Malware Analysis Report

2024-12-06 03:25

Sample ID 241022-pa4apatgme
Target 6a69317029cf7cafbf0d1620ac5cade4_JaffaCakes118
SHA256 36ac9e3ecac2f2806dc0b95ffadad6a2c51d820ed66c4b5a517303d2cedafaa3
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

36ac9e3ecac2f2806dc0b95ffadad6a2c51d820ed66c4b5a517303d2cedafaa3

Threat Level: Known bad

The file 6a69317029cf7cafbf0d1620ac5cade4_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-22 12:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-22 12:08

Reported

2024-10-22 12:11

Platform

win7-20241010-en

Max time kernel

141s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6a69317029cf7cafbf0d1620ac5cade4_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000f712b7fd88ed06d0f424d3747b5544cc817e9df7f7bc980b783538d98c33a818000000000e800000000200002000000092518700c6081ccf38aa77376becd30c76be30bcaba9dfe8942a6ff9f501dbf490000000473cb19e386d8b191d4561556ca456710d21699fffbede5c8a6de172a8da5694f016c407ec959cb3a6688929cef330a58ec61f8fb3465d741a292baca17a377ec089dc72bafe5990efda0139d3ddf0371ae1096ae39c92ab3e8ac33df73110c405b6b99237644d6bf650e3a19d720f9ab2828cd290533e07e6e548c34c266c01cb4a9f4bcfe314a961a6cf8292c34eca40000000e724d484a427f6bbf5a5cca870edf109b381697c429ce4b3e24c317f421f91f2f2de04935832a1abc44b4dfc162a40f6146737f4311619293899c26983c5b9f3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435760783" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000de6cb139c6e8040db15e28bc956d5ad72ab26e3ee84714932e93ff2385358df7000000000e800000000200002000000018dd2f1ef04a3d3440fc458922331b1755c81aaa353cdf525bc6b6424440fbd02000000000ff43bc9fba7018d693d64bc2090111754cc82ad0139686310be6788824d5404000000018f110082e6d37bfe6a5dc7787f629fdbee7bbf6655ea8e375a9ef8636236599cf7d8fa4cf0402904deb9304d920b6af4dadaee21ea172c6b693419c0d36e223 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5BEC2661-906E-11EF-A276-7E6174361434} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0abbf367b24db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6a69317029cf7cafbf0d1620ac5cade4_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 segitsuti.hu udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 static.networkedblogs.com udp
US 8.8.8.8:53 nwidget.networkedblogs.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 s46.sitemeter.com udp
US 8.8.8.8:53 stat.mystat.hu udp
US 8.8.8.8:53 blogcounter.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 tcr.tynt.com udp
GB 172.217.169.73:80 img2.blogblog.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 172.217.169.73:80 img2.blogblog.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.179.238:443 apis.google.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.179.238:443 apis.google.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 172.67.8.141:80 widgets.amung.us tcp
US 172.67.8.141:80 widgets.amung.us tcp
GB 172.217.169.73:80 img2.blogblog.com tcp
GB 172.217.169.73:80 img2.blogblog.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
HU 193.39.14.205:80 stat.mystat.hu tcp
US 172.67.131.123:80 blogcounter.com tcp
HU 193.39.14.205:80 stat.mystat.hu tcp
US 172.67.131.123:80 blogcounter.com tcp
US 172.64.153.173:80 tcr.tynt.com tcp
US 172.64.153.173:80 tcr.tynt.com tcp
US 104.21.87.190:80 segitsuti.hu tcp
GB 172.217.169.73:80 img2.blogblog.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
US 104.21.87.190:80 segitsuti.hu tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 172.217.169.73:80 img2.blogblog.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
US 104.21.87.190:443 segitsuti.hu tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 www.segitsuti.hu udp
US 172.67.145.159:443 www.segitsuti.hu tcp
US 172.67.145.159:443 www.segitsuti.hu tcp
US 8.8.8.8:53 img132.imageshack.us udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 38.99.77.17:80 img132.imageshack.us tcp
US 38.99.77.17:80 img132.imageshack.us tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
US 8.8.8.8:53 ic.tynt.com udp
US 8.8.8.8:53 sc.tynt.com udp
US 67.202.105.33:443 ic.tynt.com tcp
US 67.202.105.33:443 ic.tynt.com tcp
US 172.64.153.173:443 sc.tynt.com tcp
US 172.64.153.173:443 sc.tynt.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.200.14:80 www.google-analytics.com tcp
GB 142.250.200.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 de.tynt.com udp
US 67.202.105.32:443 de.tynt.com tcp
US 67.202.105.32:443 de.tynt.com tcp
US 172.64.153.173:443 sc.tynt.com tcp
US 67.202.105.32:443 de.tynt.com tcp
US 67.202.105.32:443 de.tynt.com tcp
US 67.202.105.32:443 de.tynt.com tcp
US 67.202.105.32:443 de.tynt.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 394eef45545b0a1508eebe7dc5a5916d
SHA1 8cd6bbb2b109020037f0bad4efeffc2b2a240fe0
SHA256 1fbef3df268f562bdffa35c6341f346ddbc9163d989bf0207e1f1fb0e57f3397
SHA512 da0670c9e75312754eb2b184ca441f3b454d2482b502db633f14e63925bbd37430741a881da359c77703bfbfe2e898c1f8668b8e8ee63000d5e9d885ad2439fb

