Malware Analysis Report

2025-04-14 02:51

Sample ID 240603-jlb3pahf32
Target 90fde6eb5e0f22bcfc5164077aafaf4d_JaffaCakes118
SHA256 b99a9796eec6acd9746ee73fcfdd65798b9171748c9c4f1b946708928fed468c
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

b99a9796eec6acd9746ee73fcfdd65798b9171748c9c4f1b946708928fed468c

Threat Level: No (potentially) malicious behavior was detected

The file 90fde6eb5e0f22bcfc5164077aafaf4d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 07:44

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 07:44

Reported

2024-06-03 07:47

Platform

win7-20240221-en

Max time kernel

120s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\90fde6eb5e0f22bcfc5164077aafaf4d_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007d11e5947877fc479bb1f6c2eefa5b9d000000000200000000001066000000010000200000004cd5dce80069a38a08bea916bfbef90b05f5536b6c39f3c3f9982f856ead92fd000000000e80000000020000200000007ba97717e448c30518dcac410d8e20b620552a4a09ac88436a5c9c4bd6a1fcd220000000fff738d7b492351a28bed61f4fc422d9b2115ed47d8fd24357d9ba5a3c8ea15540000000d0fc4a3c87c85bf458c0c52083f94eb78bad104641975797ee18c59ae53508254bc9d6c91858ef924b6e6290ee905f575854ae7003b160c308738648cb27ec2b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e011d9048ab5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423562569" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2EE5A021-217D-11EF-9891-EEF45767FDFF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007d11e5947877fc479bb1f6c2eefa5b9d000000000200000000001066000000010000200000005fba37ba0e771643998301129424867d9e391fcb6ec2fcee632098da5edc8bae000000000e8000000002000020000000fcd58407a60b4fd1b45c0cd23a20c1102bf70f56aaf7698ccf31948f7285736b90000000e5351959c853527c592dd86ca903618e67bbfef03dbc177113e510f1f383bd9a116c1b24dd275b73a1a3a465405666dffe91b342b7988ba699234d299da8173d102378e7ad23bd2fed5739dad52bcacca7f093dc38237134933558de56c95ee5fc821763494b1907ac73629712bc2acfc32b5668ff15c244346d5c21267c481dae027fbc4c728b35f91714835e98516b400000006b43ff201ffdbea576bfeb0f30d8ac1fda5a7fe9039be9407582acedbd49460e769a4d7abef0b747d7829d75dedd6a22b619557fe29c6c547103b0397f6d4273 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\90fde6eb5e0f22bcfc5164077aafaf4d_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:880 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 consent.cmp.oath.com udp
US 8.8.8.8:53 s.yimg.com udp
US 152.195.53.200:443 consent.cmp.oath.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
US 152.195.53.200:443 consent.cmp.oath.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
US 152.195.53.200:443 consent.cmp.oath.com tcp
US 152.195.53.200:443 consent.cmp.oath.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
US 8.8.8.8:53 mbp.yimg.com udp
GB 87.248.114.12:443 mbp.yimg.com tcp
GB 87.248.114.12:443 mbp.yimg.com tcp
GB 87.248.114.12:443 mbp.yimg.com tcp
GB 87.248.114.12:443 mbp.yimg.com tcp
GB 87.248.114.12:443 mbp.yimg.com tcp
GB 87.248.114.12:443 mbp.yimg.com tcp
GB 87.248.114.12:443 mbp.yimg.com tcp
GB 87.248.114.12:443 mbp.yimg.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab273F.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar2746.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Tar285D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 821940462304458ebb80b589992f307a
SHA1 a1058a878571d3febe63c1fb7d7f653d07f0180d
SHA256 e4204d226c84d4fb2028660791b93c424c316113506075baf22fac7ab92c52af
SHA512 33c02992ed5588eb98507080748e01ba39adb8cf7a2620e695ab0ba2dfb74ac380574971188eb93916ba340a6685886eee97448f9984bdfdf72aa8b2ead8c180

