Malware Analysis Report

2025-04-14 00:16

Sample ID 240602-hhxpjsee99
Target 8d32f933ecb721b5ecbca67a83185cd0_JaffaCakes118
SHA256 988dc9dc3fe925e6c1e423622a6822a3c77c0a173ab89ad513e035f983590a18
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

988dc9dc3fe925e6c1e423622a6822a3c77c0a173ab89ad513e035f983590a18

Threat Level: No (potentially) malicious behavior was detected

The file 8d32f933ecb721b5ecbca67a83185cd0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 06:44

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 06:44

Reported

2024-06-02 06:47

Platform

win7-20240215-en

Max time kernel

144s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8d32f933ecb721b5ecbca67a83185cd0_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423472558" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 700e897cb8b4da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006197fbdf1a2689468efd8c36e6ad51b500000000020000000000106600000001000020000000134435010f4966081c78030390486ed6f8668c4026bcbc957e868a2b372f0f0b000000000e800000000200002000000063e00d498efec7175b1ba20d199d22308d97e09fbf9b03e24548ad09f6e7e090200000008073e6177256502dcd3d59a1c45d7797ec528dcd6d442ac94148db7cefdc39e14000000063553112833897a74a2d71e1da634f48b175a0d847b91f4d18596546b478ef6eb724732d1b29d97f3610f70f7033f680f356361f95cb4df2c63c19de23fb14ea C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006197fbdf1a2689468efd8c36e6ad51b50000000002000000000010660000000100002000000055b6b0598790016830fafd0430d56d52ef588503f2db1368b3122fd43e18d570000000000e800000000200002000000035469d9571743a5061aff11028c1bc8ecdc918a7acab225ed0afe938d8a286e2900000007eff3a38fb7ee185e0e8cee7c5489f903a29837d230d5c8c86506c72ae29767c9f09d13cf4fd3ad2b62f08f011d0acb19c114a37677c78bab27569855e8b845205be9adee0a93008d3da42d91cab812e9d24f3ab98d86382c909d472fe7d66120c8a6a0ab67832278629f70a19f255a45ec014552f80a5339ed45e9af0abb378829b87a4dd92038a47d77f194b92543f400000006b6cfd91033fe2838f325971a49fa1281c25c1ae44f9b15df1f02ad3d85d675fc66266919f564913b0da896287c3df0b9bc4f4be0aa580148c81d32452a871ea C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9C28D991-20AB-11EF-9AB8-560090747152} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8d32f933ecb721b5ecbca67a83185cd0_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
US 8.8.8.8:53 generalkeywords.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.aplusfreeware.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 104.21.69.14:80 www.aplusfreeware.com tcp
US 104.21.69.14:80 www.aplusfreeware.com tcp
US 172.67.164.56:80 generalkeywords.com tcp
US 172.67.164.56:80 generalkeywords.com tcp
US 104.21.69.14:443 www.aplusfreeware.com tcp
US 8.8.8.8:53 www.dvdvideosoft.com udp
US 8.8.8.8:53 www.qweas.com udp
US 8.8.8.8:53 maxcdn.top40-charts.com udp
US 8.8.8.8:53 static.tezeal.netdna-cdn.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 youtubetomp3-pro-free.com udp
US 8.8.8.8:53 www.softportal.com udp
US 8.8.8.8:53 www.easy-video-converter.com udp
DE 95.179.240.76:80 www.dvdvideosoft.com tcp
DE 95.179.240.76:80 www.dvdvideosoft.com tcp
US 172.67.200.113:80 www.softportal.com tcp
US 172.67.200.113:80 www.softportal.com tcp
US 169.60.148.123:80 www.qweas.com tcp
US 169.60.148.123:80 www.qweas.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 mizonpost.co.cc udp
US 8.8.8.8:53 resources.infolinks.com udp
KR 175.126.123.219:80 mizonpost.co.cc tcp
KR 175.126.123.219:80 mizonpost.co.cc tcp
US 216.92.120.46:80 www.easy-video-converter.com tcp
US 216.92.120.46:80 www.easy-video-converter.com tcp
DE 95.179.240.76:443 www.dvdvideosoft.com tcp
US 172.67.200.113:443 www.softportal.com tcp
US 172.66.42.247:80 resources.infolinks.com tcp
US 172.66.42.247:80 resources.infolinks.com tcp
US 169.60.148.123:443 www.qweas.com tcp
US 169.60.148.123:443 www.qweas.com tcp
US 169.60.148.123:443 www.qweas.com tcp
DE 95.179.240.76:443 www.dvdvideosoft.com tcp
US 169.60.148.123:443 www.qweas.com tcp
KR 175.126.123.219:443 mizonpost.co.cc tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1872.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar19D1.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2080f758ddbd85a201c20482496c0af3
SHA1 3f081f5f79aab9e9cee4fbd6d5911c6e946a1c2a
SHA256 ee7448564469e9123b34ca7e9dcbba15a443d3e543e2aca88e5950aab2c4da0b
SHA512 139419894946e0ecbeaeab3ad7ec6bedc8d7d12ea06975be86802da416e49bfe5d71ca89e991c04c84d033559ba2a93d30878a23ae6464a7c8c38349f92363fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92609bf739af01305cfe2857578d5b0e
SHA1 446f6accb65765399a9e5480b60427c6fc87dec3
SHA256 cde9ee83999888db9da8c038ea110c8163001e3faa0d925cbf298153762a0732
SHA512 291d8970199f8bb6dee5a488f4cf494389c6b859de70697c49e7c8cd1b5375eedf0bddc7a7db779579c27115d637d67aa1513662240bb01db9aa3b045966fca9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 364a7ae22058f4cffb4e342518cc504c
SHA1 3f211e8df11250261f2d8e21348a88ef03ec1656
SHA256 f6a55517853654458f3e461ff11b3997de366268a3b0f4474d36595c443d18aa
SHA512 5fdc51db7114d56f772899a8ad995efb8e4a542eabc961ab084b207bb382df0afa397da0a3aee34f9e100fb310d67c0dd133660ef7b26a608061b7313d9b52c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da5ac3c1155303c70500cd2782d00551
SHA1 15b4a010b7e784393f131e5f34c8cfecd5b2dfed
SHA256 01185dd5261b53c3e1187964b14f48e1bff15b126a0777966bc79f4d9bcbea60
SHA512 4f773aaddfd09f8a8c18ca5dd86c3d19bb6709311fc81d809e104d09bc8957cb4301c332ddda9465e42d18eec4efa6907bd2d84fe5b5c6ffb6abea8ce47ab25f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1fb647b35056a70025b26278929b4441
SHA1 fd3f52497eb60b751efff8f0e08b4d3fdf47120e
SHA256 e9ec563cabda4fd166ac79aaebb6f51988de9597465041dd630570b52218c573
SHA512 1c507d1dd3b9cfaf79417621229b249afdd2e4f189d42bd1e2e4fd1fc4c793e0133fd24ab99e1adc3f66ea3130eb6f81a9b47f42b1cab421b6b90e108d90c276

