Malware Analysis Report

2025-01-17 22:38

Sample ID 240603-pw3w2sgb36
Target 91d29814849b3b5249cb801fba2a14ef_JaffaCakes118
SHA256 6efce324f30675d6266bd8b854e5bf258e61c2337dba010d4c95573db7440055
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

6efce324f30675d6266bd8b854e5bf258e61c2337dba010d4c95573db7440055

Threat Level: No (potentially) malicious behavior was detected

The file 91d29814849b3b5249cb801fba2a14ef_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 12:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 12:41

Reported

2024-06-03 12:44

Platform

win7-20231129-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91d29814849b3b5249cb801fba2a14ef_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423580367" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9F4EDC41-21A6-11EF-8857-46361BFF2467} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91d29814849b3b5249cb801fba2a14ef_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2896 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.advpoints.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 ads.clicksor.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.mynewcounter.com udp
US 8.8.8.8:53 www.feedage.com udp
US 8.8.8.8:53 www.zimbio.com udp
US 8.8.8.8:53 i155.photobucket.com udp
US 8.8.8.8:53 www.feedage.net udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 raezen.fileave.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 64.34.199.37:80 www.feedage.net tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.10:80 ajax.googleapis.com tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 64.34.199.37:80 www.feedage.net tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 64.34.199.37:80 www.feedage.net tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.178.10:80 ajax.googleapis.com tcp
US 64.34.199.37:80 www.feedage.net tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 3.162.20.109:80 i155.photobucket.com tcp
GB 3.162.20.109:80 i155.photobucket.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 52.6.88.216:80 www.feedage.com tcp
US 52.6.88.216:80 www.feedage.com tcp
US 13.248.169.48:80 raezen.fileave.com tcp
US 13.248.169.48:80 raezen.fileave.com tcp
US 172.67.173.119:80 www.mynewcounter.com tcp
US 172.67.173.119:80 www.mynewcounter.com tcp
DE 91.195.240.68:80 www.advpoints.com tcp
DE 91.195.240.68:80 www.advpoints.com tcp
US 172.67.8.141:80 widgets.amung.us tcp
US 172.67.8.141:80 widgets.amung.us tcp
GB 3.162.20.109:443 i155.photobucket.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 8.8.8.8:53 www.777seo.com udp
US 103.224.182.251:80 www.777seo.com tcp
US 103.224.182.251:80 www.777seo.com tcp
US 8.8.8.8:53 www.zimbio.com udp
US 52.6.88.216:80 www.feedage.com tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 52.6.88.216:80 www.feedage.com tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

MD5 3e455215095192e1b75d379fb187298a
SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256 ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA512 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d299dc69194c288cd788d37831e6c88
SHA1 37e5f7b8a636025673341456e5302a7579e46ee9
SHA256 67537393132254b73105bc94492261a636c02d544c8428eaa1db987b43b406a9
SHA512 582c02f5bbda1cf9b344de361224eed9111ae1c6afb2e0b5ad31dbe5f4451975d73233fadac4a5596d31967f8d424ee339b69133e7d6173a57478adfde68b06d

