Malware Analysis Report

2024-10-19 11:32

Sample ID 240527-f3az6she4w
Target 780a4ce15ed549842f93d898d08285bf_JaffaCakes118
SHA256 86e7c3cac374b24e9c638b81a448c4488f6c12d95effe129cf3848fd92252211
Tags
microsoft phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

86e7c3cac374b24e9c638b81a448c4488f6c12d95effe129cf3848fd92252211

Threat Level: Likely benign

The file 780a4ce15ed549842f93d898d08285bf_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

microsoft phishing

Detected potential entity reuse from brand microsoft.

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 05:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 05:23

Reported

2024-05-27 05:25

Platform

win7-20240221-en

Max time kernel

118s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\780a4ce15ed549842f93d898d08285bf_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a9505d02cb8e1d4ca57722a30532381000000000020000000000106600000001000020000000f725ce5ae20bdcd423c74d5af9c5cd0c7220845e0d12535e8606f0d7fe70cd6a000000000e8000000002000020000000113eb9f1250a5cd3be535b4dfe04c511c321becfd53619a097f826c561d9247390000000db3192a975252b7bbb7ddc9e7cdcc3c49367721755382b73758c94ab5471df05ea2d44f8def2383709910940edcfc41e2c4ca0a4652ad1e5c0ebc1bd81bb2ed1624aaea0ebe885764e8708703b6255ad3b1c33c3ac6b68b57104b232ea728774151072012d8601eef76bb251c547c728dca20f6b6b343400376537e1311bd6cb7e24371205e80997759658b7b86e260440000000c733e69a4d71c53354863a716733aa0986d706bc8bb3b8149e1374e21184a4e6b94cdb972eb0732d7a555229febdc41697d371ddc3b8440fa1df7551918966df C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422949271" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3CC3BEF1-1BE9-11EF-9B89-EA263619F6CB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5094a912f6afda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a9505d02cb8e1d4ca57722a30532381000000000020000000000106600000001000020000000d14f5eb05968ee4d12269c254916eeaf7d29adba048ccd75a66004893bfb6695000000000e8000000002000020000000e5ada5cc280024df0b2fefdc1dc5c5d763b3e06426f70503682af4b4b74acd50200000006daaa26de266b541d419f6444dd6db31a795d14c75fd93dc2e9adcb311a312ef400000009c14b25a6590604b6128fe7637df2c40d0e79c0b9f08f01c1e1c08ec69429e95f6fcc713d8fe0a196002b94fe0c5bb956234536e3320170bc5f40a5b8ccdb825 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\780a4ce15ed549842f93d898d08285bf_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 secure.aadcdn.microsoftonline-p.com udp
US 8.8.8.8:53 cdn.rawgit.com udp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
GB 143.244.38.136:443 cdn.rawgit.com tcp
GB 143.244.38.136:443 cdn.rawgit.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Tar1356.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab1345.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar1437.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9e5e8d524ae89548ba64983aed588c2
SHA1 d13802a6b4718beead182c218f6f7b0be85fe56c
SHA256 d488c636886b9d94fba4936d8b2bd92837b07f4de702e10cab31f9b49cc5c37c
SHA512 05a6a6807dd8ea5122b38d0d3ff9b9524fdc5e6c1453e31a44ceba7d7a1693283dded68463d464cb6d081fed77b6dd53dd8fcbbd95c9314b004dcc83f869e194

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 170af0f96c2188207fcab47c64bd96db
SHA1 94b41a2d676963c421364f7847e8934fdf511766
SHA256 31b8f6df325d49b772e4ad42818280d494e8e806cde3ce68643e140588c4731a
SHA512 a6a6d01247a5c0056cab4532af34c354a830e6d8cf56b629385a4a135aa2d293525f85cdd63f646cbd47590a5873ec1d6f958b8d730adf9909ab9c6137bc6177

