Malware Analysis Report

2025-04-03 14:22

Sample ID 241212-e8th2a1lav
Target e4b887466aeeb4ac3f00e2f6451f95ad_JaffaCakes118
SHA256 c2871c94a54231837659e4a383d0d1b538058676c6791bb8b2db6dab9fe8f1c8
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c2871c94a54231837659e4a383d0d1b538058676c6791bb8b2db6dab9fe8f1c8

Threat Level: Known bad

The file e4b887466aeeb4ac3f00e2f6451f95ad_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-12 04:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-12 04:37

Reported

2024-12-12 14:22

Platform

win7-20241010-en

Max time kernel

144s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e4b887466aeeb4ac3f00e2f6451f95ad_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2E529791-B894-11EF-ACA4-66AD3A2062CD} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440175073" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e4b887466aeeb4ac3f00e2f6451f95ad_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 dl.dropbox.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 rimuito.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 img580.imageshack.us udp
US 8.8.8.8:53 ri-man.com udp
US 8.8.8.8:53 www.mundodomanolo.com.br udp
US 8.8.8.8:53 static.minilua.com udp
US 8.8.8.8:53 tadezuera.com udp
US 8.8.8.8:53 www.arreganho.com udp
US 8.8.8.8:53 www.eutesalvo.com udp
US 8.8.8.8:53 i.imgur.com udp
US 8.8.8.8:53 img5.imageshack.us udp
US 8.8.8.8:53 img526.imageshack.us udp
US 8.8.8.8:53 www.geralinks.com udp
US 8.8.8.8:53 www.fake-true.com udp
US 8.8.8.8:53 apis.google.com udp
FR 142.250.201.170:80 fonts.googleapis.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
FR 142.250.201.162:80 pagead2.googlesyndication.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
FR 142.250.178.138:443 ajax.googleapis.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
FR 142.250.178.138:443 ajax.googleapis.com tcp
FR 142.250.201.170:80 fonts.googleapis.com tcp
FR 142.250.201.162:80 pagead2.googlesyndication.com tcp
FR 142.250.179.97:443 lh4.googleusercontent.com tcp
FR 142.250.179.97:443 lh4.googleusercontent.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
FR 142.250.179.97:443 lh4.googleusercontent.com tcp
FR 142.250.179.97:443 lh4.googleusercontent.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 142.250.179.97:443 lh4.googleusercontent.com tcp
FR 142.250.179.97:443 lh4.googleusercontent.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 162.0.233.181:80 rimuito.com tcp
US 162.0.233.181:80 rimuito.com tcp
US 38.99.77.17:80 img526.imageshack.us tcp
US 38.99.77.17:80 img526.imageshack.us tcp
US 199.232.196.193:80 i.imgur.com tcp
US 199.232.196.193:80 i.imgur.com tcp
US 38.99.77.16:80 img526.imageshack.us tcp
US 38.99.77.16:80 img526.imageshack.us tcp
US 104.21.80.39:80 www.eutesalvo.com tcp
US 104.21.80.39:80 www.eutesalvo.com tcp
FR 142.250.179.78:443 apis.google.com tcp
US 38.99.77.17:80 img526.imageshack.us tcp
US 38.99.77.17:80 img526.imageshack.us tcp
FR 142.250.179.78:443 apis.google.com tcp
US 104.21.51.101:80 static.minilua.com tcp
US 104.21.51.101:80 static.minilua.com tcp
US 172.67.166.126:80 www.geralinks.com tcp
US 172.67.166.126:80 www.geralinks.com tcp
US 172.67.182.236:80 www.fake-true.com tcp
US 172.67.182.236:80 www.fake-true.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
US 199.232.196.193:443 i.imgur.com tcp
US 104.21.80.39:443 www.eutesalvo.com tcp
US 172.67.166.126:443 www.geralinks.com tcp
US 172.67.182.236:443 www.fake-true.com tcp
US 8.8.8.8:53 minilua.net udp
US 104.21.24.195:80 www.mundodomanolo.com.br tcp
US 104.21.24.195:80 www.mundodomanolo.com.br tcp
JP 202.254.234.69:80 ri-man.com tcp
JP 202.254.234.69:80 ri-man.com tcp
US 104.18.22.114:443 minilua.net tcp
US 104.18.22.114:443 minilua.net tcp
US 104.21.24.195:443 www.mundodomanolo.com.br tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 fake-true.com udp
US 172.67.182.236:443 fake-true.com tcp
US 172.67.182.236:443 fake-true.com tcp
US 8.8.8.8:53 images.paraorkut.com udp
US 8.8.8.8:53 download.ultradownloads.com.br udp
DE 185.53.177.53:80 images.paraorkut.com tcp
DE 185.53.177.53:80 images.paraorkut.com tcp
US 8.8.8.8:53 www.arreganho.com udp
US 104.21.64.111:80 fake-true.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 23.192.22.93:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLHRIIGD\mundodomanolo200x50[1].htm