C:\Users\Admin\AppData\Local\Temp\TarDF8.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 d1ac776f1abd209e6aeefd6cad857d8b
SHA1 971de5213e4d20a33f225f883f015a3e245ab1e4
SHA256 e608afe9a6bc58545f3a2981b356b1c8ae5a1a4f1559d2b0c9d020daae112136
SHA512 557abe22edb77ea0aaee0e5df0857f8415eb68e97d27751be7e09751a810d692ccc47b00faf91cc83de1da20c1b3d09df9264d854866513be7a0f883cc27484f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 d0eccf0e9ec26cdaafd0a661bdc1ac8d
SHA1 58d23a4504cfcb461f2bafed4629e0d1d2c0a035
SHA256 096b5b4d0fbcbbd1b5053863e6d5ecb241749b174459dec9e5fbcd43b6e0b238
SHA512 c5e9c0ca38aff08676f909b7e4573a0ed7c951c4120a3ee0fd9ded919615f865dc74c986f3804a45be0aed9953868c384b598dfaec7b30dc4880d3d39889de2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 13ed5e0369cedc64c8437eb9a493a981
SHA1 880053c91809fef7b2a3d688143f554d5a05c0bd
SHA256 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454
SHA512 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 7d900e751e31ff19c5563ff661b9cfd3
SHA1 f56ed406424c308df102780733fe0a6fa4985af5
SHA256 01db741086c75205a49e370a242f853fdfad06178980eeb3cc701c72a73b03ef
SHA512 42117f0d95b866ad3c4a172f9274432f848704fff5ef4cafa18571ba770a4aa05b70e2e00d254088e59c24c60f7bb988bed3008070ba472da630541b578e51ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 902c32b206626c82d0374bd649720886
SHA1 31de7ef46f8582d7ef05dc0359dada044b67d0de
SHA256 14b374c14793b56c905cda4100cfef7834ae90c79898cbe42fb3db95532f9d2c
SHA512 7db867102a88fc5ed56781d866d4ade0b03fc57122dc199ae46af8886c35f218dd085285cf3bac987f852e3bd2c2a566c234d488808c8367c9604c52c0e11ff8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c7c67a7fbedcd28da8e88726004cc94
SHA1 66c0382bb818d794989c95c485054e973df9dc55
SHA256 f8f9a8abb11468da1406fe438b9410e686bab04e8592f8ed4821639bd21291dc
SHA512 4354ec5a07de627f8cdda615a5b26002361f91bcf40af1cd0a563eacbf99731e9ea61bed74b4772230a305343cd73e0d5c750fb7691779e769ce47b38fdb9286

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1

MD5 41b9b2982d7d661f164f84fbbdb7b17a
SHA1 09ece737864e2aa194f49193c9cd35b1bd49ec51
SHA256 35abd7b145accf17f2960961ed1dcf6a57910b3f3cd4e36dbc746faf5d35726b
SHA512 26812efff27fbae7780ba28d6d08785990355b7d204efe6681a74659ef8e002ca3e238aa6e6e41ce4790a88302c7aef4e81150130b7154203b7590c2fe03b059

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca5841f2fe3d16cc3e46e40fc14b6de9
SHA1 864eb1ec6fa2c6268e535982fef86af03c19f0cc
SHA256 2cc9a919442fce1b4982b4790074f790b917420cc6d34b80dfdb029f68341a72
SHA512 03ee4654b5e4017b73707aadc088ca752202c5b932bbc5c016994e2663240178262ef5213f761bdd7ca8504139493a86b1a79b44db7c05636b51d59950dea033

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1

MD5 3cbd995f8bc61a3669d6dccec2391d8a
SHA1 39e5903bb99f1d045f6b0c2429b43ea8e2d551da
SHA256 d302d7266945490d5d06e91e1c2557830688004c572f39343357dfd57ada50e5
SHA512 6335e0e9db04d46564a47818a02c3ed714ee705dbc70ecadf252f2813ef62ed14bf739ea545d69e3214d21600a2d9257013545ab3bd7eeba17fe1fb07b2a22ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 bf54565e6fe43dc8c984d71414e38da6
SHA1 8da44807fd62dc0f4c931a7e419b4932b3230a41
SHA256 3a703cf6187895dfce88ae094db6e3bb823597cd1785cac2f84298b3ce347865
SHA512 89658d82fb7ec148efdfe6ac332ff765398b34704a952af23969628818913d1f1e5e8e7fc38ee5968ee9f083597947403f57c266a1bc8db47aa6e2cc5cb80cf7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCUGVL10\platform_gapi.iframes.style.common[1].js

MD5 682c26af19b240f98d2cb951721fa54d
SHA1 18e58b652c7f82a55ab4b1910693686049e25d62
SHA256 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980
SHA512 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RASQO8RW\cb=gapi[1].js

