Malware Analysis Report

2025-04-14 00:21

Sample ID 240603-kptbtahd71
Target 912bd5f5b79659d598092e1177bf12d5_JaffaCakes118
SHA256 35608e80e2515a3711b024d4f1c0665a708df45b2da9e85cb9782a613b32f4e5
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

35608e80e2515a3711b024d4f1c0665a708df45b2da9e85cb9782a613b32f4e5

Threat Level: No (potentially) malicious behavior was detected

The file 912bd5f5b79659d598092e1177bf12d5_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 08:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 08:46

Reported

2024-06-03 08:49

Platform

win7-20240508-en

Max time kernel

146s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\912bd5f5b79659d598092e1177bf12d5_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000020721f13736439061f7e06beb4f40090c1731608ff3dd1ec431b725397117ed9000000000e8000000002000020000000c40ffe71676f1d532ad6c685e4e46fd8d064a8915607273f5266b4618c93f8ff900000005be19d0482f0880eb96b0c40f96dfabe198bc96106ed8f7918f3dbcc62459965bfabecf04a949b48be325a1a9d1758e52196bf9b745ca0011df4aead9ddb66e7bcd1f53d4c0324c4b0297d6dd4b2ccbc2c050d83b5ff675e52484fb3d610034bf12a0cbb38535a774c94b6187639cc956b680c5316bc8853ec76a7e32aab633867a8911db9bdc421a6496ae10afeb380400000007eb256375c988905e0683116f043e672c3037a895a152db15147b4cb837acdf4e4455e4087fc99aa53d95062d0a0067b0c71fd40b46d040af96d07917bd651ba C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566288" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000853e6dfe0eb4c247173c04e52f4bf29acb1149ffc6188298846be73e271ba9af000000000e8000000002000020000000e2c909859207904f4d14e7ac22745d2c03712eb87edeb5d21379ad4c789c75352000000057d16bbdd71e7d2c6b6ee5255222e0d8675521495e8f82f6f039a1121303f0454000000094e768d9426010902a785b9a908fb9a47dde7d34f90e5965a273ea84ee6a12fc485add8a289e48f8ba34aa04d85a06ad4df598b95e336765e8ddee51d1789585 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D833DFE1-2185-11EF-9449-6200E4292AD7} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10a946ae92b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\912bd5f5b79659d598092e1177bf12d5_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 flavoredwater.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 gdata.youtube.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.226:80 pagead2.googlesyndication.com tcp
GB 216.58.212.234:80 ajax.googleapis.com tcp
GB 142.250.187.226:80 pagead2.googlesyndication.com tcp
GB 216.58.212.234:80 ajax.googleapis.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.238:80 gdata.youtube.com tcp
GB 142.250.187.238:80 gdata.youtube.com tcp
GB 216.58.212.246:80 i.ytimg.com tcp
GB 216.58.212.246:80 i.ytimg.com tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 216.239.32.178:80 www.google-analytics.com tcp
US 216.239.32.178:80 www.google-analytics.com tcp
US 8.8.8.8:53 jaegerkorps-kapellen.de udp
DE 217.160.0.89:80 jaegerkorps-kapellen.de tcp
DE 217.160.0.89:80 jaegerkorps-kapellen.de tcp
US 8.8.8.8:53 www.jaegerkorps-kapellen.de udp
DE 217.160.0.238:443 www.jaegerkorps-kapellen.de tcp
DE 217.160.0.238:443 www.jaegerkorps-kapellen.de tcp
DE 217.160.0.238:443 www.jaegerkorps-kapellen.de tcp
US 8.8.8.8:53 administrator.gdansk.pl udp
PL 79.96.9.44:80 administrator.gdansk.pl tcp
PL 79.96.9.44:80 administrator.gdansk.pl tcp
US 8.8.8.8:53 www.adobe.com udp
BE 23.14.90.89:80 www.adobe.com tcp
BE 23.14.90.89:80 www.adobe.com tcp
GB 142.250.187.196:443 www.google.com tcp
BE 23.14.90.89:443 www.adobe.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\cforms[1].htm

