Malware Analysis Report

2025-08-05 15:47

Sample ID 240528-y62leaca97
Target 7e48a4bebc0c04c52e3423871ab67edc_JaffaCakes118
SHA256 90ac6a6e4da3155113ed27847589d9122341c80b73d1c62f008f91cff43cdf5a
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

90ac6a6e4da3155113ed27847589d9122341c80b73d1c62f008f91cff43cdf5a

Threat Level: No (potentially) malicious behavior was detected

The file 7e48a4bebc0c04c52e3423871ab67edc_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-28 20:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-28 20:24

Reported

2024-05-28 20:27

Platform

win7-20240508-en

Max time kernel

119s

Max time network

131s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7e48a4bebc0c04c52e3423871ab67edc_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000001ad739dedd37a596917991d6a27fcf1e379d9ba44b6ab5864f1a9364cf81c39c000000000e8000000002000020000000a02dca5965e032dd983e325948082b118c60d5eca9c9e0d8ce19da4e08b8f05820000000046e226c6f75a0fa54306b26aca925fde0519c2707d449ad0fe7bfa78988550940000000dec66b6c743e57ced452bba9ee035ceb181afff1270e2d3b62dc669ce427727217c6a277d9acdb1768348ecb1cf0fb6f1cd0280c81c3b452eb0a4d5c660ad7ae C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423089753" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{529DE551-1D30-11EF-A538-5630532AF2EE} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20b488283db1da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000004ffcd65497692620034c6e5213a9589a1239ad44f91d1cba0f767b4575c90d4b000000000e80000000020000200000008ce73e6293c5808f8bf94f1eead3cd6aa5ce04bab4c02ad63dd105271865487790000000d20d1ba588d60071846980d72bd6197db48e59e8d2411a8ef9bf62ecbe368756e79f8575ae889a7471b832e48b71b9d084b96a5788e7a5b30eadd1803beb7822d74c0800f54f698374d1f011ea5d0553bf2f25e5dd2687ca2cf823e1c0600ddc9868dd9b1fb7197f36837d99bb51e7fb66e5e6c0d98c1b4e56c62ffb2fe2d7a0f3a7ed3f10fcd2ca8a529c99b9ec012a40000000b44786e28bb2e0f35bfb0ef967df45b1f26d1cee73eaa84dd202023ceba92119414c9179565db915b1f294765df05d99fa4d44c0f2c937da10296aceae5ece51 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7e48a4bebc0c04c52e3423871ab67edc_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 bloggerstyles.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
FR 142.250.178.142:443 apis.google.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 142.250.179.73:80 resources.blogblog.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5b17d5ab5560184463cb9b8b8e334e56
SHA1 29d6c4803221125d24778788c5c8d3a713340abb
SHA256 558b29dfab794d977b1583069c8ffbf0749a774d59386577658d62afe41ea58d
SHA512 bde9130a14d13ba19f3735c6d6062c53e4d11265d387e6b186bc05fcb92ccede56711d061415331d9235bc182f069aa15ae4428dd2b810af7ac19c504ee7c935

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 01a4c74c4c03d855f9f8d49e5da5e081
SHA1 4f0b97998d4e8229aabe42f1d080fcc74f2d1d01
SHA256 910210ed3ef9c026834df6bff106be0b761cc390c65cac2bd4138fe8fa2b081a
SHA512 e8a53346f11f89642faa33f8776c72a5e0582c8b36a99def112ce00a4e2df94fc02e5a9f2abea41914ef0984df8d677b20a64eac7ead0e73d0d0226c9267448a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 91d1a9d489736610d91ba0c783745e5d
SHA1 d7effa412880636c17e6e5f86f1978835980694f
SHA256 51fdce859b53035fa4c5b5c1e0a2b76ad9090d23da467387f3c1fc5b9c10e897
SHA512 3bbca7affbc3e2e33db7e9d7ac3675006a9f2e34de258ed493f0d12d42bd3d0916cb47296da9e7efe3f8848253495b093f790c0c2ca72cf7f3a59daf1cf1ffdf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 d1fe41c2ffcf09f179a67d080391b039
SHA1 da484aa6729490510bfe98df9f88fff73ebe9c30
SHA256 51a769d61fcf05600048e2f60c178adbb57dc0581362fa9f41e62ec788e0bdde
SHA512 77157fc907401cb4cf89ea99e4d23a626eedfb40e84a5f63afe4c2e97f94b0502a968d4dcc45dc6b792361c7fb3f93179db1c194fe03b6eb7a6f5e7082e0bd1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568

