Malware Analysis Report

2025-08-10 21:31

Sample ID 240528-y61dcaca95
Target 7e489666311c439ec77506af4407fd1d_JaffaCakes118
SHA256 adb7b23228695d1fd04c2e339c7e7b09a0a577bd7c92465cf5708e0b5cf15741
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

adb7b23228695d1fd04c2e339c7e7b09a0a577bd7c92465cf5708e0b5cf15741

Threat Level: No (potentially) malicious behavior was detected

The file 7e489666311c439ec77506af4407fd1d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-28 20:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-28 20:24

Reported

2024-05-28 20:27

Platform

win7-20240221-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7e489666311c439ec77506af4407fd1d_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007d74a0dcc0d1c647bad4cc165ac30bbc00000000020000000000106600000001000020000000fff6f141b516d17aebdb0c7537cb17f2f1d8cad656d666dd333931e579752dcf000000000e800000000200002000000093fda3fd41b3b0f949ff22b8dbbc9e36ef782227ee4cfb2413cdd6085fa00c41900000008afc9ce12fb42d3e4db05d254b1bae738d6b14a18225297368c16c71a7ca84e295f4e45d493a5b88b4adaf673bd083e932d30e1ff110763c6d491da3ad38f3eaa9750488e3330e634d51411cc1a49a8b8675a4f9382ebb95e394182e539358569cc78dd91ebce4b820d590e7829b099948aa7f4e9d499879d65a55268d07d268de76f1dd526e004728076394b429deec400000006ca896698faf10aa9dfd7ae87a60a2dcd4a43b9f59e7673eabc1c638cc3059661d5205709cfbc65166b29339973a95f7a2cc5a8c9fb697830ca146b5f7c36105 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4E74CD41-1D30-11EF-825B-FA5112F1BCBF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423089747" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007d74a0dcc0d1c647bad4cc165ac30bbc000000000200000000001066000000010000200000000abe90a05f8f6250cbc0cde011d25b1293b983a0a7b09f4a43ddc5bb8817789e000000000e8000000002000020000000abb790c31f6c90aefcbae174211da6e636e2af811ee7d22481b6f4eb3487054c20000000c697a50d33a61e26c68102a46eb076907ff90c3816a1134c6a724c2ac4f56e114000000006ea29370eba09682706b9f36abd64569aff4d8d673a3365bcfe6f2f84eb7c73308d7c96604a8375b0431361d7e13d6886ba2d8134062331116b6413682c21fc C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9027e5243db1da01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7e489666311c439ec77506af4407fd1d_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 google-statik.pw udp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 www.idraulico-riccione.it udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 nibirumail.com udp
US 104.18.10.207:443 netdna.bootstrapcdn.com tcp
US 104.18.10.207:443 netdna.bootstrapcdn.com tcp
SE 185.130.44.165:80 google-statik.pw tcp
SE 185.130.44.165:80 google-statik.pw tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
IT 46.28.2.29:443 nibirumail.com tcp
IT 46.28.2.29:443 nibirumail.com tcp
US 8.8.8.8:53 static.addtoany.com udp
US 172.67.39.148:443 static.addtoany.com tcp
US 172.67.39.148:443 static.addtoany.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
FR 142.250.178.142:443 apis.google.com tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 accounts.google.com udp
FR 216.58.214.78:80 developers.google.com tcp
FR 216.58.214.78:80 developers.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
FR 216.58.214.78:443 developers.google.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 ssl.gstatic.com udp
BE 2.21.17.29:80 x2.c.lencr.org tcp
BE 2.21.17.29:80 x2.c.lencr.org tcp
FR 216.58.214.78:443 developers.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2ECF.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 977af41ca71a17869d7e88d0d2ae33f1
SHA1 a81368893e4cdb112a7549c021eee7b9fff0e942
SHA256 0d3599d6c4fc4e0cea45aa476c037498b1cc0a2ec7cd287f0a85e9f7ea51a67c
SHA512 97795ec8d624ac43decdf1055244af6de113a0410d323149157458332546edb86d87c2025d479ffdd5813a84204404c76814edb9ad503fee1d421eb32d7c2291

