Malware Analysis Report

2025-01-17 22:14

Sample ID 240603-qn18xshc57
Target 91f1907110678d70aeb03d53e54989f6_JaffaCakes118
SHA256 3afdef34a130f995e641d4eb9866841b5c4fe3c8f3e3c4c6e18b228ae29e025f
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

3afdef34a130f995e641d4eb9866841b5c4fe3c8f3e3c4c6e18b228ae29e025f

Threat Level: No (potentially) malicious behavior was detected

The file 91f1907110678d70aeb03d53e54989f6_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:25

Reported

2024-06-03 13:27

Platform

win7-20240221-en

Max time kernel

138s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f1907110678d70aeb03d53e54989f6_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005b2cffaba7c78440b5d890c050926af7000000000200000000001066000000010000200000008dc11a35ba30dbaa4525148d82d9ea4d272b1af774ad2a39ad300d3bed3067f5000000000e8000000002000020000000caba15f8a16b60b373282172fadef9879b58548ddb60c7cc84b715fbe231564990000000349003da4fd74b7af163fadb05dd6ac56c0492ae11876eed79a53b77053bc4209ea53062b8049f8bfc202435e386fa4d8078055f4e47521888e0c0a7124de591f3456194f21491a4e8c884db5206782249159083dd7d81a9cba7ee248313de0df159e6cc3aea2bbb4428e53cd74702636de99787046afcbd7c29924a349ca774bf66d38a755ca126dd8c2b619e8043f24000000050725d63d55a23b26db14fcb528d44ef74503bb6d40d71b35c62701282409c0fa3c06791d8982b7b96482dfc4282eb13dacb7549b1527d574c762abf95b4ff2f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005b2cffaba7c78440b5d890c050926af7000000000200000000001066000000010000200000008ae37dcdf95f08d113e1d51527f5c461ead74812c5a7955de24a7f29088abe3b000000000e8000000002000020000000c56858280eb1d78aadbdce3f8cb818044622141e5d5e16957d1d08bbcf6ceaf720000000e0da98ad4cae161e16c32081e28689174f090a25b6e95904332149f3f7b7775b400000007750f5a8f960224262a1e334ad2544ff6380aca0f62de08c2a34810d12637e1c0e8acdbc83eb856cc35f803b8e61eed1b75d90feb9982ca425023a3685f9c418 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c00a578db9b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582984" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B738E751-21AC-11EF-A965-CAFA5A0A62FD} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f1907110678d70aeb03d53e54989f6_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 216.58.201.106:80 ajax.googleapis.com tcp
GB 216.58.201.106:80 ajax.googleapis.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 ads.clicksor.com udp
US 8.8.8.8:53 adserver.juicyads.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
NL 185.94.237.74:80 adserver.juicyads.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
NL 185.94.237.74:80 adserver.juicyads.com tcp
NL 185.94.237.74:80 adserver.juicyads.com tcp
GB 216.58.201.106:443 ajax.googleapis.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b656ebf079aa4d5b6581b64540d0172b
SHA1 f1694bfc42950bdb6d9ed23fb0d5247c28e17baf
SHA256 c9643e6a2e25b373e1a8b201029f8b0b80fb991857aa48f05742f6c2da792335
SHA512 5871b9c7c73aa48a72d42effb9871ddfbcd1454f22e7e6e80b5cf2d8e79388716e7c622e778feeb0bf51ba62b83bcac1f1c89db1bb125bd372b857139740c982

