Malware Analysis Report

2024-12-06 03:25

Sample ID 241023-mzzyfsxhkn
Target 6e853e37292cc240b0e2d56d40789eb9_JaffaCakes118
SHA256 a5b6186415fc19274d86eb03f809f3621ac66d67a2993c728105310cd0245424
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a5b6186415fc19274d86eb03f809f3621ac66d67a2993c728105310cd0245424

Threat Level: Known bad

The file 6e853e37292cc240b0e2d56d40789eb9_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-23 10:54

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-23 10:54

Reported

2024-10-23 10:57

Platform

win7-20240903-en

Max time kernel

144s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6e853e37292cc240b0e2d56d40789eb9_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0cfa8143a25db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435842762" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3C4A2A41-912D-11EF-AD2E-6E295C7D81A3} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000ebb2ccd815b0a28456a86cca5350f04f65d0813d4cbc556c22428bf56fd17527000000000e800000000200002000000082957c29cd47a49467e2f1c031e6ef654ec44ec6ce426a14717216ad7f1fd1772000000009abb5a52d4c445385c90a2c68a5913f5b543adc12ba316fc4d3ba604009d5e840000000a334a8516c93ef4bfe5f478a491162b2cad5b154d986774feb01b4878b4454fc57f71c0e3a47e44447efed94ed684bae239be22134ce36aeb43e39b74eeaf487 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000411f0c296196509a10dec1214517a4f60f69b9986701480c4cc924fe35ca5393000000000e80000000020000200000008e2460270fc5b91456f53f214fecb170e3f745deb1cc1c8e5bea09bf4078ffe2900000004cd8df60837fc1e10309f748af2defecd09673a12dbe507d46c6173a50e72129da5165569c0f5a30dc7d2584739d898441263a7a8beded2090388615b182b07a0edb9ddd4c349a81368956a6fb93415c2b8ce2b23b2d7f15075b6b1e7d3cfda735374c3f4c32a1a75fa15d61702281bd3e4fadf8a14fce6149bac6a90b1584821fd4e5741f9c8332d93c452d100870bb40000000b6f01ee1a5e6d18832d1fd2d7e4c97b65ebf0b885067fa419ac872f4e9319e750af6c38762e30df6e8278c3e91c3e83fd6a2f752518125ba80c2666de02ff620 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6e853e37292cc240b0e2d56d40789eb9_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
GB 172.217.169.73:443 www.blogger.com tcp
GB 172.217.169.73:443 www.blogger.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.180.10:80 ajax.googleapis.com tcp
GB 142.250.180.10:80 ajax.googleapis.com tcp
GB 142.250.179.238:443 apis.google.com tcp
GB 142.250.179.238:443 apis.google.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 bdv.bidvertiser.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 172.217.169.73:443 resources.blogblog.com tcp
GB 172.217.169.73:443 resources.blogblog.com tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 ws-na.amazon-adsystem.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 yourjavascript.com udp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
US 76.223.54.146:80 yourjavascript.com tcp
US 76.223.54.146:80 yourjavascript.com tcp
US 8.8.8.8:53 ws-na.amazon-adsystem.com udp
US 8.8.8.8:53 rcm-na.amazon-adsystem.com udp
US 8.8.8.8:53 rcm-na.amazon-adsystem.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.73:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\plusone[1].js

MD5 1106da066ce809fb5afe9c6c1b4185b2
SHA1 3b64d3a7f52b4c07047fa8727db4207137733bf8
SHA256 d0f3af1e716ce7846e7c252ace160c12480d41eecd5a7e7917ee5b2ccde62b51
SHA512 3f0205b89d5293f14d863e344680a9d8518e5d4ee3b981dc5981106534bd597ed6b388eecab1385320f77c8d5a46a4ce5b64f03f4377b8ea13ecf9b569878fd9