C:\Users\Admin\AppData\Local\Temp\CabAD90.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarADA4.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa71e668ba13a90ab44688fb9ee7f71c
SHA1 f965bee3dea8b71bf9c03cea14ed34c84d9798cd
SHA256 7c86c239dce064c7b4776e1b21c89c9ac680b29ee3c0852bca02dd094195788e
SHA512 f0dadeda56e73cce90ac9d0f54e69b85429e62da6d47c873e4237fe78ef7297f96c1ddc8ef1051378dac58be7dba5004761cc49b06db8b450d44ce715295956e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe00891caf21df377c5eb77f65a3363c
SHA1 5829d1bb4444857fdad96c5ca8bce8d2710873f0
SHA256 b3b5134cc34c12f832ebae7ff1697f149d06fda7e847c365b364435b4ae7ea49
SHA512 386c40ada6dc128115472f5e12e310e437d8720d8c131e4f32dd1b05a1d7d787676939c123432debabacdadefe30b0b57d32c9554894eb0e69eed525031639a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb7d908d52c97103c9b62353791430fc
SHA1 5a2e2d0f63c6384e4a0fdde8842f4b55ef594f7f
SHA256 d6c4140ff4ab12b02ccf3621dccc46a7b4865c300b4eac4912e85262c636795f
SHA512 75a94781a892bc008320674f961537cd1d95dab74b5ad3fd6fa922d5655bb787009e81523b9b6f9de79d7d771170b26e37e6418af4a5c1ec373d8b02dde4071c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad458e077f5cac6c6abc54e4c2b7196d
SHA1 5a1cadfb2c5b876fd26e6180e9dedc5569f178da
SHA256 658c588ecff732aa03768b354d545e86cabf1e68dc5c8d7bf1d8d07faf40ccd6
SHA512 c1dc420d82d54b70c0df891d18125dbb9dd19943de09e10d5c3ca7fdd8b157c706375a9757fcb2475c2d23f672992032aad73f67c8c15fef4d0633839aadfa1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2034c3c1bfe40a8571a70c08bdf2a7c
SHA1 f2db314013112442fa3c9932772c469bb82db5b5
SHA256 3c8429c75ca7453f0e4c38e4d946771264365209694ddb30a811b05541c38317
SHA512 3ef15fac37ab21d079adb6f2bd711833f7bdcd15b46defd715764f4626da5b1c37d50c4fc497ea1c3a97c4312be2493fe12e195a218e8f799c65d76194cafcac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8bb147bfd6334a3de67df006e3076bd
SHA1 26724d1aefc6eb310d3e5b5e39daa5597e223e13
SHA256 8e2401e04ebda72d1d42c8cb767f0d9826d2b37ca93ada9f0c518278aed80731
SHA512 cea472b07e39e8308efd0a43e83b9bbbfad577230ee1704215e8f1273dea9a968f5504866e9801a25afc258a9eb1b9dce97072b519e54f8b72598ef90c5c6102