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0266d4d60790a637e2e0555cd5129d4d
SHA1 8003559e3d9454a40ef95b60281c49efd989c9f4
SHA256 e0f77571037d8df3c41f86d5c83bde8094feb9063c707972c8d18497cdce7cc3
SHA512 7bda47d88d028848a4e5594241fdeb0a5ca03c75df0d74f2161464bbf8bb758866afee35c5c3454f399e87a0a2b23f9fd94e5b0c4d71e8749354b22c9bb1d06b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8745d09406bf44060b55f341736308c6
SHA1 4eaa905375b5dba7682e12f16ec27bb1f2cd2386
SHA256 37401d2ac2994d931c74123084348acff8a4cdb6c3a0b0b2cbefb811ee01df47
SHA512 d32de8c42eb62ddc26f76d9fa463b6cab109e32dbd4a86c3035a0d0ea4a52810ba9c9c1e67ae2eb43b4f5d6300cbc02eb06a3ba7bebf73589305ca0e4668cb55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89d8a90316435ea19f5db6693451e305
SHA1 e191e332eb30954cf14a10f85c1dd26a0087b955
SHA256 8fc8d5710dfe4a5e30f9e415ae2e072804d255e42b682bd7d6c0f27765f2208a
SHA512 902dd89248f658f2746350d0347e9fc6e94ee21a1d981ddab7df133c9a0cb22c742778f060519ee69786311582b37c288b1e9295a754b80be4c3eea24c4fcf56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 4fa04c6dc4fdb6361aa8e879f32f4029
SHA1 1fd307c1cf0337abc34addbfbd725d23eeb58697
SHA256 cc380da712b6b92db2b0c4dc52a06dd4d7833744aa6365d879f921a1d5adb7a4
SHA512 408e1cf0d69604534712f5a7954b460e94bfb61d87092e8bd8275f056c7a566d7296d49f7cc9b04780434c6745a8ac7d6542f83aa10cab33f080cfc45dd5c55a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c27b0474bda5379c5ba1b04211e1825f
SHA1 f5fca7be43bea2df94fb38fde269cd3730518798
SHA256 07dbed2423bbfb2d59f535e18e4f607ff54e3a306ad9b62f02350abe76ec986e
SHA512 e0581cb1c7d3efef107446c8a57d63b584c91286fbc24b6e8df336cd02fbf360e75cbc4121711683ec1c70f834903c974752c8728d8f1e1aab32ce1176069970

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 a76c6e423960f9ebbf9e5998ea109f72
SHA1 3c633f30dbe84b7e36d2e07c43e938a8a50b2f99
SHA256 0a01bc32173243b519378af1b76fc878c9c6438d39289b8ff658b4c058ba1a03
SHA512 0f08450ccaad7e8211c2ad1c4808f3eb75700f43a6bda8a28fce6edbb501e7008586d121bf7bc796f51bfe876da41d4e457410dcd6e15b9c1036e1d87244b6f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf8a26ec6edf87db935857a0eacf4152
SHA1 c5bef5aa5cff28438db372db2c9392101d9f5577
SHA256 340bb165a2a4c67cdab18deeef03bdd701f7a892db12b8fd43852e86d5fe161b
SHA512 0cb99d518e345e59936df0fdb73bff81587f1b1dfbf11f416e78a485e347fe1d47c49865f27fec221334c999f30b19482d97031ed7c57b732e1861d96b2d9be4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 893be1ac03eba77c76de5a51f999afaf
SHA1 0895477df1ccc3c5db0ec21ac8a51c9ce732d9d4
SHA256 1c2a20b859ab41fe1acef7ac6eb07543a8a65cbb34a57d07a6142f5504c3c895
SHA512 6c1d524a30b69c22a252409872e6a6459b05e4053ed2fbcf6b983fd2cefcd1d151f12c51562dd5d40dace7bf9bfc5088e7e12b12eb2f634d9694e24b00b15e99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68b3e786aa504101c63ea4a79aa3882b
SHA1 bd8f3b5207f3df2e1a475a87a0635a22c530d7aa
SHA256 98613a9c6d573825d459fa03eac3b87736e0a264f4cfa521a7284af918efb3ca
SHA512 d6e2de5e1c05ea33831b5d1bd3df1dfd500b15be73e58ce0794b9e19509cf83933841b4eb1c878c3fdfdd7f1b6435dcc228e56406f4c6558295d94073fc2dc3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3518c705c270e80a9c0b65891fa495d4
SHA1 765324a26f36ebe587fdc33aa079f64f5aeb29e4
SHA256 8807f026891418deea1daacaa9be311122ddc9212c984fa45440dd391871b23e
SHA512 9b1eaf2b76df4bf01bf59374e609eed3cc8679307a2e3d9d72aa68b89e2eb45e5173cc61f7d4c5dec358ebb42f68eb1ca49ba5583e8d3587a28de6812806a506

