Malware Analysis Report

2025-03-14 21:45

Sample ID 250204-27qr3sxldz
Target JaffaCakes118_9937add738802c4a123e7d97cdc479d7
SHA256 0e4b9eeb5bdf56d6b009808bdce2505ad9a68ac0dbf526703f95dd2373be26d6
Tags
socgholish google discovery downloader phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0e4b9eeb5bdf56d6b009808bdce2505ad9a68ac0dbf526703f95dd2373be26d6

Threat Level: Known bad

The file JaffaCakes118_9937add738802c4a123e7d97cdc479d7 was found to be: Known bad.

Malicious Activity Summary

socgholish google discovery downloader phishing

Detected google phishing page

SocGholish

Socgholish family

Legitimate hosting services abused for malware hosting/C2

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-02-04 23:13

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-04 23:13

Reported

2025-02-04 23:16

Platform

win7-20240903-en

Max time kernel

142s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9937add738802c4a123e7d97cdc479d7.html

Signatures

Detected google phishing page

phishing google
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

SocGholish

downloader socgholish

Socgholish family

socgholish

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AC3564B1-E34D-11EF-AA6E-5A85C185DB3E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444872689" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9937add738802c4a123e7d97cdc479d7.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:536 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.google.com udp
DE 142.250.185.228:80 www.google.com tcp
DE 142.250.185.228:80 www.google.com tcp
DE 142.250.185.169:80 www.blogger.com tcp
DE 142.250.185.169:80 www.blogger.com tcp
DE 142.250.185.169:80 www.blogger.com tcp
DE 142.250.185.169:443 www.blogger.com tcp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 ads.bumq.com udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 www.intensedebate.com udp
US 8.8.8.8:53 tweetmeme.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
DE 142.250.185.169:80 img1.blogblog.com tcp
DE 142.250.185.169:80 img1.blogblog.com tcp
US 192.0.123.246:80 www.intensedebate.com tcp
US 192.0.123.246:80 www.intensedebate.com tcp
US 172.67.155.89:80 ads.bumq.com tcp
US 172.67.155.89:80 ads.bumq.com tcp
DE 172.217.16.193:80 3.bp.blogspot.com tcp
DE 172.217.16.193:80 3.bp.blogspot.com tcp
DE 172.217.16.193:80 3.bp.blogspot.com tcp
DE 172.217.16.193:80 3.bp.blogspot.com tcp
DE 172.217.16.193:80 3.bp.blogspot.com tcp
DE 172.217.16.193:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 c.pki.goog udp
DE 142.250.186.99:80 c.pki.goog tcp
US 192.0.123.246:443 www.intensedebate.com tcp
US 8.8.8.8:53 o.pki.goog udp
DE 142.250.186.99:80 o.pki.goog tcp
US 8.8.8.8:53 www.blogblog.com udp
DE 142.250.185.169:80 www.blogblog.com tcp
DE 142.250.185.169:80 www.blogblog.com tcp
DE 142.250.185.169:80 www.blogblog.com tcp
DE 142.250.185.169:80 www.blogblog.com tcp
DE 142.250.185.228:80 www.google.com tcp
DE 142.250.185.169:443 www.blogblog.com tcp
DE 142.250.185.228:80 www.google.com tcp
US 216.58.206.74:80 fonts.googleapis.com tcp
US 216.58.206.74:80 fonts.googleapis.com tcp
DE 142.250.185.228:443 www.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
DE 142.250.186.163:443 ssl.gstatic.com tcp
DE 142.250.186.163:443 ssl.gstatic.com tcp
DE 142.250.186.99:80 o.pki.goog tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.83:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
DE 172.217.16.193:80 3.bp.blogspot.com tcp
DE 172.217.16.193:80 3.bp.blogspot.com tcp
DE 172.217.16.193:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 feeds.feedburner.com udp
DE 172.217.16.193:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
DE 172.217.16.193:80 3.bp.blogspot.com tcp
DE 172.217.16.193:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 216.58.206.46:80 feeds.feedburner.com tcp
