Malware Analysis Report

2025-04-03 14:22

Sample ID 241211-gfj51atqck
Target e01e56eafbd16b78ba05cf5b7fc13235_JaffaCakes118
SHA256 7946e14c7302fae0a9538f2033a6995170400c43d1798c7233f87697590f5f2b
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7946e14c7302fae0a9538f2033a6995170400c43d1798c7233f87697590f5f2b

Threat Level: Known bad

The file e01e56eafbd16b78ba05cf5b7fc13235_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

Socgholish family

SocGholish

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-11 05:44

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-11 05:44

Reported

2024-12-11 05:47

Platform

win7-20240903-en

Max time kernel

140s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e01e56eafbd16b78ba05cf5b7fc13235_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a10e87f39f27234b8337d367a516b5e1000000000200000000001066000000010000200000002ad7b2ca50c897a06d6482a202f25329f3fecac110f056c49c836e7bb4fc5a6d000000000e80000000020000200000001eea3f954fa9fe0a77bdb0ccac702f9d1fa82e67fe08cf9124f9ec3d9b80e29520000000eed8d2d288e6685072a5c00fa9d748a538b77a17194251148dd28796a16e215040000000fda9ba832a2e82690e2f4ee2b105a5c8d29eab24eabed9963f49ea7eb8a02236c9b25640503d2013f4edc7b0d35d4847dbb46d78b14d4bfa21f58bd491a9b4c9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9076d5f78f4bdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440057755" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a10e87f39f27234b8337d367a516b5e100000000020000000000106600000001000020000000433d2aca8755c7b542386392ee84d691dea90d9cad3e90f7797c58a61952d258000000000e800000000200002000000081346032f2f5afe13f724b7cdbbc3ef7c42240b55d91a2cb6049a977e6ef5d82900000003e80c37e4933aa2722743266efb14550dca3fdd43d6034b70e0295fecfd04a0edf86c16c6c59378a71d305730bc62e2e797f1aeceef953baf066c9b2f02bbd02375da2dbd1134708adbac63d8c9258584287166ff1be92cacbfcc97602f5de642c909f2f7ea9ca1baa3b243e18a2f69b310274dd1f3e28c39c0154a21ced927733bb4d43ff72f031565921957e0aef484000000095fb834ba0bc58348f66dbb1d83f3947d6263e654e4de4ed260e540b3296744298e557aa19ea353f68e4915de92ce5adb038a87541c6eca4f0ca3868b2329d61 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{08838AE1-B783-11EF-A160-4A174794FC88} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e01e56eafbd16b78ba05cf5b7fc13235_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.instantonlinecounter.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 216.58.214.169:443 resources.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 104.164.25.193:80 www.instantonlinecounter.com tcp
US 104.164.25.193:80 www.instantonlinecounter.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.200.35:80 c.pki.goog tcp
GB 142.250.200.35:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
GB 142.250.200.35:80 c.pki.goog tcp
GB 142.250.200.35:80 c.pki.goog tcp
GB 142.250.200.35:80 c.pki.goog tcp
GB 142.250.200.35:80 c.pki.goog tcp
GB 142.250.200.35:80 c.pki.goog tcp
GB 142.250.200.35:80 c.pki.goog tcp
GB 142.250.200.35:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
GB 142.250.200.35:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
GB 142.250.200.35:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 104.164.25.193:80 www.instantonlinecounter.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.146:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 23.46.73.244:80 www.microsoft.com tcp
US 8.8.8.8:53 developers.google.com udp
FR 142.250.178.142:80 developers.google.com tcp
FR 142.250.178.142:80 developers.google.com tcp
FR 142.250.178.142:443 developers.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 08995aa55af1af983a12918df36c2068
SHA1 f4f2db17c56fbbf54974e5590e1be5cd7490050b
SHA256 592c0a432787f1ea03675a28495607a2ee006780466afe1c016836ec59fa46df
SHA512 96386cd1bb1e9512c15bf27e990e07337523c7cc5bfc9b4f97f288a829d9337b9efac8842e96ec24e51a3a0ccde481a9c9cd6c7df868ce6860ff6077385f623d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 c222a44bdf6ee65ec24505e7d5330065
SHA1 ada38094aced27603949f33504be1714b0957b6a
SHA256 f555aa76d903ce970056b4f5d93448dae439ef5dee6f998907c42101509d37f3
SHA512 b4c1631ce07e34d5a9f36365cfa2031bcbb32ffadb640d33909a549680434b4ad9a3f850fb22465f664522c07bc78a07650fe9fe631433545292f27cbfd40044

