Malware Analysis Report

2024-10-23 17:23

Sample ID 240826-rxe8gszenm
Target c331ce3157b2c1e1048ce8fb72627e63_JaffaCakes118
SHA256 d04c9111e9ac11905722de8bbda3382dfbc46c2146fccf329d0b48cac4868003
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d04c9111e9ac11905722de8bbda3382dfbc46c2146fccf329d0b48cac4868003

Threat Level: Known bad

The file c331ce3157b2c1e1048ce8fb72627e63_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-26 14:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-26 14:34

Reported

2024-08-26 14:36

Platform

win7-20240708-en

Max time kernel

140s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c331ce3157b2c1e1048ce8fb72627e63_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb000000000002000000000010660000000100002000000058be15ed2d7897d92feff1b8b9beb360939fd28310639e3c987014f79b2ca970000000000e80000000020000200000008e4e0de4975d8c00dc103a9b42e55a019ea0eb050a29fd03794aef0f2af59da4900000007b886ad2d637e991b816ba1a8eb39cf254f5e3127290c58de2f2e0995328541b94fe38618131a9d0632c9aceca9e1a46fceffef447769215e6fe253a8281755ab799cac983a40b29ab7fe51a4eae300a43e94d19340dbabde649613d3a699f9a44b96616db7eeae3d8d4c4112d36ba67f453b3cf6aa3aa75f238f48996985c18cb6599ef98eb1ea12e0512c9e68138b9400000009553f4ff3b0810b3da9a1c3b832b6613127d226a03c2e07b36da8dbaa75220af0042def9cd49d394ba83a4591d18b85b5ae98abf8944d486fbf914fb2ce1f4ba C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430844715" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{401E0C11-63B8-11EF-B8BF-428107983482} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20459930c5f7da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000dc4d450c86ef4b05d0468a3fcf2a03dd0a7778385db9570074634f1e7b891558000000000e80000000020000200000002a3948e140c1bba03e99c430f370a7a2538037c397d48340b008099b4002127e200000002bc24f1cb3f7d0c51e8741a11f3adec4b92a4f1e714487b10f4d11f0bb35792a400000000e41ba7529cad867841fdd359f6b4f53f72d246ab92fd522cd6815d724565a8a46ab1ffd3fa88ee3e5d4898722cfde565d51db660463f69c8399b969251be96b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c331ce3157b2c1e1048ce8fb72627e63_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 142.250.179.105:443 www.blogger.com tcp
US 8.8.8.8:53 ads.egrana.com.br udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 agregando.net udp
US 8.8.8.8:53 www.linkwithin.com udp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 104.21.36.14:80 ads.egrana.com.br tcp
US 104.21.36.14:80 ads.egrana.com.br tcp
US 8.8.8.8:53 www.revenda5reais.com udp
US 8.8.8.8:53 i49.tinypic.com udp
US 8.8.8.8:53 www.geralinks.com udp
US 8.8.8.8:53 gosteibloguei.com.br udp
US 8.8.8.8:53 www.upblogs.com.br udp
US 8.8.8.8:53 vidavadia.com udp
US 8.8.8.8:53 www.eutesalvo.com udp
US 8.8.8.8:53 vadiandonanet.com udp
US 8.8.8.8:53 britolinks.com udp
US 104.21.58.245:80 www.geralinks.com tcp
US 104.21.234.48:80 vadiandonanet.com tcp
US 104.21.234.48:80 vadiandonanet.com tcp
US 104.21.58.245:80 www.geralinks.com tcp
US 172.67.174.14:80 www.eutesalvo.com tcp
US 172.67.174.14:80 www.eutesalvo.com tcp
US 104.21.234.48:443 vadiandonanet.com tcp
US 172.67.174.14:443 www.eutesalvo.com tcp
US 103.224.212.210:80 www.revenda5reais.com tcp
US 103.224.212.210:80 www.revenda5reais.com tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 vidavadia.com udp
US 208.91.197.132:80 vidavadia.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 bit.ly udp
US 67.199.248.10:80 bit.ly tcp
US 67.199.248.10:80 bit.ly tcp
DE 157.240.27.35:80 www.facebook.com tcp
DE 157.240.27.35:80 www.facebook.com tcp
DE 157.240.27.35:443 www.facebook.com tcp
US 8.8.8.8:53 imagensparaseufacebook.com udp
US 103.224.212.210:80 www.revenda5reais.com tcp
US 103.224.212.210:80 www.revenda5reais.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 92.123.143.234:80 crl.microsoft.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabC821.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarC8FF.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHDSWW5V\plusone[1].js

