Malware Analysis Report

2025-04-13 11:37

Sample ID 241231-dyhhcavnaz
Target JaffaCakes118_0281a2f7419cd613c60370154e374cc3
SHA256 7944024b4ef619e094c1d49e8c9a494c371d8d89a882937f64ed4290eacad685
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7944024b4ef619e094c1d49e8c9a494c371d8d89a882937f64ed4290eacad685

Threat Level: Known bad

The file JaffaCakes118_0281a2f7419cd613c60370154e374cc3 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-31 03:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-31 03:24

Reported

2024-12-31 03:27

Platform

win7-20240708-en

Max time kernel

121s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0281a2f7419cd613c60370154e374cc3.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441777361" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CC58D851-C726-11EF-BD41-DEC97E11E4FF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0281a2f7419cd613c60370154e374cc3.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 img851.imageshack.us udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 img52.imageshack.us udp
US 8.8.8.8:53 img27.imageshack.us udp
US 8.8.8.8:53 img696.imageshack.us udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 img215.imageshack.us udp
US 8.8.8.8:53 img268.imageshack.us udp
US 8.8.8.8:53 img143.imageshack.us udp
US 8.8.8.8:53 img297.imageshack.us udp
US 8.8.8.8:53 img.baixeturbo.org udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 img339.imageshack.us udp
US 8.8.8.8:53 img703.imageshack.us udp
US 8.8.8.8:53 img151.imageshack.us udp
US 8.8.8.8:53 img242.imageshack.us udp
US 8.8.8.8:53 img42.imageshack.us udp
US 8.8.8.8:53 img8.imageshack.us udp
US 8.8.8.8:53 img16.imageshack.us udp
US 8.8.8.8:53 img838.imageshack.us udp
US 8.8.8.8:53 img253.imageshack.us udp
US 8.8.8.8:53 img20.imageshack.us udp
US 8.8.8.8:53 img25.imageshack.us udp
US 8.8.8.8:53 img19.imageshack.us udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 img844.imageshack.us udp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.16:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.16:80 img844.imageshack.us tcp
US 38.99.77.16:80 img844.imageshack.us tcp
US 38.99.77.16:80 img844.imageshack.us tcp
US 38.99.77.16:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.16:80 img844.imageshack.us tcp
US 38.99.77.16:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.16:80 img844.imageshack.us tcp
US 38.99.77.16:80 img844.imageshack.us tcp
US 38.99.77.16:80 img844.imageshack.us tcp
FR 142.250.179.78:443 apis.google.com tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 38.99.77.17:80 img844.imageshack.us tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 38.99.77.16:80 img844.imageshack.us tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.214.74:80 ajax.googleapis.com tcp
US 38.99.77.16:80 img844.imageshack.us tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.74:80 ajax.googleapis.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 38.99.77.17:80 img844.imageshack.us tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
NL 82.192.82.228:80 img.baixeturbo.org tcp
US 38.99.77.17:80 img844.imageshack.us tcp
NL 82.192.82.228:80 img.baixeturbo.org tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 38.99.77.17:80 img844.imageshack.us tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 38.99.77.17:80 img844.imageshack.us tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 142.250.179.78:443 apis.google.com tcp
US 38.99.77.16:80 img844.imageshack.us tcp
US 38.99.77.16:80 img844.imageshack.us tcp
US 38.99.77.16:80 img844.imageshack.us tcp
US 38.99.77.16:80 img844.imageshack.us tcp
US 38.99.77.16:80 img844.imageshack.us tcp
US 38.99.77.16:80 img844.imageshack.us tcp
US 38.99.77.16:80 img844.imageshack.us tcp
US 104.22.75.171:80 widgets.amung.us tcp
US 104.22.75.171:80 widgets.amung.us tcp
FR 142.250.75.226:80 pagead2.googlesyndication.com tcp
FR 142.250.75.226:80 pagead2.googlesyndication.com tcp
US 38.99.77.16:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.16:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 img2.orkut.com udp
US 8.8.8.8:53 26-1.blogspot.com udp
US 8.8.8.8:53 img560.imageshack.us udp
US 8.8.8.8:53 img524.imageshack.us udp
US 8.8.8.8:53 img543.imageshack.us udp
US 8.8.8.8:53 i44.tinypic.com udp
US 8.8.8.8:53 i43.tinypic.com udp
FR 216.58.213.65:80 26-1.blogspot.com tcp
FR 216.58.213.65:80 26-1.blogspot.com tcp
US 38.99.77.16:80 img543.imageshack.us tcp
US 38.99.77.16:80 img543.imageshack.us tcp
US 8.8.8.8:53 www.google.com udp
US 38.99.77.17:80 img543.imageshack.us tcp
US 38.99.77.17:80 img543.imageshack.us tcp
US 38.99.77.16:80 img543.imageshack.us tcp
US 38.99.77.16:80 img543.imageshack.us tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
US 38.99.77.16:80 img543.imageshack.us tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 38.99.77.16:80 img543.imageshack.us tcp
US 38.99.77.17:80 img543.imageshack.us tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
US 38.99.77.16:80 img543.imageshack.us tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 38.99.77.16:80 img543.imageshack.us tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 38.99.77.17:80 img543.imageshack.us tcp
FR 216.58.214.169:443 www.blogger.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 38.99.77.16:80 img543.imageshack.us tcp
US 38.99.77.16:80 img543.imageshack.us tcp
US 38.99.77.16:80 img543.imageshack.us tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 38.99.77.17:80 img543.imageshack.us tcp
US 38.99.77.16:80 img543.imageshack.us tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.214.74:80 ajax.googleapis.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 38.99.77.16:80 img543.imageshack.us tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
NL 82.192.82.228:80 img.baixeturbo.org tcp
US 38.99.77.16:80 img543.imageshack.us tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 ivisitas.blogspot.com udp
FR 216.58.213.65:443 ivisitas.blogspot.com tcp
FR 216.58.213.65:443 ivisitas.blogspot.com tcp
US 8.8.8.8:53 blogger.googleusercontent.com udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.75.171:443 whos.amung.us tcp
US 104.22.75.171:443 whos.amung.us tcp
FR 142.250.179.97:443 blogger.googleusercontent.com tcp
FR 142.250.179.97:443 blogger.googleusercontent.com tcp
US 104.22.75.171:443 whos.amung.us tcp
US 8.8.8.8:53 www3.cbox.ws udp
US 108.181.41.161:80 www3.cbox.ws tcp
US 108.181.41.161:80 www3.cbox.ws tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.80:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 23.46.73.244:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\600px-Feed_Icon_Bl-Or2[2].png