MD5 f9255a0dec7524a9a3e867a9f878a68b
SHA1 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b
SHA256 d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d
SHA512 d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50375a4db6b3764e66783701c99c3d70
SHA1 f304ddfa6bc38dd07cfd016dd57c262f0840cf35
SHA256 ebbce44e66bf8963f7ec9d8632ffe025af1c2edf20d68715a9a8d00d68cd7241
SHA512 f4924a1c8c1b181fc0ec54fbfde11e4cdadb3978a1d6bf4bb08506d92507e46ff15ffe6a3ff675f4c343bff094bfa54db6cb58d06e21fb76f628af1b06408d22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 198e5c15e73ed62e00572bd8d22753e1
SHA1 a7b21cab172d6fdeccc8bfa9eeb0bb519a90ff16
SHA256 1d63ff7422b05305d24b240de5e1ac1f8e543929b7b5dc07f5fa2f1a6c17a4d8
SHA512 f759957744879d74611a5366ca7220c38d6b6e52c586d46b00ad77dbcfbe959ed5d4ff188991062e9a1db61274637ee8705cba99960ab23eaf2064e84a0e99a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1fd32a5b3bd7f55386e2734d7c611ded
SHA1 dda9ba88a88dd430d022888124ed98b10b143bc7
SHA256 ab04857fe0077c84b91d0981ae8f1303ebd59fc46284f2c38241a7ac8f2fd026
SHA512 1258f20b939709bf5062090743f2842b9eb739b7f097eefe0d160e2543c665bc828fc36ab9f2aa60a865405a525ba4fc229e996beaa605c321b16772747be0e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 3e4d62e6efb1aee77069b018a6dc09be
SHA1 83916032ed22baecaa1b4d2e3f2a6afd15c17499
SHA256 9fcc0dd8a62400f89e90d1cfc379f153dedd8af16ed69e07ba01b4209dabe66f
SHA512 ac187dd02be10387092d95a9574ae92597dcc94ac5ed977740aa3e1be5342cf781a240fb1ba95b993a91d8cdb8b5f256c21d0d6b6866a7c33a4a4efa0e7589cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cd1da7f356f68857eeb2879238906fb
SHA1 7b0d0788109e906b4b012a91368542c168c09f63
SHA256 79d6907dc5e39512c9560dddb9b73c925eb7c5791d558eee6a55ff5119056181
SHA512 6c023784bbc760359b12fb3887ae9304b6b31677b8f4ef70c7559f2fe036d35cd65054f88da9659afdfe4c3a22f7136ab15df60f7ee6cb9dbad9f458a660bca6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a9c8451c755830627d1d0026ae2146a
SHA1 c13ee60491886b4f3243cda67ace26aef7848144
SHA256 a398787c9bb20e1b10efb11a8c19d7a23ca4cc8176b2482db5890d12d66fbba6
SHA512 f5d44267a36152a625b8eeb17649f45b98d1ac0ae15b9594bb12f3f73511b5f0365ff2283d78b6aefa6f2ca2ff83b796228c635d90d6325c333fe840a7eb7d44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c853f8cfb2b0013261e82e3a0c5f810
SHA1 72a1001958d78fc8eddc4f68a48e68c8056d5a92
SHA256 72fbafdb5d1272af31ea6e8bef419473b5d7ec75925d338c2bbe9d0fd866b3ad
SHA512 0617daff2ca225097c5f9d54184b9e8f1f45329ee375f7a24847a8b8b9a828092a16e9b01fbb9aca7270b33f5db382e7688f4198a9db17b7212f9df422c9cecb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea1c13e89b6a1fa2654a20bbdc0e558a
SHA1 3e9c7ad2f5ad17d12cb5eb188f1139e435e053c5
SHA256 89068c78ab8bb17897d1c2a370f60175272715893a5b68918fca8a7091d6f896
SHA512 821b9636bf8e33e993b558d640bdbe06f611e584c9b31be840965442a8680838bca38c23259ee42a2260ff46956e85a16c1195cae1d0e2669ff745452371daa9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2a2ed77bf0eb1b8297e4d4832f32dc5
SHA1 bcf352c9e7001066f3d28bff4607a2d0df8bad08
SHA256 8ededfb9e1d4e73f6743fdfc1319ceef2b65d887a11a4b3ef6209689801f7744
SHA512 31f5151860d1e68ab927926170214c69c4e9b474adc1a5be2c4e825018cadd5a0ca91bf6c75e8e917aada508c73b91c0dc8a4fc52e9fb0735946e776f4e928a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8473851876819acd72b4aaa9f79a9880
SHA1 d9bcdcecaa331ef8113bb02f370d3df3deee0945
SHA256 bbb298b130fc73be2d06c0b5b36b73898886a6b6690bcee378512f2e6d6ed0cb
SHA512 ea7c2a7326fdc61ccbd6c50bb42d9ad72927a5237f00b368b64a56ef54870f14b600f673eb56da916495691063830b60415fadbfc7d07ba9f519a348640dc0ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 478df48b58d71ff827ced416d39e6aa3
SHA1 4794d8d572220722b63aff9a0de5ed397a25a2ce
SHA256 36605aebce423e29d1d5f8fc1b6d8046b05ebb5edcc76f230a21b5c4ef1a451d
SHA512 22d70977251b173747c4d15e218d0a0e0408aba9906ff95ced278c35310b70148b0100486bfadbc58b1fe7491f09bb74909633941a7c9252c602cb145fdebf99