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 044fe67a353911faffeda469c863ccd0
SHA1 0bdae877468d215193b4bc0694985a995ed5a695
SHA256 a910d55d0b44a763dc5499c72751a1b2f2186e7c22b357ca1602ff0ed9ca5b0d
SHA512 dcbde82aca4e0960b9cf6d467f6a42ddffe995fccc054c5b77b0e8303d593b2bdbb6e4d0481d49b4069d01fa2dc67b9f996afa4902db10918145e56632a002f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1fa184a25845b2a87bb35bce44e73b3
SHA1 fb0f0ed7751e87baeac3a90d1d533f218f3b9719
SHA256 9471422328d6dfed6a08583c07b9444e78d89b31d6561c3a1d27ee3e5b23e28f
SHA512 82f6d1732f4274ddbe9f91e31bd264a2ec71e8bd2148a81f76e84c1adb0e0a5898edb1408065681da26808de63c2b4abc08a125843fcac348206068b6dfa89b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42e54beed1e78b183b79c2122610fd3e
SHA1 94bc10365768524bbfeaff50fa72fd7fd9b01686
SHA256 da57c58c3c428779fb63c6a98dbc75e4b5e3c4813804f57cbad0308bdb3044a7
SHA512 85350838df4c055a7fde9a2de0214ac6c67bef923801af4e82c1e57b018ff7416c0ea943719acc3adbd06a9b56ba92f32521c02a685cb544aaab636cbe0e9c81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b851fcb4e34261a2a8c66d60859c6c8c
SHA1 44a8425b4f3cd3b45835cdff835afe2656dc1001
SHA256 c880cce7e912ac6b3aa6707f4df4fa0997c52598e7c8d2988f34ed9c57d2bf25
SHA512 425e8273220cf3641f0fdd6f15f1cf8068186dcf52995bb008ce6c21dce78a53249748c5bcc1edaeffe92398dd024801889616c6c0f203fd3ded9f2f50987fd4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a13c919c4c99e1dc296ca639a771d5aa
SHA1 8caac8815dbda6ef33567b1fe1d0e8949c965cfa
SHA256 1f9143b2dbda82a8cb2563a34bbebd786c58d296439633a7654926d112962a92
SHA512 1759f6161b388312f546b1a49673a016bb480b2c19f2d2ae87b6a66a96ca07a99f76f9bc6c1c3e738daf49b197559f3a1c8952c25431e503fe82507c2496d93f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2be3bd08b1a68684a615d1f3a24f7840
SHA1 e9c775fdec0e1bec2548c330d0eb1bea21e30e30
SHA256 54d5665d838ae05d2722afca65834de70554d5a2c8a7697f4d3fe4977e226c23
SHA512 f27c1380889eadcd0cffcd7582059b620a9673f7ef94b0d608929c79a8ffcd2e43d0e409f8b4e83312ed62a7a9dc01d74624f9410b9bde47e63a6d9c29e8b255