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2daee55a8b84b8a39c56d30de66ac15e
SHA1 5f1e1e6744bf253bf59c0f1a15253fb9e252d61f
SHA256 9b2496ae9019b4f6373a459fdac98faca5226c5ca8d977caa9c727f82c6cf230
SHA512 0137d9451f269164c454255a86a023866192625eb51138a334b379f9074bb7fa041051f10698b7e204e026c3ba11dcaca2207e05fc500dacf4c596c5180f8c70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c55d6c303e09d3a0a6d8ce01fd19745
SHA1 ccc17ce39dfbf4ce6a76906cef425e90e2c1c705
SHA256 48a4e52636618acf3b243d790381f51274fe4f270d12a8fc04473a2907f9c906
SHA512 034c999ed6911c201a1fa5206829c58dcf98b01a01acb7a95c5e8fcd9b2a69c06a3cb2102c35d2c681ab1fbcd27a01a05e34a5d306facd87311426d77c6e10e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dde06ba9d9f8a47ca02acf54c648303e
SHA1 857502a130822843094add306ca2770c40e5440c
SHA256 1f2208510dd25fc78c9d3aceadcbd492c9f5aee05e81e3ee627ce1f21ae2712e
SHA512 8b7dc0addbda4fc456332eeb639aa9fa905593ccc0e0befbab4f02a7f447c5001907830be8b65a69d4df60f25843bf472383551a8819a3272787209040b00a50

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43ac5432e29943f8d3fd9284257beac8
SHA1 0e38d2904381aaf47856b9261c42c3b90d411761
SHA256 f190f397e5158c26be203198c89b5151e019086cf0cebb02b3bfe5207077b94e
SHA512 aab06bf2ab60dc1cd39454567db0047611daa35c3ce7cc61c241fbda2974aadb81efc5dca5f5d263f7865582978a7f39926e1c584aa44b76708c11ca111f1678

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25ba5572331774e02001abb5d47d6fac
SHA1 a910b3f942f91d2bf05288aae2f6287afb290470
SHA256 7ea89464c373173f5361da55fbb25d63408f784633a4780a866f68fda9d4532e
SHA512 0a863555784f0bfe1d9882e3dba91b2c36aaa1df8e99d3d91235ddb78abd1e79fc0a152fede7a408621c002494e22aa8e5abd105a15fe36624e05ae5b3faf200

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dacfb72a2e616f4c1a72e04516f1a5c2
SHA1 7750aeb9a99a232a92e2dd397f8b9de34ad652ef
SHA256 485bda759783140a9632cefce67e09c2cc7fa53bdeeccf672841c69336dcdd8f
SHA512 aad87789de0c8ece485143d8fb1d09874121f3ffc66336dc96a69e0b21bcc9220f0dfcae9dabaf8d932141a50069e3dfc6228f58d23292b4764798bb723c034f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f66e5d6c12a0d9f1044b19970a37d7d
SHA1 0dc01498ae96aed410bf81a9addf8d03f13c9606
SHA256 1e8cc5dc7f07e60aef99190c267462151e378a08afe785c56830e0329f5826f1
SHA512 b86f0fc4c39773832d0f7284d995f694d375f619a83f0322a60c6cd4ed5c4c490d8355a9ebefe6fc2d91e52708262f1d96799c3d7505e788ecb0042d216bc3ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e1650638027000732bf73354ca4655e
SHA1 620def6715d70e4f1ac8e96aad5121ad523f1a23
SHA256 17229e82c05576c48f8b12cba31a09fdc239c568f08c336b276358290927cf65
SHA512 2e8db7140d43d8de08f000e40b1bd0e2f187539d9663c92580625b5c2834810a529cb0187f467a56ae785c9436633ada73f597d946df3d53bbfae808720e5ea2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68f2ba7ae9ace555044878ad16372397
SHA1 a627bdf8b01ccb619fd0bc5f2263e3c721d6a6a7
SHA256 ba47e9cbc980c9049317a1a1171cca157e29d0e56cb2e4451766a4f6f3b99226
SHA512 98548d8c074c31623cf4b5c41156d5a850f210712a402a2bab0fd45e2f980bde9e45e6451fe3cec8b925bec84e75d5faf0c562b65c83f85bede74f405f40f6fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a614b951d35d694f4b0a280ca0c9c11f
SHA1 3880242dd7255721982a9a1a7360437d9d49d0b0
SHA256 489de14283798a2fb3297c32a16be52cc09188f168aab4fb1b54911d9439cfee
SHA512 de2368261f3adccfd78228dba76bacd404aef44dbdfe140f86c6bd0a070668e45fd9ba9ffece449fe0ae18f25c8c518c2be583fe62a5b0dd948dcbba9c192820