MD5 0104c301c5e02bd6148b8703d19b3a73
SHA1 7436e0b4b1f8c222c38069890b75fa2baf9ca620
SHA256 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
SHA512 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

C:\Users\Admin\AppData\Local\Temp\CabEF60.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 84525ac2c52cedf67aa38131b3f41efb
SHA1 080afd23b33aabd0285594d580d21acde7229173
SHA256 ae524d9d757bed48d552b059f951ffd25a7d963ae44a554cb1f3a9641e524080
SHA512 d898b0913b4005bbbf22a5457ad1e86345860868bc2e53187ad8267c07824d592160a27d850978ebfe78392db784fffb80b73e27418d3a71708383d738ea1d57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 45a68b581f8619baf8153bb3d0278d1a
SHA1 1e136146f56cdd6d831aa3fdf75399b0cbb1622a
SHA256 2a5db664e077bb6c8623540a765cdb1f63a823d3154758eb4a5913ac8c2eb468
SHA512 75679dece7bc3a8ca96ba9103360c08f2d8ca801e7f47da25c142a93d443a1dc9ca28f4d954cf3fe85e70fe277dbdee80682c10bbc14dc6541e84e3d5724e69c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 8251befb003a912432b94bcb509f0b35
SHA1 86cdd4ac89adc6faf575d850d1593e8fc005960a
SHA256 bf9e79638a8c4097bebaf8045b4d17fc45364fd4a219375af80d44bdc4d01adc
SHA512 a18af807d433b43543fa2aea53bef3836dd334815b9195da57d6725ca11c06037e2381a1d66e352b3caf7808d0e466a8c490cace2d9c5d138930d6ffee2b2b10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 14df3c82b90bd26f179b6c957ea151e1
SHA1 bd7aa94511d7471c2513602817cd8ed1b69ad1d5
SHA256 5820202752bbbce9f739d097040b9dde0513d529ff63542753aa3377f5973844
SHA512 98d388d7ac28bd4e3237aabf371795fdbf829bc561a611b630d2622fd719918c0db5158d77bf43364ef43d951dd12bfb5fdf2e4c83d563857503269fe3cb4bb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 67e486b2f148a3fca863728242b6273e
SHA1 452a84c183d7ea5b7c015b597e94af8eef66d44a
SHA256 facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb
SHA512 d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e

C:\Users\Admin\AppData\Local\Temp\TarEFE0.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 c56d187c4c6b7a0be6d3edea4b3cff8d
SHA1 f02fa625e5de997cb5a8f717ea246d64d98164f0
SHA256 374ca81020ca6709ed05dd84820894b9bf1cadd709ff60d5bfaca05be80010b6
SHA512 5f3cdb033ef0645d9d1fa6283de0543c02eabbb148999d9bf20a9180727b8e46472fd936289871e27c2c7ee05a485a7fc5fdd830e608915fc173428e40e3499d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 4ee011fd7bdbba65352272f6ee9b2d2c
SHA1 4def834feaefb4d429c3f3d845df4b916cfdb490
SHA256 6050a9a9833770163472d9051639ab69d8e01d1358e152b5b0cfa72441fac022
SHA512 9301552ee69cd0dcec061281ee85713febb890ede519fdca6e53e03b72ee580179c5f36fcb0b42b53d5dd95054258925049d72cf36414b3652493ff5c0d82bbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

