrubtheweb.com | tcp |
| US | 8.8.8.8:53 | 91.50.254.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.35.98.208.in-addr.arpa | udp |
| DE | 178.254.50.91:443 | xn--crdenas-hwa.net | tcp |
| US | 8.8.8.8:53 | musikschule-seesaite.de | udp |
| DE | 178.254.50.82:80 | musikschule-seesaite.de | tcp |
| US | 8.8.8.8:53 | www.submitdomainname.com | udp |
| US | 8.8.8.8:53 | 82.50.254.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | scrubtheweb.com | udp |
| US | 8.8.8.8:53 | www.plazoo.com | udp |
| US | 172.67.198.153:80 | www.submitdomainname.com | tcp |
| US | 172.67.198.153:80 | www.submitdomainname.com | tcp |
| US | 8.8.8.8:53 | www.blogrankings.com | udp |
| US | 8.8.8.8:53 | 153.198.67.172.in-addr.arpa | udp |
| DE | 213.136.69.6:80 | www.plazoo.com | tcp |
| DE | 213.136.69.6:80 | www.plazoo.com | tcp |
| US | 8.8.8.8:53 | www.feedburner.com | udp |
| GB | 142.250.200.46:80 | www.feedburner.com | tcp |
| GB | 142.250.200.46:80 | www.feedburner.com | tcp |
| US | 8.8.8.8:53 | us.i1.yimg.com | udp |
| GB | 87.248.114.11:80 | us.i1.yimg.com | tcp |
| US | 8.8.8.8:53 | buttons.googlesyndication.com | udp |
| GB | 172.217.169.36:80 | buttons.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.blogtoplist.com | udp |
| GB | 142.250.200.46:443 | www.feedburner.com | udp |
| GB | 142.250.178.2:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.topblogarea.com | udp |
| US | 8.8.8.8:53 | www.bloglines.com | udp |
| US | 8.8.8.8:53 | img.tfd.com | udp |
| US | 8.8.8.8:53 | www.bitty.com | udp |
| US | 8.8.8.8:53 | plusmo.com | udp |
| US | 151.101.194.114:80 | www.bloglines.com | tcp |
| US | 63.135.106.45:80 | www.bitty.com | tcp |
| US | 8.8.8.8:53 | image.excite.co.uk | udp |
| US | 8.8.8.8:53 | i161.photobucket.com | udp |
| US | 8.8.8.8:53 | www.podcastready.com | udp |
| US | 8.8.8.8:53 | www.webwag.com | udp |
| US | 108.181.106.66:80 | img.tfd.com | tcp |
| US | 8.8.8.8:53 | www.europerank.com | udp |
| US | 8.8.8.8:53 | 6.69.136.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.169.217.172.in-addr.arpa | udp |
| AR | 200.80.209.243:80 | plusmo.com | tcp |
| DE | 51.195.17.238:80 | image.excite.co.uk | tcp |
| US | 151.101.194.114:443 | www.bloglines.com | tcp |
| FR | 163.172.47.39:80 | www.webwag.com | tcp |
| GB | 3.162.20.24:80 | i161.photobucket.com | tcp |
| BG | 185.31.121.155:80 | www.europerank.com | tcp |
| GB | 3.162.20.24:443 | i161.photobucket.com | tcp |
| FR | 163.172.47.39:443 | www.webwag.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.36:80 | www.google.com | tcp |
| US | 63.135.106.45:80 | www.bitty.com | tcp |
| AR | 200.80.209.243:80 | plusmo.com | tcp |
| US | 8.8.8.8:53 | www.mynewblog.com | udp |
| US | 104.21.56.47:80 | www.mynewblog.com | tcp |
| DE | 51.195.17.238:80 | image.excite.co.uk | tcp |
| BG | 185.31.121.155:80 | www.europerank.com | tcp |
| US | 104.21.56.47:443 | www.mynewblog.com | tcp |
| US | 8.8.8.8:53 | widgets.5z5.com | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 172.66.132.114:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | www.zimbio.com | udp |
| US | 8.8.8.8:53 | www.yousaytoo.com | udp |
| JP | 202.208.220.131:80 | www.podcastready.com | tcp |
| US | 8.8.8.8:53 | gelgit.tk | udp |
| LT | 79.98.26.232:80 | www.yousaytoo.com | tcp |
| JP | 202.208.220.131:80 | www.podcastready.com | tcp |
| AR | 200.80.209.243:443 | plusmo.com | tcp |
| US | 8.8.8.8:53 | www.blogrollcenter.com | udp |
| US | 8.8.8.8:53 | www.blogtopsites.com | udp |
| US | 8.8.8.8:53 | www.britblog.com | udp |
| US | 54.87.82.0:80 | www.blogtopsites.com | tcp |
| US | 8.8.8.8:53 | www.blogdigger.com | udp |
| US | 104.21.73.237:80 | www.blogdigger.com | tcp |
| US | 104.21.73.237:443 | www.blogdigger.com | tcp |
| AR | 200.80.209.243:443 | plusmo.com | tcp |
| US | 54.87.82.0:80 | www.blogtopsites.com | tcp |
| US | 8.8.8.8:53 | 114.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.47.172.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.106.181.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.56.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.209.80.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.132.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.26.98.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.73.21.104.in-addr.arpa | udp |
| GB | 142.250.200.2:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.blogrankers.com | udp |
| US | 8.8.8.8:53 | blogdigger.com | udp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | www.ontoplist.com | udp |