DE 172.217.16.193:80 4.bp.blogspot.com tcp
DE 172.217.16.193:80 4.bp.blogspot.com tcp
US 216.58.206.46:80 feeds.feedburner.com tcp
DE 142.250.185.169:80 img2.blogblog.com tcp
DE 142.250.185.169:80 img2.blogblog.com tcp
US 192.0.123.246:443 www.intensedebate.com tcp
US 172.67.155.89:80 ads.bumq.com tcp
US 172.67.155.89:80 ads.bumq.com tcp
US 8.8.8.8:53 www.gmodules.com udp
US 8.8.8.8:53 ws.amazon.com udp
US 8.8.8.8:53 twitter-badges.s3.amazonaws.com udp
US 8.8.8.8:53 www.facebook.com udp
US 3.5.24.140:80 twitter-badges.s3.amazonaws.com tcp
US 3.5.24.140:80 twitter-badges.s3.amazonaws.com tcp
GB 157.240.214.35:80 www.facebook.com tcp
GB 157.240.214.35:80 www.facebook.com tcp
DE 142.250.185.225:80 www.gmodules.com tcp
DE 142.250.185.225:80 www.gmodules.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
US 192.0.123.246:443 www.intensedebate.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
FR 163.70.128.23:443 static.xx.fbcdn.net tcp
FR 163.70.128.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 ws.amazon.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 financialtools.stockgroup.com udp
DE 142.250.185.228:80 www.google.com tcp
DE 142.250.185.228:80 www.google.com tcp
US 23.21.52.60:80 financialtools.stockgroup.com tcp
US 23.21.52.60:80 financialtools.stockgroup.com tcp
DE 142.250.185.169:80 img2.blogblog.com tcp
DE 142.250.185.169:80 img2.blogblog.com tcp
DE 142.250.185.169:80 img2.blogblog.com tcp
DE 142.250.185.169:80 img2.blogblog.com tcp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 jg.revolvermaps.com udp
DE 142.250.185.228:80 www.google.com tcp
DE 142.250.185.228:80 www.google.com tcp
US 8.8.8.8:53 www.blogrankers.com udp
US 8.8.8.8:53 www.blogrankings.com udp
US 8.8.8.8:53 gelgit.tk udp
DE 142.250.185.169:80 img2.blogblog.com tcp
DE 142.250.185.169:80 img2.blogblog.com tcp
US 8.8.8.8:53 www.bangkokbank.com udp
US 8.8.8.8:53 www.settrade.com udp
DE 172.217.18.14:443 sites.google.com tcp
DE 172.217.18.14:443 sites.google.com tcp
DE 142.250.185.169:80 img2.blogblog.com tcp
DE 142.250.185.169:80 img2.blogblog.com tcp
DE 172.217.18.14:80 sites.google.com tcp
DE 172.217.18.14:80 sites.google.com tcp
IL 45.60.46.141:80 www.settrade.com tcp
IL 45.60.46.141:80 www.settrade.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
IL 45.60.46.141:443 www.settrade.com tcp
DE 142.250.186.99:80 o.pki.goog tcp
DE 142.250.186.99:80 o.pki.goog tcp
DE 172.217.18.14:443 sites.google.com tcp
DE 172.217.18.14:443 sites.google.com tcp
GB 184.85.54.124:80 www.bangkokbank.com tcp
GB 184.85.54.124:80 www.bangkokbank.com tcp
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
BE 64.233.184.84:443 accounts.google.com tcp
BE 64.233.184.84:443 accounts.google.com tcp
DE 142.250.186.99:80 o.pki.goog tcp
DE 142.250.186.99:80 o.pki.goog tcp
DE 142.250.186.99:80 o.pki.goog tcp
DE 142.250.186.99:80 o.pki.goog tcp
BE 64.233.184.84:443 accounts.google.com tcp
BE 64.233.184.84:443 accounts.google.com tcp
BE 64.233.184.84:443 accounts.google.com tcp
IL 45.60.46.141:443 www.settrade.com tcp
US 8.8.8.8:53 websiteblogdd.blogspot.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
DE 142.250.74.193:80 websiteblogdd.blogspot.com tcp
DE 142.250.74.193:80 websiteblogdd.blogspot.com tcp
DE 142.250.185.202:80 ajax.googleapis.com tcp
DE 142.250.185.202:80 ajax.googleapis.com tcp
US 8.8.8.8:53 www.blogrankings.com udp
US 107.22.223.179:80 financialtools.stockgroup.com tcp
US 107.22.223.179:80 financialtools.stockgroup.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 23.21.52.60:80 financialtools.stockgroup.com tcp
US 107.22.223.179:80 financialtools.stockgroup.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabDB53.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarDC40.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQQODH7V\maia[1].css