C:\Users\Admin\AppData\Local\Temp\Tar3345.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar3447.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b0547b70699695de98d61504b2b2fcf
SHA1 3508b19f2708bf49f1b76dc3ce7d502612747157
SHA256 187ba3df5731d24ed486ba898b2268162843fa71a9b249404ef788d46b789abe
SHA512 3f45869fa43f3cd83da3055f65f4730ae658b0fd5e9719690c200cfc198c2a737622b7e2d551e2e884277677639de5da101e6d8725108b244ffc2ac96ce7577e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\cb=gapi[1].js

MD5 0fe383a7ddb9bbaefc3105b3297f5583
SHA1 f80c9d789f251909c7560bd91a9e1b9a10c26362
SHA256 d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683
SHA512 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82ba0a49e668abae0bdff4360d1c2bd0
SHA1 0594fd55006b5ef18d87c5bcebd0a62ba2769ae9
SHA256 ca68c1d37a902965c593f09ffffe1d5b032d4afedeab9be701af6602f798e948
SHA512 39f85221ab4e65af7c5c250a8d90175e92fd771c9e49fec56e8e1b820809002351f70edee023570196f7918df5c138e0a6e244a4917b6540c764daab4b611797

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7412c5f40c4eb10254f30c0796b65a2
SHA1 0072485ca057ab742b79553b72ea2211026572ab
SHA256 da6d9cfa5858eb6deb27bbb08830a0565e827f986eb1ee4fa32cbd78490d3a6f
SHA512 9d47bdb1c2d4f498f5ab58452950b4e2eccd46fc3b2ccbe892ae2138cbe2585a0589c3d9be880f31f538bf7e4e5d1f21137a73d8550dcfb7532425d433f10279

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee6ab9618d3651c24a748b97c0e7bbb2
SHA1 fd5ccc0b8c0fbb6fee6485e0c3f7c8a02a23349d
SHA256 35fd8acaf75f08d01d94604dccb286099e6d202b8009d50cd857f4be1f622e90
SHA512 f211ee361e0e1dac7cb7335ca768a32649b216675b6fb0eba0ca1428867ddcc951c0bb6f044fd041a913d7f4a9e52facecd175a3bd323452a538f4c6d4774c8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b9c65df965d201352a5b3ab6179a663
SHA1 876a2994a136ece9d963db2425f89553569039de
SHA256 b925db8274aad44cca57ef53dd16c78841433e44d85f62eaa9562b1099c8bdd8
SHA512 de025200b7b98f1b09c864e72987e26b51912651e791a70d523cb15f368ddd6eff3129c0a48207fb33c9f42b0465ab57a85442cb0255ec96ac9612e309f30484

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1364a1ffb5e25b896da0d1a7e400e97
SHA1 7db182f1cffc56003679de5bfbb642bbfda261ef
SHA256 69da7542c28a7a522d35d71d07de7a41c4f7ea06ea9711c128eabfffe83f463c
SHA512 6f3a41241d7629ee49636d1377ff4451d2c333d468494802104db299a569a885ce83886c2f3fba89a7e8d660acd8d576c856b8a331ded6f45088f89754cf6dcc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 782766499f2e398a525cee51f3104d0a
SHA1 f49b8ced7f863538437a6d829731d064aad53a9f
SHA256 eb6e37500191e792961d740331bdbcfc02b613caf7f524147bdfcfc0b00e9fea
SHA512 6862accf71a5c9480e5e1b9e377e6dc59f467ce6e146632b0dc304c974e1912807ed20df01ae2b8b2ea59c705694d52065b3ded7985002e7a887bab53745d02f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4c43f8006bfa5477fe31a229130be50
SHA1 ccb58540c159373a238f56f3e6cd93f76bce1d8f
SHA256 040a244b2afd8c7e772e65fc8e0617b73004ddaa7ceb63b7d7ef48d7a916a16a
SHA512 69836d553fb48f3f8d13752c71ce4410115bca71bdb5bfb24529963fea963c8a4114d6f172cf889a8a40b0d2635fd8e525bdde20f6e42d4d28606376dbf40bbb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f771604570899f21f3e0eb6353618138
SHA1 2a6171fc03223655c6401fa00bca63863ae06059
SHA256 d8948dd3cf00eb30cdbbff2cc047df392a72ad291f99951bc72f8b54ebb46a07
SHA512 d983981435be7a2a4ef6d4263c9a0ae4118d31deb693b49c790bbd2f8663786901948afe8ae01ed230f6b00f7d93f76a73fe05dfb42cadb397c313d2ccd0024a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec1ab4f975c2cf051a14418dfd02555d
SHA1 113b90ca38a927cbbc81270dbf06546b3906794c
SHA256 7a9f1a70dd365824123582fe646d593b36211ebab6e0b0b141aa97c1e8a14705
SHA512 0c868ab16fc3250e1be3d9fac6a2f0eea7b8c6b8a074c66a01b58f6d900ae7172cc8ed05e5a9612ac75b47aa5cd6798dc45b09243e029ba765caf31cce8e4834

