Malware Analysis Report

2024-12-06 03:25

Sample ID 241023-n8v7as1cmj
Target 6ed1f78cf5ee1dcb34ef86f44951286d_JaffaCakes118
SHA256 59b20a7c55fcb98ffb6901a5c17336871fed27de2daf7b87804ac3d72d5a6ba1
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

59b20a7c55fcb98ffb6901a5c17336871fed27de2daf7b87804ac3d72d5a6ba1

Threat Level: Known bad

The file 6ed1f78cf5ee1dcb34ef86f44951286d_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-23 12:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-23 12:04

Reported

2024-10-23 12:07

Platform

win7-20240903-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6ed1f78cf5ee1dcb34ef86f44951286d_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F8618991-9136-11EF-B30A-EAF82BEC9AF0} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000bb5ee8fed289870822fbbdee9067a6171f344929e576fc00ba55beb59aba7dad000000000e8000000002000020000000a850caa371020d6456803179eeb3120c9f4080aceb6b240f8cee404626a1076b2000000043d19e4a69884b53a9f07ccc40c47cd7b6c1e5399e296658390bc09038c2ab5e40000000eee29fd834d9a6a16e0e6bebf9592510fa5f58da44cb267d3aa5099f5880ff27b3172a50b16f621bf5514a0702825010facd827f3322b6ac4eac4ec88bbd1d11 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435846944" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea22000000000200000000001066000000010000200000006c51e1e3c99a9110ccda11df3febddc45fade12ce07c4a7858056cd60c31c601000000000e80000000020000200000008fccd54946142789c0a95181a1eb989e4d09b01fa01a051d890a3e042489af64900000006fcc1846005b186d05728a86c699285b7a8a1c1495309e862b334e02f4c59bea481e4bc402f3b1841dc41914d2b42c17520b73ebab77ccb2c8b8c915669b9f8c3021fe4e5ae7e889c6193c2104fd6e823437f28c2306d278bb188a9e29f3c8800e86d6d75e7885f5233a8118dcd2d551efca13bf721f114c49861d0e0c2c5bcd9f2819886df6503b799accf573df34f140000000ec221e71ac51d03d0a8c384e728360ca399e6a10a6bccc281cb6ae3ce7adbd643b1c883228dec811f3b19721a5b21bdb0fd96def9088e4f3e660120d6a30cb10 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20feb7cf4325db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6ed1f78cf5ee1dcb34ef86f44951286d_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 i1128.photobucket.com udp
US 8.8.8.8:53 adsensecamp.com udp
US 8.8.8.8:53 upload.wikimedia.org udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 twitter-badges.s3.amazonaws.com udp
US 8.8.8.8:53 widgets.twimg.com udp
US 8.8.8.8:53 bloggerpeer.googlecode.com udp
GB 172.217.169.73:443 www.blogger.com tcp
GB 216.58.201.106:443 ajax.googleapis.com tcp
GB 172.217.169.73:443 www.blogger.com tcp
GB 172.217.169.73:443 www.blogger.com tcp
GB 142.250.179.238:443 apis.google.com tcp
GB 142.250.179.238:443 apis.google.com tcp
GB 216.58.201.106:443 ajax.googleapis.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
IE 34.252.59.230:80 g2.gumgum.com tcp
IE 34.252.59.230:80 g2.gumgum.com tcp
US 3.5.21.203:80 twitter-badges.s3.amazonaws.com tcp
US 3.5.21.203:80 twitter-badges.s3.amazonaws.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 13.224.81.93:80 i1128.photobucket.com tcp
GB 13.224.81.93:80 i1128.photobucket.com tcp
NL 185.15.59.240:80 upload.wikimedia.org tcp
NL 185.15.59.240:80 upload.wikimedia.org tcp
BE 108.177.15.82:80 bloggerpeer.googlecode.com tcp
BE 108.177.15.82:80 bloggerpeer.googlecode.com tcp
GB 13.224.81.93:443 i1128.photobucket.com tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
GB 13.224.81.93:443 i1128.photobucket.com tcp
US 8.8.8.8:53 js.gumgum.com udp
US 3.165.148.85:443 js.gumgum.com tcp
US 3.165.148.85:443 js.gumgum.com tcp
US 3.165.148.85:443 js.gumgum.com tcp
US 3.165.148.85:443 js.gumgum.com tcp
US 3.165.148.85:443 js.gumgum.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
ID 103.30.145.12:443 adsensecamp.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 3.165.148.85:443 js.gumgum.com tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.18.190.80:80 r11.o.lencr.org tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 13.224.81.93:443 i1128.photobucket.com tcp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 www.linksalpha.com udp
GB 172.217.169.73:80 www.blogblog.com tcp
GB 172.217.169.73:80 www.blogblog.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.151.35:443 m.facebook.com tcp
GB 163.70.151.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 3.165.148.85:443 js.gumgum.com tcp
US 3.165.148.85:443 js.gumgum.com tcp
US 8.8.8.8:53 widgets.amung.us udp
GB 163.70.147.35:80 www.facebook.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 104.22.75.171:80 widgets.amung.us tcp
US 104.22.75.171:80 widgets.amung.us tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.73:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f5c9938a2fa3fc7c84debe9b5699bd85
SHA1 698dde95fa540adaedf8c6c475730896609a8fd0
SHA256 2d21778bc0d4f0798a5c652a62f2971db17dcf2462b0c13d89bd02de1d6df3f3
SHA512 4dfee6086310236069239716570f6d0c63946a01b62e644447d9f6c5c3231e50b9041cc6a4d1378d58a6f694520a825e7abf98fc501c519750602ccfebd3479b