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 548df7ab54c36991ec6fc93fea7e7e4f
SHA1 0fd117cbdd26cc7c5427f125a71f6ad791b07c65
SHA256 291cbf2374becb8bbbc59ab8074806bf615db1dd993fcee0c4840e19d6dc9bfa
SHA512 1348c5506e1ab74e52e86ad7a2f27dc45fa07139c8fe00f3309e834c17f3b4ef5a3616142a3d8fb06178ff428404545f4936bd6d6fc4c00fbd1d337784c2ffb1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03400599156327be84a204dadc6db998
SHA1 09170ccfd8cf072f6be3162da2beb8c5cb709f99
SHA256 882a0e308fa3391e1b666d1a0f1c3019103bc24080738f11faf9066f2e57b5ad
SHA512 01af0efd4de15ca66c153344ec5ec06f8414c249fcf38ce8df149a11a89e6147fc126a2cbb461df81b73934396868abef6c2e21599a68add450ab860c2bbee61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83963c0f39d50146cb7aaca615f00163
SHA1 c662d08a99d402fd39637102bb2b7668aa4f2e96
SHA256 bcc68a08e970ecd3bdfcc698da2ea1649299131a186e629f48ebb89309ef5c18
SHA512 884e40d4cd262da9d8256c94c8b20e40769cac112078f8fb0cc2758cb6e2c339c056d1cba8166a279941de82ff339ee89ec3e5e6126b095eea145204d6a7e9a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cfb1b305676ca5c12141d4171bb9dc4
SHA1 82d3c74583be1c2147b4451092b3aa7e59645298
SHA256 c1c9a7a8b69ba1e4621893947270dd88b82c97b2c07c6452510177c8fefae5a3
SHA512 af2814b9752ca7ada6f82b12119f1a8c1a12ead6d2f51d48535201b272f8190bd18c16d821264f96e81511757813d21fe8605b7d93a5352f80fd1541213dd9af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 934c8b7e3858f5c8785ad318d8904593
SHA1 36d1ca607213a32f136f1111c09f836dc9b2b966
SHA256 bc68963eb357952bc9c4ed6aec9288835026b5163414af94f5f490512acb056e
SHA512 d4380f591d709ebd14afdebc8957f09a2a4c1d69afe47eadf2ac6d23661e61b44f3c036f84d10b0c3d4df5a1ce2ae1799f7e9cda0dc12afb950489efccbcbb28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30c510bdb8a3a375c885864d1e1d9b48
SHA1 24d859eb1f4af751771fa16e3f715da83d6ff415
SHA256 30ea0dfb99ab7303ea249bbbc31eca63b64567eb22b398b59db17e8809e89e0c
SHA512 44f1ee46e1dc7eff12a78a879c6893872f19ac96450f053a316fea018b94f71496806f4d67cf78d9f3749e1fae82bc4121427db5d1631437a5a38d494f3a01d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a51bfe853687b8d53c171785a905735c
SHA1 a0be3fccf6a717e5e16f1cd2c04ff32bf12c833a
SHA256 67c3ecd001ff5090ec8961fb75ecf567d496eac9ec7bb99ced747a14c8d94be6
SHA512 867f27a23df28daf1cad1cac2c1f0329e947a70c1c87d85981fbff0e94d9a202c4073d5b0169c12b4112fa5e97b3702605b650faca5409dc674930a099eb45b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91ae1bf038d3548ae6ce3235777713e9
SHA1 cf13c4449120231184a6c75a412522c694378494
SHA256 a0842947c2991bd7b05cc182ebd026900b4be93f8871cc0547b1e580ee75e355
SHA512 b3a284fc0ba33f00758c1a70ca12dd352a6f2a8eb6bc315146c325270e133e195f861da6c01b3c8fa67da7416e6fee6f57647eb2ca1f0e3241552b92697261d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 349c77cead3faf4914f778d79bd1ba09
SHA1 a2e2bae935313ec88a87a712506f19a17bf14129
SHA256 620ea24ab3f0d0443c0adf3b287bd3d5c788c7d122792ceb06510ee1ae1c3805
SHA512 547729d27a3ba301474cda88be94204670409da46c5c502b4a1b42518947a9d72bc9b281f310bda9dab357899e70e7731a6cdfa5531b22a73ea990c799be2f22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b768744aaafc9ac3fa16691c074ba47
SHA1 35b61755510d4ccd5b8637071fcf423cf0c8cd33
SHA256 5da37811c779fce6a578b18646e22b4beb10c9a24ed873d6b779e5e147e8adaa
SHA512 efa4be401a68fd8e5bd1e95265cdd5ebb8234518cd02bab6479046cfefd296e94992bece68a30e0ddd717056d6c0ed4cb30dd0d015a2952303434523d3738581