MD5 e89f75f918dbdcee28604d4e09dd71d7
SHA1 f9d9055e9878723a12063b47d4a1a5f58c3eb1e9
SHA256 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023
SHA512 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

C:\Users\Admin\AppData\Local\Temp\Cab1E0E.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar1E30.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4cbef5e7fa4320e296c4a74331c3304
SHA1 03e6e2ccf68ff2a14e57e3bb0b06e25e75c7a982
SHA256 28a7de80918d674dfb2f570bf9c5873c92cb7c36209bba860d81f3ab7fe2b70d
SHA512 81a97727a93f7f5b96aefe6d66caeecf75af9da6ffc759bf9e4e4c8df8c9e0227c500d55fee87a2c347689c8662cbeab34ebbf44fc3911a8d8b728293bd40144

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1EC2.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6833296b0efe2a442054aec6ff593c26
SHA1 7bf4bc607c53962c4267a52fa7f5955536a87856
SHA256 dc8b206568334c493c6d5c78a058bd69f3637ed5dcdaf525f59e623d86ad377f
SHA512 0924cf2b2ee710ffa646f6e9b3062e738a0b9c8181d85dc0e0417fad5b0055772bf299f9dbc5f9dc027d84862f37e7b9bc34b1b5d3a279fc7640d820afd572a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ef1931beaa7b7f724bf6099a111e052
SHA1 c1b5d7b6fb8f27479369f0e756429a50df392330
SHA256 d4099a60688ac1a35563740ce589bb57f71a41ca7da84d77701a51d962a8c9c3
SHA512 b60c0727635439283fe5579e30c1ec3e612942f2799abfc98d4ce8a2108d1d828a59e70c8bdccfe14570ae2dcdb1dc022f4f526d52987bd7f8afd21bd5777941

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fc099d71b398fc406e7f2972ed577da
SHA1 a560808f2b1d9abd4daec3640836e47185b4b2d9
SHA256 71452884c27db811dcd09aaa5fc4fbcdf39cef561132a7af8a4df9b5c33afc46
SHA512 1a585b91dd40ba3362ee629651602d11815b86cb820e8332a2981cb3f53b853fb16902b0fd64e278bf86e7d7d31e6709b4d45b085d65040296e28260691fb528

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e62eb24719b8c9d0324b1fe313f7b521
SHA1 888726da934c85d626d649fca590972347586533
SHA256 694ef53f5f996edcda400dfdaa1f8c7754df16c337282d449e61b90abc44e310
SHA512 b0e2ea2c21a5ee511a1189be2798a20b5ab0cfe376dfe7bf942b9ee93f2eb828ada6ab6cb3d44c3716612f43982c870072650d8ec760181aeb9e71666b83b38d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2491ad94b2d4825e9abd34f477780bd2
SHA1 eeca7338d2f37ac72fa0254dadc6b3c78145ad76
SHA256 93688ada64242394226e8073d08165e426ecebc36e73e88169f059240cf70651
SHA512 13682133138975101f6c1a81e89236ebca42aaed6279c894b96a95cfd4a6baf633c990c5a94c484b0c9ad80e49f1686f7e04d20eb7383cb23283eda53f318703

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e27c970a9679dd0e4ebea490da03a17b
SHA1 2cb0f34b21953854778c228ecba631128e65d19c
SHA256 773e89f02e5ab41d7f8a4da3f23f87a978664cd41c366cd961c299a5d3a9d565
SHA512 af0d1b1c4bd8754f0ad9373c91fa440c3360a6dc89ad4aae981d55a3a7547b4a4b42e97fe4b666853ab26dc690455c4a485c26e86c017e1c9765d22ae34cb59e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\f[1].txt

MD5 5fc4ae3029201e9e9b9bed01652c89d9
SHA1 c1a6808a75f16a563e708a668975c30cb93c8d94
SHA256 7a6bd794bf00de33a7e2c86935108a8a822b57e8e3f50e6cd4c34439cb0fba14
SHA512 5a7ee5e70c2642acbce2287c36e6897b2215759a7c3f4adbdaf0c462d5c46484bc387e16da0278b425a9794dfe1e167fbddd2e69021a6cfb1d6ce0534fab0f7f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\scripts[1].htm