MD5 971c514f84bba0785f80aa1c23edfd79
SHA1 732acea710a87530c6b08ecdf32a110d254a54c8
SHA256 f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895
SHA512 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 6b57a63489d90ec35afd4b177b61cfc4
SHA1 e9a68bd4fe22cd70ba58da9a91e32f14f5b80315
SHA256 b48ec8bf5a4cfc00afe1917f9d7902486ea8b64674678ae601cb4ad071b52b7f
SHA512 a33d2dbd29dbd7ea6e0696892d9c9264ea8a887953299f5583be720d66126c860ef1579869e3e5daeb0fea41970539836e0a5c4ab32b6852f9e3d9815d3b6633

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC

MD5 68f1dd7fef931519440b33f9821783ce
SHA1 4586473ba92c8aeff0542ba35572ba781db711a9
SHA256 f25478c23cc6e499c73656099450436f97956324274f395bb04c3824128a96e4
SHA512 e6ba2e8878872df774d8d9f95d8a9e07f23e1aac37c96ad06e7c581f02c1ba2c33847104f19a453407aaf438ecab80601d7f00b0e6a53b694eb225ae091ba943

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC

MD5 ca361bfd955bea9fe3130efcd826c004
SHA1 ab709d7c6b0448c9aa866ac84b16ea58a47b17e6
SHA256 3bd99c7720f460fd14398ed5a4d3a015aa8f1ed8eeaf049a8696277ba1003611
SHA512 62372ba153d07acfcb6a78222460cf691ee39a10d0f72f8765f519c2f997f2ed252a1c24da88eb015ac249e40f390be1ca93ef31c47a992f56a73cd39e42d14e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 304c3265f8e4df9f39b615241de06094
SHA1 b5edeaa18fc1122124bda088bbfe9a61c40b5d19
SHA256 b2b250b0e17ec655e27657b802062b2edd10484fabaf812d14b4caef3d3f057e
SHA512 5f48513065974cb859512b7ee4611b5f3e0e90cda91ded5be52abdb2ccb284b8466601d698962547a17f2605033a0c8f07d129257ab87c33c6dbfbc72118d6b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 f0fd97a972b84ca9165bb2e1aa17dc99
SHA1 af5535c1b42a9ceda8435e72d9d65905686dde54
SHA256 05b017225f51b7f2f2dbd511039c30a650cf44a6cf01af2a2f095d847e4c6157
SHA512 49a1b299b288477bb27f85df9804e784c42b56e35094b8b09e0dffe7f892ae749dcc04a1b9ed701ee7b618e2aaf11173562195e5f5d5f80c21182ec193aaf4ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e23a73163ca01be5898b2bec7afa93c3
SHA1 f557afa0cb4376ebd4e01936bec7cc0cb55089fd
SHA256 2f0ef819f7883287eeef137a3977410f96b5d8a3cf33a5eefe279a5e1e67c4ce
SHA512 809f080a3ac417213795d7f1fa8d20e0adc7aff621ed5539d6332ca102e8ab937798be33875e90dae8e01fee2220fb2af66f46d80c6173cef0ecfc7cb0f1b298

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0189f1421804410d924b2cb90d6b1460
SHA1 ff5ae041169523a2fd4691eff3a17bb542a31a7a
SHA256 ebdea1cff5c5b5f7919469e60895422fdf6e1b8fd45be81813323404221a649e
SHA512 7240e92f58966a13e99102e3c924cf98f092d13485b93cb9024a57765cf4b8e29e869b7d35e33829f7d7efae081d4bc51c8a48a4e3b5c9b0e0e16db309752b61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55d2893abd6c23a49e69d2e9a60d230b
SHA1 6eee34f37074a869cade9a4f11ce905984161709
SHA256 70bb4bf64f948d17f36119c0a34718ec69fef547bdc28f7e32863cc0a1182ae6
SHA512 d36aecfb39fec4fa0ea53aa1c64d2911c194bc44f073e42fa56437eef9dd73e433faed80582897669c0dd7f2c7c0cb4af49d398f2b15046219c877c054cff9ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da0a0afa720ecf970c54a3d08c64580c
SHA1 4b83100773f25f7b0e836714b18db97afd94747c
SHA256 91067e1f5a3af741c0992986bdadb16fe27265ceed92420985b3fb3f5728e624
SHA512 261a37dfe56e28ad28743c3ff2c1a05aff19d8672a1ec881d9e71a30a2ca25399339311df0c51860c459e9456e7b73e564807112a51962e29137cdbff7451923