MD5 35d4177787b05c412c2bf77cd5b7837a
SHA1 fbd658dff11171fb18b3761554ce1bcab136d263
SHA256 28c838a440a325da201e3a5f0c89510a5f4e2e176e04a8569a5f9f65c0dc1e3c
SHA512 b6eb06e7f9e8c68ef93a3a18de81e0a05a716d7c3ec66f94cdec5f0d42c15822a87a46a942d6f8457c5da95d9fa38b4a1cbe8d1e43b84381f0522e28c97a09ca

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\jquery-1.2.6.min[1].htm

MD5 e89f75f918dbdcee28604d4e09dd71d7
SHA1 f9d9055e9878723a12063b47d4a1a5f58c3eb1e9
SHA256 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023
SHA512 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\cb=gapi[1].js

MD5 4d1bd282f5a3799d4e2880cf69af9269
SHA1 2ede61be138a7beaa7d6214aa278479dce258adb
SHA256 5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693
SHA512 615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7371463aef0180ef662bd7184669122
SHA1 460651918590008e48cb5fb8b48e834bd32b88ef
SHA256 f5ce313908c82a93901a01c1d2b8c875346599de391e46085967c979095f8130
SHA512 d0df06e96c7b6b2ad6e9e962f5e7718bb9f4c0267a42f72f2884a027a23fbcb8920b93cd515b139d80096bc42d8b6178ae926db59c66eba769211ce7ede8c778

C:\Users\Admin\AppData\Local\Temp\Cab2DA6.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar2DA9.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aeb3734bfc9180edcb5d863f4d181056
SHA1 7813489a1c115b921fabefebd8eb70f980aa1d73
SHA256 f4b5db479f77048002010a7dd3ed098a69387307d86a7d870253edd0677a32f0
SHA512 c78c3e5574dbf21f351452990c3edc9666b78dc17d1e41fc2ad2d97c3dacfa2585abcde272d5aa97aaca6c94e42ecf87f4a531b44c5e99f8a2cf54d2c1e73cbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c3b6b29b0c93a11783e69285c1c6689
SHA1 062aa315b936742d03ef8f513356832c7b1ce14d
SHA256 22058b2b92df51abce534734e3a174988fef7f4e6667103198b148fdbee5a866
SHA512 ee10437a0a86ca636d0c80d2cbc7c44860b1d5c051548f19a5c01af3068dc92f001cedc255b6f47ff61c1ad073fb6a0b978ef3a2a5939ef4e358f06f1edfb754

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14390c73f20747b1953a826d232a8e41
SHA1 c17b395302cbf6e61a3508832f0f44618c22d8ec
SHA256 1eb9da69f657eb8b02748c601a6214fbaa0ddc395e23978b6e078929a4e9df4a
SHA512 66c48ce1f4f7ef84588bd9480ce8fa411ac8899a28ceba3ce40701142d17f5a46fc54f806656960d4d5705c375c5d858f0ff3408f11e4bad300723b6ec4c8be9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 322e2912ff5a675730f5b3d8c09387c2
SHA1 0472120760e703ffda8df3b6c365a2eb8a527ed2
SHA256 64eb4b9a116f1b3190b96cb1f907acf6ce0587a62bdb4f8ade739d2f4c2f1f47
SHA512 f223c29be2dc8ee62b6350680e3041fab28460831d5b077e47d6869cb31fd9411ecf9e2e224ecb2d8f8e47a4ae3094f964e7f0431c158860831000ceececf0cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9eba7d7eb932ab932491b2305bd4ac59
SHA1 4e4ee8f249bc8e4dc1c8a986e55b660217b6f813
SHA256 16c19e49746b4b3b8300001ca3c682714fb79c41620e556424c53ca8e2cbf898
SHA512 da9c794d9fb8e0ad68775cdf34e1a2dcbf33854f727371c740ffb343ae4c6a1f072e85a0e5384bb225cccd064394a096b9635cb3d2c43642b67a6d77d65a531a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f4a146681e7a4ccd0586ae263f9a467
SHA1 96b5d6cd9460fd063cf18986cf946de794552c65
SHA256 f7b3876b2f8fa7f27b969d71e552ddf21637d1d5eb024fa6aac4ad94df29aa95
SHA512 700a4b61c63fd25dee3845dd6f7e411a8a04d8d35b81477ce66eac6d334bb83e7b519048d0b9dadd3040a08f4653161383892211dcd650ee81857f53eae1f5dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 edb16752e311058b0cbb653a212ddd53
SHA1 83b50c21b7e5b2ebebb0032848bf096a5649e5fd
SHA256 07604f8dbf1f11621ef2640a5c89ee5eec08af1af1e594d29154126e6579b112
SHA512 6c45fd61734d0052bcce37e6d2be3a945d072ee51140bb57be2b2b01d40573c104abaf8b5573cbf5b834b21cbb1e7bff496e8ba533973abb412e18028e03b612