MD5 d75339be22af589565c767de9c8b83e3
SHA1 55f480ebc8615dfd21b0e394fc6fc20b60111c2d
SHA256 c93aa4d94342a058e7a257771cae2bb787231b25df4c49cfb00f1386dd1645e7
SHA512 de09168dc6882cb38a0ea1b2deb7ce31e871d524fb4b53d20bdf71d33a37cc5fd6c4b51939d99b7a9de196387de71dc06ce28d2485e37bc8b95be6dc511bedfa

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\botao parceiro[1].gif

MD5 e772d00ef47d6985fab47e5b71266a92
SHA1 c003e0d5ecd4b685dbe64a622eb71d63931717d8
SHA256 74234dc985561d315ba466a4e0a6c2263df8c79458af8fe6577eecc6838947cd
SHA512 e8a715addcd55dbf6bc27d4a7e95c3aef4ff8e2495aaca6891df2aaedc00235c5f0f411e373922f5098027bfb3440ec114125dec7b67b65ea0ee14b44b68261a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\55013136-widget_css_bundle[1].css

MD5 e3f09df1bc175f411d1ec3dfb5afb17b
SHA1 3994ec3efe3c2447e7bbfdd97bb7e190dd1658f9
SHA256 1a2eca9e492e3a21e02dd77ad44d7af45c4091d35ede79e948b7a3f23e5b3617
SHA512 16164d66d452d7d343b1902fe5b864ffdee42811ee90952cbfe9efa9847c58c0403f944c8e29db2bc2384ccd516b629cb8765e5e51de37da6efd75962cf82530

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\platform[1].js

MD5 da179f14fa23524b7a46d44fdf71eb47
SHA1 238c5064c2139e8a754cf74e44ea46ab4db5ebf8
SHA256 0d205e3611c526c7d6f6c936609ebe4a3979f8226f1ae2861629333cf078aa8c
SHA512 561e6ccef7acbda472f876ee9aa4fb0725327c36d8e610ee6c370ab14a7fce63301a3d28a50d9c2a3d2c3c4a668f063370cc2d8967128131c1ad3ca3f0ecadd2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPQ313RR\cb=gapi[2].js