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11d22f1f26f1e0e26e364f40afec7854
SHA1 8e2ab6d5c4422e372a0c7fc91a6b6b16cccdd5d4
SHA256 31237708c1a8adce9ad30ea2572cbd238db5236e40d405719a8f10d3b6d4e38f
SHA512 ae9f5939f266d80bdd2f7824abdd69a5bb3f8fbc5f1d87cb22074d5f7851d7b47227e9edca1b9a5f33275cb9798eaa5d7f1eead845e96183f4a7a4e7e3c7619c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c69a6b9cdfd88038b491db43738fd35
SHA1 5e9bbe0f72be44dcfe49fbb39a0f578d6ef7a1ae
SHA256 82be83909e9da209ccec22515041df34278fccb44dff725e7c58606720020fab
SHA512 502d441c02d493a821793f75bda33be123105d8b9d38bd8c22b718aac398b887fe6b05a7aca73d261c5ab9f0fbc9da933d1594e5e6f6dbd3062ef90510d0c293

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 087768e290a2522ac4b76122488c76f7
SHA1 0b8a73d43aed9513237e80bff5929012efed283d
SHA256 2b02ab294ee5f483a75bb6955cf3d0b3b88785c10daa7062c1ef1962a494b5eb
SHA512 122982fbd03312399123eb2127d3eb789dad40794d41e5ad92ea9009861c0f9772c334497b4968cfd1f2483421d85db948c8da9563514400faeeb3d56eea9205

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c36de15db153b5ecce6cb1e0a611b1d4
SHA1 5784f160940360e8f45a7defcd7cabb055fe0b56
SHA256 81a2f0ee4bbc5ae0d7aed0de3c67914ed58df67b46c21042720c08b20593c69f
SHA512 7da2e9346e06caa5155f32e8add754525f4b13bdcab4be29969bb1b9cc0692cf6cfb7e980319662a8412b1204f4e147cf8e52c456beb09a18ca805daf1ef28d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71cf2bc8c1cfeb4c03625d44740deb10
SHA1 fde2dd60b5b406bbf36ab9921a184e5fccb01057
SHA256 4f6851b11e82ab5f6dfd7f2bcc9817c2ea0e1b61ffdbf668195cce0e4c6edcaf
SHA512 8eeda40fe7105e9b191e232bef3248d565b986a6d1948bba9d945583a37a0bfcf49520bfe9e9895c66e2709a4e90b2814c221fb3338ac26fc5f05939a40b7f05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3517d7f0ee2f21e46d59aecdc66b035
SHA1 e6fe702eb1e673ac974f7f08479862f1808c8fc7
SHA256 dcfee9b32a04ef8a1a0605282e882c97a32fc2a1f3bd46b74fec00770cb30a97
SHA512 3580c154144d322052daf6aa717620d7e77168b604c0c87e68a329bb739683d776ae48703087f5f13141273a5b50b8e5f307fafbf959601fb5ba6ddddc856de5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\v2[1].js