C:\Users\Admin\AppData\Local\Temp\Cab586E.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar5891.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6278f8319b00ee9f2bfdb9b209f65de0
SHA1 3256b640c44cabf0171b40793ae4192afb2bca63
SHA256 49d946af3e9830480415b15ab96db48472a219fef489c596d5e0ff05e684d33c
SHA512 55b1aeeec79b57c755b25ce6a0681b1e20df74c3821414ff430be39e32301e4dfdc8ca6b337659ef15f92438b21f518832107a4181ef3b2d7a20e69060a0a3cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db5c5c2f21580cde653f7c52aeee680c
SHA1 a7cbf114ca56562b573bea76c52969437094e1e7
SHA256 d830dc9e434f00f850ff71b4db3956108673dadf2bfff9acfdea464fe1fe5e4e
SHA512 e173acb57ac6fad0e0de7624de4cf5602656ddb37c50bc81679768b4d084af8b261d07e38c717c22a8e71745e26e47ccc5f7fc586a992e164786777877410267

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0154365cb4a94ba47e9f05acb84f6e6
SHA1 08e2c7f57285b55b8cf10b1ccde8b194969f73c4
SHA256 42d57cab530cceb86d327498905841a0d41922846f4bf7ee667294701399242a
SHA512 8b130cbb6e1bde75dac0b083e7bd2e9b7a8d8b7ff42ea528f8956772e1f426dc2dca4abc17a374da6f2ccfd63f940b8a924fe9b0383cce63b9b4e072684ee6e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 cc5f37d7818a55c4a0f467a83e974147
SHA1 6a4494e9b1a4a61c619218b382a95c7b9102476d
SHA256 78919af8a680819170991b7107ecf78bb24fdec7c9fe0e4f81b6d9eca0f9aaeb
SHA512 9762d59f0e717980e2d5aab34ee45d903bbf7f7c385412107b333819c61fb259af7677e4d1de68105dc9f0ebae0a9f6e742e6b176323ed5d201f93b72cb24e43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4aca90224d951ac9dfc4ea0fb43d6a3
SHA1 ac1d7ef35bc91d2dbccd82749a9b9b674bfe2498
SHA256 3da63ae69ad1d9c35ea1eb183b33e3bfc523bbe818c3ebb1ce6c9206861b034a
SHA512 494bbc1b5ecdf9f2d601acc2f4d5b86b6b0c6de2a51013a9e233f66395ba9f842a8cf4f7f71a9e22039f1cec8b3efc484ec15b0fdc17664d69a2c54d3431ca4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49e4accb5bff4e9a4fbdb332ac4fd35b
SHA1 d99bd88e2a36025aa9a6db5c08b05d3110bba119
SHA256 b5edf7fba79333dcaa9690131b4cfa5426c53a5976956a3b447b1a9d447d8aa6
SHA512 5c25afd93c04cbfbcdee4721cbfb48b2446ac75b2a1f6c5c225fe1c8329cdbc283d1b70ba1951b9f99b2c08d93c76f1631c3abbbf8d54fb74af633b2741a88e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bcf1447b46a673ea68b50e17d4ddd87
SHA1 2be52f4a60883200aae46729651bf0c978ad3653
SHA256 1f8793ad9337feab86e123a8f39b06f5fa141bb313d0cb1b0988ec4b3845e75c
SHA512 231f7a791b6d08f42413e98563546eac6699119674702f7a974ac6b40f3393f45426702b6ef7826652d8305032595f8356ee4b99756c307449db60eb51a898b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6999f02b20b27708afd059704ed1386e
SHA1 2dd5fb88b2935a36d88f785b54077ebac4e4101d
SHA256 855a72246d7b5182e7a5acd217fdd26b2fb2e296518b6939e9ce186a93dc4d34
SHA512 03ce391a1986113777ea414879bfd7214055acb5e272fc8adfa603e3cedef60d3d26ac04a021978c77cc565a53eebd57b08f4bca2829586fea7872f3e35ed9aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2c6eaaf87cef0aaddd38cf14b26896b
SHA1 a278287fe53985b56a76f3c39a62fe4769ee1ea0
SHA256 d7d849896b5ca9920449335d3a19c919729641099162b3d5b6efe3df2f454ef0
SHA512 fb06bcd8d406f4933b0e1c8cdb8a2a5caf1f81a300112b0ff3b5fb4341acd7e3caf45447be4a9482a14e5510ead0cfb9f4fda5fb91ffaf1ca5499adbc45454f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 817daed2de1f650024eb089748b4e67c
SHA1 2384fda0065090c11c2d4ea531a03f59bc433b0f
SHA256 57127b0c675bcf79f2e0777cf864eb9c8f42b6e1044709bbdf13ad810f4b9a8a
SHA512 afd81999b0d119b70d781992c2cb20b8fda5d81861b32a0394d131a4d0167b806bef21582441b575da4fcf270540cebc8d79a2bf2505a991fc762ea8c14bd230