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb3cd236991adb8eadd1a7c286f9856c
SHA1 8afe8f732717a13308c5d81e6ae3dde9492a4b8c
SHA256 ef180221317904d928e16e6307e85bd0352d0143c62049d53427cdb59930849f
SHA512 2536078e90ad52a85dcf039c1b0e705f6b4065483eae8df2b35d5ca34e828d5d3ec95ff4ddbb43747fcfebfcd18b622098d97c0a7233e4d709754ddca7bf26b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4897c2b21d531d54e5f63d2d58654d53
SHA1 6fba4157de2c2e82e3db3b13974ec106279dc6b5
SHA256 b724d464564eb591107f1c46ce5b1b90959cb90f84008dc11ff27f6394fa9d4b
SHA512 9d77f67490ab64db094fdb29893037a7567fda7682f5920eae8200b203a162d6a3180a02bd465f65a62554f5aefd4185287fa1bbe721867b3f17e3799cd1d0ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96044cd960794c310fcd8bde6d350c81
SHA1 8f5db8f53a403040d9fd4465a59e8fea4cdf6bef
SHA256 aa900ea654b966992e67a3a6887e050dffdaba141d9eb9898a9f6bdb227c9ab4
SHA512 d5d4f2e7e886184e1e1ef549bbe97d8772810ea0bbe694e2f631e87c889e8bde1ac598612d45a1826d11756503efb5a2506340a0c831f7ef253a383ab1a05096

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 ee2dc9edd58f022f35a4f9265fb06b09
SHA1 ac493c5d758a53f2eaf82c202b435ee10e0b927e
SHA256 9d0da0672cf669db5aadab8df2f02be6e23188505a3bea201126d5d1bf214bb7
SHA512 d00a2458c7680eddcbe082b244b7e2e1d4c1d840a55f1dfd4cb8b5c1150b629ee442a4d2460df09d9221ee2f94489fa6ce834d573cee8a457a3184352d6f46c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c40cce3b9838090f2af69a0d53ac8986
SHA1 a743fe5824c25192ed6c8e8e4b10d0fecb78a53f
SHA256 2b5a4f55eee1cad5f99fb3adfccfdaf397983d3a1df4d6245c5dc9f191e30239
SHA512 ed43c116c6c8139f597240f47ae6e3d3ba46e58733f40471f28d70f7891a70346fca1fe71e9b38a6db9aace8bf47c1cabbe7cadd27ce88429cc3f0b51697ffaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3aa490e941ab1701957b5bacad9d4691
SHA1 9a1ceeae50d3e61876b09190925872b0bb41bdb2
SHA256 35741a73db0eb69dc2eff0269b75a44faf0ca017a354aef46a0394519bdea80e
SHA512 201367978d6cfbe599c90d5ecc9f80ee08c77a88884a76d3748c94571a69ec4a37bb096f8a7749dc633963034ea6410e00c3270d63fc6d4dfcf56db99a8ae94a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c146b53df8d9ad097e641c535c004fe6
SHA1 90cd96a703c84c28ffca28c048f78a471896f6d0
SHA256 bab609b7f5a61b03406679a7bb3b6867343e2b89f06986c8d1b77eec7a308684
SHA512 5060fae816240b4c9a659d35b5f16be2790941ea6e32d584052cd1e9c56e9aab508356e4b94d40ced56afca2203b33e3ac61421910e50f20c676276e7f8d6981

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90bb7d7a0f6c0cdbbbf0a2deeb0d0ce2
SHA1 1298a89bff445ab4418d4a6b9a7aeb24b7861cca
SHA256 d6338c98077702b371e16942c1f122e3ab5cddf6ad65c1b11563fa453b73a748
SHA512 682cca601bed8545de0283e596ca461b6a6efa8d11588883ff073cd7ef7f7014b2244bcd006cb96837dc9b55e640201a8c395925d8677ff4ebe319b0bc8aa645