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 870cd77feb4fd7b77a1bc5bed92b3787
SHA1 65a658cf1100f4b7b7a68d2f45a1b4f5a1f7249d
SHA256 00ca2463c42c6ebd129ad531a3e4fd5fcabfd31ec869bb545be2ac94c1407a15
SHA512 46a371762f8c6a565be2a42c49d55570cd5b39967e66371866d0d31e91d4998c87426348ac7fbbc1f0e39ecd3e8264f97ce3a343644a5b5a7a67f961886a5d9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97b71c821dcf3c8c746aeabd60cb08e7
SHA1 7ed54b968a0fdcd9c1049fac143c8d5e3dbdea3a
SHA256 618525998c8dc51ef5752da829b3221ada4636d6686c905f5c95c9b85442a15c
SHA512 ceb1ae7b062b398d05b112d2839de0eca33c8fb1bab979abf7380e46151b98e8f819870fb8e3c1c0477d82bedce192220167d90c95b8ce66c55ddeeb4d018e0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 6e9534571c53db76eaa19cff9d574079
SHA1 2a251fe7634d27b23cc86f8ead1c764c6c1f2135
SHA256 971a9976bcf639dae867f92b82a54d3a98e30f2cddda50138527527df8a713cf
SHA512 5b5d7cbdbf33395f358949ba4b998fcac3cb1fb235304d50d8b8aa17840af42118a44683d018d716f8cff69f5269a00aa06a0e634ae5d885a03b9baaa0001d44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 610cb742d88768bcad00d4261de59500
SHA1 9b98317bf66b3640777b832a23a6b4c30345a672
SHA256 f81bee65372f843685906216ee097b85829cdaea0e6c804a16b779f8e05ca2ff
SHA512 d5885923da938e195c355dd2265f01085aa131afe6e190bf8862f853244665738502b0dfe558ba74b28881005d65ffd6f8486a2e00127841ac0fa22a4bf717b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a780e868bc77981a4927173b94126f6
SHA1 24e8d8a2013a45393d6196552f2f3ab57527e069
SHA256 6f751d6ca40f9d91617cc6486d801ab39d4949746a18682164c73f5d4477661f
SHA512 063e29d19a61866fa7ab2516409ad90618a6ee2058d4448b25cf7648028989d8ad7e357af59e4eb99dc8dcdd5d75e0ea96637867da3990841c7e107bb3644164

