Malware Analysis Report

2024-10-23 17:24

Sample ID 240510-tthwbaee5x
Target 2ffcd63801dda60d84319b7b8ecd8c70_JaffaCakes118
SHA256 391bb78a74eb56df9e7623c759a9630caea029c1fc45fa27348707c22d2de680
Tags
socgholish downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

391bb78a74eb56df9e7623c759a9630caea029c1fc45fa27348707c22d2de680

Threat Level: Known bad

The file 2ffcd63801dda60d84319b7b8ecd8c70_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish downloader

SocGholish

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 16:20

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 16:20

Reported

2024-05-10 16:23

Platform

win7-20240419-en

Max time kernel

139s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2ffcd63801dda60d84319b7b8ecd8c70_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4538ADF1-0EE9-11EF-BD6B-4E7248FDA7F2} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421519919" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000003d42982677ce1d36816c6f0eed08ba4142701c52687c2359d77d7d48711f89f6000000000e8000000002000020000000bbdce434fafb5146ea8ed1508685cbfc907e1671a6efd0b9dde4e1cc3efac53020000000056c051e1e0e1b568cf1a61d87537117e5f1262dfa2e3e235c9419e4e465aba540000000faa5d3a1a26bade32de9503526c7dd4fdfb1def37fa5c7472880d0badc4a5df78ff8f964c2dcde6bbf8ec218b36fc6a59da50fe70bee1ff5fff61e09bcf8e487 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d00a811af6a2da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000d5f636dc959fead358dd45584415bccfed92e82d00aecc5ff17a944b3a725328000000000e80000000020000200000007ca66dccefb69f6f9474947a38b1f9df7b5d3a892336ccda6bda4603d1ca946690000000b773244b13dee1776bf505b31c62d7105e0ae87e7b9e06b479c7a10b2637c754a1cd41c1302164a9bad465e8454a1a572a171ea27b52d90ddd07dd645b96c5fc2511c5553eaf7b63ac65b5f2c61a5df1cf6ba7583655b6eb30575618bdf0654e31454cee489663cc4dfd074c8d118d4a3bdd527cac0c04bd8e5786c0a58b6c2a2d7199cd4734985f7e54c352fd0ec7f840000000a69aa0d612df0c63c1e5ec5f248432bdc25c9897dfd2873d07ee65b73b6e092eb9909304eaacf709cbcbf32403c97a3a1bfe4f97cc85ad9d4ac92039a327c327 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2ffcd63801dda60d84319b7b8ecd8c70_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2052 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 rcm-images.amazon.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 clickserve.cc-dt.com udp
GB 142.250.200.9:443 img1.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
GB 216.58.204.66:80 pagead2.googlesyndication.com tcp
GB 216.58.204.66:80 pagead2.googlesyndication.com tcp
GB 216.58.201.102:80 clickserve.cc-dt.com tcp
GB 216.58.201.102:80 clickserve.cc-dt.com tcp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 rcm.amazon.com udp
US 8.8.8.8:53 blog.prestonbailey.com udp
US 8.8.8.8:53 bp3.blogger.com udp
GB 216.58.212.206:80 bp3.blogger.com tcp
GB 216.58.212.206:80 bp3.blogger.com tcp
US 8.8.8.8:53 rcm.amazon.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 0e2e2c163f52d2975a07adfb1034e5e1
SHA1 2f99117a05b2b15350c168421af912516f53b40b
SHA256 ed4c159e1e0e77d8edb180666bca1d23a5b288c9b46939b5226547bcde949766
SHA512 855b0a4b7fe16de5d88b0c5ab4c957f285523c916b8bac9bd6e9a0220c4b2d260cb67d9b5e9fca8539ce79d63d95078934b3e3c618b79f33a0c0c6db4ed950bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 30ba39f0d9dfc242bcf5a13148c65714
SHA1 f35a36a5dd87eec68ee6d1e621224995838f30f2
SHA256 6cb7722d1559158bb31024e172b224988f0963e043cb8f60065c94c0e9f5b0a8
SHA512 bf732a235af263d14562f0f10495e910f18affdf4dd1f1f0507c470de7e9cc0d3f122f4e114962ab3342c434d71b20e97ee78dde7339a42300cb5a394f500a45