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 7088d1298bd31ca1f14f36a0e35afe95
SHA1 e56ec7bd0f0a4f72861dfba990d434604541d928
SHA256 faf8884e6e1e237b45eda083e6d675f2c75a91274eca4903b1d953dfb3527572
SHA512 4fd2e5fcf36c30e4c59ee5505eac0a50a0d13fb26d9409413a3703b57efdd85d787807bb59f034bf1af3f83720129b002c16bcf6a2a3547b5685efadddd31b8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 75de656defd632840ee6280b13d5ed66
SHA1 7d5df0a1f158fbdf43a19e767707acc86466b367
SHA256 05984f0b5fc82e4ae6ec1f40cc3085d7258959abd51f707b1ff340086dd7d6ce
SHA512 bc2aba609ac0a4a774bdb071fa3814a0ebfa364399fbabb352c26e09b40c05782c769f01c46ab354a6db11960d7137bbb5e69d100401b0e6668ee237e6812f1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 c9686dca939d7c9e3408b5c609fa06b7
SHA1 ad4006926ce5d6c73c160771f5e58893dab17fe0
SHA256 3b219152a5b0942895013b120da1db8a34a32bd645805f5d3c51f4563c077dc5
SHA512 698e69e14ff9d6941d1a16df3bc1ea6b1de00aefc70bd1dda149aa71063d6a4400444f8b2c698ec3ed882a31e35c067cca18e752ecb0f198cd318173ae6c0e6c

C:\Users\Admin\AppData\Local\Temp\CabA788.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarA78A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef605e1da95f576de1bbd3efe58bb31e
SHA1 d870c7194b6e53fbd7ea2e63d9c4e8715dd9d55e
SHA256 03f0dc94836196f297d1210f8f7bd27cb4bd59da138b602e11581de31bee86d4
SHA512 8f5e4954c26b5059bbd48e5ab1250f49f88463b1ef60dd2b0d9195555b2e1715c9cddbeb32441f8e9cd18e7f7983d9da71687fc0a84ad221295505d39da8e49a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 663f372de09f08d6c68ceca4f3aa2ea5
SHA1 10ecbb1bc4f23a5700e89f78b5f9909d4866e52f
SHA256 eaa6e8dc6a003a2eff95ff3c5aebd3d2a82104cf911d50628fc6a8fa80ce6ac5
SHA512 585cd7d4f6b6f4a577e396a431d54f3e7bee4867d0c59c90902c4c78e3f3a41d5f299929f6d05796d458233e76c259d411085235d9f8bf876a0e7738950b3969

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25b0b75fe81982bb837100c8105ac851
SHA1 1320ada036f6f800d0724560f71e9e21351af42e
SHA256 266e02542ed12aa047cff1ee07e5459edf58f13413a460e1045123bfeb4136da
SHA512 8d70a4165753fa614015120664f2530321c7cbf429b80974ea935ff870f4a27532ae1a56fb109d74a8a205991928248c7c65f5ce0474b1f289e186a410104ca1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a550e89cbd4c7b758992c3d4feb122d7
SHA1 db5e2d1eca54de4b670d84176cb6fc849383aa91
SHA256 7b3e3151f6f742cd0c233f0cb1be362978eccc48e0be1b9823dba63a6d152ea6
SHA512 80b58a65dce73024eaa4d94ae3e6a588541962bea8ba9e6b15edef4190748dda62df450254ceae133c633f74823f0249984e2b6ee8f1deaa9e0bdc0acfeba41a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3341a109757edc72d1cb74d2a60fdde8
SHA1 1d189c0b43710a1d4e5a346cdf24ca7021e61069
SHA256 c6da71e387cc34923fd89efb3c943b997efcc81ecab086b4fb32ac19670a845a
SHA512 5d9e1609f02369dd1ff5adfe39ddb5d0224fd94c7a949c4eb91ea75b5b27bbb98ee1083c40c920d412d505b160c70971f0a7e50405518e1e48ad4f42b02e9930

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e09ed22aa289bf75c80cb2641a65028e
SHA1 c8926cb935cab097bfe35b09985eeb9db85a30f1
SHA256 53eff7ac42b1f15c0772bd8378bc3f2bbcb0efd716711ad67a9bce793c7a4aa5
SHA512 068e18cea37d92b78dbd0af13179a6c0d4208a8f2ec26280c976520dcceb37429c200a73239cbff06333760f1361b857fe864f5e08f113339314924c93655900