MD5 9e914fd11c5238c50eba741a873f0896
SHA1 950316ffef900ceecca4cf847c9a8c14231271da
SHA256 8684a32d1a10d050a26fc33192edf427a5f0c6874c590a68d77ae6e0d186bd8a
SHA512 362b96b27d3286396f53ece74b1685fa915fc9a73e83f28e782b3f6a2b9f851ba9e37d79d93bd97ab7b3dc3c2d9b66b5e8f81151c8b65a17f4483e1484428e5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d7e95c8612b45c6c937c8770234040a
SHA1 d0451eb9d074bb374f430be2d913193b4571c18c
SHA256 325c5dc4a2fa8baab0a9e1f5d4fe1f091681913480bfa6f6491df8c6e5d824dd
SHA512 efc8bae753797a9c7a5f51db322696ddea3067ec37c7dbd805bb563117de8ba095774019097797a99cb966e94bf44170cc57fd99bc6a9cf758f48615b2e11b3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 dfbe8cee9ef413212e62239f83b1fcf6
SHA1 2f0c69fb38d20ca6561b504f5e5cb66039978fe9
SHA256 8e9ad623ca3e099eb1f582276082c7343f00403bfce124ac131e40365ceeb1e5
SHA512 4e8b5acd82ba579ee424d63070a6b9e2a9438200c02744b824bb1500529a67feb9420c3f1b1479051ae970fbc1e8193758371f04ed5c198ef62d2cc9f15df974

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 299f6d0d67428172e901934085f29ec3
SHA1 6c9bc77cbfe075b53e515990ca90e9f4579f875f
SHA256 a03a1646805297d97e9e7b991800f2ebd9edc0be46919d1bc854d895c462ae21
SHA512 ca751f785604e50fd90c743a3443191c735bf2a5a5ce86c908f669ba67f592f8464334315b0f80342f4dcddf188ee057a065720e42b0f6eac9eb76f65bff37cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aaf72189850e04a0d9ede31298d1a0e9
SHA1 c7677335c1fb640396aaf4b2c29599f0b15bb1b3
SHA256 81b70e5a54e09a5422c0faf41ea38490631686061c0656aac89793a257dc26fa
SHA512 b0315f35b5d993152579d1b0abf81d575f1723c51a05a6c1970f2f710d4bad2d6ca268a3cd7664e0b4fe6ba1577943d9a9ee9f0144516672a3e6c2152c23d6f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0db176b090340b7cfe7445ac5e0034ef
SHA1 053a4c9516568299a0b681b37391da588866035d
SHA256 6421dfb4d680ab4ff90d3387fd097fba05a22008e52f1df2e826d1c4f650a849
SHA512 72da193a6fb55d6de3244d244737df2d46847217cee15924031cce0d5df60816fb2bf2bb0406d0cee3f9893de80b27e03c58e63bfbd03faf8ee70637f24f2dc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 158e1eeb5e98689088e6c282fc34df24