MD5 571043fb56b0a9466e714a5ee82c5edf
SHA1 f4a51fe2b6ea6d0231d68aa4b564987e9a9f4b15
SHA256 9f0caefd4f678b4db9f7839e587635e46d9fbfb16fdcdc8c51663cc35660e4c1
SHA512 0010c3d1825d1275916be120e964a881f1d11ab563e5d55bc83127424deddd99aedbcc2168b21641899c714ae9010c0a698091120c1022832798ba7848841175

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31e70730246fb43bddd30ca55a87c612
SHA1 46b11808e5bc117a86be114d46e1298966c8672c
SHA256 eff71437257de22d2847570ae2bf0d33ef00bb9136467012a68326dc0c2eae1d
SHA512 fe92412ba3487cbca526a5d46f19c617054c66ce5547b644ca5c372d479014ba01cad408347e5d15179f10b538e87f615d24bb2c551ea8114d68df2e707a459e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39d27f9ebb448c1a09137371ce6e305a
SHA1 a87a1f663e5ef396049faa16731f6eed91b5ce33
SHA256 9049c43741de103d4efdc514a552d660196000b8cf16feac0886b1b6dc5e8db4
SHA512 235f7bf289630fbfce66a3b1f95ebed182b199165dc2bc94ec0683af573842847293c30f4e7279d00cb42ea1863dec8f3267eb6a62f6f07a93ff6e2092233824