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92b5de43d4b4e9cb2fcd9db09265a0b7
SHA1 d70c143610b168c8c40befd091d368bc613efa3b
SHA256 b1c572593e9885222c59f508d2afd01c965d126d827a566c37184d41414c16de
SHA512 422dc4816cc4c2e5f843e16cd8e5ed27d37c88399c48eb314a41aa2868fc92e3667c9f537f44533d54339664c11758e4ce7c3ac11e8e991dd515be7cff4140ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e3952cef1c6781e90d3aedb69a1705c
SHA1 6f75fc67fd4cfc5bfcf82b49e79af7fed20b3fc9
SHA256 9d26b7656215826ec8945679f544c274e372e92b1990dfcb95ad9bc71d753452
SHA512 c682ccad8299bd28bb38e513210c5f488f04567e3648e90ee1944c5c162acccaaaa229fb9b2d594dab3ec265e9ecebd4e025b8646f816d49a96ccd077c019858

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02319863792d5fc4ec667d49255d6eaf
SHA1 5ae98b3e8ed7e63810abc3d2d05f518f42ccf87e
SHA256 d432b2acdde7fa89eb745c903afdd4f6efafc80112828001d9b60dd183bfb5e2
SHA512 3771bf4af9aa3ec931acd7b3e4eea2d41f2f1496682f9692262b23528ae5ef046bd8f868eed0d1d2ed69e8a247c6f0effe4d639ae75a154ca6df3156d7177749

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ed4d6c108c1ea6ade00926719ce1d23
SHA1 2252a17ea4b20d61a419f9acf0a0a35bfa947d9c
SHA256 5dff6ae25d1ad8998a4ecffafa5ef09f7f60ab6b7b18e2aa7445527b3d35da90
SHA512 c96db5d48c9df7404440628140b839741c8cbafe79836a6ee61378b2950802ee59986f0ea832a9449749f95b12c6edcb661631c7264decedb455db1023dcf4ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00f0228a499076621b6b88ced7b4a27c
SHA1 1eb4c8567b109211b4b1f31a9b81e2ff173f2331
SHA256 42978123aab197668efc8426812fff0c35b2a8b6d4097552a61a407525b7f79a
SHA512 03166c64cfabd0a689c972e010921d0ceef70a5830dd1031ef0e2192526d158822581ea65234c6a741da49fca21c1f0d2b21eca63b3376356d6a7c9f72e53283