SHA1 63248a07b293d0aa19c0392554de9fecddf67b15
SHA256 91936e9e74fa20707c36730628f2bc6b28cd41d2202a09e8091911919a299027
SHA512 c7bfe4c75b5e526d081b77dd66deccea3813929c3f0ed56fe554452dd3ac13c2720f8657df717176cb6560bd6797ae5886ed53ae8205da221eddfcf5a592f83d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 811225b0b4540bf73e35f98bedef0d9c
SHA1 8e758966b16d21c65c8daf32c994ab0bf9e7b49b
SHA256 1c7ff4a58567d9d6dbbc574abc1639f714a1e0bc9c18d0e72a7405dc36d3ce1e
SHA512 a259d572c31775d13c9b85a9c9e0bf3a2498310e70ccbef702f8218e7d95f3749180f72a4e14718b5cd0d8dd2807024211b063dbf3383caae5af6ed2eb00ff9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fefa02fdc503dd22d25f477b3c55905
SHA1 fd24dfa4a2a641e6e2bee546405f48458afed649
SHA256 7ddfc540b5c2ed5f1200147c147d8fc77671d09f5389fbd42b7b50a426894edb
SHA512 c730354b5eb205b257a4c531798610f50c7d5642802b47773b66a14848b19944b134f274c51449f5bfb131a3ddbccca3ac5cc6401fae0b53567b1f487fc1ccdb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 275cfc5498124358e36ee6b0fe276bf5
SHA1 0b6b47cbc9423b2a092c9e5f4ffb41a116b53bb7
SHA256 345341149fecb68d6ec3dec457dd23bdcdd2dac2fa59f619b059afaea1edfeba
SHA512 d9cdbf2feca5ecad444f0f0892cfd5e9b5cca2ba53ce10a37830d0ff58293c890f28a48dabfce3d0ea303345c57fa764fb518648437f5b05449fe098bd6d88c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f7dc86955cb68dd177cc62f8f48802d
SHA1 b21fdbe2e63b6fcbbf7c2d8b8d337d5086808ad2
SHA256 8c7fbfa305b42fd3cef5d0dd82b17e3a5e06c20b1de2a808a1d3d236ee0a8440
SHA512 5f7313b2116a22d2c1202e1de17f37bb4097d8bc70e390fb5fab79f6620b84649f95a4020a30e9ae7105aaaf537278c7245721c02c10c7da1ec69245a3e4b31f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a75c1057ab9498efb3b3e2dd3dc89fc
SHA1 c48a229d38c5acf8bd02c7f71c9b8caadeb65c7d
SHA256 d9f0eefd3e5e9952a27901824f28797889f467cbe161256ebad924dbf6120f30
SHA512 c338156a718caf5d2f8629853e5d4ab06554ea439f3dc1b83ec5a200b554197cb63fc7a0e9ac58be414e0899b4bf2a4607f1fffa444078086076f70429c33583