MD5 350fd6ef6446635f7a8f608434a405ec
SHA1 a4b6c275ac2c80ec925b5c0c5c6abb79ba897356
SHA256 d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
SHA512 c80ee0076d4ed85badaca8443b52e2c2820bcaf7dcb87a92888de21fa312441d7723db2de5538396ae706099b859fccec8a7c246d24b39fc6538c4bcd7d2ce29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d506890e337826d551c2de99d8da1431
SHA1 f58c85b4d32bd291707d1d95060477730c77d1db
SHA256 86d5df661700085e993576fef5b7cabdb5c7f5a72d458c2a4168bf7bf829c142
SHA512 1ae8b3de8633fb70db4bf0446bf1e1282a97358e3086c0f0df7689b14e1695ec2192b8da68e069f67b217c31baedbcbaaf304d1bed45d8ce4058385bb12af5a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 696d568bcb532e8fcab21e3b403d06db
SHA1 3c543de62733f78e6a3287f3194f3e2d504b5d80
SHA256 89436274c762feacc14cbdc0a8e8f803066374a6e2a126413ece381708ffb58b
SHA512 ba8d6ab01248566448ae8124a1b9ade9425a111a22825777b13e50a6bc97308b0e8df8ce0af4bd5484da93fb7d8938d8674b938839c1a507d5b1972fdf3c80b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44a063d741b864a10904683a9f77699f
SHA1 d1c841520d9fe4f56c06574bca7bd7c27737c24f
SHA256 38e5349ac75470e5745649b4802791f0dd9065895005017ed0fbd68a41eccc45
SHA512 06eca7c9909060dd34295ab5c1299fa5b661c4e06f4c81290263b341eaa18aa48fa6b3ca3ac1a4c570d0b53b963a37eabcb7124f4945f27cebfb6d7e080cfd99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee470af94e386f2fa516f6b2cda014cd
SHA1 71a7a16961aeedb184d19016679f4ebb536ea0ca
SHA256 1de16a905aa9a6369ee469aa7e8f1da436c240565449372453f051bb0b72a4e4
SHA512 5ebd34b6394941992308254acdee374ab10a0fa06fc194bfe4cb73e04fa639d04a44410aefdc70957514ad1fff512beeaf11a517b6009a1c84d808c1d3b769f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7502f2bc07725ee0fe360f08c0e9225f
SHA1 356df0cccbf044a8a4bc652bf89e01363b2a9987
SHA256 b84b8c7c9f8db38285e5c7a13f51434a84fb41f4d6ffac8decb3d32752170946
SHA512 859d4adc5a91d86d5c9706593bd4325e83bc5f8a6885554f77c23802a165cd9ee84d4748d6cdfd7d38a59df8711a5d3a1ef168e5c3d23cbfcc69d99ea06d14fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fa98547fc87d1bf1611b60153f84d3a
SHA1 bd7a4ac41ca81b6e9a707f9b8afb270cfd9b702c
SHA256 09e020822379df71a553b393a9789951dc4e55c42571c06a9690478c5a06aae6
SHA512 c2a13e0d74c46c02072a5cb55356f7379897e6c1f0ec8a550dfe747f67927262953531455b32e909a339402ccbdd31c0d0156534af5e5605ac46b8f573502956

