Malware Analysis Report

2025-04-03 14:22

Sample ID 241210-eq4w2sykfk
Target dcf0ef79e950cc6279f7cdccdb336395_JaffaCakes118
SHA256 37b5129da51a0b8bc1136ad94a3866d19b0e49f17d4a0e0c1217fac71ee2df54
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

37b5129da51a0b8bc1136ad94a3866d19b0e49f17d4a0e0c1217fac71ee2df54

Threat Level: Known bad

The file dcf0ef79e950cc6279f7cdccdb336395_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-10 04:09

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-10 04:09

Reported

2024-12-10 04:12

Platform

win7-20240708-en

Max time kernel

141s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dcf0ef79e950cc6279f7cdccdb336395_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439965645" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b09cea69b94adb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9219A8C1-B6AC-11EF-85B7-D6CBE06212A9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053aba0255ebc5d49836d3611b4a651d4000000000200000000001066000000010000200000002aee4327d2238a579f87fa48bdaaf888c17bf441d1dd7a0032809eefff363df0000000000e8000000002000020000000017f2276a680f04e299afc1bf76e31ea32a7451e37f8a38740103d1d25b73ae89000000020b188834a2978d9f7824a6edfda43abf4f335833b4488555926909282a46842f3d9b978c3b454e6ef23e6dc7e038540d6116504ca39bfafc6b920ce4a8285d6415a3374e0de0131e60393b465ad3f5c2bd6bc33533c0d73e409b57673089d5ac93a074971847b8af9da2b7585fbb0148af3ff424593cfdb69f6d7cbab2ee64be8660ec734e4f2e9398a0f0e1336f82a400000000f683d7f8a935294b41f68fae3e8f5db1ae0bf1761cdc92e6db5df1c4ab40cd157a28b0d48d3575d10580a99bd4b6dd0f4091a2648004e5cd5df91865f7dec7f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053aba0255ebc5d49836d3611b4a651d4000000000200000000001066000000010000200000009d1d05f752383635ad371640519eee83f35957ae7fca5dd664013f8b3265d280000000000e800000000200002000000063ce77799c8a913190e604b7ce0d078602d9d9fc10a88f49d22dd355b359b5dd20000000a81a1ce3b9a374552e3acbbf59c4d12dfbc43888d83908b0bd9dc4bd613f7b1940000000537bfd1858b457a4fc15c725af3a17a2cf10246c7846ed913a3dd78dc75ad3022c7eda41578227a529ba90842bf693545576833706cc8ab312313c75dcc4cf58 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dcf0ef79e950cc6279f7cdccdb336395_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.179.233:443 www.blogger.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 bit.ly udp
US 8.8.8.8:53 blogger-plugins.googlecode.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 67.199.248.11:80 bit.ly tcp
US 67.199.248.11:80 bit.ly tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 216.58.212.234:80 ajax.googleapis.com tcp
GB 216.58.212.234:80 ajax.googleapis.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.179.233:443 img1.blogblog.com tcp
GB 142.250.179.233:443 img1.blogblog.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 142.250.179.233:443 img1.blogblog.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 142.250.179.233:443 img1.blogblog.com tcp
GB 142.250.179.233:443 img1.blogblog.com tcp
GB 142.250.179.233:443 img1.blogblog.com tcp
GB 142.250.179.233:443 img1.blogblog.com tcp
NL 108.177.96.82:80 blogger-plugins.googlecode.com tcp
NL 108.177.96.82:80 blogger-plugins.googlecode.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.83:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabC1BB.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarC2A8.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d9f6f0aa007a4dde764298af1d99dbd
SHA1 a3ba068e039fa82f5a4bd49287ecce85222f5082
SHA256 9f99f706f9b1f777df8355cd4189f61db902b06e3df46e22147541b870cd4d99
SHA512 9ef7a25cb71c91b6be71838627e12daad16a3721a73951cb95cf5a406ddae2b6550f97388f6e72b8a4d9db38c5a89a457352b626f78a4873ac2b2b86680b126a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28f233a1720a0acd3f472e8866986e6f
SHA1 a678b238c81405c697e2c25f44643498c4ddee25
SHA256 c0a36077e98862df1817b56014d32cbd2f29e6464e339304568116cf5c14f890
SHA512 21c5731a36d2796a1ecbb9d1d967c2d22bbc058cb01dac2409ddd46e1db6e67bc5ee2a81c38bb6f0992e4670e3dbee07cdba2e068e474aaa108b0b13337101a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7935032dc9bde49e573f51e4503631b3
SHA1 d24f2476da2849cb17ead6180f5dadd97aa84488
SHA256 c033c77c9aa0b2ef56adc3636154f8ccdfff2b32e15ba595e0627dffcb1635d0
SHA512 5859759e7d06f3567e670c3a82560734571fe33f2eb1b4c47c62cc83ac8af3149a00e1251506eedb9093a0316a49e1e8283ef0a07061770e86a339e925c16ad8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3f1c96514c4571cb2d1e9771399132f
SHA1 1ff82a1dcccde8e2b0e9e020f34c473df8a18e29
SHA256 996e2172fcc6f5751493c6fdcc81240c36e38c58a3b3fe61be1242f5149a412e
SHA512 ee1d806e8896dfaa50b05354c6c3e75a93bde135e8e6aef344321a6870d605ee1cfa9e44dc6b4ab29cb7cfd19d8d150cd05b1ac22d2c2e7ba67dddbc0376ea92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53755c5aed3400706d8e36ba48f1f1ae
SHA1 40b15edc3fcf3d47c7fbb2b7bf8143f584e86f27
SHA256 d93a6fac26d442fd7fc404c4e496c9fb2ac33f2a58c4bfc5d8d8fe2c380126b6
SHA512 2074c1bd9e2ffbdb5e7949a8e4f26603d4f0f329b7ab44d65712213d7cf841dcc9bf37b2da14ec31ae3d6feea5afd27b973b5540e6dd01e7a6c7b77d05028323