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a255e5132e61853235de9c0a3f4faca
SHA1 a35a7fb4059ea500fc1f76df356dd5e5b4793c06
SHA256 248dd566e0cf02b47d76d2e5cddc7b30d56bc9cb026a319cd957b21be3ce73b7
SHA512 8ba6c40f4219b942b30012a8535106cfe748d9a967305284dd145869f52351f9d2be7dda4d3fdaad9dbee3b92b08c4fac1bebb25864195a62220ed058ca0fb95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 143b118dc066e4ca3967673a072f8fea
SHA1 2860c17c664883cb0cb4b3ceff1b5ef7c032983f
SHA256 ce1af18faa8a1393645132fad59abcec5dab3f9c56979cd8b5f5e2096f38d64d
SHA512 503b14a89238521f90941d925eff86bb461a4d5d7df72e47df14b04a499d3d332cea957b33203e8ade4550c5ec7d1bee75e72d44d34c3f963c075ebdcc82b758

Analysis: behavioral2

Detonation Overview

Submitted

2025-02-04 23:13

Reported

2025-02-04 23:16

Platform

win10v2004-20250129-en

Max time kernel

149s

Max time network

146s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9937add738802c4a123e7d97cdc479d7.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2072 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 4212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 2212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 2212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2072 wrote to memory of 3504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9937add738802c4a123e7d97cdc479d7.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2d0446f8,0x7ffe2d044708,0x7ffe2d044718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7316 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.blogger.com udp
DE 142.250.185.228:80 www.google.com tcp
DE 142.250.185.228:80 www.google.com tcp
DE 142.250.185.169:80 www.blogger.com tcp
DE 142.250.185.169:80 www.blogger.com tcp
US 8.8.8.8:53 ads.bumq.com udp
US 104.21.7.9:80 ads.bumq.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 66.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 228.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 169.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 134.130.81.91.in-addr.arpa udp
DE 142.250.185.169:443 www.blogger.com tcp
DE 142.250.185.228:80 www.google.com tcp
DE 142.250.185.228:80 www.google.com tcp
DE 142.250.185.228:80 www.google.com tcp
US 8.8.8.8:53 www.intensedebate.com udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 tweetmeme.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 192.0.123.247:80 www.intensedebate.com tcp
US 192.0.123.247:80 www.intensedebate.com tcp
US 192.0.123.247:80 www.intensedebate.com tcp
US 8.8.8.8:53 www.blogblog.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 ws.amazon.com udp
US 8.8.8.8:53 www.gmodules.com udp
DE 142.250.185.169:80 www.blogblog.com tcp
DE 142.250.185.169:80 www.blogblog.com tcp
DE 142.250.185.169:80 www.blogblog.com tcp
DE 142.250.185.169:80 www.blogblog.com tcp
US 8.8.8.8:53 jg.revolvermaps.com udp
DE 142.250.185.225:80 www.gmodules.com tcp
US 8.8.8.8:53 sites.google.com udp
DE 142.250.185.169:443 www.blogblog.com udp
DE 172.217.18.14:443 sites.google.com tcp
DE 172.217.18.14:80 sites.google.com tcp
DE 172.217.18.14:80 sites.google.com tcp
US 8.8.8.8:53 img1.blogblog.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
DE 142.250.185.169:80 img1.blogblog.com tcp
DE 172.217.16.193:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 192.0.123.247:443 www.intensedebate.com tcp
US 192.0.123.247:443 www.intensedebate.com tcp
US 192.0.123.247:443 www.intensedebate.com tcp
DE 172.217.16.193:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
DE 172.217.16.193:80 3.bp.blogspot.com tcp
DE 142.250.185.228:443 www.google.com tcp
DE 172.217.16.193:80 3.bp.blogspot.com tcp
DE 172.217.16.193:80 3.bp.blogspot.com tcp
DE 172.217.16.193:80 3.bp.blogspot.com tcp
DE 172.217.16.193:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 9.7.21.104.in-addr.arpa udp
US 8.8.8.8:53 227.181.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 14.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 247.123.0.192.in-addr.arpa udp
US 8.8.8.8:53 193.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 74.206.58.216.in-addr.arpa udp
US 8.8.8.8:53 img2.blogblog.com udp
DE 142.250.185.169:80 img2.blogblog.com tcp