MD5 65d165a4d38bfc0c83b38d98e488f063
SHA1 1c4ed17c5598a07358f88018a4872aa37ae8bc07
SHA256 b1320e0dda0858c87971f7baa0d53063ad2a429d232fd06b0067bda8b9eeb0ec
SHA512 abf4c755d88193e7e05398b6f934fc561d8e2adbee7d2170af399e145e54a4a8a93988e4af4e28d6240c0bd1bda7035ae97f67a85a471088820baae8d89f3d41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f1dbc8aee370accaa629f6599ba13b4
SHA1 f6df9a5051c9e3b1ef607d68d6d8f919f245708b
SHA256 c9618e01c048845bac983760cc146a559bc4c686bbe6a7195ab4819993167681
SHA512 3d21ff15cf7a3434ada39ccef4b433b082a1c1011bc5dc8173c53545a54d980783e43bef5e0c2ffca45c966b6d5109adda90f0c65b778f124649dc7da8669ea3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33569f5539bb03bc6e3837686372ad94
SHA1 d115d2adf118e62e4d693a1673faeca2e0be46e9
SHA256 19ab24f767ff82dd42433685fa93424abb6f72f5aff9f886a0845368f40e59f8
SHA512 9a2a47bb3495642e71a33cdf8dc006aec85bcb9682c25b3db3edd8aa88ce85e024b76db95b307a430b4d33812635e478391d6d078d7134538addb4952f5b3b23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 159b321a305df525dddd147fc11619cb
SHA1 54384ecdfadcc823ade52ee3654cbef54f853342
SHA256 dc14bea75dac6b0f952de79009a0d5c8540116dc55e9053110a7b5533a1a139f
SHA512 8044857f9f4a7de682263454c98a1abfebf9f94c47fe4c7a5780daae4aad0277cebe05e03ae5dcba7bce895595151b5966054d49ea0219e8e0dfb7a0ce20bef7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78d6c101cb26e4a5c5fb4081be7d2a77
SHA1 9e83b9b5fcacbfd2a6ddf9165c21490d5bd7ea35
SHA256 291e14145a37fea9275c372663b5791fbb264d469f2cb2ca33cc08b59b124114
SHA512 6b6fd195b1dd69b26f152644790d8eb939834ad20215d066cf8f1d016217b3e2b558339ac565438ad8b6865f307908ab9be73d97387bd2d475d3293f68427b3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63d7098ee840d2f311fa14e19da1716f
SHA1 fcfd0bf99c43daf2aa81b14db38647845a3c1b22
SHA256 bdc705c5c3445c100f23b14472e217923cc446f3838f0d04c64d7f6a4f4f30ef
SHA512 25a76aa6b0f7c3956b1c09c3c4f0da8036631a363e627c5aee073bfd8fbb4f435a57830acfbdc83b754f446250773d1fe1b487d809da532fb9ad7238128c3b37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5001952d2885eb4360300971d74caf7b
SHA1 5b90c724b5038808dc5a03227df1891528ad7969
SHA256 32ad0514a5148b920e63f69224d65ffe4403427a6e00f36af5b3e1deff92384f
SHA512 14e68b6b9da67ef3369e095b60e6649126970f7314b6bd1837827a1cf3f6b724a535502467f1e7baada1f163d2c79e7f781e5a77e40396c05fcaef9af7183cd7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 a2b3b205f8a257eddfabab3ff332940c
SHA1 136f7264071282823bc314c2eb8469f5771cc4f2
SHA256 2034719a9c21fbf6a278efecd2328a41b9c443a4ea2bfd2475920749f4a5b45a
SHA512 08f5d7c878b716f44961accd4fb376e585b01df1b56499f95d26af7ef66f219a171522bfddd9bf45af877a4c53cd4d7870c9d18d13f4cbce84eea1696851247d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80b31e9110498d42f9a11679b7a24680
SHA1 1ae87b6b2dad52d6f43233432c50619abac1b565
SHA256 faeab67e47581eed36d6b5fa4f4519ea7d4c5f19bfe5e8be04dad3eba0204e74
SHA512 e1e8af2ab316acf24a0be4f4fdb6d90b0d4d5219deed221bb8ca55dc07c24d2adcb2ce082371514c6494adb396f65c9060668142ca11d721bfa15f69486cb038