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8305bd93f8c5c22f936b35cdd8078e5
SHA1 e675f4f2a6033fe5514828e3baca48255e7e1c63
SHA256 bd33e13cd72914bfc2fd4077b38fe58b511f2266c80ce5967c8d094b1d80db99
SHA512 e8af8e7854c7eda4ae726f77532d3196f2b14883071fa3fe41c8283fb03d98e9eb11c2c3ae94a792c6fb2e62eb1f2bfeb9d77675a6c732f3ff5283ce6127a7ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e187ff331190023aa10190f4bd69e82d
SHA1 416d15257c63f22736fe38654b05b4033d464892
SHA256 3e5b8eabc37660c48138928778127e909f851ec9e57c40a95a07ad6a3c49cb9f
SHA512 3efd7835de61ab247cafdea2b6653270d42eb7e49c2beb2e80a0186ab05384f8589f03800cacd900e3fdb10a20befc35b8c2b1d2dcd9f25f7320d2ec208b1574

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 214b05cd1296f8df14473e8fa18448ec
SHA1 ca80e2fb40424292f9ff6f9a3a579c17ed252df8
SHA256 2e887f44b291cb97e5c6afb697707ac5a55c2758277ec96ce151cb2720465dd8
SHA512 7e21e77d9794fa87651fdf155a41fdbf571d6c72b67998931fe9c912d123c6bf9a3e48cce4d98f035506430596f6e6f48c98fb01319a4ac0c1d7386281b6942d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 835d5a2c7930a575ff29c33e1f3a9052
SHA1 03d92b6ea0f908955dca41ab95300499cf693aea
SHA256 1c8236b75109ce451c749753e0debe3d34cebf3a094bd432dd0d5aae31fd114f
SHA512 8d823775345a8e98877a94efa347066e942a86ed60dbd70afd245975d24b5641787c4f7c3e801256ac0d9cf08a74a9f6637bfc49720bff3c6569ebe9f59caa62

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35ac5d3785f1149aa42ae558d4e6073b
SHA1 fc8a19b4531cbc3b54d4146634704923d0e3c81d
SHA256 6ea307c5f8ce87340934bfc38d3008887f72bfd5eb44135f1cfcfb227f7dbdba
SHA512 4afcb648de82b208f7795a64c54bb7f7f908d544f319df9b99470d59fb8cb9d45d86a099ca6e87207e2abf3f84c43139c994c340fae165fd44666ef3b9956f29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b10afa8ee98ad703eddfeea20474d5a0
SHA1 ea1321d379f2aef57dd9230b6e1fa6fd9a9bb1db
SHA256 24c67861a1030c2eafc0896ac9db144d626f766498e06cbf19cab7ef64a6fe8e
SHA512 0d7656aacd43780f020b5232fb6a463976461b55fad3aee30ec6e908010941b5d3693f6c07c9cee4138d9515b85adca4b1df1db35c5629ebd54bef1a37bd11a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55056fb91c40cb17be210f6e31808dff
SHA1 4e6476e7c697a202babbd33ca63033d1ed0219d2
SHA256 b435eb262aeeedace3ad00ce049f446d5e33e3a850e7b270a442123c5579705f
SHA512 23ba13b5a0480aebe081bf844ef22b186ce38f3eace4f407f404658f39ead356990ed9e7cd9c29a3473bb6b6f3300aa1f1b59461d252dee6a2971a1756ce8660