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 250b41dce2be4e53d07ca765b32ea9d7
SHA1 883ad3e9ee529ea10c285213abb1c72209214fc5
SHA256 87f750a4add231c54cb56aa47987f6fb44474d65b5dd4334be8945adf0c01cee
SHA512 34092452af13b1f61d9369cb4da0e3d667d4dae491351ad5b1b74aa00eec4d2c5debffcf855a5a44ff19047646c77162a1559f029e2da5749e4a0c9914895978

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fc9d3563387e5f1e8f6d95802892d95
SHA1 51a1b6d302716ca71e0b916d706dab8ebcbfe481
SHA256 822e4610298f0e630cac5cbebdcf4e3b17911c347e753c769987b9b3bba8251b
SHA512 c3985a48de3d724aa91e87fc436aa3553c3fe3356ef4ac68d46084217840ebfc271bc7beeabe4327f940cf203588b7b794ec3bcdc1677bfbd665fc3b513d244b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afa3c4138ecd554b0b0bef9e1767220d
SHA1 d81130ae0d504149f4b529916436f98ca769e89e
SHA256 337e4a4f9345cfda9a5539016e30fdd59f98250db72974039c0b6497215e2b7d
SHA512 2c67bffb8e06803c4fc8948a1d24d2e83622c873abab6ab199dbaac8ddf4c0666ebad1b889053e9fc200b0de1400774521dae76577a8550a2f94491e811dc443

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca0ed28860e3e11d16c0f64a11b847f0
SHA1 8bf5ef9cb38beef768b1e308b497a4f3c84b7053
SHA256 364ff241c6f6f2449156bb1139cfb9891b189886079244d6f1cf5e98b9041de8
SHA512 3e94956355e4e38ca8756d50b5ecd1d085c342048c540b6aefba2bdac375f7e88946b5af6049812999537c375834c4a8481b0a15ba027abb26eaf02b853203e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c426fd3a9d389553d94115aaf2d9021
SHA1 0043ffb418af9795497dda680ee16e692d617662
SHA256 7582bace7d0eec317645006d1bd50b36c1d745e0108b837ecf2d94a35c8fd45b
SHA512 dfe5867dfb33823273e085d13df929e4937602d098daca27c91c6d0c9beed686f495d1ca6c290cc3e4f44c3d3b5d1e7856683cf63fc9559a51c496672e87f93e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91c26113ad3aa8a9ab438769dcfd3402
SHA1 e8575a227887ff3b8b27b2e2192f278b96dbbda5
SHA256 88748c8b94f9ee7d06e70d3cb449c691fc8706c42490c34f7f1f69993daca7f5
SHA512 9e6b86d3df1684ab174bdd7cfae5006373f5acec3795ef65857749c2c6014f4dd2daeabfb9719626acfc3b59faa61bc2aef9bbd8e10728f9ca9a1ec5bea16804