MD5 4b631ff88bd736ff7ee1d027c647d328
SHA1 0ccec46ba9b399fdde5cac07e68d87165a144ad4
SHA256 7d1ce7035000d38d825e3ee7cf8d8eb6971561154ff5d48fc3896523074a8601
SHA512 a3aee28a91b3cb5d9b1c99d0c4a51abdcae5fa486373de02233ea0b947aba3052c1cb44ee66cd92dc905680e5568232e1edc0608069cca94602748f406163087

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPQ313RR\cookienotice[1].js

MD5 a705132a2174f88e196ec3610d68faa8
SHA1 3bad57a48d973a678fec600d45933010f6edc659
SHA256 068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
SHA512 e947d33e0e9c5e6516f05e0ea696406e4e09b458f85021bc3a217071ae14879b2251e65aec5d1935ca9af2433d023356298321564e1a41119d41be7c2b2d36d5

C:\Users\Admin\AppData\Local\Temp\Cab4DD2.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd757739bf242029ef9e490e7d4b9ed2
SHA1 3e8a0d2399405321b0e77ed3feaa3c4935c56b45
SHA256 a5b9bb7405aefda029afcea60e99e006c09d1f0aa5860836c59db72426291ba9
SHA512 3b914f98503e827a230acdf136d97ebc596da801e4e1ea80338b72ddb9fc6161abeeddfbcc4a3e868e4f9387d9ef101bdba48c0550b4d9174c9f9b26382746ce

C:\Users\Admin\AppData\Local\Temp\Tar4E23.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 ed30adf813610f21fa4004bba6ed69b3
SHA1 6e12387517d0c81e57ed10bf3d10debae6be6cf1
SHA256 4c8f853cb0b4dcef4cc1404a73b4c7003af4e1831b887c822d440dac4660c1e5
SHA512 73fb1e59d128147236244aeda0b6f532c4d2efff5c6ebe1b6e7182126d09c598bd0fb857af453d8e4447880e3489aaf1710a1b67ca84dfc834a33e1129a55208