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14042194ec7f34c98f617e2aeebdb5ed
SHA1 c79f53cb8354af1a398a5c206c3f8d2468db6b28
SHA256 5b8e5cb556033ec97f48cf28ecc1a29857fb8a3503ce149e156a4af92a09f9fa
SHA512 663c57bfef9844d6d33e965c722116397d2a542d8c9fd7294930d92f5a7d02191f2bd408e1bc75c1c5022d52a9fdfac9fe8e970b62ecca4ad52b96f11ea569b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acfa1d982dd814a40be1c135e39f5411
SHA1 a477df2b3fe61c16d8c08ec2de2308a22ce2be00
SHA256 d7fc4e629c594774bdffb80b220adc203bdf21a17e299f37752801d354e78494
SHA512 35d2a70396b80fc28434f24ffee8e57dce2716b7dc1dba06a269629df29632af705280162444bf39460782cd974641181dfbcf05b01e9833e8a83d532c642289

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c310eff5969ff3cce1a49aa4240c735
SHA1 d3c27d5ed4def8cbb97108d5876fca2909f52fcc
SHA256 c86ada70ce7bf0da51530353df6675487a15e097e707df17e8d081d7cad17ac2
SHA512 ebf02526286f0c869962f8be6f571dde103641855f1b02d68d09a94649c32732b5fec7d2aeb9ccd9a6a99f2c530786c5010a874f9c08895b15201150592e7aae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83e6234bbfbbd981da6b1e5060b3f0f3
SHA1 c4c09a24fc36394a56841c83693d6e54660994a2
SHA256 6f8f3e17b68b877357452e053d04fa3054468d8b1e2622eac09b40bfa725df3a
SHA512 dd1de4aef8f8eed9fc0faef55fa5455900526adce6ac6e210124f3afec35569d7e2b2bef125d8b6914d4b6ea40c464745d61de1c814a6db677126900c95eee67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c3a3c0389c81a4158c363ea9a21087e
SHA1 13754012f16839624d4c8909a3c8aaa691062e2a
SHA256 067b7efa216b76c2344fb5837bc3dd8fb58ea90973271a407b26ebeb4ee501f8
SHA512 746953eed453721da7ca87e431428b080908c34f2771c0e2082cf8f9bc857bc443cfe57499325d611abcb9d509272207e0fdb6a683dc66cd535ec20693dac34f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ffd32d349a59790b75a22d4184fafd7
SHA1 79348e3be2d492ba1f527ab87f1ad6964bb6d594
SHA256 f8974a84dac67803897a30bfb6bc86725494b71c4267f8578f02c31729c5e112
SHA512 57320922e07f813960d70144be73f4e4f07bf490c597e1496d66813967a6c486f1f98adbff76864ed473c8800c90d68761cdd67c7a0553efbacfe3c66bf0e98f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf5e4573dca0a24bb655353dc98947a4
SHA1 b0cc8add1c0c76af0f975d0d437faff4675157d6
SHA256 681f7eb06ac03e0b5607711c36442e86ad523bd5afca3a1405634e6e461c6da7
SHA512 00791aab92238f2d995f7bc68f571a2ec618e42be618522b46f166414897f9f50e1daaf820e95bb4edffe0b2528cb62bd0943e03ac0a875a3ca66f9df4c97cbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53927657d08f1c00c1f67f02ed81f6c6
SHA1 d72ca5317a359b02e453fa54f5185bd842813f25
SHA256 77464c2d7862a70c6c67ccca6381e32a8e762550524e1b2d1674ada565df0784
SHA512 55b7a2dc37d6a4530b612064cb12023a0609fd8961d1db9497ba5a3764ae7d39f1954bd47073ba0a78c60e53cb2c62151700a7d2aa52c7201ae5b85f32ece28a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7afb40341cdfda456779d4cdd751440e
SHA1 2e52e310430010fa3e0d190f83228ff9ee0a7595
SHA256 4e7222469b1455af63c00709ab6fce2e083da005c89b264ada43aeb5547864c1
SHA512 5cf4d3c8f632c47a45de390ed0feff4e2ec1781b95d657e65bb939b979fcc778236c5a0f0ee9b087046d162b0c389501c5ba02e52be6b4edd1e698f3f827a9d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58df727f40f9b7f7163b22035f1eb9b7
SHA1 d75a25f0a102f12a0204f0121ab71db4977f2ff1
SHA256 cb283f1bf89b1ca7ca0761866c699f9ce4cc04059713a0aed796f91cc57ee8ac
SHA512 d4b0a781f4ffcc0f3928c9d2214fc1fa8a40584c5d826aaa260c83ab03b48c7f2a5aa7801f21c348d5b085440cd5aec00164201260b7b22f6fd073fb866d0c2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 344049b2a4f1d57ed9f2dd893b3cf96f