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34590e0daf4a18624fe159a5dd6b5fa2
SHA1 a4f89c8daf80ffb162a451955595c64ed9363469
SHA256 1eae78e75ad6746def7b03e61e3e129d3d1f56b13828b6032214c88dfc864890
SHA512 ec8ecc8a39c24e21b3eabff12af8141e5c4b38fe63328b122d630a5044a35647bc67b01149f9df7dc68d7d3010dd27c6019b896b23003c9917d324aacf533a5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe6b3dac28679657eab22d2f5929f77b
SHA1 0b9498003da720802b96416791d7977580576f11
SHA256 754064c85c7bd9657ad4ab8e920e0ba018f61e4c9b31f2f54b53ccbb8e9e89b4
SHA512 03f53c4f8a4a6376237b2fc19ea3097716a904452abd17e26d532f5477a72733f47d8c5e6b048cfb88be233efca470204745797783c47bd1c6087adae69b259a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 29bf1cf3962df9753b0a6e0c80260821
SHA1 6517ebff9906adbc47578009e3299addcfe2bf64
SHA256 f0b8eae44c7f9f5d724ebc42ad74b05b152d0c8b78aedf6938a367e887fd5ef4
SHA512 cea7eda9948c86311eadc78da19b62dd044248eec337805774d53b23568bb8483d885f8fae3b40c973b447c3ccc0f8eb9d44c4fb0cdd25a48e31ad002eebe1f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 35f507fc9b6e3499987097b54abad1f2
SHA1 b4f0252b26a0ffad728771a22b18fff4a6f9a0f8
SHA256 7632e4c9a86e513f42b3685f84be9459942b4a4fd005272a33f083568ef93aa5
SHA512 65b883a7bd619bf8c88c7a601686b4292c1ae59ebd0df34107bdd42b35048ebbaee4abc6c95dcaa90e328320d7b93fec396b331d79f822319300aaaa1d7f065f

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-23 12:04

Reported

2024-10-23 12:07

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6ed1f78cf5ee1dcb34ef86f44951286d_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 752 wrote to memory of 4708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 752 wrote to memory of 2512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6ed1f78cf5ee1dcb34ef86f44951286d_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff409346f8,0x7fff40934708,0x7fff40934718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.169.73:443 www.blogger.com tcp
GB 142.250.179.238:443 apis.google.com tcp
GB 142.250.200.42:443 ajax.googleapis.com tcp
US 8.8.8.8:53 adsensecamp.com udp
ID 103.30.145.12:80 adsensecamp.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
GB 172.217.169.73:443 www.blogger.com udp
GB 142.250.179.238:443 apis.google.com udp
US 8.8.8.8:53 73.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 widgets.twimg.com udp
ID 103.30.145.12:80 adsensecamp.com tcp
US 8.8.8.8:53 www.google.com udp
IE 34.250.15.22:80 g2.gumgum.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 bloggerpeer.googlecode.com udp
GB 142.250.179.226:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 upload.wikimedia.org udp
US 8.8.8.8:53 i1128.photobucket.com udp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 twitter-badges.s3.amazonaws.com udp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
NL 185.15.59.240:80 upload.wikimedia.org tcp
GB 13.224.81.73:80 i1128.photobucket.com tcp
GB 13.224.81.73:80 i1128.photobucket.com tcp
GB 13.224.81.73:80 i1128.photobucket.com tcp
GB 172.217.169.73:80 www.blogblog.com tcp
US 3.5.28.59:80 twitter-badges.s3.amazonaws.com tcp
BE 108.177.15.82:80 bloggerpeer.googlecode.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 js.gumgum.com udp
GB 13.224.81.73:443 i1128.photobucket.com tcp
US 3.165.148.30:443 js.gumgum.com tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
GB 13.224.81.73:443 i1128.photobucket.com tcp
GB 13.224.81.73:443 i1128.photobucket.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
GB 172.217.169.73:443 resources.blogblog.com tcp
GB 172.217.169.73:443 resources.blogblog.com tcp
US 8.8.8.8:53 12.145.30.103.in-addr.arpa udp
US 8.8.8.8:53 22.15.250.34.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 73.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 240.59.15.185.in-addr.arpa udp
US 8.8.8.8:53 82.15.177.108.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 59.28.5.3.in-addr.arpa udp
US 8.8.8.8:53 30.148.165.3.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 22.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 www.linksalpha.com udp
GB 216.58.204.66:139 pagead2.googlesyndication.com tcp
IE 34.250.15.22:443 g2.gumgum.com tcp
US 3.165.148.30:443 js.gumgum.com tcp
US 8.8.8.8:53 c.gumgum.com udp
US 8.8.8.8:53 aba.gumgum.com udp
US 8.8.8.8:53 gumgum.com udp
US 8.8.8.8:53 www.facebook.com udp
US 3.165.148.68:443 c.gumgum.com tcp
GB 3.162.20.3:443 gumgum.com tcp
US 3.165.148.23:443 aba.gumgum.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
US 8.8.8.8:53 widgets.amung.us udp
US 104.22.74.171:80 widgets.amung.us tcp
GB 163.70.151.35:443 www.facebook.com tcp
BE 108.177.15.82:80 bloggerpeer.googlecode.com tcp
US 8.8.8.8:53 t.dtscout.com udp
US 141.101.120.10:443 t.dtscout.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 dtsedge.com udp
US 172.67.157.200:443 dtsedge.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 68.148.165.3.in-addr.arpa udp
US 8.8.8.8:53 23.148.165.3.in-addr.arpa udp
US 8.8.8.8:53 3.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 171.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 200.157.67.172.in-addr.arpa udp
IE 34.250.15.22:443 g2.gumgum.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:139 connect.facebook.net tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 172.67.8.141:445 whos.amung.us tcp
US 104.22.74.171:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 kencew-unix.blogspot.com udp
GB 216.58.212.193:80 kencew-unix.blogspot.com tcp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 443a627d539ca4eab732bad0cbe7332b
SHA1 86b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA256 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