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3cdc97a691388f0e6d6177621605e28
SHA1 607a2f392322502e610734a7a3c8f4d12f831578
SHA256 275eb058859e530050ccd6ad0cdf11b27b7941d037f715e89fe68ad0ed98cfff
SHA512 acd83861266eec72fb3f24a0e3052ed00335038ba5785e5315a36588a8c6ddf9ebe11595445d9ed3f91f076a322150f6086b04a4bbd1d14d5f0b0d305fd36e13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0532418cba8ccb059221786e1a1c60b6
SHA1 b01bda515123b6cef21736b3fee67337eb2c7b1b
SHA256 2636ae416fa570d09c54ff5091e6aa3527a5b71e3d7273f968e078f63dbe9e0a
SHA512 940a619c84afe9f59c031062fa50c2778b76922724b16e7f2516f9d15849bc99e950346302062f61e4ae68689f23de97d2c520d13e383ad1289b27173121bd4b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ab1544d1e0bfaf468886aef3cc7336f
SHA1 50a2ed6a04097a01536c0ca2d5cfae076aae4f49
SHA256 204421c196c1bdbfbf9225e57a6b5175426ae204828ba601857d24063a384ecc
SHA512 2bbd29fb7428fc316d2491228673ca152414490212beca940a1df5cbad898167688fa7b313864d30e6015507533b13bda7cff17fa876a995e26a4d143bf2fc71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0bbf849f84aa196daffe0c8c1cf04eb
SHA1 0f6a27b5527c0c6de534aeb87e6875f76995f675
SHA256 e585003930aa708ab90b27b7a3ba097018612e73f31b87c45a5b54053ad7cfae
SHA512 0327c840c7e52162da653c277020d3e7773c1b44de88eefde2af03d20b05720ba5b04c0891539891eb11a4dc6d12135f011bb7b98df1f67e97a796fb6eb2b7e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 475156eb1604528aed0fdd98656ccb3d
SHA1 f42f48bb5f8488ddc0cdfcc87fcc2f014fe12b80
SHA256 4e63eea22176d7fbf8786eca83e200bec901aa3797feddcaa474695d5289b6f5
SHA512 c2372ae31c3296807aa44894652bcae9c811bc9b98019d2c9d14d8bf05b03b0892207fabe8d6e751557ea6e520a14816458180653ddce0c4ec7d6c054cdec7ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb8d1a5cc19e3dbc4532f38caaf51b0a
SHA1 5b153d5ff0a4933599c4d9f845cd24766132f741
SHA256 f9486823e7f7b890148e9192fe9dd715e62e3560201846332f119a47e6cce0d1
SHA512 b893a4da43c0c0e71cbe80e1d0ed35f11bb42e6828a51fe1de5560df5ffd75b67415046839fb7fa6f8091c2b5bee2c8566f10c126afd56ef6b0d03f58a4760bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb864102ddd356968df9cdbd782523ea
SHA1 cdc191c444c21098f47acd0731d6a76f3fa3b596
SHA256 9c6e2ea41927465fd0ec9db4f331da337c4800082d877b80584344631ce70578
SHA512 e6f3e92ec9b32885ff4102326324dc122d65df8228701731cfbfcb9a9731c659a8c78e0bb97106cc7022f30f404ccff2ebc4503b708039eb0a0b14291dd02c03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6845d44559830fcb4b7f01be326af73
SHA1 a73fac0cc8b93ec25781aecb5d7660bfd9190891
SHA256 e6e3d71ec504ec6388bff26c76dc4c15821600fedf6525320869bdec06dd801a
SHA512 21ceeed578ae747aebb949997b80e7db1c8540439afe21755815a88ff6cdd9f4b5703dfadf4944653b06fa9b26a0970750f4a1cd4953b8337a6bbcd1da7dfbab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b183c5ce1a3393221c7799861c1224c1
SHA1 44884a82fda71880d3c8513c58944aa40daede18
SHA256 d3428d4757f8b2a1c4312bc6b0d59ac31ff1a2d84e2bc99f098f3ba2dc98f4d3
SHA512 f7337c59efdea2eb5041023035105f8fb2d444dea5d013b89cc96ca014679fece850a6eced69b293d198c0c60462c35ca10ac51020370f51aac9cd73699f7a38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0d695d0e5f183c2f2ca3b14fbbf7d8d
SHA1 e5edbcb7268f226cbd6a1151e030fe8f712b4212
SHA256 d00619db17c720cb5aaafd7d869b11b8ce94a160fbc56d6d7b51bd99b980180f
SHA512 d97eaafd1ac4fbbfde481bc272b5283c0d6e54a6fa37bb4b5843ce375a0d189a8b0c26fd96f325c491fd5be3a9b7f89134ee64271cee403b6a7bbb5195145571

