Malware Analysis Report

2025-01-17 23:27

Sample ID 240603-qpd5sahc67
Target 91f1e06ef0cb397bb1a95da46bfe5391_JaffaCakes118
SHA256 698068a427c83a89e6f87a3527876af6ff377663b4ea0a00de86a5f5da6bbcd8
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

698068a427c83a89e6f87a3527876af6ff377663b4ea0a00de86a5f5da6bbcd8

Threat Level: No (potentially) malicious behavior was detected

The file 91f1e06ef0cb397bb1a95da46bfe5391_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:25

Reported

2024-06-03 13:28

Platform

win7-20240221-en

Max time kernel

134s

Max time network

129s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f1e06ef0cb397bb1a95da46bfe5391_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60366fa4b9b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CE72B451-21AC-11EF-A8CB-6EAD7206CC74} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000034882919eb5eab4eb7bf44d77bfc2e9200000000020000000000106600000001000020000000810d8621d4f86cd3429eea0e0d0716c937a1a0b4b8bc437a978206d8e8658eaa000000000e800000000200002000000069c181503c1dc261f552ac87ddc9554428460eace0a8f5e00e0a999611ecf08e2000000026fcfb34cfb1eda18280b323a3d66c162865205adb59c58c900faf3a0714d85b400000003830f08decd55e0f42f33cbb3bfeea0693169a4e6503461a7ec08a09ebb1c551bed924b779cfd3fc0f31dcc522bc7f95bf198a3c1d3a809294b2e39d278de0b5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583023" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000034882919eb5eab4eb7bf44d77bfc2e9200000000020000000000106600000001000020000000b3a5a1f0281abc314184ab3103e928deb7eeae22f1e5ff2f3428c88ca4da677a000000000e800000000200002000000049ee62fe244f74bcce6dcbc92eba140f14d709f07d1f1172e9a5f9de3aa422d890000000b89391cc94bfaef7bd86ca6808e3e6dcde39c7a86bca3433653a58f54679cc5d1f6b4539e6aab3545547157b13a5e49fb0fc30db20ba772fb8d598bfe04c935878a219866871d22aea50ec9e5abba4c07d02cb2bef344c0c8147bf905d0328f466e1120fa9095ec2f8a9cc71bd109d5ec2ae0b2946985d92c24047d96f458eeee888e47f419db11e3727c36f8cbd881c4000000030859ed379b05be5f5063676ec6fed7c583da8ebce449990d8bf206117284afe09f2236801891fe9e4d173cbd767a35341d30cbe3e598c8eb20feb129f0515dc C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f1e06ef0cb397bb1a95da46bfe5391_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2344 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lax3-1.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.151.35:443 facebook.com tcp
GB 163.70.151.35:443 facebook.com tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 31.13.70.7:443 scontent-lax3-1.xx.fbcdn.net tcp
US 31.13.70.7:443 scontent-lax3-1.xx.fbcdn.net tcp
US 31.13.70.7:443 scontent-lax3-1.xx.fbcdn.net tcp
US 31.13.70.7:443 scontent-lax3-1.xx.fbcdn.net tcp
US 31.13.70.7:443 scontent-lax3-1.xx.fbcdn.net tcp
US 31.13.70.7:443 scontent-lax3-1.xx.fbcdn.net tcp
US 31.13.70.7:443 scontent-lax3-1.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 31.13.70.7:443 scontent-lax3-1.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 31.13.70.7:443 scontent-lax3-1.xx.fbcdn.net tcp
US 31.13.70.7:443 scontent-lax3-1.xx.fbcdn.net tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.151.35:443 fbcdn.net tcp
GB 163.70.151.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.151.35:443 fbsbx.com tcp
GB 163.70.151.35:443 fbsbx.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1F75.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar1F8F.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab209F.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar20B4.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6de0f4aa5732198984c7e200c2145fe
SHA1 4feb9de8b65f743c68aa228d3048329409ddb9e8
SHA256 abed6cfac2d5859e964068d8089e0d25a6dd4e9a481b45525937fb6d4030cee3
SHA512 f5d015cb412389d07f751faf8967c852b2c343c4e95fa0e2a47f62b8d7657f926f440b831001a209ce75e8ff0572bc2cb93213b5559dcf09ba5c3d47d1fdbfa9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f21b48732b927ecf9ae2f9c4efb9d01a
SHA1 9ec2a30b2d405cb681dbc9cdcdbeaf7c56218bf4
SHA256 8d24a89e83f6996df18fe6751823aefbc65c60dcbc13d9ecbd4d15eab130ac23
SHA512 68dada9bc0598cc6aec5b01f26acbb9d3da0ab937b33ebab45a57671daf250049434020bdd4433ffba128f1fb9b8469c935dc672115dccefe1f2fc40a234488d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea17b876b11ee7c80aec5d9d0900d0db
SHA1 96399dd499b9818e7e0e4d3e500f28b073195636
SHA256 196cc0c325f4745fc8ada26fd0dbfe805a878f78b867653680176f87fee65850
SHA512 3ae49411cdc2ff6023f231160daa8a257babad30630f4aed8a73a1b0fc862989d85bf37fd3a49a1865ad1205eca3be7781539de28b8eed3f11395f8261746374