SHA1 2088a27e3e5d3995161cfce281b4d35fa7ac09f6
SHA256 349881aacee1fef23d0c09d9c8a99102c6028a8fb4e9a392cb38ba927dba1e72
SHA512 98ce1a83cd8a5b436a3acc7cd1c2b57023fd3267e0734540e7ea1a078d4693d8a566efbd174281d32cb322cb11802bff35c436acb29e18473341208e164232d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e50adaea29a0322d3dc9097c6a1e1e34
SHA1 e10e331dc858abff2cd7e430f58fd87551fc7001
SHA256 77dae510baf39b9471b90d8d602a28f6f8e48d358d1b8503ec13914ace8ca345
SHA512 33cba1af488c47e01821ad90e51a8a8bb521e94ef401706acb925f1c6237e73f96ec744e1c605702271ac1fe951262c6d9a2e557168c59c01a65b69192c277e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92293edd98160c03089d3dec660fc2aa
SHA1 6f02426b0bcfa92cdd088108a793c0ca08817fbc
SHA256 9a241ffef7b7205beefabaf3ae1bbfab71512a317b65b19c78c4e386072404a5
SHA512 b300e7f4ae37e4e1161b575f9c5aad26188586745393e49126de98469d5926f1c6bd375bfdcb0cb6d4fecbe8d6a78e525491edfa36fbe395549752846bdd0dac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 751efa1c3d792cc91b170ce67b1c42ca
SHA1 59d2bf37650d9c3c5244685aff139cec9b240db9
SHA256 6aa662df3afa2aee7f2384fb857e115899ea9805a30e93b1664417432e374c9d
SHA512 5b75051ec5df09940477dc7f1c19b910dbd2305e8324ae78abd298e8b9a0759ab9db0bb8334c7d2974e2c5ac0f0943b0b3ce80ae93a068ae827692a74eed050d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e175ce74d389ca1be5f5f9dfe86a2b3a
SHA1 38bc81bb45348042bcf111d57ab793ce00ff162c
SHA256 35f308270a225f52424c7706292c36d2eaa34ba43f1ed5efb16bf2d1a8c9bd77
SHA512 2c031b7f6ae4b7f10cd67fa707a197f6e62694514cf27707a187b4e5dc5e1c60766107e0f7283b1bcdbab71161dde8410e6b107176836b06b3f0f973a7ddbbdb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4abdb576699210a8a67a90ff5c3bd2b
SHA1 d265e8f8584e57b4124c3b421b8e8820dae23676
SHA256 24e47edd4cab60f8c76b1872fe3e25c85eb9aff8dea519d5828ec843f5e2bdfb
SHA512 9a1c0bbb6c690152660c3edb841a326694ef2acd72cf8025f491d5be91ae28dd7b1384b8709ef01adfd3bb720fa399d40a1fd2b3a47f2a855ba67f9bbab5bc00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee1d9d366df54de831df8609f7c7018d
SHA1 90af0d010c039035647c5dd72620e338b043d6b2
SHA256 1bc03c342b027e7563484982111243181a03a561cf249d1e92f168c6ef337383
SHA512 f415e166c6a90e62d66e9f44b8f5c466aee24d7fa3f0dc2f38b3e79eab646a8cb9180ef92341cad28c3681cd2f00f25e622a43fa5ead3ec854be5122da6851ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41cf853dc85ca446e982d4f1cacf907f
SHA1 977666b36ec8ede22b95b4016c484859e56a0060
SHA256 520102203269f8cc24ab50bb4081cc0591d47988adc00df0a07da0b161881e17
SHA512 cb31e87820de020b394ac03a900f49caf0e4c2fbec06fea8fbd1e55142bc6fb6346aaf8c438d12318325362079a6c4766068f52cdf8d5459cb0087b25c3dd20f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 9dc9e4342f0aad44c768e11fab816536
SHA1 4ecb038e0d9b3b8ad83c1e1fccce623d601dcbf9
SHA256 7822b1078fe7577a398db057bf60a1fda4470e869b54e3a5f9ed26ce4938e3fa
SHA512 49953c05bb797f7389c553ef07766086b1555b3fa8ff35b5ffa307c91d04563afe5db0b2a66a9f3cc56ef0efdc5c8b39615aa3060ab6c17899bdbae143f6013d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eab16ebf8daa52bfbdbcba8b87dda61c
SHA1 2945f86861b443dcb744408cb329ee3eeebbe8a4
SHA256 2a56823ac2a4eba347bad1ade6a7f3898d6c2376f5ddea3ba2f28b77c79762f5
SHA512 a3c1c39c8def39d010e87a1603ad139661ce1d6fc72d48b5fe8e1bec5f4ee1607285e557dfcbb87329282f4a0096c854e91aff0e797ca5684f0d11d79f8a5a62