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1fb4e135a1e139c91757939048ae652
SHA1 4c3fc9815f49fba46bda6e8d8dab5bb15da3140c
SHA256 5fa1079f14dd0c95e4a403f463f1bffc6194a4ad7a6c4f75aea93d3c77cf8308
SHA512 33c336641769246f4751ddcdf832aca6dd70393e5c6c2f9d8fd923b86660e41e17cbb950afcb777ad26b72ba78ed62d01bf787207633c0a7a511e3bada4b3986

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d4609f3834416ca9fadd58b43b9bcd5
SHA1 bf31e7acca42a72d69477fc175a1a82906b3657f
SHA256 530ce52f4b299bea6863522e975bef14376cdf6bc592b5550e7c66a654a374cf
SHA512 24658f5e49b474732e7a2b13d756bea36fedd693af5ee46ef01d096158a7456a603e40294ea100bf18e65ed9207f4d0e3a4bc8a83e1584079aa12f168c6df11b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17fc0a409f5307c23865314f25bdcd8e
SHA1 334e1a951bda1ec515919d959cc49cff1e9feb5f
SHA256 cf26efad4e4b757cb5fbd92e24cb6d9456b6ffc9c8413dfc80262e50de8ddb29
SHA512 58d70ad22e4cb18dda9f4f3d3d4062cc4c57ee3f1f06f8de35f89517e8142eaecb5629bd69f62902eeba1fad16c67080e8cd8496dbd87e0456007ed4161720d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b0929a955ed8e2408b746a38ae2dba9
SHA1 3d28ccc8428c783c9b5b244047879831dfb7404a
SHA256 217c32c903f6aa6a0f737580021357cc2b36a7a6fafd0331b0aa244e486ce9c2
SHA512 fa178e978cee6f536c2587bb26199436d2d891bd50df29e88054e93d5f0fed68adff97fa2e5d170bcc000e52bc19467c3a009db8c119c36c1278a677d07928de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ffd7cf7d6d770468ab89ca33e6ea41b
SHA1 c0dd3b50a261a4a5c134a18e58d1d6bdf9f5ac19
SHA256 2ac2c98d95eb3c88ff082b4a46e86e9e1e4131812a908855cf64615a60ae2d70
SHA512 08f78d65ef049f4f0b56a3e7a77e5b875d277ee7049bd9ad925d5c13161b629b65bf7a011dc48fe866c70defe82736f0d9e7c5a0530b78c375d6e13f023b75fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43e93dd3065c884f11b4dd69a75f4be9
SHA1 78ffd69ef02a23c7c5c8b0f1b6fd13e41962571e
SHA256 75e9af207a6d601109c07a40ba26ce40ad5ad1706d7d3a6aea82733db6ca026f
SHA512 170c461e9f37953e0f89b1c8b280752637bcc4f71fe1bfd8025782a5ec785893d5646d1f975f85659eec5f16efa40355a00dae3a4a7eb6349484d4eb99e4021f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6350c6f4b79384120adeee11fae1f4cc
SHA1 59ee1de2da9a805352214fd6923674eaa37c3d12
SHA256 05c2fe248f8dcbd5701c8e29ac97372878907c4ef9ce7996f710cdec6cf74d34
SHA512 529cec34d8bcb1b4acd7927cc18ed6170cfc80df0ee1f395e6744cd40d5820bc8870fb3c9e748f894b2aee0dc938cc8da74cf29edbc9a6a919ad2ff176ff2c13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c87987c42811e51eb7f0c8150f96372
SHA1 f14f7ff7a2179403097a01917086297762b50ff0
SHA256 68aa2fd6a478a9d6a7ae8394b821e7deac5fb5c22cd6cf83f4c88eaadc4d765d
SHA512 accaf28209e9b5df82d251c6b8dfde1f7795619d7b87ec1ab754cd2999cca5ab2f2f8aa532402000cf3471eaa62314750f6b43bbe8df7056ea4e0121b0bd8e32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4663c9c82add6c0c002099e70eaa4f84
SHA1 0ca1ae5fcd466ab9373f269926c53e36420d365f
SHA256 f019461607a2439f92af2f8de260a8f9c2af6801285aef3a06bd4c8d9536dd98
SHA512 958d95e2c9a1b53bdb16f0809d10fab974b5e6a53ca84aadd314bdd3fe0c900d63108691b6cc39fe3cf1610a9231374db21045836b7585709c561fd461581cbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7880657e07a386971318e574070a8948
SHA1 2d642b067d99eeffa82e67ea6de35106c0565633
SHA256 cd5aa79082b4108a8c9ade345621905ad0528d34c82d7fd077d325ccc604383b
SHA512 ba5e80e538ee301660d87be764da6f98de1f1498471cd9b42ada8e3a360d7cee22bafa3842277072ef2803a09bf031f451a6d81093608791a5aafbd9800a66f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6dba5c3b52c821062b01b18ed0d9861
SHA1 39de67c37b1bd574e806fff523065c6be11ba601
SHA256 2c8ef5449a4f9edceb9930a060a84ea6af94ebd716dbd95767907f805c941dcd
SHA512 f9c1494b6814011cc32729934b9ab2d38ea0e75ce5ce5c99a37942587ed94524221667b562edaeb5ac17b962287e59c946b8e5f34408be20518b4a2082d218d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab131f1526058c0d0e7f1885ff956e91
SHA1 da005b4ba560a48d0ae5f06e8968d5bb2d11412c
SHA256 1299a9ee20c875e18ab348c382f9c4c9fcd325cd2881aa69082453fc9b8abb09
SHA512 0260f4bff0ae46d15dac841bda41da08ba538402d9bada29258d2031b5e0a7402236bf6c415b1da536d9059822029562c97c3739678d3d8a4651000793c3c2cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 654005fea3b977aaa954d701445c9269
SHA1 673e2295faae3fd18c26a295e73be55834751221
SHA256 7aa81f3ab111638e70e6249a5c99a0627ac3142528932f5ac057673d98571369
SHA512 3c6cbdbc6409d1d1f4acb9959f4a4841a14be51b0ddeca43fbe6004c05fc72f98b45c83f5cfa13e36af286503944b005ec4323311282d97723b236f85f1d6e04