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c376f98ae5f8b376be97b896c4ab516
SHA1 2b04dee083ec2d4de5c90e1ef75b412e9ffdb83f
SHA256 6a20495dbc59a0867748c36031f45ad3c83f7d5881724b0e37885aa46781231d
SHA512 6dfdff388ae962e71306bff40faff1aef9f4c4f9ce57107f6369b550aa77db8fc351fa2efeb00f8710c6b3861118979e43b6443fac2dbd19c2de4c6b8861b1d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f840982bfd2f693e7423f733d54b541d
SHA1 57276d36e187d704351fde7cfbea7add07b8c4d8
SHA256 a17fdf0d21e4d9b2280fac96b4fda4d51525d8a8d7aee57f3f52cf318365803c
SHA512 5de291a7aaa5b31c222d59c8f485fc2cc4f7f76390b1cb169c706b76edbe4ae449d33c3312d863305ec709ae947accc8e85092570579fc5a02fde1a1c223e08d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db876136b1f2c5fa8326e6252e53950b
SHA1 1d3c98b92206cb82c39b74972fd6214b0a6987a8
SHA256 96fc64e32ee1f07070200dc83fef5376250ef1f8de067ec3f6bd0e0b387098d3
SHA512 cd8324487441c6c9932765b828d6bee87780291d298164bbd18ed5cb8d0875f531867fcf931b9e643e17dc5256de076f452a154ac71806825d6a0a9676688b15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e1ccd2e077d5121f76fd07fc4d35b30
SHA1 17dc6e97e8e8ee5326b4e948a45da667203dc29d
SHA256 004cffbecb71793c2042a936d94b7d9eb982805c7e6166efe112a3499fb9c42a
SHA512 1df18d06bf4f926edbb168ce1d316374bc56b9d88c800da17e1f182c2c847efc5356b4291ab76d7298fd5f718b3c7304929669e10c9ac471159a2ef0834d0ebb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec0ac4fc9984e22ec742c3a8aa562970
SHA1 78fc8ce85ddd1cc3ee64480f3ba297c133b6d3c4
SHA256 108e30b525033297b6f6239a6e0da74e1ce90cbe9f36dd14fb0f610ee8f52334
SHA512 28d0ddb261df49513d4cb30a988dc6452a3cd0f5d1d28f005a9582ea43a715888cad8fdea7bf12e3669c3c6eb9587baa02d3bdbcb9e496a7808615bee0ee80dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4490e2910e724a6b62399fa37d5e09a
SHA1 df73a25356f0bd1105820e201f1c58fe9b0919ac
SHA256 1b9f3ea033f1d4445e2dcea8b50fd12482c91ed8d8a59ba48c1f40c57c61e6b3
SHA512 bd478780507f4f42a649a845fe96f8d5138956a9abdcde960b057e064a2829449381afc95a944d39653497f60a2e455c38b0009c800f751833a99ee7ba433b45

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a13251388e20ab5f30184c9b28a776b
SHA1 447f5e99d8a2bacc9d09be6cc54fa51e0072f543
SHA256 412cfcec68dac58f85767ddb91f11eab5a61e5c4c0bc7899a51c8540d7df7abb
SHA512 34af0d73c0a6717c45c8a204fb8d38272e92927e79fee400c1a32eaceb8b2df4e3f68996beb23e4bcd3eceb57b2352818becabdf9f671c5ead7e9eaf14cab853