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d9c15cfac86dc92e73d768c4f7928cb
SHA1 fdabe9b2339f90f5ea6c3b9c287332d0cfbea49b
SHA256 fa8529b3a1b570cef8e47eef4b3f89a952c1b69eb448b1f899d8539172567e54
SHA512 23e37a87acdd03276274d73bf9b4dfb8f98b25beccf8fc507cc32caccb1bd3ba868442d83b5f82cfcb95f6f4420840aa9b416e280caa95e8c05267b2ad0897fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc515e12df44cd0e3fcc71229e4712fb
SHA1 e16fa9368a4b4adbd8e5897cbfeb1926d8c1c8be
SHA256 5595b871c7c7291220169505fbabe0f9ef80f094baea016e88513dabab92281b
SHA512 9cfbaa3b730084a8844dfcf22d2d33a01ec29bacf18f9f895e5d2389d9ff28d416d58f4cc8b3781e9a063e2b8b0be82448e6ef60bb28da8a7fa4fbc2e1b5de68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 786a01e6d679c786e4ff5405bea4aa62
SHA1 b693da8779e78118b835d4599a585412eaf8498a
SHA256 e3bef5cab4ce9b6e9b91659786b670cbc89f1e758ae7eebb4a826936a86a04bf
SHA512 7d659312512bb56118be9195ae5227421b7c640fcabbeb67fa91f2e0de5432fb56eae1f8a8bc40999604bb7444f675e6bd3fa217d94f9c82347fb70675c41527

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04537c044f979b1b5d209c7aff7fad3c
SHA1 b957607f10837dc8c76328d3864118ed06bf06db
SHA256 a1f2ff3767d18d34a453b41d07908b1dda3d15631dd1a4e71c694416b4227836
SHA512 65c1b96a04a453a46956a349bf23aa1b75bc0c77baf4692a644d0aac926eccccec827e90d7114918facaa359af74d6f0dd1c9779dda7c09b3ce1dc333cee9e71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22a51acd9df47f521e62f0a8383b4ed4
SHA1 5ae9690135c36516093b0195b83915827b0fe302
SHA256 952620a535946ffe01bc31e3af18a3dabbf47664b989b4bc8500c913be8703e8
SHA512 f593a5ca23aae546e58de95543c86decf9e153ace321745101bd22b7320a5d5eacd2896a759e929214c8df0d1100c9ed174842c06cc4d4ceddd82a7e7048ee9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6cb988273c0a9aab71021a1fe5c15267
SHA1 b02532e792e5ebf67f780ca69ad6749c1ae5a389
SHA256 c39ba67850f28a6ca6637ead6bd189abfe7de022df98c883cf2fa37e49e958c7
SHA512 f3ea4f0dfe0d8eaa0e567c9e0d195532972f37b9ec9fd6dbbdb20a3a644d3c4a261b59c889284bc52cd0fb7f4e24ffd58160f7efa3719880dd88196cf4bb3c41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60552d1bebfd618f7563bdf0f2074135
SHA1 d32073a2f9d77611ae856afbb72246def6d86d5d
SHA256 82c9a6c3570e35ae4eafae8e404f86386e2b6bdd22a6dd2c8311fda6fdeb3952
SHA512 c942c918cd4d9535f31e8bc334cef99ea1c9ad60b9486e51ac82df57639a064e9a282a008f04066e33e739bb6fd47b7ff57225e54fbf4184b8572ce0987f28f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05c1d07a787fcead9ac9992274d62571
SHA1 411a9c4c879757e37a444f4cb975718b6e5f9005
SHA256 a0028c8c008f527d1805f366ead44f5ba7d4212febbda2b5f1c1aff2a060b213
SHA512 b8a53de8dfd582e3cffdcd07fe8496bf3198ef93494ec719127b3491d3a2ebc5fd0a81733da48286b86c7ae09aa179c99c465ee942d8f684ffb3353cfd767083

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ab7b0dada2e51a278aaf3b522e73314
SHA1 1a2062e5413c828350caa75418bb0ac729e0eb59
SHA256 1754af1fbe082999b6a64489558d6f101ee4a318979126518d2ac8a24c647930
SHA512 31b1dda1a5bbd0fe20e5745a6291715532a03038e549c39234ee68321ac00b83c3a057c743aad642890f2110ba087dc2ed81f3bcbf42b50ce3ff121130e131f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d91095dc5993ec33b8883bcf43603ca3
SHA1 b94c4c614faca715688ce5c264bfe3294b5f2862
SHA256 bde8d6e60631a992d743a4c711ffd1d24470f2c3820ef6eb462f4e74d8bb8a07
SHA512 84db426e37bcbe336f23d92ae4ea44a3435f85163b5825808c5097792d5350a9dba7fd193355f6f9a918439586b882bcea0172d4dc5b9e39af3b4f803e887ae7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a4ac6a3669f1fd9607c831e59653f4f
SHA1 b1a34a6fd0a80262e1625bfe289bf114f5f09872
SHA256 83f9479d3012f89d46d131f3fa45dcdc8909ce9fbc0a79d0e06b0aeb6d5baf90
SHA512 197e65db0934090062644f804dc485478cddd42b41b17e0ecc2a011cad00473adca1b9e9700cdd259cfb7eb3052f297469fb10f27504b49b1052383951207705