US 8.8.8.8:53 feeds.feedburner.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 216.58.206.46:80 feeds.feedburner.com tcp
DE 142.250.185.106:443 ogads-pa.googleapis.com tcp
DE 142.250.186.46:443 apis.google.com tcp
DE 172.217.16.193:80 3.bp.blogspot.com tcp
DE 172.217.16.193:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
DE 172.217.16.193:80 4.bp.blogspot.com tcp
DE 142.250.185.106:443 ogads-pa.googleapis.com udp
DE 172.217.16.193:80 4.bp.blogspot.com tcp
DE 172.217.16.193:80 4.bp.blogspot.com tcp
DE 172.217.16.193:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 twitter-badges.s3.amazonaws.com udp
US 3.5.29.75:80 twitter-badges.s3.amazonaws.com tcp
US 216.58.206.46:80 feeds.feedburner.com tcp
DE 142.250.185.169:80 img2.blogblog.com tcp
DE 142.250.185.169:80 img2.blogblog.com tcp
DE 142.250.185.169:80 img2.blogblog.com tcp
DE 142.250.185.169:80 img2.blogblog.com tcp
US 8.8.8.8:53 www.blogrankings.com udp
US 8.8.8.8:53 www.blogrankers.com udp
US 8.8.8.8:53 227.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.206.58.216.in-addr.arpa udp
US 8.8.8.8:53 106.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.186.250.142.in-addr.arpa udp
US 8.8.8.8:53 75.29.5.3.in-addr.arpa udp
GB 95.101.143.177:443 www.bing.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 8.8.8.8:53 play.google.com udp
DE 142.250.185.142:443 play.google.com tcp
DE 142.250.185.142:443 play.google.com udp
US 8.8.8.8:53 177.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 142.185.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 104.21.7.9:80 ads.bumq.com tcp
FR 163.70.128.23:445 connect.facebook.net tcp
US 8.8.8.8:53 r-login.wordpress.com udp
US 192.0.78.18:443 r-login.wordpress.com tcp
US 8.8.8.8:53 connect.facebook.net udp
FR 163.70.128.23:139 connect.facebook.net tcp
US 8.8.8.8:53 18.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 167.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 104.21.7.9:80 ads.bumq.com tcp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
FR 163.70.128.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 23.128.70.163.in-addr.arpa udp
US 8.8.8.8:53 22.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 financialtools.stockgroup.com udp
DE 142.250.185.225:80 www.gmodules.com tcp
US 23.21.52.60:80 financialtools.stockgroup.com tcp
US 23.21.52.60:80 financialtools.stockgroup.com tcp
US 104.21.7.9:80 ads.bumq.com tcp
US 8.8.8.8:53 gelgit.tk udp
US 8.8.8.8:53 www.bangkokbank.com udp
US 8.8.8.8:53 www.settrade.com udp
US 104.21.7.9:80 ads.bumq.com tcp
IL 45.60.46.141:80 www.settrade.com tcp
IL 45.60.46.141:443 www.settrade.com tcp
GB 184.85.54.124:80 www.bangkokbank.com tcp
US 8.8.8.8:53 141.46.60.45.in-addr.arpa udp
US 8.8.8.8:53 124.54.85.184.in-addr.arpa udp
US 107.22.223.179:80 financialtools.stockgroup.com tcp
US 107.22.223.179:80 financialtools.stockgroup.com tcp
US 8.8.8.8:53 www.google.com udp
DE 172.217.18.14:443 sites.google.com udp
DE 142.250.185.228:443 www.google.com udp
US 8.8.8.8:53 websiteblogdd.blogspot.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
DE 172.217.18.106:80 ajax.googleapis.com tcp
DE 142.250.74.193:80 websiteblogdd.blogspot.com tcp
DE 142.250.74.193:80 websiteblogdd.blogspot.com tcp
DE 142.250.74.193:80 websiteblogdd.blogspot.com tcp
US 192.0.123.247:443 www.intensedebate.com tcp
US 8.8.8.8:53 websiteruengdd.blogspot.com udp
US 8.8.8.8:53 websitetraveldd.blogspot.com udp
US 8.8.8.8:53 gravatar.com udp
DE 142.250.74.193:80 websitetraveldd.blogspot.com tcp
US 192.0.80.242:443 gravatar.com tcp
DE 142.250.74.193:80 websitetraveldd.blogspot.com tcp
DE 142.250.74.193:80 websitetraveldd.blogspot.com tcp
US 8.8.8.8:53 106.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 193.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 242.80.0.192.in-addr.arpa udp
US 192.0.123.247:443 www.intensedebate.com tcp
US 192.0.123.247:443 www.intensedebate.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 908f9c2c703e0a6f81afb07a882b3e30
SHA1 53ed94a3145691e806e7dd8c160f5b459a2d16ef
SHA256 4436bec398522c5119d3a7b9c41356048c19d9c476246c76d7a4c1ee28160b52
SHA512 7af7116a91c8e3dfc23db8a78d7aff9a8df8e3b67df7f4ee66f9380dba4d1e66d980afaefc5dc2d9034ab5c0b7c6934400feb32645373f3ff4f8816414ae6ff4