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75ab9d371ed8d11644ec7a8099bcd317
SHA1 f120c9006cc246c4bd65b906ee9b483a2560295a
SHA256 3aff6a40d344f3dfa36d2a8c00769d624fdfc6b44e6f6358b50426b41f14dacc
SHA512 3aeadcd95d87475756ad723532d199d0cb3cd516a2647ec7e7887177968af6bb8d970e8ead7bdf364269055b03141c91b6ebc5a3ffb3ba275f1b29e18a3d892a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 f269890148a7cc048ee3dd4a6d65b10a
SHA1 dafd874116ad815964a58fe7d9e609d0694f01a7
SHA256 a0fd47e0a2ee7a9f51a3043f04f477bb36c18e24dbfac561f51cadd8b5a60f90
SHA512 36f69d314609bff25e8eee0d12b265d044d12221908a2d5ddba01a0cbea23e288c6191137eca4073018ca5d8cc82eaaf745d7c404429c9d0fc14c3475a1a4098

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74887bc73600028a7d7a3737db42738e
SHA1 f480d1fd8d3e561412a3c07598fccddc53ee2003
SHA256 d6052e86843dd60aa4c95f12a935cfd2202f6b844cf451be95d374e0099db454
SHA512 910acedc78aafc946a24d222feb1567f5227cb5b54ad488636415ce7cfed725b5fd1f30a0387bfb9183e9cf78425e4d679fe12fe702b4b4fdb5d6ea88ab81535

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42e05ce5d7216d9a39e4cf5c32ee02f5
SHA1 7931b2d1e0cb9a1bac49f39c68d1f50d16c81ff6
SHA256 34a03f5f673f2895a2aae3f5b53d0093e9e92064b10b8354a7371778953ebc18
SHA512 e2c1e4c5f6f93795ff02e46889201b45c3300a91f5c3fcabe340eb3ef23692ebfd3ee360dc5cdd2e3edae03e5c0d1607f322d60980e43e6c3d44e50a2b368e68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a54c9a9b151de7fd61590ae78e481342
SHA1 a0275260d58a38cf6547b13923c2c9aba990d32e
SHA256 4b15fc418f165f1b7654f9de08e430f4e39301e2060e174653db89c4968d64f9
SHA512 c375c1622e3792ef6cc2e39c84aeb11f83c116549d99140a6b62d40b83f1ec33f83a13e1f17b4531969ad926d431f98a48bc06c18962e516f011eb09b6cbc818

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df3f0a07023ef47cda7939e1d028e4c3
SHA1 e89cb55ca69296ff6676c832bbde246db33b4f58
SHA256 303b2b38ccfbbf084cc389fbc4a03b472403e5604cd11553c8bce640896e1da8
SHA512 2a16369c272285d35f87055ce5e2c52f1b03fcac10177050af057796f01c92dcf690e40c89fd6afdcd30a81ab41b4bf341b53dd03473259eb2aec3737f5864c8