C:\Users\Admin\AppData\Local\Temp\Cab390C.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar391D.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar39EF.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ffe162cb6c6300e856ba804b480179d1
SHA1 3239b40c8909e763f5f356ceefbd5df8a1d103ad
SHA256 bfad9914bd989c5f09c106d68f113b75eef3e721ed9425725504447b3bdab07e
SHA512 fd8beecd1235b443399033c5f1bc9a11d2c902622dd9fca369b356b026fa021dd6839cf433268a72859f3e4283ad6a322fdae62fb5b2fa2152c6efe745e300c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6be8938fe2a63ea7a3b08d318f8a343f
SHA1 2c29884c830125de387c21cb6a698feded86db01
SHA256 11e935b4f4a353808d3a43518264f3d2c155c72fa4e25de63042fedb46e929e3
SHA512 1add3584c606dbfbd135cb5493746abe2fa9d0aac0e09569e559df00060d0d23fd3cd5c9c10eaee553178e644271c5276ef75ef94e87e6e9f346861a9ee166a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 815c9960c391327f09d6f3645289c7f2
SHA1 9421eafdda776c07f7de52221bfab3399c3fe9a0
SHA256 88bad3ef0272d5d6aab4ef8d22ed5b5743631851decf5fd70c2fc64e9df2210f
SHA512 2e42e1d51668dbe1d8ce16c2460fc17057f134193a3de75f51b19e7c80e8264cdbdecbde7d45ec29e64c148e087c2613bf0e2ff172fe06d4f74d7f26621418e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1771a099337d003b75e6a91e253ebf69
SHA1 21f280e9c3085e5e242094a4524e30d3a56831dc
SHA256 26f90ce44a89c8b74a7574138c40a67cd643c29377fae02477e20662569aec20
SHA512 40c68c02ee40b3efbb03a89f19bf6b310300dc08211b14650c233d598f93aa97c15fd05ae3a2e67f4b728d31796975464610347fe38aa2a64ed0ecd34add21e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 399310006ff23ee3bd3e15d6ea0d38aa
SHA1 624ffd24167f1349b0728ad10125f2d18475ec9e
SHA256 ead8f9f18ae4427a98f438d85553d5e1b3cba165164f2c21b57e9e9678d4a595
SHA512 ee5e42fd2bcdee63629b25cb00fb9cde9fa13151957e18d54f99fb48015f9f9668cab5aff51b95b136d2bce6e9bd67f66cde73824c5b17e1f2df0f7e915a5c5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd48514f71ee2936b2665972b0697eeb
SHA1 dcfde1633e576038315e159d4468b2399769c0dc
SHA256 0d2d8b50a763edd151665904a1dad43202fc7525325d9d36a30f0f591a623564
SHA512 91e6c2eaa5ea864e09f766f8fb94e8b28c61a02afa8b70fbe81b9733c78fb8c2f4508c13eb94060d3a8aeadf21cae7dfe2bcf816a6659dce76e875efb3e79a7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 896d4ae55316421dbe4d53148eca90be
SHA1 6e44b2fdc0c22cda5cfa4fe0f6b7f62760c2c1bd
SHA256 aa919e48ee1aac82b5ae4ad0d51e62f9c7942877c34c61297d6fa49d19311b02
SHA512 bfa51c1123c9bd8999763a9e10d19c3e1f1ef6c48ef0d99450828acfe320d1531773e7192b55cb3c5650c29b002dc0f51039d1875a071cf09d59e4f453a7d25d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41de7ccd48ce289e4d2023887219734d
SHA1 49e013c1208c215bdec5177b381f7ba38fcfab71
SHA256 d7d52cdb91a396baa02b56e898a6b26182cdb63c3ad4da5031bd67e94af7b529
SHA512 690de4d349a26d0f2182d6dd9c89c3370206fbd2bd83f844ab5508375d716121fd29af052911c38775aa570f0e17c66ae8d670164b6f548c1aef599bee07811f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f26ee589e93d5e6bf8930420bd80ed8
SHA1 f51a4c22a992446907fa1d5099d31ce2bce4ba84
SHA256 c1e815951d05fed0d0300562d4c0c23a8c2e8b2d3716ea35b3187fd1c92978b8
SHA512 c7c2894570a70f41984ec186af9f6fb2ebe03829c1e9f8cf9ea590b8ae9361ca5fb73ded6d219cd778c6c31d35cdee88f9c5b188ed46db7d14ac044f596176fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44ab02d446b15a85ab78df942962ec01
SHA1 96d3f66fae5fd635fb396713e5c9849d5d8e439d
SHA256 1e71262a57daeb0a39acbd45404745d931fc3716b9b0361eb61c7b8d189d64fe
SHA512 9bd2afedfe7aabcc84cb24777a922aa6374676fee6ff60b28da9a8e5a1c054a3bfdf74686772785b0bfadc871339b82919b30d4b44ffc32fae7be2c38b4311bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c34adeda78d7ac65aec446944ef32088
SHA1 0950aa46d129b7542462e17dc77aeeb7fce1f079
SHA256 bd2346f4791221224847f3f9946dfefefaf42b3519de287457f2840d1af6427c
SHA512 dc47e90948d3e71f3d00a2fc0f36af3aecf31b648c2eb60f44e9f32ed69a08dbf3ed16f35077603e226f91ccb9f194fe0da3ac449a981634b347bb2efd7c0e39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68098f9f93766d51badfac0b23d5ee4a
SHA1 ba069a5429bdbd3836574e48411ce42b10e771b8
SHA256 31cf065aee5e8103e5d3bbfaf7faf3cfbf3a8b77ec134df1c293147741453b84
SHA512 330c2bc9ca44deaf4969c0af3640bbbadacbf21cb171c99fbff2ff4493940d345aac3a059e4441afa4c3627857aae3f0af64d75ee6a6d0e289b22cc7552b321e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22d53849c23b31282c53d470cebbc896
SHA1 68e64277360e8fc83171c843d03cad9e9448324d
SHA256 779ff822ebb1c9d65711a9c186d1712a1d84b40e06bf78c941604f039341d33d
SHA512 9370806265de02532edcd8627d746ac9850096c2b125e05418b02b6072701d96885ac0b4f28c7b46a6dcf35cc33acbda3cd06d8762fee832489f2eeec10bf02e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 cd5a780e7ef078a4f3c05303d5914113
SHA1 ad555abd2b0bd85eb853ad56f43b011298cc8114
SHA256 ef4b5c905a86896c5cb1aeaff1569116a625f1a3dc9f5fcbbcb0c0a43e1a3f5f
SHA512 2fecf6653d0a42fa7a3252697799fbd1df418b2d46769c78872013ce08fa67dad946b5a7b962460d7cce8b03b3c6dbb84be3a4b8aef033738a6221c13ece525a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67e98a402b926ec9b46b8bfd54ae35d3
SHA1 2dd65d800c630ad36bca2cfac0ed6daec1f725f4
SHA256 15e98c12933b180a70de5fab2a19d3a58cce45cf27926556747f5ea676ccaaae
SHA512 3d03f93dc50a9eb0578809e3e6550d1724e953ac1ef096f116a9498904594df57d12dff92416d47048aec2683cbdcfb6cafc169816de6159afb1334dc483d781