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16cd6fb7bea101f97a1951c8f46980f2
SHA1 6eff441573ec1937bf925a0dfe54b8f6b7b7fc27
SHA256 9c7319bf109676c282dbc3058780f98e6f8f291d3ca90429d71ac04f78adc75a
SHA512 64a5b3cb3edcd96e5819d0b0f88c1a5d7d0cac5ec981ef024a013a96eac9eba8fd38e20d81b5b1f630015218ccf4b0d75ba09a1dd6c114f3e5073a80b222170b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9c967f537ab34a2e95f75ee3c2eddd9
SHA1 43ad35ccfc6d8d02eb3e230f46bebfc70a3d2ecc
SHA256 685e4b5646a701535d3167e1ffe4f5dbe5c12e721bed933ee097f4062ded4045
SHA512 32dbf7f53833cd1181a3dbc05b71e1aa18383526ce116088c072fb89732da99ee9e74d763083e15184d68335487017392cca282c614226e7c846b8d8e254c1f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 0352f6eeae78d88aee422f2c8b402c1a
SHA1 b95f987a3a3b352773ee27fb261ef043da1eb0bb
SHA256 fa553c20320a21acec8f357d1eb116d14834caa25e4211471dfcd27987e5cfce
SHA512 41558603c081e3a0e41fdea8f1e87b2615297096c927a6a90d428052bbd7e0326d088e19dedded6c3fa8fb107b27d100be961600fd50377c3dacb80f33899e67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 f4fd0ec6ab26d71e77b4969cd367a91e
SHA1 db33945c52de3f7ab1f64c10dfc2f83b8c3f1564
SHA256 aff0011fa07a9284986a007b7c0b8757a67230453ea42a795961326ad975753d
SHA512 466a6d9294aa0933f4d558677d53c03986da3ddfe5e709a4b4af2218089215d12d94556a2642ed5efbff8cf8c5204f82b369deed380353d31b198f088d158eda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 f679e4879179c737014d697956a8dd43
SHA1 0b1609240d82d22ba52f55459b4457faca96e084
SHA256 59f604799ece2075f8cd44d7685359beeb59a7494fb696d491582ad0d524b9cf
SHA512 81b1e669b9ade3ee7377945647d3b870a5d09710a075748f42d7bf64ab05bfe052052493eac6980d5e1195ba12ab8334f1e5ec7eb710a5298bc7d6aa49ec35d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_6F2C379B4FA37C407DF31A1D4384146A

MD5 78345feb9e7898252433577a840fc3a9
SHA1 611d4bad2b65826bd9008c1bb08fcedc32b47255
SHA256 844c9016799088085858b7745283397ae81e40ce23be11081b91b2125172ead4
SHA512 60d24811b37432a1c5a5a51d90db1d39219eb882b4fa768da092ed931364e8f9e554f0b21c21486f236ba8a33d1f1a2955e024520649b0d73b807ca2d0d69169

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_6F2C379B4FA37C407DF31A1D4384146A