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-12 04:37

Reported

2024-12-12 14:22

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e4b887466aeeb4ac3f00e2f6451f95ad_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1956 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1956 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e4b887466aeeb4ac3f00e2f6451f95ad_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffabf6646f8,0x7ffabf664708,0x7ffabf664718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,8931445185380776302,13484089225643304932,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,8931445185380776302,13484089225643304932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,8931445185380776302,13484089225643304932,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8931445185380776302,13484089225643304932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8931445185380776302,13484089225643304932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8931445185380776302,13484089225643304932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8931445185380776302,13484089225643304932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8931445185380776302,13484089225643304932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8931445185380776302,13484089225643304932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,8931445185380776302,13484089225643304932,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1324 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 dl.dropbox.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.201.170:80 ajax.googleapis.com tcp
FR 142.250.201.170:80 ajax.googleapis.com tcp
FR 142.250.201.170:80 ajax.googleapis.com tcp
FR 142.250.201.170:80 ajax.googleapis.com tcp
FR 142.250.201.170:80 ajax.googleapis.com tcp
FR 142.250.201.170:80 ajax.googleapis.com tcp
FR 142.250.201.170:443 ajax.googleapis.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
FR 216.58.215.33:445 lh3.ggpht.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
FR 172.217.20.163:80 fonts.gstatic.com tcp
FR 216.58.214.169:443 www.blogger.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 rimuito.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.mundodomanolo.com.br udp
US 8.8.8.8:53 images.paraorkut.com udp
US 8.8.8.8:53 ri-man.com udp
US 8.8.8.8:53 download.ultradownloads.com.br udp
US 8.8.8.8:53 img580.imageshack.us udp
FR 142.250.179.98:80 pagead2.googlesyndication.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 142.250.179.97:443 lh3.googleusercontent.com tcp
FR 142.250.179.97:443 lh3.googleusercontent.com tcp
FR 142.250.179.97:443 lh3.googleusercontent.com tcp
FR 142.250.179.97:443 lh3.googleusercontent.com tcp
US 38.99.77.16:80 img580.imageshack.us tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 142.250.179.97:443 lh3.googleusercontent.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 162.0.233.181:80 rimuito.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
DE 185.53.177.53:80 images.paraorkut.com tcp
US 8.8.8.8:53 static.minilua.com udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 170.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 15.64.125.162.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 98.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 53.177.53.185.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 104.21.51.101:80 static.minilua.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
JP 202.254.234.69:80 ri-man.com tcp
US 8.8.8.8:53 minilua.net udp
US 104.18.23.114:443 minilua.net tcp
US 8.8.8.8:53 tadezuera.com udp
US 8.8.8.8:53 www.arreganho.com udp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 172.67.220.32:80 www.mundodomanolo.com.br tcp
JP 202.254.234.69:80 ri-man.com tcp
US 172.67.220.32:443 www.mundodomanolo.com.br tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 www.eutesalvo.com udp
US 8.8.8.8:53 i.imgur.com udp
US 8.8.8.8:53 search-blogger.com udp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 104.21.80.39:80 www.eutesalvo.com tcp
FR 142.250.179.78:443 apis.google.com udp
US 199.232.192.193:80 i.imgur.com tcp
US 199.232.192.193:443 i.imgur.com tcp
US 104.21.80.39:443 www.eutesalvo.com tcp
US 8.8.8.8:53 developers.google.com udp
FR 142.250.178.142:80 developers.google.com tcp
US 216.239.32.21:80 search-blogger.com tcp
US 8.8.8.8:53 img5.imageshack.us udp
US 38.99.77.16:80 img5.imageshack.us tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
GB 74.125.71.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.search-blogger.com udp
US 8.8.8.8:53 img526.imageshack.us udp
FR 142.250.178.142:443 developers.google.com tcp
US 8.8.8.8:53 www.fake-true.com udp
US 8.8.8.8:53 www.geralinks.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 104.21.58.245:80 www.geralinks.com tcp
US 38.99.77.16:80 img526.imageshack.us tcp
US 104.21.64.111:80 www.fake-true.com tcp
US 104.21.58.245:443 www.geralinks.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 142.250.201.162:443 googleads.g.doubleclick.net tcp
FR 142.250.179.99:443 ssl.gstatic.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.22.75.171:80 widgets.amung.us tcp
US 8.8.8.8:53 16.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 181.233.0.162.in-addr.arpa udp
US 8.8.8.8:53 101.51.21.104.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 114.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 32.220.67.172.in-addr.arpa udp
US 8.8.8.8:53 69.234.254.202.in-addr.arpa udp
US 8.8.8.8:53 39.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 193.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 84.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 245.58.21.104.in-addr.arpa udp
US 8.8.8.8:53 111.64.21.104.in-addr.arpa udp
FR 172.217.20.179:80 www.search-blogger.com tcp
FR 172.217.20.179:443 www.search-blogger.com tcp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.74.171:443 whos.amung.us tcp
US 8.8.8.8:53 99.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 171.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 179.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 171.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 lh3.ggpht.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
DE 185.60.217.28:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
DE 185.60.217.28:139 connect.facebook.net tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
FR 172.217.20.194:445 pagead2.googlesyndication.com tcp
FR 142.250.179.98:139 pagead2.googlesyndication.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 61cef8e38cd95bf003f5fdd1dc37dae1
SHA1 11f2f79ecb349344c143eea9a0fed41891a3467f
SHA256 ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA512 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