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a17515361c18fa9ebb0d739b0c97da73
SHA1 043ca900c4f93f236bf61bbadbaa4e507162f19b
SHA256 bbef35687d605d39669a048bb1939cb5ad3d30ee282a6906ce76b850e43a7c11
SHA512 453c1214e8dae65b3b8fc28ba943d71b8b56e1b17266541220ea90f20efc5f9bafe2520651071addcc433245990572d7e7a128ce6e63741c22403f55a1bb8862

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45ed4cc492d2481aaefed3b2decfe741
SHA1 0f698556cefbd6e19db32992ba171bcdbf186ae8
SHA256 8b56794995fd4ac529f2da2027fbeb4f1f9e1724facc04b3ca63e3bb57a7f011
SHA512 0a81cf2625b2a190d026e6d44518ff43bdc8a78ff924dcfde6f8d4f65c9cae8bb6f9bba1f9a988a60c3cf3051c203336f8b09eb175218edb9c9b8221ab5edcef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64f303b38a6b8436f139a02aaf096860
SHA1 f02012ef822a5bc608e24edc05cfe61d1505a3b7
SHA256 84ee4955fb968e8e7388c34d57df21aaa95c342ce6cf26e521b8eaa5d68728c9
SHA512 3d5f704de04c56e2196e6ea5d0d35deb4766b796e523110a79dafa0881d75010f4b96f5c2b5eda460df654d24452d100bc6d54745d1fe3e5ce17b6f65d35b124