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08edc282e41fc9df606d081f10a19eb6
SHA1 f08365b2167c839c661cad2bdfc33829e9d2ef77
SHA256 8b03ffcfce701d6c1f58cc9ce205f0a4d8c6bd97706f1481765afee092a01587
SHA512 703f834a05b7270c8ab9182158ae16b03b1b08bac9f29791c5596205722ce4be10b9b26ba126c13ea77378a406d9853c1d07240f315597199efcdfa808d7a25a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b11f184d649f7c68c2b00ae9bc3c90ac
SHA1 285d4093a4dc075dbebbad4d834caeddbae7a871
SHA256 6ffaa102d6e5e1b94845c0c2ad45d5ac172cc7dddcf63cf4b1f15f3a9dd51fba
SHA512 c52222d68ef6b9a02299f9e8052c1ec9cbea2352dc378c41f5e74eafe36d018672dc804c0237b4c499714941d91ca4cebbe1ca04184da025334ec180d217bcf8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a68ee67af315cbf82b87416cf6d73fd3
SHA1 c5e494d462f9975d96b4dd89304db8e983b11471
SHA256 a5839a506de4a09503b92c59b2eb20189fc41b1e718a5eeb5437353437d1b18b
SHA512 dd97f32208c08e93fd26a9c29b6bfd879763a0ca2a72f471bf43d2321a6d22fce42e8df1cde523c7bdf56996cfaaf2bf5e489b401bd8b9fd3d1c6d59243550fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 798330fa4b397959c214b62cf3b2b73b
SHA1 6106da07fec54666e95f8f14b628224d2c75c290
SHA256 b714bef7e19adf6670c5b82b8cb145ba63c7962aaff2308b138efd593e423880
SHA512 0b3017bb13f1be00565c2664f242e664a4059d6afe1113d91dc1e61adf116d611bcda8b0abe71ec10978414cb0dacb5ff8b9e1a7f27e7e7d389ab9460225e2b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd2d5ffd9a5dbe754a0452ca668ad07a
SHA1 651c3709a8c13685abf8ab4e399525d219dbe353
SHA256 d0e70b306aa3d4eb932c82cb274beebb0686f8826158eeb001203b3f7d7ea169
SHA512 b8120c3b011d79fa168c0ba0833ae1bcc99c2b2882c1326d71f61e3e70c78bdd0f0513ed4288cf6d9059e8aa05829a8fdea30c6db159e30b6bf47abc890b016f