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42bcd3b3b5c6e9897a120a4a2ef04ef2
SHA1 7b7adf02d6b294b016d3247204f82832401ae4ae
SHA256 4fd0099780773038f57443fe456ec776ce694fb7b78e87f4b23e7edb41888d8c
SHA512 eb3691c73f8a1ff2435beb6de67c3603caa2058123a0fe737b1c3d218b598a2d09003010dff53a46aa94a0486f499502cdc11e406c344b748b5434a6e367dc04

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad87ebc129fe16e91c671e874716fff9
SHA1 de1da8577d32522286d80b559cf3a8427abbf372
SHA256 044ff9fb8fb8d0eec2c237eb896155a6c0ecc84f428aadef7191b8123e2eee1e
SHA512 80f94f56ae449677ac92aadada4496f1bf2683515724ecd4d372a248698653733291e6c853eb5d4f4c7ea8b99fd3f97fa8d749f55e6c160f012fec2ef870e7fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e7bf3b714afa7ebd85e2a9fea61d49b
SHA1 fbe52e0e7b0093f9fe3702be0c63827d5d1cd1f7
SHA256 8f3ab85b1ed03969a710c91dbc8a9cd89cbdd2b8e65ccdb4f4dae24783d1e296
SHA512 0b6d54c1891c29b25740b1656dfb4c53eec5a4db296234706d8bbbeaf904c952a3b08aa16097f412b8ec3525f9e690e8e0818c69dbd425dbad96efb695e62673

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24526be9b2dab1bc8a386689d4f7fd44
SHA1 8edff7b81bd5d4e7d3c943806f62a7f354a66307
SHA256 b3b0b6c28e5966d6ad8b8aa914989237a4f3b5577f9ed7012776ed9861373937
SHA512 f0062f095365c99b642499128a6d8108993b02053175c3274a30eb3df5a3935f20bae4bd087f9e6e04fe2a73fb0cbea93309f6698a4d039f75282fe86f901e8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1dd2b63863d6c199ba874b175f048574
SHA1 679521b3eef17e0fd9cbb96da1a2e4e3b0d4c4ef
SHA256 1415ff72b316e31e0b46a04d5241e84b74afdf3f41c78685d0f500fa5a316b29
SHA512 17578506cecdbd785507260da6cee43ba0f8cdd57405d04f0d388c9d99010d2cd743e36dc4b30ba07a4177d0e0e45fb62a4f84bfdcd4166fba8bed81b4649d52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f04252906e8952ba83ddd9265cbaad1a
SHA1 2d9349f5eb8f33ab9e639b450d2281c3558c12ac
SHA256 93a53d470e04057a6da28d85e712a9f6fa6abf71ef805f1a36556808499e4abe
SHA512 7b1f0771e44c2805afc9813eca11b28009404248da8a7c360b82bac9c76f56ac1a0277be0c3b1a373ec74d1cdb8bb4b0c68ecaf9cff880ab15c1edafa55ed605

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 4f4d86ac78067c26a53a34b89d4ecf1b
SHA1 f69d5c61c52968d1304b1977a4d5513d6d705562
SHA256 5f926ebb704f0235628eab466386f8190e4855756895965add79319aa7460458
SHA512 331c4ead756a0f637fa7488f62845bee2b3af49f11781924fae8660246fe175ab8450cefc94c95a95969df857042c309baf2afc91f20ca8e02c2c77ba93e3fc7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab3556531d067dc98b78dcc85d963448
SHA1 a2a30522636a52a0e5457d462ad4070cfd39ea3d
SHA256 b8cf4b781f15a79316f2cd6bafd3f8392bc12de9cc36d96bce6ba2937281ccbe
SHA512 57bce6e49866c24ac25f026049d186c66dbbe8e07f7a295ea2a45cef5b5d4578391abd857b3e73d7f82001a4cc6f6e2203d2516326099a62508b6e9bd664bc12