\??\pipe\LOCAL\crashpad_1956_XBMRYVPVBIKNSKEP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a9dc42e4013fc47438e96d24beb8eff
SHA1 806ab26d7eae031a58484188a7eb1adab06457fc
SHA256 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a860ad6ba40575d47cc64a38e0a014a9
SHA1 585b70cfb85b63363fe0d5ba5efb6ac516443eb8
SHA256 c0cf7ff876afd837fe690421a62604c736a65583105b90c1d7730d3fce4b700b
SHA512 5930b212018b1e8b6684087439e9e3235762af498faed7327b64bd5ffea37aa68b8f9a8c67c80f545a4ba59febc3152cea8e8d8a63c844f2c78f0054a37dc277

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 9631c594f55c395f07b12046cb8fbf9d
SHA1 cd6532d1689166c19477923c73083eaaf8cd21e3
SHA256 a56a5d0f5f612bd39fb02fa1ff7a721a33fcb841f40c48757381b3b7c4a25726
SHA512 5d3bada46dbc583755c279b5ff3c155e15f16d51b6522752ab289bdb62b71abe1d91def5733ef7e77fc01d127508d07e2c67e731bde26a478c4780c8918ba105

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d92d7fe1255329456113f6f67b2ebc03
SHA1 703f079b43e81d81b2c92fd8e1b7c143f756842e
SHA256 09cb1963f65ea976807f28ecde64905f3cfc4ccc05adf8c70c7bb6380a0ec375
SHA512 312a1e57e69a6018734a394fa279c41c2097e027487b3863710926c8abb2faf8753696c5e2b9c3ae5b6d5364961f238eee13e5ae8103583fec97fa705fabffee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7f04cc9dbd408287718e6e8e2ea1735d
SHA1 7f7fedf0a74c2dc4a425ed129817c18d417b332c
SHA256 69411a53e6138c7a5232016deee711955ae59e7cd05e8ed12d0c0cd2b100cb8a
SHA512 61270dcd979d5f805f1130bdf659512bca8aec568eeb22b2119c011101b222e073c864d94acae0950963f340f7d44e2cf6e75dfb7465f62325eb8b57ad4f44be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3def770f03876918d8a143d925aa91e4
SHA1 02f6f0b02545d1cfde8172446acbe7ba21a07f53
SHA256 d878c5c170e8c077d75dbdc9f7f30bb18750f4955f9028770fa50f6e295399e6
SHA512 6297e4c34fef23464bc86462185932e2852118d9c40865d97ceb36769f16fa6459ec92e08f4e365079842b4188ff8d78f317ddff8c3a6e2801316081213698cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4c9008c5c823d31c502e81cae7f499bb
SHA1 f1727f6b437750b803a03d4521592524a2c68752
SHA256 b41e8a97b8b338c0403576cea267a7f7090898b96a3b1fa18b9c4cbbb34ec7b2
SHA512 95c41bb173d57cc9a1d816eb0dd42f2185c8243f3f0f362cb54008436332e118bcda5bc2f8b3fdcc0806005c12809324f862d2e5972b4793bf8863ec6c1d5bf5