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-28 20:24

Reported

2024-05-28 20:27

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

139s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7e48a4bebc0c04c52e3423871ab67edc_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4760 wrote to memory of 3576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4760 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7e48a4bebc0c04c52e3423871ab67edc_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe40aa46f8,0x7ffe40aa4708,0x7ffe40aa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3124 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 bloggerstyles.com udp
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.73:443 www.blogger.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
FR 142.250.179.73:443 www.blogger.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 142.250.179.73:80 www.blogger.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 142.250.178.142:443 apis.google.com udp
FR 172.217.20.194:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
FR 142.250.179.73:443 resources.blogblog.com tcp
US 8.8.8.8:53 73.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 190.130.33.3.in-addr.arpa udp
US 8.8.8.8:53 193.20.217.172.in-addr.arpa udp
FR 142.250.74.238:80 www.youtube.com tcp
FR 172.217.20.193:80 1.bp.blogspot.com tcp
FR 172.217.20.193:80 1.bp.blogspot.com tcp
FR 172.217.20.193:80 1.bp.blogspot.com tcp
FR 172.217.20.193:80 1.bp.blogspot.com tcp
FR 142.250.74.238:443 www.youtube.com tcp
FR 172.217.20.193:80 1.bp.blogspot.com tcp
FR 172.217.20.193:80 1.bp.blogspot.com tcp
FR 172.217.20.193:80 1.bp.blogspot.com tcp
FR 172.217.20.193:80 1.bp.blogspot.com tcp
FR 172.217.20.193:80 1.bp.blogspot.com tcp
FR 172.217.20.193:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 i.ytimg.com udp
FR 172.217.20.193:80 1.bp.blogspot.com tcp
FR 172.217.20.193:80 1.bp.blogspot.com tcp
FR 172.217.20.193:80 1.bp.blogspot.com tcp
FR 216.58.214.182:443 i.ytimg.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.178.130:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 142.250.75.230:443 static.doubleclick.net tcp
FR 172.217.20.196:443 www.google.com tcp
FR 216.58.214.170:443 jnn-pa.googleapis.com tcp
FR 172.217.20.193:443 yt3.ggpht.com tcp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 238.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 182.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 130.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 230.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 170.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
FR 216.58.214.170:443 jnn-pa.googleapis.com udp
FR 172.217.20.162:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 play.google.com udp
FR 172.217.20.174:443 play.google.com tcp
FR 172.217.20.174:443 play.google.com udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
NL 23.62.61.161:443 www.bing.com tcp
US 8.8.8.8:53 161.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 amazinggolflies.blogspot.com udp
FR 142.250.178.129:80 amazinggolflies.blogspot.com tcp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
FR 172.217.20.174:443 play.google.com udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 172.217.20.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 162.20.217.172.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_4760_GJTEJJOMERRXQAJU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f9d4a2066ad634dd90e93d1ed2444fef
SHA1 d9b771c0ae96a3ef271dfba29493da2d3eac6ef3
SHA256 076ed0bccf8d48724a4f6735ff519078c4c760648a1d2296947c5764925c325c
SHA512 a4e9be29ef568041f6379a19ef0353d91f348e754f6c45d0f00f12d0d400c704c52f3f2c9f3fd331733fa4f7d91ab3782b7b1ca1f6322f5202ce5952205af1f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8d84fe162d546c454fa1906385c93482
SHA1 e2110962089f72ebc62e99449ae4d45d2c9391d0
SHA256 297eaf79254e3d2586bcbc77cdb5dc2d78b7b40fe1ecea96dc7e7d538b055f9f
SHA512 83161f3e219ee749f422da7e415bd09165ab0474691beac3642b44cf25d82dac05e0887f0f3563597029d536a262b976afd546bf428b6f9085c252715cad1412

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a0ec4abb0b889a9ffef885e3d7d852d3
SHA1 401c7bca310444b7dfc19a6209b8bf10a449f06b
SHA256 af99ff3fca035c6bbb312bb2f9f68673bc1acd915b8253cfb0f19bd8cc17ffd5
SHA512 65fe3161b236551f7c6e3d781cd30727ca8d6959919da3688735f712af1a77c4691813ea239430e1254bd5088d71cf9aad51c2b7a482ab2780a99a1041ce6645

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5d8c5ab93fcd3fc32ed2ef21d7e8c87a
SHA1 081d1d1f5375a116a1fa7cb1bb78a197f132f314
SHA256 fefb6d90b7b4b25c3ede07ed3be7e6787273ef2a10ab3997dddc8478a8160622
SHA512 930ce4dea0881ff17487c84eb30f28830ffeb4c288020f82c8649c0c2534d6842332ad9cccd0e29d3f059fe8ab228d55b775205004309e5214c72025bd47ec57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cf5e24374083b3d00e6432083df92ce7
SHA1 339c29ea3695aa016648e6980c4d94714b017336
SHA256 5daac53fac495f86c57b088cefa5825424fbf30e67f0e3b34f26ab43e21046a1
SHA512 6c926d17d5b7c95b2d53396dce1be8e4831c4bd8e0edf5282aab378a0c087ded791652ad6e78f6053faef16404c1b801e1985061fa9d1bf96eef7c129695931e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6b934a61505f17c9197f1621c60e8cca
SHA1 39a76ace6b71451eefcac21356e6f20a9daed8d8
SHA256 bc57b060d2e3a2eb39d740489e5c25e5af127877998679eabda2b3c0e6d17afb
SHA512 5300ba3e42221013f54a53935f1aa5121830a755564cd34e970bca663e94d40098e1ab4542ef7eb4bf566e7c3157fef6f2ad182f724fde99e2f30f44ce5c4fd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cbbd9af816ad4a03b6ca36fe6e9a8013
SHA1 1b5bb723664462863daa13425e3c53bdf8c6380e
SHA256 10b5b8997bd54ab78ffb571b95d6cf8c1ec70d3d0454e5503771c194afce3b1d
SHA512 3f5727edad1a89430ef6539cb446941f6e16dbbfd6cbdb12c056401680beb67d2eb7060eb887c54fca8cd8092f92c024f9e84322179cbe79e327b5e314ef2e2c