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 681972365a3ede68da0dd6051b849761
SHA1 b8b8bbd61120f7f47c202d990f33a632704cf85a
SHA256 674c26324b0691fa1d12d2d879f65e9c0d7455385e9152305a6d59a8c2910ab8
SHA512 da3beb8a07c945eac099eaf706adcd75416dc53fac6333d6847c6091fe5616af9d6832076caaabff541b67197157d6c90935c90d481bdd0d96130a07895ae2f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78753acf07e7a68684aabeced0726406
SHA1 59f58354a5efaaadebbb9b57fa17267f3bb66254
SHA256 e02ad20d52a99f176ac9969c50a7f8e8b43433d8487d1cc24b79de38e1d80ae3
SHA512 7d5a28a072c90225f8c855d4bd6972597afccc3aeb08ec40e03ce996e8b0f2311450092e398f158c6a662dc2d7a0611585e544c75df4d30c8cf4ce327fd009eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 436fdc59b3c825dca192c8cb8107935e
SHA1 ab73bad8f9cde1a00f7de93ae25bfbf7f0805139
SHA256 330c7423ba838e35729dedecd650ffcb528afcc7b27856303f50cd78fbd0d36c
SHA512 6a4434f54cc7582042151b7dd7ea033810c4ff99190924db2462a89151340796fb296fc25c349165d492c314cc10962bb720a79434837b06ec4ce5f9df10ff92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6a4b6d46c83eda5d2a4a9226de3edf3
SHA1 2c190084934e68bd317809a3dd41e5fd869a55e6
SHA256 7d73bb6c2369db0d30b4dec9b5e5d660a689caf82642417cc9ade11642ee8ab9
SHA512 86a0bc79db27d8101c362443b419ef232401011b83f6c9fb5517b5771ee35bdd026e04e5e4ea60beed251974525432f6b91f9a5a0ca0a7ca7ae11dcb81c11536

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76ce95793ce87c103cc502110c051ed8
SHA1 905235a1526a1e0154c41b69f023832b3e47e1f9
SHA256 4bc0d5f03b292674072381b7d851c7f122b5857091dd4c37f8447821b4ab95ef
SHA512 ba64cf9652cc66245ef1c419a38a4f58274540b3a397068bcf975aa74a62c09bbf1f6e7760fce5653878c03910c78464702f61d4579ea604d4d92a51b1e1396d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3007aba33679a459176973100eb93077
SHA1 bbe8a4557719db4dee79064355bf9b54e9dd46c9
SHA256 24833f7d71610f1342a5f8f7b68ca9cc2555e4b257c21f90c65547aa3cd1b4a2
SHA512 deb2d4e0a43ec1c1dd442109a14a436656ca4b0e413179f2dc5547d87bc85656284655e3495c6adc8f7880ff0af3fea037b67b03997014b994abfbece5217898

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 486b59adb398128ecb8ed5442ace3aac
SHA1 17bd1526ad856c71b7bfcb6f77341914802b732f
SHA256 b85bbbe88d35b821769ae51bccb02c98c9c6302d654c3dd1bee32c6d25fb6ad1
SHA512 5136a9c027fa2380b613ae19100e11e342b922d3548e0af3b3d90d690cfdc8e159188c8610a91004694270e3af2d35f0ff274423b58b31eecf669b4e5fb46702

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf826c6e11e8210331e15acb61aa535d
SHA1 a785a740b6f9dca84733e4399ab5ce84f9792fab
SHA256 b077509f3e7b221b5164dacd1f595af48d21916457d1551d3d9980793b09ab07
SHA512 6a4d7d3ffbfa060407ef2f0a55d0d43976700dab10d47c24a37bad52df240e58011ec231ddc11bee5f7a09b98e2db2928e8bcf0efca6da309348bd855d3fb560