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6756e73bb6d4d68ee9171305214f5a46
SHA1 bd22f33df86499c0e1fdca9ca7b0436d2511bc8e
SHA256 db47bfa5d52b3d0e411ebb008af55841bb17dd03d9e391a85425606ae88e8397
SHA512 9f4a22aa89c5be9a17f37f14c2c9c931a394be3e4b8dbcff70534cd201fbd222a11f0e570858e90017fc140642c6c5da8bf291d003079234a599976bf6f54d79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 1b5643195e4b8a054ed3ab6411949f44
SHA1 9fe87ebcc14041b69eaac83801959862ac91ee88
SHA256 dbc797997ee7645b2c427e978506b0f259c6bfedd186b29b3db66277af129c32
SHA512 bfaee5cc971ab42eac9277d88fe78965af63d314bcdae856f516873bf3c2789b085f5a1f1363d86acee06f55170baab3e8d09ae01793481c79f2a4d5fd04e465

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fdcc54fbce489d455ae114ae5c07b5f0
SHA1 0261260789d5d64a83f594b364d4568c81746657
SHA256 54cdfddd0e6fe55a4fad932a11b31df370eb48c553fcc91bb5e93b3af06b9164
SHA512 1dc7b976ccb39ac5620b2cc5ca9547f9e95b0dc3695e82ef51c0be318caa4faf57c329950f48f65efcabe9b0869f17dd3c9e0582d40a81beb57d918873d96382

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 727577ecc6a0a677ed19dbe45db2f559
SHA1 6a623548b111b9d06f1a6506c94d02a536429f55
SHA256 1627f916964f252109de780f3bc1d806ee9eb4004b26fb932597fc45dfe52e4a
SHA512 88e3a51359948db6b4ae38653db6ca7b91dcdfff0e2484c88b5a1e6738c09c45c93658ba9e198edb94ce3e910b9e1e2bdfaca02fb4be752a957b58fa23f40beb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c05b34dbf94e493e183ebcb16140244
SHA1 7bb602ac7efd084b323549318ef0684ff6a93cb8
SHA256 7807dd0030046c91923fdfccee1effbb36478b0c444095218c52e30f0426c9cf
SHA512 d06c7c92c71c80193c37a589c8c9a641e688f9ffddb20e011ad48b6ac5ccc4967668ecf44af6dacf289703f58954359218b297d448f944fc105a7616adbf8ffa

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:25

Reported

2024-06-03 13:27

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f1907110678d70aeb03d53e54989f6_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4084 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4084 wrote to memory of 2264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f1907110678d70aeb03d53e54989f6_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffefd5946f8,0x7ffefd594708,0x7ffefd594718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5420142755024512729,4608997793718329571,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,5420142755024512729,4608997793718329571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,5420142755024512729,4608997793718329571,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5420142755024512729,4608997793718329571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5420142755024512729,4608997793718329571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5420142755024512729,4608997793718329571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5420142755024512729,4608997793718329571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5420142755024512729,4608997793718329571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5420142755024512729,4608997793718329571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5420142755024512729,4608997793718329571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5420142755024512729,4608997793718329571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5420142755024512729,4608997793718329571,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5420142755024512729,4608997793718329571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5420142755024512729,4608997793718329571,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5420142755024512729,4608997793718329571,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1944 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.42:80 ajax.googleapis.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com udp
GB 142.250.200.42:443 ajax.googleapis.com tcp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 ads.clicksor.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.178.9:445 resources.blogblog.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 adserver.juicyads.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
NL 185.94.237.74:80 adserver.juicyads.com tcp
NL 185.94.237.74:80 adserver.juicyads.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
NL 185.94.237.74:80 adserver.juicyads.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.237.94.185.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.9:443 resources.blogblog.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
GB 216.58.201.110:443 developers.google.com udp
US 8.8.8.8:53 www.blogblog.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
GB 172.217.16.226:445 pagead2.googlesyndication.com tcp
GB 142.250.200.34:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:445 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
GB 142.250.178.9:443 www.blogblog.com udp
US 8.8.8.8:53 barbaraprograma.blogspot.com udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
GB 142.250.200.1:80 barbaraprograma.blogspot.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 52.111.243.31:443 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_4084_SKNNHCIRUDXXACDZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ef080568-0a37-45dc-b266-831431442e46.tmp