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d73e4678c148fb1ec646ca9c3f2279f
SHA1 d3ab33ee505a2d2679515f9270b12153b8b0ab59
SHA256 9468462ae34ca4a71be50ff2de2d8690005d263ef0d95b4219514386f9a6c655
SHA512 40e859d37c2485d6b20acb7c0c15f470a9eace345a3c43d28f727629be724fecd044b6ff581092248529a8c27c2d819edada7a511b895016042605a75ec1c5f4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\rpc_shindig_random[1].js

MD5 23a7ab8d8ba33d255e61be9fc36b1d16
SHA1 042d8431d552c81f4e504644ac88adce7bf2b76f
SHA256 127ffe5850ed564a98f7ac65c81f0d71c163ea45df74f130841f78d4ac5afad5
SHA512 e7c5314731e0b8a54ab1459d7199b36fc25cd0367bc146f5287d3850bd9fe67ba60017d79c97ea8d9a91cd639f2bc2253096ce826277e7088f8abfe6f0534b63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c063ea349c95f198db82457c4b044cd2
SHA1 27ed2153e79e60782769ef44b670868554a0e340
SHA256 a5194c48dabe0e2b560fa977193a5a9cb99bfed48ff141078e9c7c2e2f0170a0
SHA512 b76e6ec9d2e01b7a5d6776540cf2a59e9c9f4d487024b3d9f2de5e07c924141dd3b301d3fd974e96a544454b3df9021c797ec431d4806523a4946bf28c3f6a4b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5176ab961a96cf98a0f5612d477a1a3a
SHA1 8c1009ba9590e30aa7813c289e377a87cca97ec2
SHA256 47680489529d9825a3338b21d4afa35fe7c02a54563200705e83ed722832609c
SHA512 f27f8ccbdbe36e94f1529208fcc1fb137fb9b389d9216eeb751e6dee756d6b6adb5e8049da3ce50f184c3f3a0885bf3f3b0beb9593bdaed3ca4d8cf5ac185a65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 3c3bff0c2b0f73046fb0ae766386a368
SHA1 0180c67eaf8d7795dc6dbf9a0293c33c023738de
SHA256 98f16b0c4521e235d42d9afec45175d86269c5aecc0487933fbca6f83a1ba9fb
SHA512 4a0363c7f70b890b1bd7e689810a7ec430aedf28816e7a1149f656c1e0f8bf3f4c87c1fd48a4576a668f26ec35aa27b1a3a42b13716d75130d31a97d7eda3ce9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b34f3cdc4515417faab98eac1bb21fb
SHA1 6c9ae68c3918090cb0b291184a4497686d1be770
SHA256 e62f3b9c7fde19c34a80a4e73016dc8067f027a9a886d9c02aa6ab4e866e3a77
SHA512 25feb401074c3ab92b6779ea0a9fbae70c87e32fdeb9798284dd5988d018ffa13d7fb65485c2b45683d072dea63256428b40f65ba6c58ded57ff5836692c6619