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 ca5428504d9efb1e9357ffee53d28dc5
SHA1 b0fc81b97cdc0b3b9be0325050a83b05f6407c71
SHA256 4a74c0ab09a75a7081c6cb8e0a4d8e97b3a91f4fe10859a56d920a5c8a3c922d
SHA512 b363e89a4e1704a1e82a9bf1eefa866f77f733850e6a992665780f5b05911129c671598b56f4c74417943da7f7515d7f545a3b33b6ba7f76658421d8ac7c145f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f6e0fc033246d624bda510cd7cf43f5
SHA1 f5cc04d8568ef532e4a1bbf8d09439ec70aa2118
SHA256 db5078a147ce1c26e6b6d7cbb56059559140f98b8f6b3ae8365a5d8e95053afe
SHA512 060a483e0b34715edea15b137158389331e2081109eb71000250f6dd392f2c20fd443973a6845328840254875e3c3c1cdd344884cf54d8431bcb816fded25cdd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d34a37e53052acb8d9c2831ca57b04b
SHA1 2b28c2b0634c4473983045b6cdfe7e8d487f4252
SHA256 4a4a3e5027aa6fd802ccd3c186106d29202c8268301aec5a11acfc046afb5a89
SHA512 d1ce02d8db15a8752aedc0742a6e3513d398efd5d7b7856d2604fd09510c9f48009d34d636c948a92666f5de805ab63fa90bf8877d815485680820317f61e06b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1feedb184f0732dc1e558793f9114ff3
SHA1 9bc3fa7a0d981bb53c7bfce9d103b97ec748fcd5
SHA256 b5caa70a04d555a00175130124b362b1d567efa22c2f1904238986164ffbab2c
SHA512 39bcfeb863f1e4f7822da4942419b71f87075de73ddcb1d2d98f037b906da5ed7acf509f791319cd8e9bb1967641bc68f3eb2f23a15535ffef7ca5ae62f9555e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed329969c72083de85ce1cffde00ac3b
SHA1 44122d59bd57d058d17141c8a8adf9ea4bf0f3de
SHA256 df86aca6462ada342b7ca0d460bf67a289f3637de9603cfdb573a4d57e0d4426
SHA512 6aff41685ac525268fc8fcc39f3058cb3acedef0a477893d494df0ca781cb99e66b83ad2eee78104eeddfdc82141129befdcedf482450c7ef786ce8898a37ea4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 214bcc4d935d0a8b169633627a5b6f69
SHA1 c64a9872ee5e30b915f9106fb3f44168396e1861
SHA256 bf3800cefe5db1908e4f42438231df6894d0129db16cd60fc937a7b81b574861
SHA512 c137f5a415f641a78885e872ab6a51f3a81bfaf6bc7a915af592f6caa4c0e8b7acc25457b33a8b57e3c104d40606d3f012b428ff9f7780f0e411fe2e7377324f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 5e3b54dd9d56ecaf1c4879cebd4e7dc7
SHA1 09bc6044c7ca54dcf6026732c0d2b49ae0dbf43d
SHA256 e88bf2e203db9d51179adefbd5d3241d7bcdeffae9fecab718b8534b401bf5f3
SHA512 8ac2b9f64d15010478fa11f6346b3dab50170e441d91a24f8eb519acb78a50af8681ca11497e928915cdb3030a947dda0f7223b4340c908f237972d53524c87c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc03f9467018cfa13bdc89e46b7f3999
SHA1 f3e48e15f9a2da5ca6114e136f877ac2583be095
SHA256 5432593ee20193021e94eb265ac65b3dca5dde16b94b1e73e8de065f05c0e360
SHA512 ae0fc1ff6a9a207686539e80f331301e90527752db64221269030bb5e7fe2409c2dc6e9933462381100f6d1925b1d0a7d8da58cbcedc5874822317a58f3a9c1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a259a270ee972159f296851464e9469
SHA1 f35aeca82ce3132d9fdc0f9e378147aa18977fe6
SHA256 d7eea315c66f39d20bdbec620605efd0d9c629d0fcf38f1b0d2f1900d68234d8
SHA512 0308926cb98b944327ac72701c2cff30dfe438d3bc846859c2969d7dca850afed9191e08d0fd2a0011748cdc6ebaa552975c6afffc29d5e8781b178f39a87f7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3b1bda26929c58823c7a49c1a5a9d5c
SHA1 7c2795915b9252a654cc94f8d19629c979ce5f98
SHA256 dc10c71d7ec0a861908f016ff0fe8118f2b7a653ba7d2eb9f069dda088c0f4a1
SHA512 78255b208b29a3b0ae679543aa3a0095bd6d1afd5ffa0e73780cb7e435a718ac1e3b820ff3d26c1858f91b2cb915f2ee817632eb9a850711115a51c4d02b58a0