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38be0273fe537e52731b2dcb58e4f072
SHA1 22bb4353e894e5d9299ca493c8882d7ad4f25179
SHA256 b4173ef1ddc8f9900da2cf93a6b0a1a3bd453dd5bb0f7b003fb3dc9e0f10ccc1
SHA512 6717a7dece588cb471056ada100861cb84fba1d899beb73665fb5afe95c3892b1a531940d3004477d058ee1015936a574742d2550390c85bd8848f28bfb90fea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2faaf4b56b27fc3a015e9b39ea40e595
SHA1 c1382f99a65495bbe3b186a05113c895fe1ca7e2
SHA256 21e9192f50a8cfb8a591d3c87ab24fc588db716a27b69831a21729155a6138b3
SHA512 038aee14e2645a58afc8a8be9ad30225c761f55197ab5e165752861dca22f594cc4042845c8b5af393623daa02d49653a4f84964551906f038e4676cca1f1af0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8344510aa07eb88ef99e9c1c92e48662
SHA1 faa4e6f2804328e24e6c760b8f1fabaf91c054f7
SHA256 fa99a77404abed20ea0d81d61c8c7d760285f241f3b5f10a32a10d95bdd9d2d0
SHA512 546435df84e127791b0175bc6d654cb705041c3ab769cef6f21b15500ba576c83b97475bcc3cdc4d8d4406b681e0f7d861050a13d314928d83ae6c2b95518fd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 a23ce4b8c79fac192a3fa75394ec3037
SHA1 36598aa8c9ec0a77d3c04ef181fdf3eb26c06fdc
SHA256 42fe1e2254c63eb04f916b4550a21c6ebc0ef5616fc8f1552167268918e13da7
SHA512 e50ddb64b7026d75aa5df96012bf25bb09b8f987785d2416f81ca75414d18c330a191074548ec7f818e731dcac2c542349079f1eb92199e13a53f7e996ae22e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 047b2f7edcedafbbeca18e7ea275bde8
SHA1 4c9fbe1aae9132682abf68d97763b2dcd1284554
SHA256 e52f87952d47f89c5573b962baf328a63552732d8185526ce0bbe6131f60ed98
SHA512 93bfb53d7e7851d1512a38db77823686a0071fe67e9e0aced642b74d30c64d974f2ac34260e866b6c64dd47bb0ef73f44381ed4d2ea39227a3fa340b66ff7e0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4731b8a6712818e47824934252e0963
SHA1 f8c5916c2c9971bdb49f2ee98ab1c8032c9efce7
SHA256 35572544473ba32930497e01eba48e515259e07cccc75ece6f697097f7349c00
SHA512 2820064c54b0abadf45dc61afc4d2e57d0bbc43d41de18459c2ade42b568b8ee82a3338c0be34f584ddc2b59f760c707aeb20dbc07c82724b6773ed2265d4b29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 766b6b681a4c3ab50321e0cec52438a5
SHA1 32099cd8e1ad9db235f2c7ef7b36a732045f4842
SHA256 c2d453314a14ecf39bb07b5e7d1088aaec2a692eba4b8cb1b6b9bb56fea52e0f
SHA512 72bf50835567fd04afe759d3a220a1a45af044cbd707dc304570eeb4f5c23abf5a6f2d234f3647e6a9f9102cb40354d436b0ee82ee1285508ce4a34ad5731ae1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 768de477c7e68e1ca71d6ee66b0b37c3
SHA1 64440811dd4bdddadb9efc123edb5dbfcb7b9882
SHA256 b9bfa5981a77cb55ef76d8bd45cef9027f82824323572febc74f163ab7895460
SHA512 cef5329f1100aed90cc24f1d373224bb97130094d43443d6f6e6813f82644a815b172bee0a98c2ca18b8908a5b337417f0c54afbc27f9e4ad320e4c1919f7ca9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de7b9a3583a220d782af6d4cc9b7a0b0
SHA1 3d239466f8e981a5a3aec232700601f90b9296d8
SHA256 65ef7e71062b61ddcd782d7eac95335c4a373735d1822ef06845049b87da2650
SHA512 726899cd79d4a7cc1cb408d4da0ecdf0806e65b19eb2978e3ac3adad4879d6d02ed0f2d89d823be4fcf743869eb75d7db3fbec44c07b004a222b9dbc9df7f4f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b9394bef5586e4b80db884bd1424299
SHA1 8d5d72fdf10ac138ad9cea32dd62e373aef78117
SHA256 3f67e55c4e044b0c8dfaf63de934eedc6a2a486b6e204dbc30a52e66ab243e30
SHA512 98afdd4b87c4cc83b5b1ab2bcfa6463a50fe4065196fc541f9d7cdaa4f8ed29664188181d952c6d33e1dd4e7bbbc0c86a71487cd27db587d3bf6e67c7c5b931f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7bb9f80f1da02c2d9cb6a0b6c42dbefe
SHA1 333c2398ffd20138c730ce3abda361f16a5fb689
SHA256 ada8c9e362d2c556634ce8705cc37517f9dea3bc55ca01c036b7fa7f69b84d4e
SHA512 220ac3a786d6af48e2769adf913f89c946d900c83270ad21f6d7494c757eb846bc661d60114267e123a87c1fc7185a8de2a44fe196da095e982d54043f6c9105