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de3d0cc3f518d1873345ab971d75e2b2
SHA1 ebcc7a830fcf62df8eb3ee95b40deff3760fb956
SHA256 95026e3fb577ee854cd2f0185c8fe336d4377c53c3fb881b5eb419a29132227e
SHA512 35c4cf6ede691ebd5d44dc6846b7a59e14a7f69cd8d38171190943398e7f5129303bc27541755bc73bb34d6fac3fcc0b5ff7bd495f9143f643369b19c99bd58d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4d8c9d36a66d7f9ba1b116faf19af85
SHA1 2e68db61e195c53a12ea6237d6ac3483a058a0b0
SHA256 ac2067c50f63a9ade4463b20f0e2a06a75daf49493c379a191a934aa8a6fb7cc
SHA512 f8bb7cda78105cf53b7403a8ab604329b0434c24931cbc33fbbd0b498b99eecf063dba09d32e8e11bdc177a0c9ba222818c0e7ae9a780568b5b554780639d9b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4b4ef5a68b244fd3c0f9060d4f4cb35
SHA1 a205192220ca3b068e14008f68d376126159790c
SHA256 5c0eeeb49e8a7e44f43b6353870e0a895b1227b3a9d764b1af0aa71bbb0f3dc4
SHA512 50dd26121fc3ea98235f9bdafcdd37ec121387d33c9231411625465bd3d2b60d1f55d375b04cbf95d24e4b243e0e723c066567126c40e09ce94f17f72e2b0e0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 522b0b229ae018ec9c9906f4205852fb
SHA1 111497304a0b57b29b4a0ffb5c39ff2fe19ca2ea
SHA256 031d82cda48b53bf5e226bcb391c317e8edad70ff03dbe722f0a30710ff2b4a9
SHA512 705d2bb70e0ae707b77d5c90bd3e934eff4fb86316c9311dc134fc4ab29dca56c8eca455a1a793de23c341d0cc0ad1132645a4df2d55e679db321d71d4eddfd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88b384acfb1954803a8ee8e3e80d034d
SHA1 d1356650bbae47b029bc40e81ede04fa8f408756
SHA256 834c6464793ce9ac6d8d297b3cd51f0d4b222c18b5f3dce8a57aa4392d520e4e
SHA512 3e4f30dc5a78aafa17c5df1b8aed804222de0fbb1514456ded0fa9fd5ea4a4ecadb81fd4f0f5e9525dafd10285c35126275636856863c0cd5b655f1d1c9e6e93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79363ac0150c12fbb7df9f917dc0c812
SHA1 c533501cb80e75bfd84eebb0dce65edec14a7bbf
SHA256 9d6ca91a14c5b97997efd39649bbb8657c0e78c8e9b24d6d219df895dae54f56
SHA512 de6b777e7f379cdf33358e326185de16d694e07f122365c4aea3a68159467811c3e3287df79a524729fe29ab0bbf0483f3dc23ce2844a5883111c17b08e20cac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc5d725f5278d74cc8377cf26b08752a
SHA1 c93db74f05f00913f13e599ea04e2684e545695d
SHA256 91ad1eae7aa9778ad30883d6857f33dc014d8f486474b1a17f6d2c876c39d43d
SHA512 f553cb51337c7f25bb3db58cefeeef13b9b3b05b8679dbd3f09859aa2e03e6eb33644213398513c371a53baaed257672024fe5137efab0519965943529f8ab9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c9400480c46da5f4381ee327024af82
SHA1 8e39717a5aafbea63c50d26cd2996ade19307c38
SHA256 8b9b0dd62b15262411fc88a2c399cb7e624e5828dde365cac0d1fd9550a0aa10
SHA512 6c891d0c8878e012b73bb21cdef2b7a1085048e7d21b5473fe2151f925f58ff3c7b50b0131597543679f38689fa862b802704cdc2efca5fcf10e8a35b74b436e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bdb7e320c29f930b124f0722c5f48e59
SHA1 74c4f8a81c0e2889a70ac998888be7f8e6cc9ee9
SHA256 1d20a1691d6198b4fd14b672f264c4d08bd25733abfb7132e6a0e1f551a2d20d
SHA512 9858759106d34f4d2685eda5a0af67a4ee18c1667fcdb0ae0dc2d2f9f9aea653ed092ecafad45150818a478e50e6bfa1b3e3680fd8b4a1a87bf8453876f4f26a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4560f249f53541da8a059364671eaf8
SHA1 92c7f85f4b6178a3695ba7d578d6b435d7c52c7d
SHA256 33397697ae9b439af8b0e7d1593b95a1c6348f95ea91e4bec581112e094c2151
SHA512 ce0ca0cee55221f34a0140b15780a0e9636e3b95cf3803e76738fe4b50c72ac81baafd35aa70242a1ae3d674b6ad6c3ed8b6115f56af4a7048dae67643a32e3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94fba81bbc5de46a4270004b23aef380
SHA1 e17769d229f10a1e4940220795b96ca0d8c67084
SHA256 ccc10aac64f05aa5abf2ab072d71a39c84e5e010eb5552930b13ba34213466af
SHA512 da627c3ef3592b47ad306d4e8f87a636aa1646ee63f50035a510681632a24f22f26b47ad6a8665d9c042d48b68aafa18bb9a6508ff03ec7dfe1d714a1a234e21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9db01449c31d91e8b63f486cf3a0fef0
SHA1 8b7b710cd84ba77afc3795c189921e8ad0859b88
SHA256 e4ae0aa56fdc924c9034a96256daece5d247673ba1e95b193c65c6e21b67eb20
SHA512 b2b294715db2efe9831bfac59848697a79fda1c448b3684731bd7e8795da250529e407a6f755f7fad16ce7917bce06a38e9ef40b294073ff5b9eaa6e46a16845