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fdc5dc9dba22ef5235c621f133486eb
SHA1 55293ae1e439a372ae3c06ad95127974cf9abfdc
SHA256 8cd09ea93c44c6d18006be31dded1bd7a8963011a01dcdc29ed5018e656dc6f0
SHA512 5a6418c51425304e1a1bfe5c272add659b893cef569ffc16c7df87db516202af35372d8eb6a5641dc50f490ef696c1a32f5197bcedde9a31926c578ad4373e1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc17ca1d4a8c27560963e874fb1ecf68
SHA1 3e411a4fd5a6ae683fc936c3e7ab608a344de472
SHA256 f1a3d49342bf1685a3a3a01e1c668b63f347aa28ef7dfe7437eea229695ee228
SHA512 b736bd7fe892dff9810863f577a3546129fe5d2de920427952e12d3db3d59b08adcada7845e07df485dd8e4e27dd389c4c116cbe45ce0e27b914734e48e188ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55fee4fdce3e46aaaa0d92e37f539b37
SHA1 86e6e1569bb41247f285024dee862b5874a1450d
SHA256 f36728434d33f70d1f6b76c8cb1bc2bf8620000961dd5e63adf035944e9d4daf
SHA512 ee30a7d7f42350c430c0706173e56a879fc343d80379cc31f1923bfa4b0ca2497d13ce9ed6076bfa0efea57103f8a635708185a8917d10aea64d1a6d80a552a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 568d0ee626268a73c8edde1d1702bc74
SHA1 7035694cd88fd3c85abded2929d26ebe94b41bd4
SHA256 a7d83c365d56c5f86ade78c9da3d09ffa7bd9f02b9940bc25bad9243c83b3ded
SHA512 fd02fa007cc11beb83632f1a8ba845e7cf8b59be08f6af51b92b596ce61223642acf53ce781ef1a9352efd3f718385ede36c9f839d1b5be9e541d194c32ce8c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1db025be8d4880cf0215dbbbd24e53db
SHA1 df6920407586cba7d77648fba239d76336470ebd
SHA256 07d3f3480f4675278b36bd75e690adaa2ec577cfe49f46eb6b538087d544c026
SHA512 41de84442450f53e7f33332769af6a9760ad242c1ccbfcea8e762217b96587f34ce2092429124784cc33721dd30ff2cc157f777fe5906a3351df0dbe652f27b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5f1cc6e0d297673deb0ca3a086e8fb0
SHA1 1a3fe33d3d29d1f9f5188a9935a4cca6253632ef
SHA256 8e2039636694895898f89aa3e692a93d2c9db55d05884be0aac8247e326c0ae1
SHA512 6091e2f61620b612d47bad74a857c3ac68de7d014391f99e7fc6b4fb051e999aef75cd951350e135022ec98d594697c092e4037e2308cadd0df51cf73412fea3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33d44b20f9fddfeb349a9f4c751d34c3
SHA1 093d5ba3e20f26064c25ebfc87d2842b241d3b9a
SHA256 36be8066db5b92de9c969d74bc42d971141ba4a7ff6d5a0e3fca5e28482f02eb
SHA512 a7487ba609c51d817ee2de7df41e9be07362cb61732bf3b0895681eb0a72f594e1d544693d71c7b53d40d3eeeb9a1519100ba47f71c0576e55b49a823275fb27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 122b4442731dbcb25523ddab23ad1190
SHA1 818075014ddaaa55c667139bffed9f1c22799628
SHA256 448e62131dff8d333d3c23f3bb0bcd31011d63b585817b06ba7575ca741ae12f
SHA512 7227589c289d778d4dce0ed05bdbe92286a3bb92342a5295918207cc1b5799432b4cdf3bc69e1c52a8bfa209dbb0fd27dc83efee0f0c9213c7522c824825fd99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c08c1c80496c81c287e71bd1312b4af
SHA1 d64ab6775c86c75b1f11db9876c722dad9052c08
SHA256 71133001b90035a3692d8b3fcb4f4f461d6b36e1d215dde0556c5c72ac77a400
SHA512 8bc4dc0fc1e73c283ef78d14f07528cc06afa5c7f835a45de83fe7026c6532f8409dc1f11e6db1422e81512ed1cc3a158c3ee1d1371335cf053465d7c4b73aab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76defe286fc12a14da28574e3a39931d
SHA1 c4a5f5278360bd9af3745c36791f73525c165860
SHA256 1330e6162edb246175e1b34e0784f02dd7702ae3854ec123bc48ebac15820259
SHA512 97a4622928f3bbc5a836ca346d71dbdb38dbca2201560881d390d229b4699c9339d70a3ee5614801a713f37e05bb8f6d34163d17f93b07b9ac7bb27a65a7bbf7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e90d500ef642121c5e7b0aa9c5e6a9ba
SHA1 5387f3657032e69c64cfacfb9853a0b4b0259f94
SHA256 0c490c1355bcf1b18ff955a19af7ccde4a900dbd25d599cfd4212a4ea7388267
SHA512 532889b3ad2a68a689cdcd7c01d03cb29a3f1990668c6863150b492ce4978b1f95451e231b015d013cd3fd1824f5a23a8c3515e67bb87e6fca3c30eb78d262ff