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 12:41

Reported

2024-06-03 12:44

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

139s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91d29814849b3b5249cb801fba2a14ef_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 760 wrote to memory of 3244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 3244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 760 wrote to memory of 684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91d29814849b3b5249cb801fba2a14ef_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5a4f46f8,0x7fff5a4f4708,0x7fff5a4f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3032 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3032 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5904 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.advpoints.com udp
US 8.8.8.8:53 ads.clicksor.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.200.14:443 apis.google.com tcp
DE 91.195.240.68:80 www.advpoints.com tcp
DE 91.195.240.68:80 www.advpoints.com tcp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 www.777seo.com udp
GB 142.250.178.9:443 resources.blogblog.com udp
GB 142.250.178.2:445 pagead2.googlesyndication.com tcp
US 103.224.182.251:80 www.777seo.com tcp
US 103.224.182.251:80 www.777seo.com tcp
US 8.8.8.8:53 www.mynewcounter.com udp
US 172.67.173.119:80 www.mynewcounter.com tcp
US 8.8.8.8:53 www.zimbio.com udp
US 8.8.8.8:53 i155.photobucket.com udp
US 8.8.8.8:53 www.feedage.com udp
US 8.8.8.8:53 www.feedage.net udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 68.240.195.91.in-addr.arpa udp
US 8.8.8.8:53 251.182.224.103.in-addr.arpa udp
GB 142.250.178.10:80 ajax.googleapis.com tcp
GB 3.162.20.24:80 i155.photobucket.com tcp
US 8.8.8.8:53 raezen.fileave.com udp
US 52.6.88.216:80 www.feedage.com tcp
US 52.6.88.216:80 www.feedage.com tcp
US 64.34.199.37:80 www.feedage.net tcp
US 8.8.8.8:53 widgets.amung.us udp
US 13.248.169.48:80 raezen.fileave.com tcp
GB 3.162.20.24:443 i155.photobucket.com tcp
US 104.22.75.171:80 widgets.amung.us tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 52.6.88.216:80 www.feedage.com tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
US 103.224.182.251:80 www.777seo.com tcp
US 64.34.199.37:80 www.feedage.net tcp
US 103.224.182.251:80 www.777seo.com tcp
US 8.8.8.8:53 t.dtscout.com udp
DE 141.101.120.10:443 t.dtscout.com tcp
GB 142.250.179.226:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 119.173.67.172.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 24.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 171.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 115.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 ww38.777seo.com udp
US 75.2.11.242:80 ww38.777seo.com tcp
US 8.8.8.8:53 c.parkingcrew.net udp
DE 185.53.178.30:80 c.parkingcrew.net tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 www.above.com udp
US 8.8.8.8:53 d38psrni17bvxu.cloudfront.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 18.165.158.46:80 d38psrni17bvxu.cloudfront.net tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
NL 23.62.61.160:443 www.bing.com tcp
US 8.8.8.8:53 242.11.2.75.in-addr.arpa udp
US 8.8.8.8:53 30.178.53.185.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 46.158.165.18.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 160.61.62.23.in-addr.arpa udp
NL 23.62.61.160:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.74.171:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 64.34.199.37:80 www.feedage.net tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 paintingartgraffiti.blogspot.com udp
GB 142.250.178.9:443 www.blogger.com udp
GB 142.250.200.1:80 paintingartgraffiti.blogspot.com tcp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_760_HDOZNYFOGIBAXENQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 82d77cda94daf1615b63ff3c496407c1
SHA1 145432a9d0328a7ceaea052ebca8972d2996bd79
SHA256 35f3b80ad2ea5c6788081b564274d6e4c12529a913bec61e7b1ea77b7dac1d6e
SHA512 5a8f4edd07eb0e0adb8d35b8e629af70290ebc6c3fa13180711492d06e8c23dbfc8b58d84af9c97457b2f101edfaecd9aa7e2e29cd7ebd790a78bb3adc2e3cd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e958ec4bb22ca9b70b2f9a8e15486a62
SHA1 c577b24c99b8cc8f72e859905388488b90957696
SHA256 72162bf2965dbdc36cbdbb43fe63fc3ed266d9bef80accd0d4858bf57180a1cc
SHA512 403e72796296d1738ee5002ef0b4339d1bc89fa74bdac3b4971d31e6d47260d3a09988a7d864f218961b091fda6c9b3ec94edcd7b6b0dd97e0d97b29c4a59027