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 07:44

Reported

2024-06-03 07:47

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\90fde6eb5e0f22bcfc5164077aafaf4d_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3440 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 4264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3440 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\90fde6eb5e0f22bcfc5164077aafaf4d_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba6a246f8,0x7ffba6a24708,0x7ffba6a24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,16503415813919691176,3286611003402315406,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3084 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 csc.beap.bc.yahoo.com udp
US 8.8.8.8:53 comet.yahoo.com udp
US 8.8.8.8:53 geo.query.yahoo.com udp
US 8.8.8.8:53 s.yimg.com udp
US 8.8.8.8:53 geo.yahoo.com udp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
US 8.8.8.8:53 consent.cmp.oath.com udp
US 8.8.8.8:53 search.yahoo.com udp
US 8.8.8.8:53 shim.btrll.com udp
US 8.8.8.8:53 video-api.yql.yahoo.com udp
US 8.8.8.8:53 y.analytics.yahoo.com udp
US 8.8.8.8:53 yrtas.btrll.com udp
US 152.195.53.200:443 consent.cmp.oath.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 12.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 200.53.195.152.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 answers.yahoo.com udp
US 8.8.8.8:53 finance.yahoo.com udp
US 8.8.8.8:53 groups.yahoo.com udp
US 8.8.8.8:53 login.yahoo.com udp
US 8.8.8.8:53 mail.yahoo.com udp
US 8.8.8.8:53 mobile.yahoo.com udp
US 8.8.8.8:53 shopping.yahoo.com udp
US 8.8.8.8:53 sports.yahoo.com udp
US 8.8.8.8:53 view.yahoo.com udp
US 8.8.8.8:53 www.tumblr.com udp
US 8.8.8.8:53 www.yahoo.com udp
US 8.8.8.8:53 beap.gemini.yahoo.com udp
US 8.8.8.8:53 baseball.fantasysports.yahoo.com udp
US 8.8.8.8:53 au.be.yahoo.com udp
US 8.8.8.8:53 help.yahoo.com udp
US 8.8.8.8:53 info.yahoo.com udp
US 8.8.8.8:53 overview.mail.yahoo.com udp
US 8.8.8.8:53 weather.yahoo.com udp
US 8.8.8.8:53 mbp.yimg.com udp
GB 87.248.114.11:443 mbp.yimg.com tcp
GB 87.248.114.11:443 mbp.yimg.com tcp
GB 87.248.114.11:443 mbp.yimg.com tcp
GB 87.248.114.11:443 mbp.yimg.com tcp
US 8.8.8.8:53 11.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_3440_TAKIHWRTCJUAQTRV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7bb57b67434dcdb2130d4850f113bb0e
SHA1 db3bf290c98f04d1c9ade4633689d49565f5a712
SHA256 d29d36f517614278f0786333971b0529726bad8941388b7e128e4c88335375c9
SHA512 f73283a7acb5a65f7fff79063b97e1d14b17766eef6845108a05e6a6817e19ddf39b562f58a4d77acfd4b50bed1f6ca88bfa0e3f7a23b4d4ab63153669a201fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ba82e1f768188bf2e6ab2fd6220b80da
SHA1 3afd7d1a77fa7c2f6a4d1f007b1a4236e75a503c
SHA256 2471a3c4069ce6527358a9a99f11e2a6e3704849d6daf9049fbaef4c56b0e2d1
SHA512 10c10e3042fc149cc75ab3bb228e1281ff719fdad6deb47dc1eee1d23608b57f464a44be3594ba8cfadbdfc0227d836941c22b7a6255d07ab24f36eb36160847

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8ed2d4f62b8294d61499bd26afc44016
SHA1 4f64cfc7e313422eecd2862244e31e65c60cdf33
SHA256 1235d5f7647918f6fb9e7f4ff42a3312508f5df5fbe4e845201162863c0c9e17
SHA512 b4578d24a1d323e094cba57f5611fa4d87c7a110c183d23a69f2de602ce2624d7c101399d50c7d6f0859290731e9dd3f36c3a7fca4bc58dd18567d81c70f1cad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1aac375b60827b9859d42965b9701704
SHA1 9147ba7c2472942aadc3808fa6e108fd02db0161
SHA256 4458d711bd3329b93eef1f32fd1d8dc86b204d0dc4d25e298c84a9d4029f4645
SHA512 f1252f9318554833230d72fea3a846693f025c5c75b4bca736f092c0106348c86f37c6bca3085fc8dcb4eaf74baeda59952e415f255820d70a8764030b2795d4