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 794bfc1c91ebeab3e88350f166ed8498
SHA1 e15f7e4d2b22e63c328b17b20e28026b8bf14c88
SHA256 d7a622df45d560fcdae406a27b4e7cfabd34ee0ad1ab486cb0ccfe4e2167b460
SHA512 00a669586cbd305d4eea328eba245cf6110b8cf7ff246c7d79e20ee7d6cca200813f080ff6b55e6f2be1433dd0804b90813cc3ce6bfc1ec4b532ced8bc37767b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 66d2ec23c4e347e9be0f75f05067ba3a
SHA1 562643eac16753f94ba062868477798515e10c5c
SHA256 9e5ad6a89ad6acdb7b87ae7547b432af6ab808d7f66c7e3dfbaffb1bd6127139
SHA512 6d218239d8457cec0d3f128191173e2de787fc35efc16ab55f90e1afe3b4da5344c3e0c5cfd3f92b4b61b03af4c0a3999a73f9d97a34c83f24fd8da2e154f55c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 17bfc27d34198766916ceca9055da4c1
SHA1 066a12a310cb6e94a7b1a5dff793edda3a836060
SHA256 52383ce5eb43addf0f8da45befd5ac3912a4eb13924b2da5a873bccbdd48b2a6
SHA512 b042fe47103fd983a94d32d14dd7d1804cc80ad608e0ffec137771a03d98eecee5990572b2c442bc4a7c64bbafe882d0ff2d0908750eaeabc4ab49255a27c1fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA

MD5 43ae1240e82a88c27729aa2e43fdcd18
SHA1 d3d075e4a91481cb936b162a4aef36a7ec25ee70
SHA256 e3502b118ac5ee1eb32690694f604b973f3d5c4a8bc00c7a41e71c63ed96bdf2
SHA512 b41079e60d4fc1c4640a119dc1fa47bec6efadabbc0e5f4e4a3f4c89abb160e74914531088e273feaa670d3a92b00a0e6380fd94fa480913709f34ad1c971a5a

C:\Users\Admin\AppData\Local\Temp\Cab18B0.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA

MD5 3a6afc8cd24e1d153ea7da8f3b113e5e
SHA1 8f21cd0c8402eaefe6d5a9351b903a83c5de04fd
SHA256 4c11f375d421a64a03413e298d9d5a877987ff284ff1e1b39f1e4fc51845f7f1
SHA512 790fcad59344dd5b36777e534011bb8e4a422ccd83a1719ffc827a9a8afab40ebdea4674af39bbb0d44cc79ec7a7572c7af0bf659239c82c49d82b17d8e55244

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed575b679ff1a2db4c575b36a8df5912
SHA1 1d85af54dad93b3b4df4ab4db0ee4636f6882fa1
SHA256 ac1a68fe5158d1e2097b58cc3fb866ec93ba86cc88088536e32a5134d1a10f7b
SHA512 5585f4880e7fe9805bec2c0ca5583c835d97d976322b520463e7aa4157666f138c5b8437d74c50ea8ef7fb8cf86947be8c89674a1e3c602980334379e1f0e0aa

C:\Users\Admin\AppData\Local\Temp\Tar3112.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 495db3ec8d27e0833527d9d684e43503
SHA1 0309421a7b723258488fb63ca59bea946c19da1f
SHA256 5dfc349391ca2bd703a37786b8647ee3135c8d1429ba61ede20e813d4a22760e
SHA512 da818bfa3a7c8ea9e59a274521921d0e394d8517e5d91e62a5e1e1e8d38651c2cf780d4f070c7cc7434b94c35d33e05e254e58fd3e0582f81db4249fd3be4c1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c520a21a65f239ac351f0b3e80b6d689
SHA1 3fb59e7ab99dcc35156c156ea5efb4f0ea452828
SHA256 b55dad655a47ee2ca977fcc03ec9eb1aefa08d8ff00d726beaf891c6a395408f
SHA512 416125d0eddc33247dbe24685ab1d5f5fa701f9f01f87f921410ae4c1a05c302ba3bdad04f8ed0788f93632ac1d5a142e9b3645c8e7121d56efa8444ec84bae0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4b7318ee55108ec561c68ef350d222b
SHA1 74e1ff3f1bc8d8aa5f55ca28a83243bf558404e3
SHA256 6bbb81ee9636fc46e13ef7f311b162149aef928d5d2bd0563560a370aaa91b4a
SHA512 6f7837a7c153a1846a87a46a247eb1351e248b50c007d3697d34a6c399822b9d015cec12eea7b632a892923af465d35262a01e0a4208c72ee9fe5b6dca1ef763