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 1607f5cc3d11a6229c5e5bc251b4245f
SHA1 8d4b41c9d1ac1b0039ca887c2757e0f714e20e76
SHA256 3819849a9010c50c880e351a6dbaea95a6dd15f9dba6bc2fde8d049c24156486
SHA512 bb0b9d245ffc7d4c349450e198d1f620e2daf0bfca1713bebe1dd0b377eea99b6d922f9809e7e91048012fb87adbf3be2b699b4ec90f3d87b3f8fc4094ad4a5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08ceea71d9bb5921f7e60deee5b2b97e
SHA1 c66add23f424f49f016b9f15b799f3d8ed9a6750
SHA256 f1e5848e7521b663200e91daf77fc414e0415740afd4b140dbae621c4a806f05
SHA512 9e4f1f1eaa4910f76777ad1368d4c87318411e3b9dd93237c53664499c361f08549aa06d1033581975662b4aa7b1daae14bacd969da880ce14a12ab99614b705

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd99b41df488aba5bca3349aa2b08688
SHA1 7012ad91ae17587942280c002aae4d4dc5806af9
SHA256 f5b51a0d771ca7f4f93d3a9a1e98ec6a39a89a8daac406ebc3ed348781b5ee32
SHA512 e46f4404bf985039ade083eb2f175e5d9a11eee6070d75d1859db6b3f19fb9252d8f06e0d37bb1b3bd9901896219a8d18fea631087cc68c48bc4da9db764f273

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e520007f24b79fe2b39c741aaf033f7
SHA1 5dbb3a8b94c70b73bf731b257eda1cf4a66a1383
SHA256 e889e4525c894180b6a01c6532403ae4fd38070daf84c4ac50faf7daed3908e2
SHA512 3c5798bb98053080b349468d2a47f7c6151e3626f3e6bcb661b9a8b7d0ba60c4b5eb7579d1499bde544e49a3e790c77e23bb4ac5b3eb40146797af213e5056b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 038444f5901c63c2e47a3085db2d9929
SHA1 40e77fb8c5b1a0920d4137a46de4269f760e53a3
SHA256 73e5b1729da344df1767a14630d9e6ad925fdbedd4d864b686e3e4d8b33ce596
SHA512 0c8761951fc4be27bf47e4c45500f86d066d299661a7631ca8647bb826ceb656179f02886b6b5104943195cff71d4ca3c877371611467504283d0f46e5b2bed9

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-10 04:09

Reported

2024-12-10 04:12

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

142s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\dcf0ef79e950cc6279f7cdccdb336395_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3252 wrote to memory of 4276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 4276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3252 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\dcf0ef79e950cc6279f7cdccdb336395_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0c8446f8,0x7ffc0c844708,0x7ffc0c844718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5728 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ads.lfstmedia.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 blogger-plugins.googlecode.com udp
US 8.8.8.8:53 bit.ly udp
US 8.8.8.8:53 ajax.googleapis.com udp
NL 108.177.96.82:80 blogger-plugins.googlecode.com tcp
GB 216.58.212.234:80 ajax.googleapis.com tcp
US 67.199.248.10:80 bit.ly tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
DE 116.202.166.13:445 ads.lfstmedia.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.179.233:443 www.blogger.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.178.14:443 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 img1.blogblog.com udp
GB 142.250.179.233:443 img1.blogblog.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 142.250.179.233:443 img1.blogblog.com tcp
GB 142.250.179.233:443 img1.blogblog.com tcp
GB 142.250.179.233:443 img1.blogblog.com tcp
GB 142.250.179.233:443 img1.blogblog.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 233.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.248.199.67.in-addr.arpa udp
US 8.8.8.8:53 82.96.177.108.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
GB 142.250.179.233:443 img1.blogblog.com udp
US 8.8.8.8:53 ads.lfstmedia.com udp
DE 23.88.74.40:445 ads.lfstmedia.com tcp
DE 116.202.166.16:445 ads.lfstmedia.com tcp
DE 116.202.166.18:445 ads.lfstmedia.com tcp
DE 116.202.166.13:139 ads.lfstmedia.com tcp
GB 142.250.200.2:445 pagead2.googlesyndication.com tcp
GB 142.250.200.2:139 pagead2.googlesyndication.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 142.250.200.33:445 themes.googleusercontent.com tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 142.250.200.33:139 themes.googleusercontent.com tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
IE 31.13.73.22:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
IE 31.13.73.22:139 connect.facebook.net tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.blogblog.com udp
GB 142.250.179.233:445 www.blogblog.com tcp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 ads.lfstmedia.com udp
DE 23.88.74.40:445 ads.lfstmedia.com tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 ads.lfstmedia.com udp
DE 116.202.166.13:445 ads.lfstmedia.com tcp
DE 116.202.166.16:445 ads.lfstmedia.com tcp
DE 116.202.166.18:445 ads.lfstmedia.com tcp
DE 116.202.166.16:139 ads.lfstmedia.com tcp
GB 142.250.179.233:443 www.blogblog.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 trollites.blogspot.com udp
GB 172.217.16.225:80 trollites.blogspot.com tcp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36988ca14952e1848e81a959880ea217
SHA1 a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256 d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512 d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fab8d8d865e33fe195732aa7dcb91c30
SHA1 2637e832f38acc70af3e511f5eba80fbd7461f2c
SHA256 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA512 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