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d83091e49d9914f884606f8fc88fa30b
SHA1 7d697fe177c756770b470943a3ac77c79e626639
SHA256 321dd0cb2001fa6a3e0785f31e391ce3c74cbce89a8c1c8e81ad16e6bf1301b3
SHA512 a367685552630e41483a2ff86b7fcbe30e32ac6ab19ff65d74741937d9d46d4700e32546d9a6de66484ac1b82e7d3ad2e701d1bd39fcbaca8c2b116c18558015

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 390d89bcbd00a8e2cda22da82ad7f457
SHA1 91704bd9a28e355df057e00f6869303188fbe238
SHA256 a046b7a8d874b5cb97dd4369292d927ebd6c6c2b16b420ffb9a1e8d4f4ce88c7
SHA512 199e52b110495d5d55ef61d9975112a6fff7b8c7349fab4ae0f86b61fbe3db82d862054707b6da5657d8388be8e2e9b8d475997d47b599c21022cb42e5096882

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-26 14:34

Reported

2024-08-26 14:36

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c331ce3157b2c1e1048ce8fb72627e63_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4356 wrote to memory of 2372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 2372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4356 wrote to memory of 936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c331ce3157b2c1e1048ce8fb72627e63_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cd7946f8,0x7ff8cd794708,0x7ff8cd794718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,11641550326812302261,5629825177314773387,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,11641550326812302261,5629825177314773387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,11641550326812302261,5629825177314773387,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11641550326812302261,5629825177314773387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11641550326812302261,5629825177314773387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11641550326812302261,5629825177314773387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11641550326812302261,5629825177314773387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11641550326812302261,5629825177314773387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11641550326812302261,5629825177314773387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11641550326812302261,5629825177314773387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11641550326812302261,5629825177314773387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,11641550326812302261,5629825177314773387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,11641550326812302261,5629825177314773387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11641550326812302261,5629825177314773387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11641550326812302261,5629825177314773387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11641550326812302261,5629825177314773387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11641550326812302261,5629825177314773387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,11641550326812302261,5629825177314773387,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ads.egrana.com.br udp
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
US 8.8.8.8:53 agregando.net udp
US 8.8.8.8:53 www.linkwithin.com udp
US 172.67.183.15:80 ads.egrana.com.br tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 15.183.67.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 britolinks.com udp
FR 142.250.179.105:443 www.blogger.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
FR 142.250.178.142:443 apis.google.com udp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.revenda5reais.com udp
US 8.8.8.8:53 i49.tinypic.com udp
US 8.8.8.8:53 www.geralinks.com udp
US 8.8.8.8:53 www.upblogs.com.br udp
US 8.8.8.8:53 gosteibloguei.com.br udp
US 8.8.8.8:53 vidavadia.com udp
US 8.8.8.8:53 www.eutesalvo.com udp
US 8.8.8.8:53 vadiandonanet.com udp
FR 216.58.214.162:445 pagead2.googlesyndication.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 104.21.80.39:80 www.eutesalvo.com tcp
US 104.21.58.245:80 www.geralinks.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 104.21.234.48:80 vadiandonanet.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 104.21.80.39:443 www.eutesalvo.com tcp
US 103.224.212.210:80 www.revenda5reais.com tcp
US 104.21.234.48:443 vadiandonanet.com tcp
US 103.224.212.210:80 www.revenda5reais.com tcp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 39.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 48.234.21.104.in-addr.arpa udp
US 8.8.8.8:53 245.58.21.104.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 bit.ly udp
DE 157.240.27.35:80 www.facebook.com tcp
US 67.199.248.11:80 bit.ly tcp
FR 142.250.179.105:443 resources.blogblog.com udp
US 8.8.8.8:53 accounts.google.com udp
DE 157.240.27.35:443 www.facebook.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 imagensparaseufacebook.com udp
US 208.91.197.132:80 vidavadia.com tcp
US 208.91.197.132:80 vidavadia.com tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 35.27.240.157.in-addr.arpa udp
US 8.8.8.8:53 11.248.199.67.in-addr.arpa udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.179.97:443 3.bp.blogspot.com tcp
FR 142.250.75.226:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 132.197.91.208.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 www.blogblog.com udp
FR 142.250.179.105:445 www.blogblog.com tcp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 vaidiando.blogspot.com udp
FR 142.250.75.225:80 vaidiando.blogspot.com tcp
US 8.8.8.8:53 225.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b9569e123772ae290f9bac07e0d31748
SHA1 5806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA256 20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512 cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