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 05:23

Reported

2024-05-27 05:25

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\780a4ce15ed549842f93d898d08285bf_JaffaCakes118.html

Signatures

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2912 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 1320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2912 wrote to memory of 3880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\780a4ce15ed549842f93d898d08285bf_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5eb246f8,0x7ffd5eb24708,0x7ffd5eb24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,488862432220167639,16518419577804465398,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,488862432220167639,16518419577804465398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,488862432220167639,16518419577804465398,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,488862432220167639,16518419577804465398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,488862432220167639,16518419577804465398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,488862432220167639,16518419577804465398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,488862432220167639,16518419577804465398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,488862432220167639,16518419577804465398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,488862432220167639,16518419577804465398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,488862432220167639,16518419577804465398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,488862432220167639,16518419577804465398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,488862432220167639,16518419577804465398,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1944 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 secure.aadcdn.microsoftonline-p.com udp
US 8.8.8.8:53 cdn.rawgit.com udp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.246.64:443 secure.aadcdn.microsoftonline-p.com tcp
GB 143.244.38.136:443 cdn.rawgit.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_2912_OILGITNDONKEMKBF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bd81bc46ccaf15d54bf1e48f4739e333
SHA1 1fcac1670370f8ec4a925f84d81ddaad203861b2
SHA256 4af3960fc03ca22f461cc8c3c8b1adb0946e974827d55242ec5ede38eb99e3cf
SHA512 68a4d407f3be8f9f14267f5afd2373ddf601e361ca5b8d3bc58febf57e140164e2df18ac2450c4a2093463695189852c667fb2134c1dca6f889c53609d999c19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0871c5dfad3ddb2ef7ed9c65d5c7de8e
SHA1 f88c30d953fabd49fc0a451ad217bdc86a87a488
SHA256 cb8846d4683f59307161e20010c7fb42c8d433b462d0b3a3b75a050f5aeddb77
SHA512 80e435691f8b9c74f0ea79fc4f714e32083ab16f24e757e3366ca863ad0bfa17f21d5afeb37e8bf0d99a2b6c7944a624ff6ee5365816e55e9dc2d172b5b7da29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 536a78219520895948868b317d0358ae
SHA1 008dbf59ab9936f9ceb8e4416a11080197180b01
SHA256 4af80197a64796e8bf8a7879e706b376d32fe43e90fd6f153d885a67eb762dd0
SHA512 0d5577212b3fd6858d35f125aac733873106901ec35208f4eef26b9e1ff5339d05e4945a0586ab7d42daa1c0bae3c759f9d75b559cf4cc8eb17281f88c579f7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 32c5abd2c82de927ac171aafbf49fe1f
SHA1 ea51f28b6f5cbe595878803bfb305faac1b2a75f
SHA256 d40ecd555a72d841d162b1c2cce5cbf7508088c4c285e266e8aa901a4e61aabe
SHA512 6c0fb980767d60ef07065d11c22e2a8075dc26634594a66092840579eaf997f1e416219449d7e042f2af58cb635f1247e826e588bd0e0a3bd93f0370e1bcad38