C:\Users\Admin\AppData\Local\Temp\CabDD75.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarDE15.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cdc68b817fba79f82e5dcfbc0a1490e
SHA1 b089fe1e3cdffe64bde9f912383f8e51249caebb
SHA256 9c4ef9f66da8ae5eb26b4ff38858d817a608deedf1467d8177ec3f402c69b1d6
SHA512 da28050837f423f84ed1474a62d584aa37d54d786792702dae2d5e1501246b44dea4be371fda3086dcc13f495bf91994f83f9f6739c3b85cd303034911c3c7b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1ea0682b2cd49c1748532d9e4f469cb
SHA1 22a0945ed0f0df40775761c2e6e186fd6e4272af
SHA256 e705133b9daee60eea8f8c371cf2501a47c2271d68ce5e6df6635fc12327b860
SHA512 268a4bf6b97e95edb963e0c7d1ce7a9f44380b019ff6e6713b63e13740aae3ef640c3a4297596b1351ecf87a8b7c059daa7d9fd8949514b7659978339a0a309d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b7c66d0071b2c36e02ec02b3196327a
SHA1 2531143783578426eb81dbcffef8c5f5e5fdbd29
SHA256 0aa3ccc5b32158ee808cb2a96cb71be6b3768716ada85c12249866383e4c3d22
SHA512 c5a18b03e9d57a335970e194f77eaf3d1dd2c93f05a5aacfdfbf9d75c9142561d16aa95aac68cf4152302ec6b43bbcad98102129ba08469175f7b30ea0e99069

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a377c8afbf98050c8ecc1aaa88a22f3a
SHA1 12419cce8ccdec24b64ba07ad2bc1b7c4e97d733
SHA256 b48d80d8437987b6f7911e884373a243ff9d4606a7fb80865d995edfd4d2800f
SHA512 4521b39aa9e424f8bc499cd278041f7111ca18ca6b0a8b0d49ee9201d643bc5a3d1fbfc9ec5770c4afc687e0c4b2f3278efd9e775621300ff2a3f6a0335fdc5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c4bb32517dc7df4dc69b213a5519985
SHA1 ea1940e3fc48978f7b5faf369194685826e0e000
SHA256 63af0e9a5f621a2aac879a5a81776ba56df8e1c97cbbadca59151a6bf16d5714
SHA512 ad7bbb5113edafe4fdb7fb08fd7de7693e391438b3771fa502e31f8e133d9d85eece5e6e7e55fbac55f15acd752765c29cfb0444f3f30c94541326b81986c553

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31ab03b199964daff7afc9aabd06aab6
SHA1 a46f6a4cdff5594e0af3982196401f2aa72348c6
SHA256 fef3d34cf089dd8c408d8585f0330db2b354e1d17e01b215cb6943a464cd1562
SHA512 8ae88e6dc0d51de6ae4619a5cf8205467c94b54aaa106d7e8f971496a6b87608e9f9ce97fe6f68b5a2050c5978fb2c3edac6071e0e0af138e99899ef0f03c46a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a2c41406d7e950de6f0eee1ff7af4e7
SHA1 cc0c0e18d524776b523a6575ed7349c4354ebd5e
SHA256 4efe845acb10e1ac4abffabfb82f14d6f7d5139d21f3c6bc253b0d76b3d0db8a
SHA512 707e39bb4577231ac760b9320737979dc61d3f1ee8ed52a242ab05351200809a68bf7b71064177eee7fb1a6eca051c0aa938e503757552d39510d4d65ce76dcc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99af075223cb2aedad078393cbb5e5ee
SHA1 b05fed7385980dbcc22714bca293ea1acfeabce3
SHA256 d09c7f184489ba8416b997237f3cae71f78d759a78305a35d150d4225d4b30ad
SHA512 ad4aed8f65772ee0c191145f53802fd67e7a65b14ef016f8ebbb6c70cd81830cbfc79b255eea77cbb0f47f922aad5c728f8c8da2b61fb766a8d7f4af493318cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ed628780bb2fb5b80caaadf98acf9af
SHA1 84d61041ef7ac1a8184ff5e3bf52c0cff4780848
SHA256 b570faafe787ec1f1cf2202b46c6f390c89f63473de0f4f611bd50ff74df9c5b
SHA512 952f12cfff7e8df0b4fad25bc784b860a8ad2929952130444e222f807e07f17de5f38a39bd180f61325d7b41f125cae575e7f81bebc32c73f4a762860f9d2cd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0a1da9d7c08480c257f2206b9774f05
SHA1 d236bf52befdfdded963eb51d7c9990bf754a490
SHA256 3ee319439bbefafa8ce51c4a1d31c2e74a6a4b28e3255f169534bbad05695c61
SHA512 2837025c62e00b5aae753ccca8b69327e4a2a82b77c450c6d5d266bfdba809d3d8dfefc178ecf85e960d287c79c9f2fe6046b40e08ff6bbd1fde7f0dee92c317