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab00b2e0482f656e0259959680e6936c
SHA1 a9d130213c913a4acb205bee05d1b9d465c67e91
SHA256 3875ef342f2dde235ccbadd266b98a3faa9170220c3aafd6e3c2af4fa6b09997
SHA512 f46320947367dda329c538c768a95aba396fe7959be844599c27a85e2734b991583d584b762f0ae2bf390f2d09a4a1cfc1146f5dfda1d46eba764a75625fd8d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf8d56cbcb7d06bee9b6664ee5b3862d
SHA1 65b3dd23f456b887327dc77bf861861ef7788c80
SHA256 0ce06c46947f520a0087ae104cfd7d03c6f4f4ff730b6f1a31d4969e9ced7551
SHA512 34633031d6e4e7ee685ca91ce18bd55cee96e643018342fc91dfd37d8ff3c29bfdb007d09d4902c4d6dd476c21df68a3d760e9720308ffd9f0aa96ad173cf2de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ce93c14d74877aab657a59585e4286b
SHA1 8a4c189418f911e28a0d56da7e300cbe665f5fa2
SHA256 12047c0508c158c3ccd3610fcb0c47545f054f4312bb3d4bca6f91ce04f90f9a
SHA512 c8c1d565aa1cd4eca3f90f902854cf54bf1a696615c8c31d508f864a3f833d131189d4d952b9ad4c416a320806c2141a247981a10925a6a5f77f8973d449e3ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 3188d3203bcc2f38b1d98668081436b8
SHA1 d4a29ec26c58547f8a32d4ad3defaecad85b1e20
SHA256 3102db308c21497ca88bb2271f8f24fe8b380bb450f98a75b8e42807a07eba08
SHA512 0857cfbded073672b5934eda804a4df7a5b56632f49ed54d15db5943064fc8bebb5f843cb5b89732874226a624163f76f838af212884a725610dfe01ac075335

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36b82d797f69bc5144f37fc691761cf2
SHA1 eb3131f3aeba2eb49d747475bc71b02511b710cc
SHA256 e4ed8c0fffc0f5384ab02b4f877e91fb0523ce132b1e6fdc78217d2f10a276d6
SHA512 e67d9c9d120436c12a4e2a6630326c81be52c6ed1577cd427f374710bd0497881d20d9824abb86b602614f362e2522f2415cfce0fb9a37d688522e023d16a3af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8b11d582df008f511b234f5574648e4
SHA1 9135b677448560b4964de03ae822e0b99a30938a
SHA256 3b001407c5f2505cd93b3fca61abfd3fed9567bc5a0ec228a853aec7199e3bf2
SHA512 707a1d34dda0d4b644a637e819f4104e83fe67247381813cc73f1228fb59f0450f44c472bc841fc8320ddfd8d24b0db73367984ea7c57d140a0ea012792df70b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 457d6451c26deace5e8643bc0c4d9435
SHA1 99fb2fa610559c663e80af2244f33f0f415a2d83
SHA256 fecabe05d9a5f58ee2700edb96000a014394b7bb721c1f3e70d3d4b65f25a77a
SHA512 904169bbc0583b8e4da3669255e7c847f5fcc30c5fcb43a1c312926789616391aca6ebeaa91ccd43e5ed75c7317518377d6d699b13c1f23154515852421476d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37666065256e419ad94361a0fa7702dd
SHA1 65a823235448efe88def89b62b14e4325e209f46
SHA256 dda09943d77ec1118aa5371c06e367f6e83350efb0f53274bfe5bc6e12151080
SHA512 6b45cac92a5d5e9a80a4d030d83c06ed038dcc9d760124dc6187815ae8efe37897b5422543cc309dc98404e73db2f00148e39ba98c265403b54deef5c6285b0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47783e58e8d75afd6e83b5b56922c4c4
SHA1 05fb60c447501c54a57db9f432af377a59c4b246
SHA256 38b743297cd803c3be223ea49ca3a01c168c868f3dfda65ed782b37288ce9a37
SHA512 38fd7e9e585b37b42aa3d959e4656a949394db249e537ffb8f184a913e99dc195c6c45b7bf03c5af76a42766720c85b31660c495da96241ca62a2f3beb22af59