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2252265822118995ff6f6b0dc3f8361f
SHA1 bd030f630c4dd00b7b660b924c19dc6088b9f725
SHA256 54ddeb44127d48e74129163183e8c056d99ff55f637c4304ccee97c9633c10ad
SHA512 4e42df81033d57c38768a9c8ace47340a6945f3f7b44115992ba54057a1cbd12977545aec675e551da24a33ec22e226ce14e5e63f9ad1fc12544c844fa24a9fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7767f19f21510047c81dfa65caba903a
SHA1 9da8a6459c4e1b512e3ad235a51afa48f32b3751
SHA256 54aa9aca261a358abab6c7721c1ff3d405c63d7e88d6debca7135390b20e5432
SHA512 5f8313db09c38ef4979ba31d87dd3df87d45be789979d77e5a913b48ea842d2acab8f121005fb86719a3751bb28d2ecf1c6c8999ea248e3854bea4b096310c44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fff51265578285f8c471d29767cfa4b3
SHA1 ef57050d6b18f9e81bf24a443cfbfb4388880dcf
SHA256 eb0875074abd6ecb54a78c8a75301870f4c1d1352aa5e5e45a0f64b71de7037a
SHA512 f77183e2ab10907b8031057a4b3e30895ac40049286ff5efd1f4c97fb703b6178b423a2bf176d58e46bc682f6ddba60f10923284c727c3fd4537ae1b96a5ab9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e03e0d2efe27f69c58d5db1c87607ab6
SHA1 fd9cf97c8cb7667fbd2d757aba2b2d8b9644bea8
SHA256 15ea3f6386bf6c75589787d589043465ad73dbea6605aa91b9b6b03f72f93ee4
SHA512 0a157ed34ffab6136d293b086b6c082f15b8de60d8310a0295051a6c99d34770fb8663c70c808c7dc9e496c0b07febe2c171495b2aeeb5dd2fc0fdac36fc6868

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-22 12:08

Reported

2024-10-22 12:11

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

146s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6a69317029cf7cafbf0d1620ac5cade4_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4832 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6a69317029cf7cafbf0d1620ac5cade4_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc02b446f8,0x7ffc02b44708,0x7ffc02b44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,5843857376721763444,10007644370051430902,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,5843857376721763444,10007644370051430902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,5843857376721763444,10007644370051430902,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5843857376721763444,10007644370051430902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5843857376721763444,10007644370051430902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5843857376721763444,10007644370051430902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5843857376721763444,10007644370051430902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,5843857376721763444,10007644370051430902,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5808 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 img1.blogblog.com udp
GB 142.250.179.238:443 apis.google.com tcp
GB 172.217.169.73:445 img1.blogblog.com tcp
GB 172.217.169.73:80 img1.blogblog.com tcp
US 8.8.8.8:53 widgets.amung.us udp
US 104.22.75.171:80 widgets.amung.us tcp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 nwidget.networkedblogs.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 s46.sitemeter.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 stat.mystat.hu udp
HU 193.39.14.205:80 stat.mystat.hu tcp
US 8.8.8.8:53 blogcounter.com udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 73.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 171.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 205.14.39.193.in-addr.arpa udp
US 172.67.131.123:80 blogcounter.com tcp
US 8.8.8.8:53 tcr.tynt.com udp
US 104.18.34.83:80 tcr.tynt.com tcp
US 8.8.8.8:53 segitsuti.hu udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 104.21.87.190:80 segitsuti.hu tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
US 104.21.87.190:443 segitsuti.hu tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.29.10:443 g.bing.com tcp
US 8.8.8.8:53 123.131.67.172.in-addr.arpa udp
US 8.8.8.8:53 83.34.18.104.in-addr.arpa udp
US 8.8.8.8:53 190.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.networkedblogs.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 www.segitsuti.hu udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.178.1:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 10.29.171.150.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.178.1:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
GB 172.217.169.73:80 www.blogger.com tcp
US 8.8.8.8:53 img2.blogblog.com udp
GB 172.217.169.73:80 img2.blogblog.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:445 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
GB 142.250.179.238:443 apis.google.com udp
GB 172.217.16.226:445 pagead2.googlesyndication.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 img132.imageshack.us udp
US 38.99.77.17:80 img132.imageshack.us tcp
US 8.8.8.8:53 t.dtscout.com udp
US 141.101.120.11:443 t.dtscout.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
US 172.67.131.123:80 blogcounter.com tcp
US 8.8.8.8:53 11.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 17.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
GB 216.58.201.98:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
US 8.8.8.8:53 sc.tynt.com udp
US 8.8.8.8:53 ic.tynt.com udp
GB 142.250.200.14:80 www.google-analytics.com tcp
US 172.64.153.173:443 sc.tynt.com tcp
US 67.202.105.31:443 ic.tynt.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 de.tynt.com udp
US 67.202.105.32:443 de.tynt.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 173.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 31.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 71.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 32.105.202.67.in-addr.arpa udp
US 67.202.105.32:443 de.tynt.com tcp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.74.171:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 67.202.105.32:443 de.tynt.com tcp
GB 172.217.169.73:445 img2.blogblog.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 stat.mystat.hu udp
HU 193.39.14.205:445 stat.mystat.hu tcp
US 104.22.74.171:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a0486d6f8406d852dd805b66ff467692
SHA1 77ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256 c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