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37180b6c98eb78e6e41828553ad08c38
SHA1 524cfa358c707f07b743e1c0c285cfdc36e8b39f
SHA256 2408d56f1fad9cf1584e58f380ca6c5064188cc4276224351d6b2a5d27b02964
SHA512 5fa3acef02352f59fa61a73e9b7af27d0ec233df8d5fba0469a453e61e620972af5218e9fce01e4b322d7202a54fe9a3449fc4f9622e3b1c1f74059724423928

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6fb50cab64cc19bec52a93a0bda6002
SHA1 5d3ce3a036f1ef86d7d222119a47c8606fbe77b0
SHA256 ea47a4b258d0137e51fbed91d0cbfa42c18229d46661f1860b384da7ba7eb9bc
SHA512 8049d10c0c2f391c9de78bcb29a32fc70ae1547d3cc6771378e80d6ce7aab0e68471bdf61a553b604e7abb365dc9b7b63bedca41a43743aaa862218f9276f000

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07486a02f2bf4718398bdd1198d9a697
SHA1 ec2eeb98c7f3c5c57afc1bbdc8602fd747ba8332
SHA256 2a7f9fbfb456e9a20579f8af95b496ceb87632d13e5485cbe178b8ebd6b187e2
SHA512 84a0e8841e30eb2fd49d354b2b9905a0e2e6a5dfd8af38b9f3052d93984ac2fb9e709816944472e59029c7c8929da74795a378f9aebf1d66839db7241a59e131

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0170470a0d8f38f83db8a6e0f2cb6ea
SHA1 3bd85fb44e49393823d8e40cfb7f6b5236e6f266
SHA256 13a902f89d837e0c732e5c83c84bab1dd7ae3e6a3de279f6d7133647528a1076
SHA512 6bd13dee2a1f98382a90f5499744bec16a0172eed5d021b79d13711adb1b8d02fb002745e06d79d03fa4f80969186f7e9851b9e2468b6fe3c247c6c298920d05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 521f6bde4a18b670121be0aee0a47ee8
SHA1 aa47c67b124cbe85fe1273720db83ef67aef6f06
SHA256 c8f1c48124011bc7c04066db33259ea8bbea2925dce37f145736e200551e32fb
SHA512 9091f56d7eaef750f4fd5d6c0de5ab144a29f354b4fd973a8203375327811719bdf3882ccb01a16f376262bc9571f45767840e5f28d2df483db6711cef799ac5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2df267371360074076f2e299e61a697e
SHA1 a343bef08a5343767ac13557754bdf5fe95298b3
SHA256 c893c6496cf1057fdddbfd5948fef3e6682a101d8005fa835767c7c9128ee350
SHA512 c153c4f15eaf2d49ef571c402969cc65deed4caae3e106d8cf19adb4015e4641a538fd2018ddfb0cc9acd9978df728721aba202b47b629681e628f1d64c01c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea998490d4f75621b8b912961345eb1a
SHA1 bd491f19138133d067cbc0de376b642a88c91dec
SHA256 7cf9f1317b7d813ece320fb43397cf7b9cdb62403bfc0567ba6014cb65f0ac48
SHA512 27e857158d2bc47beb9ca2d78671bf327763d8142883a00e99d6165318b9ac756de88a3f8b4de6bbf62f59d0e35b6780b2f65e80c8cc74d7cba7adf39b1a7fb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24c1e0248480d16d892a46563c254def
SHA1 79a3cd29e4170677389182f5e2f83586b2f356dd
SHA256 71b2fdf26009bc7c5c045134dc330df19f7cd1e0b111204fab28bae9610696b0
SHA512 51afac21b6c51a09a2d68c912746c944cd1b51f88db216dfb9dc7278cb092303a65dd63f56671cbfe6655b4f975dd4fb5bb08bae9ef53cca720a6287bb5f780e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 156bd53a6a47ff7342017a39984bc1af
SHA1 57b8d66843d0542a643879b05ddd27c125edbb65
SHA256 716a7c64804b6e21848a93ce4c625d0fd1877ff5ed7b657e75117b684b82433c
SHA512 b1bf1ec8afc834c4e02553a2e1e0a7610d6ca38833a11189c36a949d5ab5bb649dd0723b0fcd475c80c53e3b82a1c38273a68a900ce0704499fb4bf1c27ed80f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 4a5c46c8ae36f04b2cfae3e74717afb2
SHA1 cdb663a66fedbf9c67909417d2723930358dbe55
SHA256 5f10fff0991d115905b0e21ad1b73e1080d6d10f02540346d044da5c1f24250b
SHA512 83c1bcc7fde8d140aeb1517d663a46e3ad8be0f5d6260f4f6bb0a314b0457b83fc7bf703f52837479b7c09785fb5bc37079125b31fad8f74ecc072fa00512161