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-28 20:24

Reported

2024-05-28 20:27

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

145s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7e489666311c439ec77506af4407fd1d_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4792 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 1388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4792 wrote to memory of 3716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7e489666311c439ec77506af4407fd1d_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80c8546f8,0x7ff80c854708,0x7ff80c854718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4114696930773477427,11489610014873450425,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,4114696930773477427,11489610014873450425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,4114696930773477427,11489610014873450425,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4114696930773477427,11489610014873450425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4114696930773477427,11489610014873450425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4114696930773477427,11489610014873450425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4114696930773477427,11489610014873450425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4114696930773477427,11489610014873450425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4114696930773477427,11489610014873450425,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4114696930773477427,11489610014873450425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4114696930773477427,11489610014873450425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4114696930773477427,11489610014873450425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4114696930773477427,11489610014873450425,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4114696930773477427,11489610014873450425,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 google-statik.pw udp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 104.18.10.207:443 netdna.bootstrapcdn.com tcp
FR 216.58.215.42:445 fonts.googleapis.com tcp
SE 185.130.44.165:80 google-statik.pw tcp
US 8.8.8.8:53 nibirumail.com udp
IT 46.28.2.29:443 nibirumail.com tcp
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 www.idraulico-riccione.it udp
US 8.8.8.8:53 apis.google.com udp
FR 142.250.178.142:443 apis.google.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 165.44.130.185.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 29.2.28.46.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
FR 216.58.215.42:139 fonts.googleapis.com tcp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 static.addtoany.com udp
US 104.22.70.197:443 static.addtoany.com tcp
US 104.18.10.207:443 netdna.bootstrapcdn.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.170:80 apps.identrust.com tcp
FR 142.250.178.142:443 apis.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 accounts.google.com udp
FR 216.58.214.78:80 developers.google.com tcp
BE 74.125.206.84:443 accounts.google.com tcp
US 104.22.70.197:443 static.addtoany.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 216.58.214.78:443 developers.google.com tcp
FR 216.58.214.163:443 ssl.gstatic.com tcp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 197.70.22.104.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 78.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.206.125.74.in-addr.arpa udp
FR 216.58.214.163:443 ssl.gstatic.com tcp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
BE 74.125.206.84:443 accounts.google.com udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
BE 74.125.206.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ea98e583ad99df195d29aa066204ab56
SHA1 f89398664af0179641aa0138b337097b617cb2db
SHA256 a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512 e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

\??\pipe\LOCAL\crashpad_4792_TGQADGIRFHMVTZTT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4f7152bc5a1a715ef481e37d1c791959
SHA1 c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA512 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1f31b88c-9e23-4f02-aa9c-f712e1557cd1.tmp

MD5 a7af2de5c6b1d55022de6a4f7fddc98a
SHA1 4f8f10876bfae822e61bec673a43ae17d649975f
SHA256 b94faeccd5a7de541596abada4461516c2b88fcb42a7c436f25064de6012a691
SHA512 fecedbb4778e7e3cd68304fa43fe6bcdad9f21b2a59ae90cdb89831d3c7a0427aae525c0d7366eb779cc4348ccbd9067e3bc8da4591a0d8aafad5b1e73261baa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ed49b6cc3bf3915fc783645b686e68aa
SHA1 317c4601169261b148ed7f948c50a7ca1d598060
SHA256 dd6b785a63481e76054482e2cbf3fdc8ec0e1bf26e39eb11b583f4e473a69a18
SHA512 c2a55dc3f4d4501c1e617692827dd82f93f4ea63b29218655307fc4b0a2dd067bcb4df8f6c0d7067d86a7f02a39182ede3ead8035c2704331fc89d21bb0974a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d7c8e734769691aac28ce15f6ecd5a3a
SHA1 f210cef5e3d75bf480b6a804dbfa15e565f7104d
SHA256 0880ded9734b3448fc5163ba15a5bfc9856b6887893de18c8ddbdc59b67002e8
SHA512 06835f8e7cc354613836beaf9905014eb6ea5a0df0e2ed1f111db0bc6a2696ed951ccc471efedaa9ff542ebe380fb82d98e155bbe7684eca0794558f4ef94d89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 29021c9824924b48ebb984191b6f24a1
SHA1 e0ec62ddf723c26f4ac24ee4c02b07ef395899da
SHA256 425f23dfabcd7a35680d1a1d8c6c6c93075549e5a1ff81e310404ee4299afa13
SHA512 c256e23b2b492a51913aff0747e9ed88e89c12b476ddd7716b73210f2334d5c9539564cc25482f5bcd20e74f620d0794ad67c6b2ca89c26bca53c9d19f975b26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b7e6.TMP