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8eb2897d5ade75208c68eb55a38e6e3b
SHA1 479e93ac3b83b284f3e8c100c3d854258e1ae43e
SHA256 f425d88b2156d7fe0c7cac9889c4c4632a9290fadc9fd89fbfa6eeca09eb6234
SHA512 0330ca28f49657212f8a12911318b62dfe8cab31ce450ecd1e3357c6f59a2087a3e8390741a32bfccf5e093b084067f747faed72c64c4dc6d79adfab5e3e5821

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87503b4238c1d25d52e87448aa507832
SHA1 97e80815ae55fd40ad4755effc61b220b35baa1c
SHA256 fa4af84cd0acb49a8e8026744a0fe56ae52331d3fc783a7b926aca380f10ea1a
SHA512 274b321ee9339b73885aae23f52554265076733b2c1113707a4eb8970e6e3294cba673eba9f708846f8bfdada96e9478534d0e5c0b5702d41e6bce76e3064c19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 356d8a6268cf964894497ccc54ff2e26
SHA1 8509bf33a08806cb0a960b401f68d9ad0ddd4985
SHA256 c59bb5b1c226ddf421abb2ceb5a2d86ae08d09ffd10dd3340c8468018334eb6b
SHA512 77fefb73bbd053e1d25c8b4d3903751b927490ce0f56df3636caad58464ba6fac4cb138f6b8cda3e62e93760fcd05c678ab8d33d0e4db2d9014c81c8e743bf46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 130d57fa1e63e6f37f9bd39c51edef9f
SHA1 ff6ea0d68a73efcd98ba19ee2bd5d5f9e8cf6b1d
SHA256 55f890144244b54fedef09b1e49ea6c9adc7faf37bd51a8da907e5b1759301a6
SHA512 97595b128bc6fbf477d9d7e010c3189c63ca4ceae0f48b181d1a56c7d551638f3d95b1b9cecffe4a7125a8a71937293b6a8dd931299c91905d0f0ce05cac9407

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1183330e85c71a7c478821a1cc15bdeb
SHA1 78f6717656ea0a323ec856c31fbd8053d52940d9
SHA256 aa3dcd5e763e230d352cc4eefbe3d615ec2a2b46a4505db85a93ca16d7e8ab2a
SHA512 bd96ecc71d3cd9b564a9233c7a1d70f5e347c676605828bd6dfb6440e48997a1d90086b28c218e6d36c5655fd9e64421be0dabb4e0c6f9f138fb28e8ee79ac82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2225890e974b16d8a092a0f24ef3f69
SHA1 31c7f50093a01c8d30878ab3f9d3dc73a07926ea
SHA256 6f23cb1f75bdb94d411be524fafe9a0a85bfda076ed66cd8d75ffc26b13522ac
SHA512 4c14c75132afd101503bf15bea4f13cba5f2b48880c325ccffccc11f27e287912d5343e8ad4b4fa0f0c0c016e343829b51e5d9035edfd3c33abc43cb0820044d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7bd5c682daa0ac9c99d831e25e4224b1
SHA1 6832beb4a715285cf51cbc9ddd720de50820667d
SHA256 df0397fc809e1a4807581fb0bb0f44099cf957844bed54ae7378293e0898a276
SHA512 215476c74a5109b4bc0a13c2c3b1c5b254aa0ce41f060a0e9a653847e419f1367a31b69e8c319366ce0daf6baf0bb677eda8506f7bd822a92d21aaf471644941

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5426588053b2c98e9f2c870fb1900e5
SHA1 5c573ff8738219522103e8e78190ec419c4b75ca
SHA256 dc712fb05bcb6755ccecd234f90fb100a611a7fbe3162b029fcf68513942142c
SHA512 aeca25521e41b2b0c0911824ff48d2678d4f65fa1848041256d2f3ecd79cfbc0359e016443c809ed06c7e86e33b1ab0e8e9f722b018fb255629c1281e80247d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccafb10bb54830c5f011a17922d669d2
SHA1 a1e515d21f3969f3b2658ec977f62f283ac829b2
SHA256 8bd274efbf3453e65d192512e95bde6092c146ef80dfbdd0b92e5938d7aab057
SHA512 950750baf7d4eec69451e48e3ba9c7f28f135a9a3783457b6bf9d9db6d77c6b526582c2cd7c5fc5b518bb78d913da4e33b9ac3e700d4692973d501f9ba781122