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 08:46

Reported

2024-06-03 08:49

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\912bd5f5b79659d598092e1177bf12d5_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1336 wrote to memory of 4020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1336 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\912bd5f5b79659d598092e1177bf12d5_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8b8946f8,0x7ffc8b894708,0x7ffc8b894718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,7770598291459732669,17748970267673205464,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,7770598291459732669,17748970267673205464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,7770598291459732669,17748970267673205464,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7770598291459732669,17748970267673205464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7770598291459732669,17748970267673205464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7770598291459732669,17748970267673205464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7770598291459732669,17748970267673205464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7770598291459732669,17748970267673205464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,7770598291459732669,17748970267673205464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,7770598291459732669,17748970267673205464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7770598291459732669,17748970267673205464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7770598291459732669,17748970267673205464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7770598291459732669,17748970267673205464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7770598291459732669,17748970267673205464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,7770598291459732669,17748970267673205464,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 flavoredwater.net udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.202:80 ajax.googleapis.com tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 3.33.130.190:80 flavoredwater.net tcp
US 3.33.130.190:80 flavoredwater.net tcp
GB 142.250.180.2:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:80 i.ytimg.com tcp
US 8.8.8.8:53 gdata.youtube.com udp
US 8.8.8.8:53 www.adobe.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 190.130.33.3.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
BE 23.14.90.89:80 www.adobe.com tcp
GB 142.250.187.238:80 gdata.youtube.com tcp
GB 142.250.187.238:80 gdata.youtube.com tcp
US 3.33.130.190:80 flavoredwater.net tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
BE 23.14.90.89:443 www.adobe.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 89.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 52.111.229.48:443 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b2a1398f937474c51a48b347387ee36a
SHA1 922a8567f09e68a04233e84e5919043034635949
SHA256 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA512 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

\??\pipe\LOCAL\crashpad_1336_CZXGLZTGCVUZAKHE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1ac52e2503cc26baee4322f02f5b8d9c
SHA1 38e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256 f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA512 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d9c4f1a9724bfa885f49c94e6ed492e2
SHA1 b06447fbc7ada5e762496b2b319aefe26af2990f
SHA256 d9a73f23e3bc30495abb142cecbc417919e9f6507190e1dabecbf7c8a3a77b52
SHA512 4b665c84cc2b2cb224b00e36c86338051b655914454f2341876632948fadb9150ec75982b012c09f60dff518ff0fb8921ead0bcbf1799042b491b8c9a3d10e8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 859ab4a4c240f121c2dd34cff47318d0
SHA1 6a454ebb2f811787c1b9f0b4d7ccb9a9f2c577ff
SHA256 63c22f8ae2b223ad487053d30b7fef1a1a34e82d2d15b4f1ecde2bea76b4762b
SHA512 194a0a575f9e2ddf9e60d7cb2d0d376a02ac4ba8c83eafbfde2ade68e1b7ac603ef365920aab46ad966d899dc12f201421540d5f945d12274edb65ab8979d0f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e7368d27408ce1839fde8e0a91fc7538
SHA1 51fa42bea73ad72d6f4704a2e6884e08cb236042
SHA256 8431b7c42a13f499d8a8d920eba44f2df73c7c635ccade17c9c8dddd575d880d
SHA512 fa9dbfe407e3aadcce7d990a025aff84b6d37f47f284a3583c7f5462c46016efa6cc8dd5e3210d2fad6d39dcefdac49119486db698c3a9e52d09b6f720bc22f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 96c0210999c8f3fd38895ac77c1b98ba
SHA1 6be3314f34e9a55adf1fa61c4c7a4401081ee313
SHA256 4c5431bd33a507022eede4238584c9a0c3b0ee65451d3303909a55ded7c0f7bf
SHA512 7d43187cf78c660f06d804a9a03456cf3a7464de98cfe307458bead6b7e29e295235da19278b85f80285607083476353b6fba9fc6670f4d57c4293b3230dc8d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1032e880241ac6292a7d5e2aad49355b
SHA1 0c05f34ce711ea62fc286bfacaed2207cb6089ae
SHA256 179399a13cfc5cc818cad13bf0c065b186d7039c90e1e55dd304c9437013091f
SHA512 bd6f1efa37736ebbcc001c0e17d833d55c6cf5238cd05f0dbb5fffe6e37e8d13aa697ee4b607fa83631170c54300d13f1208b980c8992fe7501d191f8de9dcef