\??\pipe\LOCAL\crashpad_2072_URBOFWPPMOCGRKCM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b9013b8bea41aa2c8fa7f4763168069e
SHA1 349be86bde65cc0c3a15b2b21b6eaf2db452e92d
SHA256 6245436fe808740cde15c227fcda465a37a52f17f3642a71f0abbc466ce5b466
SHA512 d23bc18adb6acf9eb36fea85becb7b1a004bed034ef443acc3d442d1364f2ffa17f57e8eb6eeb1702dc459c5c16763b4e72249e6a326c9c36800d3f395fdd326

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2fe72b49c0e620e152c410b5fcb705a0
SHA1 23c4d710356a1c817537a3f3de35556de6d59fcb
SHA256 2d2fab4b5169cc41ff5ab371c89a53ea128c666d85d6e5efa0e05f5f196f611f
SHA512 350817cd432586892868c123560d797eeb1b6ce2c6ecbd4445718c27357eccc2d39ca590e7790d7fed5521e78dae42454075a9df299c583481934c3b812792c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b4a4fa33a1317f193ce3b0e495f063bb
SHA1 e387c2e7439034e59dff8f41d68adc78f146ad2e
SHA256 00896ce7e0b5bb3ceebc084a34f324054fd6828bd447dddbdc2e8994c7998550
SHA512 8dbfc107f9fd778951214bb5c759b52e654dcde6999b9482e7e408dcdcfbf1773d4932d6b32197170ab3b183773955c19dfd9867923031f6144b6b61563ac3c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f742cdb276cccbc751bddfe90ae4dfe6
SHA1 b3104fe3b863711cd91c8362874bd4760a351636
SHA256 2b1bef72a1b0c1bd6607c7d11bef5957fe81725ac89fd4f864505dfdff89d4e1
SHA512 27c5e8da954d993bff5ea32e31637cc7fb7f44f39e9c6a016f5c509d115879dff1d92d8caf3d363895bc6667052cd9bfc33441dbcdc52432f19d1148753c180d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 eb2f47f640bb165796df7b5b3f5ac436
SHA1 9de2ef38247d9a3c75ffe6c413b8eb68f9ad88cb
SHA256 83a1156f76cb9677841b6b8e7e6b0acaece5bee76ab7be5a4702af29287ce31c
SHA512 f39436ac4ddd705a06f57a610b74e5ae30afee532625bbfead71a43eae513390851d9386d0269fcef6b4a0f199c40c73c77fcb28e56d9bc147e132a0355e7adc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581e70.TMP

MD5 09c325eaae8b37cd15c52cf7372c4b62
SHA1 a2bf533261eb1e03b3d44c956655ebaa8cd1a629
SHA256 fec78ab3de66cedf50ff560531ae65584701115b3a723f6af75c363a3743c948
SHA512 d9ea142a37ff768d56e7324a98cbbf05b2926eaa47964daef96dbe54bd1a2490c423c5ab8154e19e8cbec59390f2059a784a89673188e382ca9a0456d175705d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 56ed8c37daa73d638fd955c2bf8a3224
SHA1 28b9565fbe921af24b7edd9ad410f983ee9cd4b2
SHA256 f157473c07dd399304bf559796806e847e5a2dcb0fd7f12e3363148675a81141
SHA512 904100bb99eb6a82169a399c4b5f743d442c6d8a9395d0488f72da971dc0053c64a599e40fd5d6d2549e390336fffe528bdbeebaaa9209471d6ee0b524504ae2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9d491bd012d69e913926e2961217d816
SHA1 aa5ca7447bb342ffa5eb9933febd7ce4b957488b
SHA256 c12b92e0fbc347f4cb8de7eac1979d3f6f9f3e08fa0c5d03f3c25e65200ca192
SHA512 d96857d2d33e84776e8f604f4229c806e039c35edf99078076945714596e6f81e4f67133428d282fac6c5ed9381cae31990dd7c8e7f8e661bcfc9320cfcc6f1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2c28db313632783bb268f7acc10c687a
SHA1 c97b8493e320fb4d79cdd91ce96e54ec999da80d
SHA256 439fdeb24792ea2b13ae8f11f648ab3ecc198d754eb261f4c9111725e4f100c0
SHA512 3ad506717c4ee42c04f76e837a5df0c701284e4cc688f3c7196d4627ab9b19e1de57952528b8f81326fabbd3c6859a1132f47aee6c15c9fd8da46324516e1644

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 722d2cd303e694f94cd819a164cdd0ea
SHA1 febaba4f6586f25eaed58edad63a5d3fd8a8d7b0
SHA256 3ec51a8b1a806e8fc7478c09f89131f37cbd01c18d8fade35ec700575fede09a
SHA512 692dd69b9be80cd671e807f2ccb88e535faf4d76be7cdc12be1426568efb3000d7e02156bd5eb2af20d929e25ebfa60a0fbb940e572e714c3832678cfc2952ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 961b553bddca4fe668ad7308154f113c
SHA1 31a83b1d2e4f06aee3e99465dee5c177ef535239
SHA256 5f1fdfead62a2175164ad4a57b64ddb677743230058fa042d7ef5bc4cac4d16b
SHA512 eba5c97e3b951048bfc38b4c36a6495f8ae6c23bc70bb95b92580f38fab17d0a8c699a0bb99d2d68f6079ea76a140b1fa95c4b55e9711bbe888641d3465a7e47