MD5 8095454c1a96f83c1d521af22fa7e91d
SHA1 4de0a2672abfdb578562b2853930c8dd0c135547
SHA256 61379e9fc12c2302e001aa9ce1dc0a4d6f07d54a1ad0545f261c0f60c5405459
SHA512 ebb6955ef744f23e4245014d6ae46447abd1e4fe417edb4837bd3496aed92b6ed90147e62fb1495f9f10d0c088a7b887861f5ba27142c8bcee3d87fba4fc2eef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 812f8b22d1d323d75fdadcbbe94e4fe7
SHA1 7efac64c73f2798d6a622b9119856bc652789ebc
SHA256 dd058f779c792ee78765ad27166fd4f674018b0e174ec3160674809d34ddb5d0
SHA512 c357092f4c3ad4356956d9f474058615113918b39b30d023345cf7e5d4636c951bd2fba1b0b8523a0b925bb4d3b1b1c1f54e358419c39337302d546457fb3904

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 13daa7521fcd249e4361ada196fbde09
SHA1 8f484d12bd497844f1685b1cbc54fc79f29ecd6e
SHA256 aaa3f988028f2faa227ece58d182c0f7d36a319055a780394b09b253904713d9
SHA512 49c5efcd93d574538dc6b156c30556ea405e42835cb068b64baf09ccbf597d284b3d96c51f99ed1ed14e63a5ec337f3cb45e055b9f055aeb2cb8b0d4621c96c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e0fdcf9a6ebe1288dc9497a1660dfcb7
SHA1 7bcdaba056c596020cc8e73604a76be37564ba5b
SHA256 44d1493a845d322e05e0cf8a877482d04e1ed344a6f0c46bcea06af54f3fd176
SHA512 3c0056a0713d8cdd2bad33151f781fb4eeb523e29ddf75d74eecdee749b4187ed22a900656f0efb00067165388fc7dd85e31ff02bf9424d142fe12954379558e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 5e74c6d871232d6fe5d88711ece1408b
SHA1 1a5d3ac31e833df4c091f14c94a2ecd1c6294875
SHA256 bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105
SHA512 9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c8766944-e183-4c20-8a68-b2403756530f.tmp

MD5 f2809548203304a2c549fb9d21327a44
SHA1 fdf0047d67b52793b2efa8c61e0b32426e633ecc
SHA256 0423f056a2ed705d5b8c34d3cc1e4e2a2b28f5da41b3f6a37ffc986194cb0df9
SHA512 24cc67f16b5b332778732ddd4d3e13b9fd9e87d110daa79f1d62cda6ab113c3f28ef712e4b8d62090ad8677ffc2488e3a98c6dacc7ebfed6bafdfb78a5e7dd7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bf05d866495caa521ad4fd99efb37c70
SHA1 45e6fbd75faebae6c5288ae67d0488b195f66100
SHA256 d5753334708ea44874db67c80d4395b2d929b7fe2f407ca7f7d4567b6653d4d7
SHA512 e8806987f76b893c4553af91eb4d3eedebd20c0cc9668866c4541f8f9748332a3ebe48196de9b5779d6d65c7672e39ae91962caf5a8f6f3eed8eb8aaa1c068d2