MD5 0d91aed714948833681704e23ca3822e
SHA1 f6a7b7109f6781bfa16820e691e3bf9e3da29037
SHA256 7a9f24baad1399ab870d16a06d425e9bbe3fc8935c6a18609042e6ea52e48c0c
SHA512 82d5fbde8f7186d526e2990429d2eac677fb966f470f0d50692f077e29256bd88750ed9494d541afcdde8c004cc94aa7318239aca993a6382b52195f9400cb99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 23536ccfe05b737ae639fe63ee4cc435
SHA1 6d2e9822835dc3e6117a4d2addfc8f241fbdbc82
SHA256 6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce
SHA512 f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fce92e37af32ccca1d444592ce55365c
SHA1 efae46f122523afd1738ef17cc8d8bd70b256de9
SHA256 6c4b10c254651c094ed7ea4f529d757ef884f4ffd7dab46a05447a24047489b5
SHA512 51ca45e21416140704dbe58567abec8b61a16559de874075ae224fa720a31404716e05d3986dae67d8a7cb1a165e5b7abe8af32b6fb75aac162b7428aebf6f12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\126bbf52-6c8c-4688-be22-1d749b8992f3.tmp

MD5 a335245bac3244fef3c9957639ddf916
SHA1 1df8be446b03e5bba27d5a08e7c3b4f79ec2a44e
SHA256 b26ce04f280fd5951f11d76b747f64b6be33cf841762530695fc2faae43d3064
SHA512 4f24d6f80c1eda11363d9264864e1266879c064e52400cd95ef03c59469a5884e5648e8f7f1832a2d14c08415b7cd957114258ca7d49c64c895325efc381094a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 da21ad4373d8b8ca227902fe38a7c9fe
SHA1 688497a0372a2f104b87389c6712003f2dc7a31c
SHA256 a5b59e71ef04cfd49e6241cdc3ce864e05f8e52f60157bbcd4857ac127d97ba9
SHA512 ffd501c8d8a65cb0152ab61a9046f0c5f02851e0392265577a74848082e1d568a8a8df04980e018a83790687c68ddb145e120a16d2fcdaefc45e57645fdfe882

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 78fa86a4d74c176254f13a0e2cf779d4
SHA1 5ac81696b5641e0ed9ce4d6085f76cb3f79d7f51
SHA256 c9249e13088de9b81dba4b237d8d17b1254207f92aadc3ac8cfeb2cc038216ef
SHA512 712471db8eade69fdcb302cbe29159edf9cebc30a4b7bd29e131ce22357c440b9e031df2a2a6820f4def48d7c5ed74d335775769ddf9ac988810f2a31ed40b0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7f960829d95710a3dcca8cb8b64e3a1c
SHA1 9b4a23b2231525461434e4cad3e840dbe992b599
SHA256 15a02b7a5ade2f8fb4bcc2addee3a2643fa67c707d165f31083379f7ca1ea0a9
SHA512 6dc76b8b1f1267f84151d67e665b501241102b5996f528a086ef08d12d6019934eb48a9cb5b31f6f84cc3c44cd653408903594176f990fe248ea993b14058eaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fe8545347fd86fd3c87dddd881ad69df
SHA1 de7ad567d1cac6a97e154683537f68c7130272b4
SHA256 276c90927b390fc66eb8bc7081b9b3dbfd21c3a6d562a31c21f9604db7f05d61
SHA512 10d46c1439a3f3f0193166c4f2e4acbe595f28548d334fb53825763e2c19c79c81a709aa7cb5ffd6311c0d4510a2d9a858e27cec696f15d9a9344db3ebdac382

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 17e42baae9295e43f05a7c13e0d77419
SHA1 4a2d78932ed68d3770d8b528dacb595575176def
SHA256 69d39d359ac1ce3c409229352168bd1afa596db73a40440dc488727d54ff36a5
SHA512 6fd8168f7fcc08cbb061f0285c9bdb05bd5bb49665dd2de950ff40aea86f9c87ab005335ac4170373598e127a1934c26db2e62d59eba1456a465a73f9a630d4e