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0700ad84b87f26670e9ba6f5e868c4a8
SHA1 381ae8980f5c734f0dde28e486da4a981104a291
SHA256 ce49a2ecb6ed248ed61bbd70518c32ba27dd680f83ab02a11ec4752f970e349b
SHA512 f1dff2c5b83e919644031aff2ad93ee6de02725f4441db6b5c09bf804baea5ac34ebd799a997e85d6029bf2aeaf2afecc648c342db604509a33f6892cb3aded6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 506af44cdb4ec80a7cdf774269b04c9e
SHA1 fe8fe5bd8e358e460ea426a78b2a6183cfdc2fdb
SHA256 d083190e0477f1f9b66a81ba176bfe85c6accc89ce3bc3b274d7de49cd6430d7
SHA512 37b9c076cca951202efd34488ab2b3922c7790ed3133031c8a6fb0cdf068a406698bdb478bf4b2a724f2dd2e19f817c6770e3bc79f00acd3f3152385448da938

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0945112b362dc9ed43deb1405f4a5019
SHA1 2d1ef22d78d9579275d1ebc4ce1ba8f5db9f9a8f
SHA256 01d55ba643163d1107fa8bd1e28002ac795c95215785a73741b95697b82e1e3c
SHA512 28f45f883eb3c4d78e7a7c4e635b2d25f68be0abc4adf6d007e874c1ef54d12dbe457d9e90f89559a8aaaffe98c7515332b3e97a06b2448d0bb1e9d57bba6949

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c610f5b7bc4a56a8a44cec8a01a58f59
SHA1 648659d38daf4833660dbd5c1a386a48a2980e80
SHA256 31691feb2e3a4bebaadf53707b22acdabdd8f8c96e9a81e4488473151877c397
SHA512 1bae3a9928238020da764f6ab24001707b677f6a614833d5c2d48b9adc6f5ee680fce4c5ffa96689aa066e89262a43bdf26d429b2d51bfbc76e9c2d6a57cc816

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa33cfb47fac08cf7ed8084c5971f528
SHA1 e34cf1346a72a9eaddfde301dcf5a5bba7799399
SHA256 71f02aab3e0c8e83ff7ab26e51e941b77fc5822ce10c5f04fd6aa118d1d7f854
SHA512 e77ed8ebb78bcc7c7cded157f36472ab17ed54c83db2a15ea3297dc0f0d12a26b2ca34169c10890978e0e8ff8f62f044af778c2ec2c6ba256adbb5bc63bd97cd

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-11 05:44

Reported

2024-12-11 05:47

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e01e56eafbd16b78ba05cf5b7fc13235_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2152 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2152 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e01e56eafbd16b78ba05cf5b7fc13235_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8895a46f8,0x7ff8895a4708,0x7ff8895a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3124 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.instantonlinecounter.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.178.14:443 apis.google.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
GB 142.250.180.9:443 resources.blogblog.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 104.164.25.193:80 www.instantonlinecounter.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 104.164.25.193:80 www.instantonlinecounter.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
GB 142.250.178.14:443 apis.google.com udp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.180.9:443 resources.blogblog.com udp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 142.250.180.9:443 resources.blogblog.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.200.34:445 pagead2.googlesyndication.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.34:139 pagead2.googlesyndication.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
NL 173.194.69.84:443 accounts.google.com udp
US 8.8.8.8:53 drleemind.blogspot.com udp
FR 216.58.213.65:80 drleemind.blogspot.com tcp
US 8.8.8.8:53 65.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f426165d1e5f7df1b7a3758c306cd4ae
SHA1 59ef728fbbb5c4197600f61daec48556fec651c1
SHA256 b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA512 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