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a81d09b9cdad1af4d4a2a15e8fb4e03
SHA1 e9e7c20b0f063d2bcb75724ad7a36494fcf41c23
SHA256 11f3743f510cf869caeb74b7c5e0d4c6441e8d803fd9bb7134d821f10988e290
SHA512 e5dddb821e5e220e76bb6b8bf4225872ac04f60f98d78f6c01ecbd6118453f7cc4c622cf7ff50462004db6c2d9df4d8baa0bfff092dc3bddc09d9818ee36df84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65e1dffb7a6b39932cffb36224abf062
SHA1 bfdc9d64d59f866f6e48f8f7c329eca52d8ef2ac
SHA256 48d60aed39fa0b4ff3d6d3b72ef79c5e51cf345025c34df7167ea55b1901539b
SHA512 9f9173d4ee6532df191907eeea069b3ad06b4c211484b07ca593475ea848dd6f6949ed39b1f373ff8519d818cd01f5bd25e28478ce5424dde12d4564a7ea839e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64bbcbf7511b62a1e33b16dc488556e8
SHA1 77ca7cfb9ca7ede46346105a210b2d9885e52ef0
SHA256 d8217bda57d598a0aab645e1b216ceb0d8de6d4c40111840a4b84f6edf58fc85
SHA512 6593adc4af8c0b17ee334f1ac30557182157fac69e44656d4abc2a2dcb47f21e636b3194087a18973d356dad3146ff243188f7c1577c297a031b124b2f2a5e8f

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-23 10:54

Reported

2024-10-23 10:57

Platform

win10v2004-20241007-en

Max time kernel

147s

Max time network

142s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6e853e37292cc240b0e2d56d40789eb9_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1368 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1368 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6e853e37292cc240b0e2d56d40789eb9_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba3c646f8,0x7ffba3c64708,0x7ffba3c64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.180.10:80 ajax.googleapis.com tcp
GB 172.217.169.73:443 www.blogger.com tcp
GB 142.250.179.238:443 apis.google.com tcp
US 8.8.8.8:53 bdv.bidvertiser.com udp
GB 172.217.169.73:443 www.blogger.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 themes.googleusercontent.com udp
US 8.8.8.8:53 ws-na.amazon-adsystem.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.179.238:443 apis.google.com udp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
US 8.8.8.8:53 www.facebook.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 163.70.147.35:445 www.facebook.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:445 lh3.googleusercontent.com tcp
GB 172.217.169.73:443 resources.blogblog.com tcp
GB 172.217.169.73:443 resources.blogblog.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 172.217.169.73:443 resources.blogblog.com udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 bdv.bidvertiser.com udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 73.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 109.51.241.54.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 rcm-na.amazon-adsystem.com udp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
US 54.241.51.109:445 bdv.bidvertiser.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 developers.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
GB 142.250.200.46:80 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.204.67:443 ssl.gstatic.com tcp
GB 142.250.200.46:443 developers.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:80 www.facebook.com tcp
BE 64.233.184.84:443 accounts.google.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 142.250.180.1:139 themes.googleusercontent.com tcp
US 8.8.8.8:53 84.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
GB 142.250.200.46:443 developers.google.com udp
GB 142.250.179.238:443 apis.google.com udp
GB 216.58.204.67:443 ssl.gstatic.com udp
GB 142.250.180.1:443 themes.googleusercontent.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.29.10:443 g.bing.com tcp
US 8.8.8.8:53 10.29.171.150.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 54.241.51.109:139 bdv.bidvertiser.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
GB 142.250.187.194:445 pagead2.googlesyndication.com tcp
GB 142.250.187.194:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 www.blogblog.com udp
GB 172.217.169.73:445 www.blogblog.com tcp
US 8.8.8.8:53 www.blogblog.com udp
BE 64.233.184.84:443 accounts.google.com udp
GB 216.58.204.67:445 fonts.gstatic.com tcp
GB 216.58.204.67:139 fonts.gstatic.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 bdv.bidvertiser.com udp
US 54.241.51.109:445 bdv.bidvertiser.com tcp
US 8.8.8.8:53 bdv.bidvertiser.com udp
US 54.241.51.109:139 bdv.bidvertiser.com tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
GB 172.217.169.73:445 www.blogblog.com tcp
BE 64.233.184.84:443 accounts.google.com udp
GB 172.217.169.73:443 www.blogblog.com udp
US 8.8.8.8:53 hafiziidrisphotography.blogspot.com udp
GB 216.58.212.193:80 hafiziidrisphotography.blogspot.com tcp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f426165d1e5f7df1b7a3758c306cd4ae
SHA1 59ef728fbbb5c4197600f61daec48556fec651c1
SHA256 b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA512 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