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-31 03:24

Reported

2024-12-31 03:27

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0281a2f7419cd613c60370154e374cc3.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3296 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 4464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 4464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3296 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0281a2f7419cd613c60370154e374cc3.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc46f246f8,0x7ffc46f24708,0x7ffc46f24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15385316858512447080,995111134158710027,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,15385316858512447080,995111134158710027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,15385316858512447080,995111134158710027,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15385316858512447080,995111134158710027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15385316858512447080,995111134158710027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15385316858512447080,995111134158710027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15385316858512447080,995111134158710027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15385316858512447080,995111134158710027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15385316858512447080,995111134158710027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15385316858512447080,995111134158710027,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.179.78:443 apis.google.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
FR 142.250.179.74:80 ajax.googleapis.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 74.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 widgets.amung.us udp
US 172.67.8.141:80 widgets.amung.us tcp
US 172.67.8.141:80 widgets.amung.us tcp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
FR 142.250.75.226:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 226.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 141.8.67.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
US 8.8.8.8:53 img851.imageshack.us udp
FR 216.58.214.169:443 www.blogger.com udp
FR 142.250.179.78:443 apis.google.com udp
US 38.99.77.17:80 img851.imageshack.us tcp
US 8.8.8.8:53 img52.imageshack.us udp
FR 216.58.215.34:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 26-1.blogspot.com udp
US 38.99.77.16:80 img52.imageshack.us tcp
FR 216.58.213.65:80 26-1.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 img27.imageshack.us udp
US 8.8.8.8:53 img696.imageshack.us udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 img.baixeturbo.org udp
US 8.8.8.8:53 img560.imageshack.us udp
US 8.8.8.8:53 img2.orkut.com udp
US 8.8.8.8:53 img524.imageshack.us udp
US 8.8.8.8:53 i44.tinypic.com udp
US 8.8.8.8:53 img543.imageshack.us udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 38.99.77.17:80 img543.imageshack.us tcp
US 38.99.77.16:80 img543.imageshack.us tcp
US 38.99.77.16:80 img543.imageshack.us tcp
US 38.99.77.16:80 img543.imageshack.us tcp
US 38.99.77.16:80 img543.imageshack.us tcp
NL 82.192.82.228:80 img.baixeturbo.org tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 38.99.77.17:80 img543.imageshack.us tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 65.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 17.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 228.82.192.82.in-addr.arpa udp
US 8.8.8.8:53 16.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
US 8.8.8.8:53 www3.cbox.ws udp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 108.181.41.161:80 www3.cbox.ws tcp
US 108.181.41.161:80 www3.cbox.ws tcp
US 8.8.8.8:53 img25.imageshack.us udp
US 8.8.8.8:53 img838.imageshack.us udp
US 8.8.8.8:53 img19.imageshack.us udp
US 8.8.8.8:53 img339.imageshack.us udp
US 8.8.8.8:53 img16.imageshack.us udp
US 8.8.8.8:53 img20.imageshack.us udp
US 8.8.8.8:53 img253.imageshack.us udp
US 8.8.8.8:53 img703.imageshack.us udp
US 8.8.8.8:53 img8.imageshack.us udp
US 38.99.77.17:80 img8.imageshack.us tcp
US 38.99.77.17:80 img8.imageshack.us tcp
US 38.99.77.17:80 img8.imageshack.us tcp
US 38.99.77.17:80 img8.imageshack.us tcp
US 38.99.77.17:80 img8.imageshack.us tcp
US 38.99.77.16:80 img8.imageshack.us tcp
US 38.99.77.17:80 img8.imageshack.us tcp
US 38.99.77.16:80 img8.imageshack.us tcp
US 38.99.77.16:80 img8.imageshack.us tcp
US 38.99.77.16:80 img8.imageshack.us tcp
US 38.99.77.16:80 img8.imageshack.us tcp
US 38.99.77.16:80 img8.imageshack.us tcp
US 38.99.77.16:80 img8.imageshack.us tcp
US 38.99.77.16:80 img8.imageshack.us tcp
US 38.99.77.16:80 img8.imageshack.us tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 38.99.77.17:80 img8.imageshack.us tcp
US 38.99.77.16:80 img8.imageshack.us tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 img215.imageshack.us udp
US 8.8.8.8:53 img268.imageshack.us udp
US 8.8.8.8:53 img143.imageshack.us udp
US 38.99.77.16:80 img143.imageshack.us tcp
US 38.99.77.17:80 img143.imageshack.us tcp
FR 142.250.75.226:139 pagead2.googlesyndication.com tcp
US 38.99.77.17:80 img143.imageshack.us tcp
US 8.8.8.8:53 ivisitas.blogspot.com udp
FR 216.58.213.65:443 ivisitas.blogspot.com tcp
US 8.8.8.8:53 img297.imageshack.us udp
US 38.99.77.16:80 img297.imageshack.us tcp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 161.41.181.108.in-addr.arpa udp
US 38.99.77.17:80 img297.imageshack.us tcp
US 38.99.77.17:80 img297.imageshack.us tcp
US 38.99.77.17:80 img297.imageshack.us tcp
US 8.8.8.8:53 www.cbox.ws udp
US 38.99.77.17:80 img297.imageshack.us tcp
US 8.8.8.8:53 blogger.googleusercontent.com udp
US 8.8.8.8:53 whos.amung.us udp
FR 216.58.213.65:443 ivisitas.blogspot.com udp
US 38.99.77.17:80 img297.imageshack.us tcp
US 104.22.74.171:443 whos.amung.us tcp
FR 142.250.179.97:443 blogger.googleusercontent.com tcp
US 38.99.77.17:80 img297.imageshack.us tcp
US 38.99.77.17:80 img297.imageshack.us tcp
US 8.8.8.8:53 171.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 38.99.77.17:80 img297.imageshack.us tcp
US 38.99.77.17:80 img297.imageshack.us tcp
US 38.99.77.17:80 img297.imageshack.us tcp
US 38.99.77.17:80 img297.imageshack.us tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 38.99.77.17:80 img297.imageshack.us tcp
US 8.8.8.8:53 img151.imageshack.us udp
US 8.8.8.8:53 img242.imageshack.us udp
US 8.8.8.8:53 img42.imageshack.us udp
US 8.8.8.8:53 img844.imageshack.us udp
US 38.99.77.16:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 8.8.8.8:53 i43.tinypic.com udp
US 8.8.8.8:53 t.dtscout.com udp
US 38.99.77.16:80 img844.imageshack.us tcp
US 38.99.77.17:80 img844.imageshack.us tcp
US 141.101.120.10:443 t.dtscout.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 38.99.77.17:80 img844.imageshack.us tcp
FR 172.217.18.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 194.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.74.171:445 whos.amung.us tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 172.67.8.141:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36988ca14952e1848e81a959880ea217
SHA1 a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256 d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512 d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