\??\pipe\LOCAL\crashpad_3252_QZGCDTWQUYQJUFUA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f6fddf1b83d90a1117e4ec0c43857298
SHA1 b35a6b16b20ae10e2c292a86d26ced07a2322bde
SHA256 0c26a9928881bfd00bd6fd7fc939f01f6f93d24197c0343e38b0bb53178454eb
SHA512 aa0463ba13f54a71b2101b2ef07fc9706bea57fadf7a8b0892df074b26b15c18469e88ad80c99209d31a5d9883ac24f12039e5ccf6c2bb2f9252cc824a6641ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 84508c2308e3dfff78e9e1d434509656
SHA1 63a04b4510c414db58a1b142bd6040eed857b013
SHA256 8ac1df98d4205759b950b6b0ef863ce90b70493c8d96d83d8452969d141d1460
SHA512 4da2672cdab3dcfcbb92c2daad05524553c73b686ec266fbca5a6c2dad0f1863f166e211efcd33cddd903dc59b3bdc07ec44c4cd00f4ca606f48e498bb71a03d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 528b2d86a5f37775cc983adeff8f35af
SHA1 d867fd2e991ead7bf4cf16581b2f6a817d114bc2
SHA256 0b7ad3bc66c29f3b4de947e8e94bba35d5f2da8ff1865e02f2540ae1db47eaa9
SHA512 55ebd048b26cb16d3d24e7f1462a727b6c7ec261dbdac1f94c07a73624e2e10214d42b97fe43002f7b9ca871011a6f7eaa4e241a1de5384dce85988378cfac3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ffe5bef5172b07b881f9a83d3a5789d7
SHA1 0e79f135854aac9c375a5961ad97bf68ea17d8a2
SHA256 9cec892fc805e4aea6108175826f37067d438d985b9eaf5433ba568867e5c0ec
SHA512 08c30b96c8360bab394bbb5ad59b25cea5cc67713dd7282b7af53c97d5fcda384a6abd0b8cc88063415fc41257e6570ec8fb9f8970fe7daa71aac57a9ee1aaba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 167489f20f2eb5873230d3f346f97d9f
SHA1 b0820f1783ac90dbb1404ef8b232d63f237b1a69
SHA256 a244142b50508375606cb47f03a0cbddbe82cd37d2a24aa1d833d14e90846ff4
SHA512 7e5b3a085e8d047db806d33d018c13a143c56cc07c89f5b4b9e764dbf71a09318fd03d8d1f352856595f4d66fe420f7a71debbb7d4c72dcc81b2f6b04b2bfbac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 19e1e126e332b5cf60d5f46caffad274
SHA1 96afefad4e9e0fe8e62d1b9781f6ceea2fc0e8ef
SHA256 c5097841790839af63c28d4d9e30afa475e6df2b6aa0f0a6b48c626ac024995a
SHA512 ee5e2b05882cf9482eaeb74293144bd7fa055f0836640ff069d1bd17c32ae04d214cf276f819c4aa8c359a81b9436d982a85c85e88272d31014719644fb7b668