\??\pipe\LOCAL\crashpad_4832_TCCBATDFZQZPWZUB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dc058ebc0f8181946a312f0be99ed79c
SHA1 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA512 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 25f065f2a9f3439a1ec6d20b16c562ef
SHA1 2244bbf68b6ebf5bb53797d88ae89cc58a1ceb9a
SHA256 1ee8940d243b8c3ede34c1fb0a4ea8b659276d4320d76258e65a1d2c3cef5c62
SHA512 3d4d6630bd80111170648b6a06b2bf4e286bc9cd51abfa2d92a470ed4f933112dec19b5c70e3da6fa101f4e73bd040eeae340839a6bc0833cb3591e6441883a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cec4f40a3ae3c221e738edbd982c14aa
SHA1 56b05e7677df3e959290fd8cddae7bf8f2de16ab
SHA256 6110eeed67e01eb19a413798c80784606e2076aa462bb48149c1446f104bb578
SHA512 9051f2e883921830be583ed30953cd3749d97acf1512fcb6dab8f9db8217198bfb65320f67ac2a60eba1392728df3f88ab035f35464306f225c0aa2cf0445d81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a3436b5b22b1a2ca0c3906f3ad3e69f9
SHA1 1a06159fb38d56a0e1afeea79f55f1a74a701140
SHA256 85083ee83f9ec761b8cf731b181bc00aad6f63c2f74e576116f67d6c068633a8
SHA512 33279e302a58af49b3bd0037535e9a7bd79887d2ce92bf58e27b743a5b4c12ce0dbb70ddac12e40a12e788e416286b435abce39bd9bb395dbf7cfd15c751962b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2fbff1f0-7278-4c4e-94a1-a1d5cd5bba90.tmp

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2bfc419f916a325a7557ddb5f0bf9b75
SHA1 2661337cf503be06d47a081d89756e9152a98be6
SHA256 b99de443ddcaa3c2f95495a0b2333a81edcb4b75a1c8a84aaa20a7ccede6931e
SHA512 ac5a1710db4f4e0fb0e09387eab366d9a55804a366627c90b66f4265f24a7b753a306e1720bbb96d15ebbb7f8dd063e069f17c64da3a06d51acc10939e751b35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e9be4012af2a95753fe8fdec6f0e7a64
SHA1 2ce1a918c9db1e6c6dedaebc4ba8ee583d1f5b3d
SHA256 67d2864d3b64ecddf00c219afaa93b09095d0ece0d27c6a0feb0f90e880f4087
SHA512 32149d618fd9fd9304be288de349d359affe0e034d9dbbd3de7a9710c83878e7e2fa3f0d6b772402cfbb8a83001359e66fe0f448a1c8cdfe3c9518589f2fadc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7e206dafd6e336fa7d8e2cd579e462cf
SHA1 b2d78972cf6506c9923fab1033987e043a3f67f3
SHA256 a32555cbd3039ef0fe0931ed164e657fbd8efd553aa7c796c92efcc478889008
SHA512 43a2e4faf1fc62385c16b413d491395327701026eba0ca1e6f86d64870e4bfe2b4a24ba1e35b8ee3af0eac1414a6c956be0855e98f1a5d71d63a2f5aa44a0439