\??\pipe\LOCAL\crashpad_3296_YRMQBIZFOGJCITGU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fab8d8d865e33fe195732aa7dcb91c30
SHA1 2637e832f38acc70af3e511f5eba80fbd7461f2c
SHA256 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA512 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 52d92d081bf9f91e5c4f0deac2ddda59
SHA1 719eecf80cbb3cc656de222060280cdddbb0f134
SHA256 a244cd65ef08396cb7d2188959c07d3d37fef3beab4b5f43c53e2221ffab4486
SHA512 70e45112fc4d9ed4a6987b51dbe331344b485dbfe87e081c6f11fec86f8488b5f86ce6da1a6307faf5fd3a8f2d938da6d064b6b020c502f9ce50d8da8c20152c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 d75339be22af589565c767de9c8b83e3
SHA1 55f480ebc8615dfd21b0e394fc6fc20b60111c2d
SHA256 c93aa4d94342a058e7a257771cae2bb787231b25df4c49cfb00f1386dd1645e7
SHA512 de09168dc6882cb38a0ea1b2deb7ce31e871d524fb4b53d20bdf71d33a37cc5fd6c4b51939d99b7a9de196387de71dc06ce28d2485e37bc8b95be6dc511bedfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 1da8deabd421929fa1a865599f43aad8
SHA1 88af7573c39022643333f85b523a329cb6448675
SHA256 07b01330c36ae322ea1f1e2ea70e60b629b292b3f7ee7aae5a9968dcf341e685
SHA512 0be3f8d02397c3cc32164b116c807115c42a310fd70c72c94b3b523732422ea2b222d8762e81d91ef0c36a8328df4f7ae8e4570c4bc46ab94cbed5131389ea3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3b18e006ee12c717248df1e42b96bfa4
SHA1 8d74967c0a34ce1af964cb838b46ba71b9979a4f
SHA256 d7c13006115672b61a69e158855897e3a70e271d7212650cadaab16fd352961d
SHA512 83fcc93f5a2bf18b3465c3ee30c19ec2ca8885a6dc9f5a8e1506e91dcf96ea72b62cc4072d7944e372bf3887c8c4248ba40fca3db2a3b18ee93252d0bf95682f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 27d62ca2046418e49a73ac81c9402213
SHA1 5c8f291e54040d58a5fbb81231b5b94964270383
SHA256 c6ce6abfdee7318eb94194a64f09aefa4136dd8b2879fe6e114176cba21f375a
SHA512 8e8ba2c721a7892317dd871de02a3b8ffc41b5aab736819350bd59cf81cefcee9ab6dc2fa72a4f67eb132d6761b0443d3f2b3244b5b4c3761bb3e812cf084ea6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2e1c8fc32d56b9477859500e464ed1da
SHA1 03317446b0bc3c7abb9e676f3623fc300819cb29
SHA256 3e7bbf157432fb0ddc656af355df0d1be9a69868930b127f5443620c7875066d
SHA512 09c61c45a60ab16b25bd54246b00b0b1a844e1abef23bef68bd162b5a590a2b27aa626cdecafd7820a28a67f9d126019ce50ef77970e6103474450a9f94b2e73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 af1d7f65033f2884fa8adfc32ffc037d
SHA1 f1e4c4c8696a3c2240d4ccfc9c17cb638494c972
SHA256 dd64b7cf68e6c3b069ad2cce0d99cd2806890d837ec0b0cbd760520d92ca53d9
SHA512 dcd3104ef81446701ef2ff100011b142230a72e3ab0b79a6b226118d23d72ce960b051372eef97009b7da09c42d3f65518bffc2bc6498067b84cbe6ecdc71814