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9390edb6-30ad-41d5-ad8f-d33a05a7ce47.tmp

MD5 94fb430ee22834b52bf264766d56ee42
SHA1 a747acb4ea777de776e802f818e2cd4bfb90811b
SHA256 d4ec655e3d1bea13e0bda97db1e38b24167dbc24f94edec94ee49107d5cd0f3c
SHA512 1eda30a9c14b601f83b7e0950c3a80f280a3097da2cb736897240a1e24390fcc295021444c2b9603ddda0e7c38c87acd4f9b68b4962854442116d835af6b7b26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8af3882e17b1f6beb72fae429aac83e7
SHA1 ee5b74cf178e60ec40a07aa0022e2d2a65fb6502
SHA256 db278ec8e9354871d31060e902b5578be793b6575164a1cbf82d77c257ccf95a
SHA512 e90678f5fd82c84d7d0eb82c8c4077d60c4264b30b44080941360d93e15949ab300db49fb804198c7cd3605d4c655995c6d559403c86539597db73c57faf900b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9b8e89b0eb11e8f5e7dc3a0530c43298
SHA1 45f7ab86c57ffb6c9ed32869d05aec6387a8fa1d
SHA256 d55aad1fcca2a9725fb3d0ab362fa2698e032bb050aecb933c04ba2cef7c761b
SHA512 927122f4e370a49924feb6d2808a079074c977f13a2bcf881e52e1a1c9f74af9a32a17d980965686a6b6a209ad86be5f40a3d88039173c2c3339882fc523273c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 af7eb63c71072f1baceb871cdbbbc390
SHA1 934b05a0a3a411329faa6907e6d7f3c290c3d6c9
SHA256 bcda8c41ee404eac73eb8daad8187dfab92b26bfcc3587f138761175df6ac48d
SHA512 81d43a31645723c78ac5a6957d49f771a0130bfdc34d3049b1fa53513d7e44f80e5e32ad0b9cc903153192aca6cd0f331bd1f3ec520a71a18f5a0338e86c1bb2