\??\pipe\LOCAL\crashpad_4356_FZEJLVNGUOEHYBOX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eeaa8087eba2f63f31e599f6a7b46ef4
SHA1 f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA256 50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512 eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e41c5d4417bc05b3344a26f0a545e96b
SHA1 4ce6d26125cff6cdaaed8d94a07183ff752c1795
SHA256 0af391d1ed397e15a5b7b914f6cb2ce6bb36f58fd533e559556db784c81eaaa6
SHA512 58d39d74c47c597bd66a89df039034c1919cb80cfbf21505bf413a19c68ece8a1940429aa459e0b9a59f1e21ab3c85d009ee9b843e2f5e81ead86b47f4c0001b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ebbc443a231bdae64410a9dc93c2d631
SHA1 ae582a67bfe9c75d6e35b94caaf8742379349787
SHA256 79f73b4f66c4686bacd03875dc27af3092943fc5cbad4c1c8843a391777a4e82
SHA512 47077c4a6e8784bc451b2c5faafaa9f3108127184b2c170e8a75096af2678ee905f62a2558ee415ca601bc7cccad2470d3d651a74525d436aedc0a75ea494557

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 71308ac7b9accbdbb12414b066c53508
SHA1 3e08c1615fe9353ccad8849cc0036cf2fbea991e
SHA256 53c6a02eb375975294d45973f5c7a67f7ccd6a15c9d7d9f59332dbfc3ca5f938
SHA512 1700665b54b3c12310cbd8908c8b3b0a44511b9cd86d33418b5a64852f7f7a59e4242dc7375c26db3fbb6a132fe5981715021d7eefd4a08bc22de9a7ebaf1cf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b88d30790fc499db290de55a2830b922
SHA1 7eb13733349ee2523e8446c0eacf489f803e0ec7
SHA256 cacc6f6275295dbb0db19f4f8953cc9434292ac0abc6ea7232f0f209eebd7a55
SHA512 070e31e54681ce9ff1afccdd1613c430142f2eb188745806941f4ebf69ae8e8f32d86412f013ab17b328b487404785960533c86964b0cd96a47eb35437f234e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0d6c534366dc7618caa36117df684c7c
SHA1 af12522fb1b000860edb3421382117c29e5c3a86
SHA256 5e2400e6877a95164ebb917d0706a270ad0b6b97d2493c9b3e5a226173af669e
SHA512 b8fdb20e3ac3b360757a04419de7b09bb3c10f23acb5d3020acd66c5bbeb955192d3c221bdc9270d84f2523320f0f1b0c566b15dcd8b242a49243f1d4607aa89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d0cd1a8c6c5175be7c9346f24e145720
SHA1 f0fee2d5bec3316d1e6d1a5af22e378716e134a2
SHA256 ced0da4567cc53850ccad35fe002d7ced2507d5cd4fb217937c0992afef346c2
SHA512 af629d4a85e0c6cc3ea2f73d357083879c742d28bbf12c3cff8c6b551fe7cc0e03ab23065c914d2adb7a9a60431e907ac5241a53ec7700f436cdbb58d406d59c