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 06:44

Reported

2024-06-02 06:47

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

142s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8d32f933ecb721b5ecbca67a83185cd0_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4800 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8d32f933ecb721b5ecbca67a83185cd0_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe902246f8,0x7ffe90224708,0x7ffe90224718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5684 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 maxcdn.top40-charts.com udp
US 8.8.8.8:53 www.qweas.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.infolinks.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.dvdvideosoft.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 generalkeywords.com udp
US 8.8.8.8:53 www.aplusfreeware.com udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 172.66.42.247:80 resources.infolinks.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
DE 95.179.240.76:80 www.dvdvideosoft.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 169.60.148.123:80 www.qweas.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 104.21.15.205:80 generalkeywords.com tcp
US 172.67.202.148:80 www.aplusfreeware.com tcp
US 8.8.8.8:53 static.tezeal.netdna-cdn.com udp
US 8.8.8.8:53 youtubetomp3-pro-free.com udp
US 8.8.8.8:53 www.softportal.com udp
DE 95.179.240.76:443 www.dvdvideosoft.com tcp
US 8.8.8.8:53 www.easy-video-converter.com udp
US 172.67.200.113:80 www.softportal.com tcp
GB 142.250.200.14:443 apis.google.com udp
GB 142.250.178.9:443 resources.blogblog.com udp
US 216.92.120.46:80 www.easy-video-converter.com tcp
GB 172.217.16.226:445 pagead2.googlesyndication.com tcp
US 172.67.202.148:443 www.aplusfreeware.com tcp
US 172.67.200.113:443 www.softportal.com tcp
US 8.8.8.8:53 mizonpost.co.cc udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 51.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 247.42.66.172.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 76.240.179.95.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 205.15.21.104.in-addr.arpa udp
US 8.8.8.8:53 148.202.67.172.in-addr.arpa udp
US 8.8.8.8:53 113.200.67.172.in-addr.arpa udp
US 8.8.8.8:53 123.148.60.169.in-addr.arpa udp
KR 175.126.123.219:80 mizonpost.co.cc tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 169.60.148.123:443 www.qweas.com tcp
KR 175.126.123.219:80 mizonpost.co.cc tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 router.infolinks.com udp
US 172.66.42.247:443 router.infolinks.com tcp
GB 142.250.178.9:443 resources.blogblog.com udp
KR 175.126.123.219:443 mizonpost.co.cc tcp
GB 142.250.180.2:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
KR 175.126.123.219:443 mizonpost.co.cc tcp
US 8.8.8.8:53 46.120.92.216.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 219.123.126.175.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 cc.cc udp
US 34.222.63.225:443 cc.cc tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 use.fontawesome.com udp
US 34.222.63.225:443 cc.cc tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 172.67.142.245:443 use.fontawesome.com tcp
GB 216.58.212.202:443 ajax.googleapis.com tcp
US 8.8.8.8:53 225.63.222.34.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 pcp-img3.cc.cc udp
US 13.224.189.56:443 pcp-img3.cc.cc tcp
US 8.8.8.8:53 pcp-img1.cc.cc udp
DE 108.138.7.84:443 pcp-img1.cc.cc tcp