| US | 8.12.18.87:80 | www.ontoplist.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | www.sonicrun.com | udp |
| US | 8.12.18.87:443 | www.ontoplist.com | tcp |
| US | 74.208.47.213:80 | www.sonicrun.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 0.82.87.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.18.12.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.47.208.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 74.208.47.213:443 | www.sonicrun.com | tcp |
| US | 8.8.8.8:53 | www.top100add.com | udp |
| US | 162.215.117.222:80 | www.top100add.com | tcp |
| US | 162.215.117.222:80 | www.top100add.com | tcp |
| US | 8.8.8.8:53 | websitesubmit.hypermart.net | udp |
| US | 38.113.1.158:80 | websitesubmit.hypermart.net | tcp |
| US | 8.8.8.8:53 | www.wikio.com | udp |
| US | 104.21.95.51:80 | www.wikio.com | tcp |
| US | 8.8.8.8:53 | 158.1.113.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.117.215.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.w3-directory.com | udp |
| US | 8.8.8.8:53 | directory.bloggerplugins.org | udp |
| FR | 77.87.110.40:80 | www.w3-directory.com | tcp |
| US | 8.8.8.8:53 | www.ukbest50.co.uk | udp |
| GB | 185.2.219.212:80 | www.ukbest50.co.uk | tcp |
| FR | 77.87.110.40:80 | www.w3-directory.com | tcp |
| GB | 185.2.219.212:80 | www.ukbest50.co.uk | tcp |
| GB | 185.2.219.212:80 | www.ukbest50.co.uk | tcp |
| US | 8.8.8.8:53 | 51.95.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 149.56.240.128:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 141.101.120.11:443 | t.dtscout.com | tcp |
| CA | 149.56.240.128:443 | s4.histats.com | tcp |
| US | 141.101.120.11:443 | t.dtscout.com | tcp |
| US | 8.8.8.8:53 | 212.219.2.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.110.87.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.8.67.172.in-addr.arpa | udp |
| US | 172.66.132.114:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | 11.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.240.56.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | x-carsnews.blogspot.de | udp |
| GB | 142.250.178.1:80 | x-carsnews.blogspot.de | tcp |
| US | 8.8.8.8:53 | x-carsnews.blogspot.com | udp |
| GB | 142.250.178.1:80 | x-carsnews.blogspot.com | tcp |
| GB | 142.250.178.1:80 | x-carsnews.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
\??\pipe\LOCAL\crashpad_1372_IAKYZAWPKPMTDCPV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b6850d704278f6ded6e35d783afd0e3a |
| SHA1 | a603dbb35e4e949f5e27f40ea3abd0f80d150601 |
| SHA256 | 30fbb1a304de39072abcbd7fbb5ac1be47317319a76e81d26bf42979139a11d7 |
| SHA512 | 1bb8fc509642f13342937f8477f2bbc2a02a5437366cb7ab669c52cab9cc69400e7987a223cb7c52b96d3bc43df3ab70aa3eac4b536b8d081fb2490802f33db7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 13abad1babdf5c33e7fc3413fbd03085 |
| SHA1 | 3b8d43789f58411cf565347d67bf96ea80bf7279 |
| SHA256 | e2fefd75808bd552a925ec2c04e6f9c0a4d9c4c29fec85147c7f5081d4ad7048 |
| SHA512 | c3f0b4b7ef80004f6bedbcba4df248438236c88fa23ec2e9719cd4a5176cf0282156c7818089e5b0221545afb30f14bae750b00ca0fa11e3c1a0ac2cb06ffcba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5874fadda8e6309efcc931c02071db87 |
| SHA1 | 1d968a314037ae88c5ce0ebeb6092d43c9d17334 |
| SHA256 | 0c2e760fbdff8f1ee1aa1b6399e32fc0d87857aba1be480f0762a74ff2a44213 |
| SHA512 | f427d828c9e996a5c90a5cc182d2eb5cea7467b10ad62ba9d95403e5e56be33330b995a792107db7092a348d0eda0d5aa23086dc959c80ff0f1b8c69b778f4b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 12ac3c4973bce271859939d93af7f092 |
| SHA1 | 2eaeb0b9a6618ef59fa41508d8746538c47f499f |
| SHA256 | 9168e82ae28eb4e526690d35ffea886e38ecdade2e3e8d2f9e8c31191ccb65b5 |
| SHA512 | e36da2548335a91fc3e3fa8f583637a87ee428d412dab13dfbb77388bdfe6e00dff5ce323dae125df6768c6d470d4a225329b33df0354faad4a121a9912c6b00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c5997b6100efdc423d4200ba87d83cf6 |
| SHA1 | c3615f95ee132503314ac182a2101f1d8126d8d7 |
| SHA256 | 457e154234796d5481b4d5951251e9a4d6d7673c89e538edddf874a4ae0ebd67 |
| SHA512 | 765785d4f2783d88689962e370da225d49a83bda1427e4b3857d8b7aba8e2de9c7bb82984240343586e13d83555df2afd6209972e7ad0f2e58439c1f3d92782d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 40513b35791a6fc7c1d1ca64f1cc7241 |
| SHA1 | 716b976c9fc8d8150e915691fdb8a23a02fa33bc |
| SHA256 | 5fbabd7ec14a1b866f42ccf15fb156883fd58b9439a0e164729b058a37008116 |
| SHA512 | 344fa35c86b97deef4b2f21a7753cb007fa0fbe7de42b3732717c83a95a4cd1e8dcb966b21048bab079a20178ab15d454d9f4db4c73cdba2dbac0b76184c3114 |