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9989a54b5059a242f5c32bf26463e0df
SHA1 92a5f6e32d328505e26783c8d22d1c4a2106a834
SHA256 1383c023b5637ef58b3cd6e5421f68b1698b28adb0d7be1f5cf2d023152f12f4
SHA512 c66e56f530177ace354e89658f8daf0b01aeae3e442330f048181898f9ce9fb2c0a4c9b2886f8f073a85fd279f0c526bcdb4eef8defb0fa6a63615827abd7313

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 adff69ddf1f0d4266374a6643cbdde17
SHA1 0605f56af5bf6a0405ee9310a643f4f4abaf4d99
SHA256 e5275084a78e4057118e21f3f18c5ed1d64a25a20cac90c24698a7833645b5ca
SHA512 a766c71ccb7f3f659e8cc9b5b9856141b262f46697b0a6bcb9c2abd2145c03e0a8c2f7390f9a3dce2b51201a9d70841be84052e791c29e4f70b53192dc2035b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8712cb26883561a240e274f789a6253
SHA1 0e0fbe83f400564aa68b8b14c33731196c6f4457
SHA256 a3a019bee0524c2bfefaa454a65c0daa25962bfca002df8fc67f28d84c353f61
SHA512 fe55b05ce012f38c0eb2ac3269566718f2fc2fd9fae7b0cd27733d9dd99df30944f41ad52c573bd2d6ac146b01c4d0f6f3099546ba67960e0e4ebe959588a039

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c530f0def842cc8cdf1b10dfc7ffbec9
SHA1 861e621df475312ae6d9bc3eebbb03286789fa6d
SHA256 83547fe33a1f66db71929ec21d48f1286fe94b131eecc50d7c23ed70f1b02032
SHA512 8ee7e6b8ec3274c2fb7f968c6c77cdcb69fbeb23c6097fb129f81e06a54c10715920821c76458143ef076c241ac3e04a4daa247e5f05a3e4dadb3f38bd72d892

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 272dca4c9a350d90bbbbef8ecf60404a
SHA1 592ff875cd15fc54f24f74d062f26248c1d07a51
SHA256 508b9fbd269bfa9d06da65c68d8eb0484ec4ee292c250440f134f14811b233b8
SHA512 7e510099f2b5649af46ab69923c8fb8f660a5e9c5f31791cd794df492f8cc265b6b913cf47ecc0b09d99c885be89002f1ab5e4809a298f5ce8441d0bccf9354e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80a8dae85a9cb5a00974f9597f66d4c2
SHA1 c1a4256ebfa990531301e4dfdcc758647c474ea3
SHA256 e75771a7f24679ecebe49ccbb9b28682feb7e020d4d32cd9b98bc52220615179
SHA512 a2a6e3d3bd3930a4970f5799afbfbfa727b0b9eda75d32e1ee9398b650a1379d159e04d073ab341abc0a29da56cdae47f8fc8544f9f3caf2bf15d9c1eadf4240

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01869febe4b793bfbbef9802089305c2
SHA1 2124694760882d1e16d18eba15b0c4313a3332a1
SHA256 e6f77fce84fa1586678087cc1cf5f8f0dd37ac498ab9868cdebcaa17e9ddfdea
SHA512 bca8bbd761bfcdef3d24a97aa45c618f6897d7aef343f988f3f3ec26d2ec82c3cd47431506350905c45f4ecf87bb89294014e10a99dcc05fe3a37259cad3c042

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e58c198fdf06aa7eeb042b6807b1b966
SHA1 1a4473483d2775ccd7ab7ada0c8166259c76e1c3
SHA256 b4c13fc0c6a0461c506349abec867ad0ad1da047b222870dbcd1d70abdebe350
SHA512 0a290e4a3e855006bc583ccd42dcd8ebd93dbb925d391f0d8ad250f1952f46ac11e420dc341860c56753c10d3b58d3cfac517c29c31c6aed4be7ac291d40cce3