DE 108.138.7.84:443 pcp-img1.cc.cc tcp
DE 108.138.7.84:443 pcp-img1.cc.cc tcp
DE 108.138.7.84:443 pcp-img1.cc.cc tcp
DE 108.138.7.84:443 pcp-img1.cc.cc tcp
DE 108.138.7.84:443 pcp-img1.cc.cc tcp
US 8.8.8.8:53 pcp-img2.cc.cc udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 245.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 56.189.224.13.in-addr.arpa udp
US 8.8.8.8:53 119.82.161.3.in-addr.arpa udp
DE 18.66.147.27:443 pcp-img2.cc.cc tcp
DE 18.66.147.27:443 pcp-img2.cc.cc tcp
DE 18.66.147.27:443 pcp-img2.cc.cc tcp
DE 18.66.147.27:443 pcp-img2.cc.cc tcp
US 172.67.142.245:443 use.fontawesome.com tcp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 84.7.138.108.in-addr.arpa udp
US 8.8.8.8:53 27.147.66.18.in-addr.arpa udp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 172.217.16.225:445 themes.googleusercontent.com tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 172.217.16.225:139 themes.googleusercontent.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 www.blogblog.com udp
GB 142.250.178.9:445 www.blogblog.com tcp
US 8.8.8.8:53 www.blogblog.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.9:445 www.blogger.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 allmp3playersdesign.blogspot.com udp
GB 142.250.200.1:80 allmp3playersdesign.blogspot.com tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_4800_KDBOJAYITNAWPJVP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 13113c470c803a5bb5d4397dcfd00e3e
SHA1 94c4c70ccaa6906e081bd3b996d32bdacda6a664
SHA256 4bfc128ab0c7e67594192c3135ef59258e3df27b4ac8b9577f84076d24685f87
SHA512 695ca5e93ee97efad8d7d7c0c645544ca9b2e4071384f20b7f040fbc7fc4697a88b9343baff45cd0475a21550c76caf8ed57544c385a36d6dc69fcdd9d328eaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3d95859b785462dd8e025773c8216dcb
SHA1 ebae30917c6ffa14b3c26cdc40b24b1e7819bc49
SHA256 52c025f4684ab2833c1eae9bcdf8961d048a9329ced01015ebb73a761fe6b873
SHA512 6eabb7b537ec7784cae5f3c1f0373ce8e036f48e21fa06875c1a19996a2f8d504bd78c2b9e5ebbdd5d3dac43f30d76b2b537257d119066af5e872659b365d3bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c07b7c08b3040a5e1d6feae5c48ad2ba
SHA1 f4d1df4cd15bdd53fc886b2dbb44c29757019872
SHA256 fcbb10bc961b936a9d786e0d547cd1c5098674e943c5920b3a7b9cf193f2e504
SHA512 a8f0a45e859a1a4ebb56a570f228a6ee6b0f413449e8b59676763ce45628e259fa52f39ef8d9eb468ef6c8759ffa2bc37519d3c52e4cf419892fa0b001ea2d80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6725e9da1df50f5edff16448e5b908de
SHA1 1b1062765c4861ae2a5bbd39adde16d83d6583b8
SHA256 3791caeeb7253f10f8baa2f24192d1e0b61eff2ab2d1778b2d2600f8e79ff881
SHA512 a56892dccc0486d90ee7975faef6784e50a7d299387fe42a3a4981eb2dee12c83060dd1ab3a4de6d4f0ef862ad8417ee8936180f6c505ba95d31c83498a5e870

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3ceb5f515c3848da183731661e3ee708
SHA1 12fda3ab5f7bc70e4bf637c35e812ffe757b54f4
SHA256 bd4d6ff8fa00a94c448f306661380b6ebc053072ba64a6820eb71a201c63220e
SHA512 2da944b3d9ccb0dcdf29542f022bb2fd5c7cc362b5585709d408bba59817b3819efe01a8ff29bb2cd8ec227a3e677f5762b471eb354e0899d46d711b211ed15f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6d97f17083e2cefb385333ba2bd5dba1
SHA1 14ba926c4d3bce85957c1aa0d7893d0839c4d313
SHA256 fd4d4da75ab2ad90673579171c4b562c4a252e28de1210e348b53ace50abaa6b
SHA512 09324859542bfb1dfb7956e09e85eaab5b816c81aedb65679164d4a584006b6f5b047af9e4ca544c94f3e469a3cede73cd0c427b28f57d3695e15248c6d50de5