\??\pipe\LOCAL\crashpad_2152_TGNKZXKLEJORJMAE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6960857d16aadfa79d36df8ebbf0e423
SHA1 e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256 f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA512 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 472f3feb2aed93a69772cc09c7d57cc3
SHA1 a7a146ce085f6b7d294162e461589d0fd049169e
SHA256 eaf2b54c1086805ae25f67346ee927b75b681a0561a473b22bcafcb5b289dea7
SHA512 712d749a2ffcd15d8c697b1158fdf397798b751905833dc418130db6cf7bd4fbdb1cc25a5a342cdbcd746d6a21b5c2fcef040fd408cff2a841f8180d549ee10a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d2e1a68a8d49db7de03667b879fbd825
SHA1 b4c43087b65022db8084ea52aee6eee64705ca7e
SHA256 a5edbe6b911c21d7cfde49cb8f7b3987e441254b4b2272772fd8fbf5dc6b5f3a
SHA512 8e1502523ffd5d9d102550a231c0cc8a72352febca41bc5226d88ae26bc26801da157a129927af7fb6d84445583adcb6a1fc7e55beff76d9904da01b69e72d54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 612b462cfaa4f0a766b620819357ac5e
SHA1 0c504e84ebe7ca2daff75ccdf2f640459285f2a7
SHA256 f02907ca55937db9965f49f0aad9de2add126ede1816e4bc7fb5fba03b8331be
SHA512 16fd686ab9c5a2438dbecdadc416f29221aad1ff06ab59f925cf9ec5ffffdbcb1afe1c2dc3546e4d9fcec5444e1680bc019e1bf85322eea2fa5fc1572b9c5ba3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e50a680b9ebbae5afcf9ac888d101c8f
SHA1 e5a32daa600204a1908687bce06d080082e54675
SHA256 e4d5cb020a320082c5fa6bd43076884bce261befa1fc4e783744a163a5764cea
SHA512 cf466fc4a5a40fac04b67f8a67dfab218ad34ba8073ab48f5a04257319270b8c038ce93a0f89f031a718f7dd15025db3b2d44399f1745581ac83a02624d2e484

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 deaf57a563f10a8812975ee344526a02
SHA1 3f8e6784b89c0c807c32d80f0632d40ca177c3f7
SHA256 75733b21f96ffa16ba9abf0f94b1113fc9727f50c86d85c95bd2aafc3dd16356
SHA512 22701cf42eacc0ea7e9d7c2ccb6f0af5f9bf66ac4ce26a87d6a5f285f3314487a50bee52797527c9c5716f546ec8b020c12a7c935a359e0009f9896baf97691d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583311.TMP

MD5 d2bc792962b58d1d41ab5b04089f8118
SHA1 c6a99c509ef82cb93df4844ddc0c199a68e3468a
SHA256 c0f6642afd8cd19ce3576135ff1b462fca450c1c86be720f73c4d10cb846100e
SHA512 fc6ed85293abab14d0032ca1eeb4daf84c0b5cc72b4002d8dda36b23c11ca054472a58ee5c818857255d5061b7f17222553dfc422b31e38cfe0194d65ecc74c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ffd38e1e934b4395828204f070dfd029
SHA1 405069e2adf0f6fa59cd005b09ed59869eb8c1a7
SHA256 aef7209b6583d723f78dd10738e9c74fcb09210a8ff0ebbb7560260973c65778
SHA512 fdc0606a84eff58bd093fc6f436eaf646cad42f53971ac7a7cb434da5221d52093f24374ddb9746740df94f3383e1f1a639210e7d770b15c9558e33c67ae7ff4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6f9731cbf621e101fb4b529308900062
SHA1 f2ef1b52debab5670ec7423a60e1e579ff8838f9
SHA256 51ab93667c3603b39b4367c2b4ecc668785b193f621bef53cc1eeb8316201b7d
SHA512 abd8cf3110140b85a387a1d68106356349b4616f3dd2800f5380999958c23cafcad331488ae4879b895e80bb58cf8f0248177057580a15d9449fa0b0d86385f7