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 16:20

Reported

2024-05-10 16:23

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

138s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2ffcd63801dda60d84319b7b8ecd8c70_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2340 wrote to memory of 4408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2340 wrote to memory of 4304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2ffcd63801dda60d84319b7b8ecd8c70_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe8ad46f8,0x7fffe8ad4708,0x7fffe8ad4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3624 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 bp2.blogger.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 216.58.212.206:445 bp2.blogger.com tcp
GB 172.217.16.226:80 pagead2.googlesyndication.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.187.225:80 3.bp.blogspot.com tcp
GB 142.250.187.225:80 3.bp.blogspot.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.187.225:80 3.bp.blogspot.com tcp
GB 142.250.187.225:80 3.bp.blogspot.com tcp
GB 142.250.187.225:80 3.bp.blogspot.com tcp
GB 142.250.187.225:80 3.bp.blogspot.com tcp
GB 142.250.187.225:80 3.bp.blogspot.com tcp
GB 142.250.187.225:80 3.bp.blogspot.com tcp
GB 142.250.187.225:80 3.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.200.9:443 resources.blogblog.com udp
US 8.8.8.8:53 rcm-images.amazon.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 img1.blogblog.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 216.58.201.110:443 apis.google.com udp
US 8.8.8.8:53 clickserve.cc-dt.com udp
GB 142.250.200.9:443 img1.blogblog.com udp
US 8.8.8.8:53 bp3.blogger.com udp
GB 216.58.201.102:80 clickserve.cc-dt.com tcp
GB 216.58.212.206:80 bp3.blogger.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.187.225:443 1.bp.blogspot.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 rcm.amazon.com udp
US 8.8.8.8:53 blog.prestonbailey.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 bp2.blogger.com udp
US 8.8.8.8:53 blog.prestonbailey.com udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
GB 172.217.16.226:445 pagead2.googlesyndication.com tcp
GB 172.217.16.226:139 pagead2.googlesyndication.com tcp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 blog.prestonbailey.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.200.9:445 www.blogger.com tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 blog.prestonbailey.com udp
BE 2.17.107.113:443 www.bing.com tcp
US 8.8.8.8:53 113.107.17.2.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b2a1398f937474c51a48b347387ee36a
SHA1 922a8567f09e68a04233e84e5919043034635949
SHA256 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA512 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1ac52e2503cc26baee4322f02f5b8d9c
SHA1 38e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256 f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA512 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e07bd069f2a6d9831d882aa804ef5d29
SHA1 4a83ee609c5daf555abbfb933a2f2e2bb77078be
SHA256 d9b73de0c6267669bf1a4dbfb6cb51f1cccbf09828e000eceb3bbeb9a096803e
SHA512 f610f4257a6098ff50e3a3d0948a597bfde16dbdf66b0ce4eeb2ce7dfdb463ca2619f0669ea2e1cc328dd598792b361feada4de6aa70eeac02d5cbe540f40c13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4f00610cb6d797d3ce6a525cd5fd0330
SHA1 11e1df833b526d99dd039829fa6dca217b8963bb
SHA256 041c12e9c69c3234b2cafb8027aed81198effdf6850296658e303d582a72a632
SHA512 f58fce9879ac211c0854345a6d7750bc67e2036fe61c8053ff573e2c423e7c3722502593a7543beb35d6f2234bfe1f5e2b693555129eff26d34c03a524da0072

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f8bc160e148cfc318c44213fc20a8671
SHA1 462d856b38b496f8224120f95c1f5eb665f78600
SHA256 8a4995e43ca7ce26ee9751a6b4002267e533ed1257b00cf96cedc33f68ee6bf9
SHA512 818edcd878dbf6e7cd231a3e4f6f836859cd1e4d291e4a22ad790d89f663aac30b11bd545281fad1614ab5f635135588681ac7b6a3db6f9ef645a609b80de8ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 990b3f50bb7c24fd7dd39c14fd1097e5
SHA1 19b1673800fb7abf2c4fa84849c9a963c4ed17cb
SHA256 2c9a5b09d1945385cb91e2659bd425f3a3367a45f40279139ade458bf7ea1a88
SHA512 2ad5331921f823f2a8b93ae7ca3b9fbe4eadeed15b69ca55c240e5a24937feb15306d367e8295d069c201d574d6c1bfcbe127d437b46b677d17a0c6762d00570

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e7ba3100e62e44f3186c03ac3be5fdbc
SHA1 a1076b5e6ed843bce8d4ff7f2879d2598f75fc2f
SHA256 48d43bd647458109398529fd9e597d6b32eb2b9dd008f2e69fef06ab7f09ad54
SHA512 a450e20b304256aeba681f901c3a2494790ba66feb00575663165d313395ea8563efa94cb2f73472a18008e04d3825683a1ea34a0c105c26e33ca17e414efb66