\??\pipe\LOCAL\crashpad_1368_UHVTVVEOLDLBXADH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6960857d16aadfa79d36df8ebbf0e423
SHA1 e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256 f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA512 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dd24ae24ba69d3692ce1545c44e48f5d
SHA1 23abaad4af590706b5fc557dfb90eb1f5eb05d4e
SHA256 dd718b4c1c63e0351e80b592b59f86dc3315cb22bac0dde4381617e5f480dab2
SHA512 8efb4e76b0d4525a2d66bff0df06da4d84781db8dbadb1677c6a4817c766843139ac243cabcc8cb3649bb4ced691d82ec37d4a60eb3acce5c4a4c8c49f1c0ff8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 05197e9427acea2ac4dc812f97a8f078
SHA1 3d2a38b79da52e57783360f195ac3e7c85edefd8
SHA256 7bdfd36b4f017340dbc84a310014381bfd3028416ff21c54f7ce0a35cfd38191
SHA512 084d4febc28358d3ba6b0bef400f637b7f350381b8b592b1e412dd860d5aaf034c03ecfa87a064cb19dd8a42faade23c260e35a8660791011b7e51b726418ead

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a5e3b3476471e0e46e93bc10393f5637
SHA1 9e2fcc23217705f12d1c3abd6cfcec170ec50a65
SHA256 c28e8e2eef62ac26370a4489c07e421dd569e68e5010da30add3166bd77e93a8
SHA512 03476105b6c64dae4e8f256f1a42cf1814b4d83bb6d69fb781d995cd2a5d74ce9727c68729434cb134cc3b4f6eef9e681b7d4302cc6724e865836996d39f2bbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 08fdf06cf4dc160bae26313494612d71
SHA1 0e588edc2d002917a82347343b6d8196c57238ef
SHA256 644933a2fc719192b33bb30967242471316fedf9e6b0956ec147bff9460743d0
SHA512 8889c0c91d2e2ad1362c5d311b9001a9e370ad91202e31fcdb28b217c10f7b12b252b569439d4c33f56f5fbe2f9fdcd6c9c2429f6cc409a8df4bb92e74be3df0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1c723e52803420311cb4d2de06def2c4
SHA1 4268ae5a8d1be612e595cc3cb45b829532d4e5c9
SHA256 46b7e4996377b237df26ff656a11ef09c272e64fe75c740ba51a7b096689725e
SHA512 26d0f0d46e8840e030f368fadbb9b6415024e0d67ac9895b15d20fd4930ef6a507cf13461e59b31516dead518bce42b0dce8a419a85841bcdb0fcb3c9e02bb25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 11a7afe25ae25b9fe6703d6c8efa0efa
SHA1 d0a0bf019a7619120c3d93b639d405e9b3833545
SHA256 3ed3fba3167a5b176e4c387c550d8a6cbfc4d7e161e28ada08f7e9d208f22ebf
SHA512 0911e2da2748f1ba7a988e05a87ecb7e0aa7b5a4bdd2b35059908684535f13af4e52f8e484d4560c33720b47ce886017ff480e79f72f3c6d4d9863cce4fe84a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9198c22e3045759c6aa1830b75d53cad
SHA1 2f88fab3ae3f88bb1a5b2add0510f1670c1bf47a
SHA256 86794bf028ebed8bd736a02acc339c7d8407ec2331b672bcc2644d62336bc153
SHA512 53d77e266be4f474e4bd262998fc338b02802e1b282b371cb2f4df5e4a685e6c2c8180e696761c6bb3477e928a32f15faeba5ed92527e51b038f889ae7ab938f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389