\??\pipe\LOCAL\crashpad_752_FNZLKYIUXMBMHHEH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 99afa4934d1e3c56bbce114b356e8a99
SHA1 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA256 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA512 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 936135eadbae9407479fa827b2f83322
SHA1 0025c18c4302325c804b4c28248fb6bc27a848bf
SHA256 2d2f52de5f4b8e310a09f6dc4cf4c7708649630985f6cb30b6ff8f75df4ae304
SHA512 aa0a65d60ebc8ff0539395c248fc54624643bd56aeed3a390423d08bef2bee0aacf9526c59d012a1b2691684fe3f25b2424f4075dccd067a8efd72cfba1c7b0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 65fc4f79023bb1dce5796afc026b4140
SHA1 a5bb201a1e26069f98bc5c431a38133a0f7d1ed8
SHA256 e491fddb3dc057402e74fa18164616b5fce2a7ac55736ad970e3604d542e31f3
SHA512 3c876103f4fc77626742f0a636e440c9d8339b854a5558e3a21da2bd6f4de314fe093fb5e12d5f13ba3217e3c91632d58fe4c3c3c33f5753f5c25be7bf315b14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fc3185c2d0abfc13be8e6198efd2da82
SHA1 f9a2053c1c2c8691cf2e65e5cb2b3214076ef970
SHA256 3ccf71335091695f2d6efd307e3ec063d8ac9a050387a3e2675091ff8bd829a0
SHA512 28529d9e581a3ec3cb027198eccf048386bd21fc19d78bc26e048e456dd270f26177a26ed4e65997cc1dcef8a39f5bc0d756cfe4804ed88a1ce483e0faa642d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 55e54a0c8f95593efa6a286440f569d4
SHA1 7be79ef1487fdc7e8b745e1c9dcec6fb89b25c6d
SHA256 52bc19d75dee729da4b3977115130c1abc1d66f6f8cc35f568f2f2221024386d
SHA512 2ebdafdf416385040b5d65b2c84cf11d49493d058c1e1df436254e70bb58c88816ebd78b04214644c1178361c64a80c1388db81e59a6926d85e07602c149740b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9a39366f8bd9cb4327d30dd12f977c52
SHA1 91a60a5a1104734c7b4b3200d947467203d4844f
SHA256 18fbfb1ae782761fe78775d042371121c60781f20949207bbb8b74c1494d575b
SHA512 8476946eb4a49f202f22d41abcf09c52df0ff73c4090a836e04e49bd8e079001e0dd729396401577d94719f301a76ae8572a43ee569acfbbc9b003f795531d0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6dbdb085712397f6690e2ca3a7aeaad1
SHA1 7817035c11025e543822989a2cbfccb301af50f7
SHA256 8fa63d8cf200e14b89277fb7056ba6771101ee53dcf54c65dba376d6c656ad37
SHA512 c5386babe7474baa46d9712d16f65c786e0beb9d2f3e4cb1eb76b05b452d6d76f1d06389775817686bc4a0e4b144f72e9ddd21b09289bb1e4b2916dd6009ac74