MD5 7ed45bdcc8376ff344c176effa42e715
SHA1 cc6b35caf75bcf20a2a0bdeb325f6f1752a1e789
SHA256 408ca24781e8a278d9c89de0acdf4b7f5f2bd25dcceda241dc9ae6b199c0d47b
SHA512 8369a12caffccac4e8503ae47deb038ee56232384e541a3c9ab0c1cbadcdf61fe72741988480672f1b1cf55b76844bde48e4637f2071ce19d895fa18ea8c6147

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_6F2C379B4FA37C407DF31A1D4384146A

MD5 c35e0c2206920af5b6738ba8b3a55e92
SHA1 6d3ed6e6b7ad2f668f3642155be262f9e03b7fb5
SHA256 aaa79fe2e7eee26f273c26658074da9f533ced975c75b52660fd5783e383c2c7
SHA512 b0417542a1f32b7c3c776a8873ae1d1cca179d4b801caaf0da65483356aff630c32a103bfdf42cddc84f3144a64ee73f249709c82fb1e47dd0862e6f14699c97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_6F2C379B4FA37C407DF31A1D4384146A

MD5 28a3f22df2acdf0d080070a1ca654992
SHA1 19eb9239f7b2e06b322db3cd0daecede9c048be8
SHA256 bd521660949ff05ddc5f8da04fc20070873f155e7da9b7c524d1965cc234fd02
SHA512 cf8756e817ae45a1dd64d61a54a2962d9d7d68b6d98811e8ff3c36239c825f00b66e3bf46c070e5251d8d8a1dd2c89aa59d568ae343b0abea6c898ee0952e4b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_6F2C379B4FA37C407DF31A1D4384146A

MD5 33690fee20dc0affa85222f8346f38d7
SHA1 fd07a52667e1cab2b497ef4f837b193a07ee2456
SHA256 85aefdabd2f1e2dbb9510a7fdf6028ec4df3e94c21887a956e92af482d0d283d
SHA512 fc8487e173a4c90f64329a95247c31b7af67bbaa7ba98fe864350b635c64ff4d522141823d865f7afc8e7c546c526b7ff79e542db774119bf11fb0da534f98aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6327c352ec453e1873bddd50d3b528c0
SHA1 fe81bb7ac40f3fb5ce25503a54cb6d4ed1e54280
SHA256 7a065e92ab9d35e89027b90cbf07661141137bed616092cf828c2f582ae55e11
SHA512 8328faa30a8cd854b5a22be5bacb2c07dd629271f3f6a9148943695702bcbcbff50b5890090921dd6d5f5993717f2acbe6bec806c2c58fc017c176fadd7d76d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b2c52ec6065bc6ab65d4750e3573f41
SHA1 f9a36a273e63dd02b4f28eaeeac140789c44cd03
SHA256 b5b6c02797991c9639afa2248791755872ccc53cd152dd3113d38f9e0067fd50
SHA512 9103af7c91742500731cc78492944a649e279ac4b479d0e2abdc22c86bb56e0ee34753e33aa04198418e0499eb6b410b75a41c2e902037678030764a156fd463

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38fc17918346d170ab63f078a2b09602
SHA1 5cd39d0017d3a3e502052eabf6ba2f197d2bebc8
SHA256 a75e8132c1f0adbb414bfdf23615b9abc88ab015764b629aea6fe7e7539a0c84
SHA512 7abee5a39b2cb3a774a0cb4f93cfde2a9f88aceede110a5dc10328d5deff438675ea9501d9ca84a9c58ff62138ba2bb5dc6e951bb737cc0b4526ca96dcd397ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db085ce6212e3cc6006634418e77c0b0
SHA1 ecc8ed3cd75f00b376d1bf40db3a28e879f3805c
SHA256 f861a81bf9249683593e878264a4bc95d174123a45e358af0e839463b5e572ee
SHA512 55c2edc25951946f8fbf66489bfe77c6b99771cf3f5557c3de7d9c22879216c6e7ee002dc21ee702798cb328f1d1d2b0d4ae7a600a1205f4e03d1448a02a55ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71de2353ad8f5475bfcd111b6223569a
SHA1 470475062db744e5473f350b91dac5ceb61f4067
SHA256 9d09a3454c9898ba546659d19f06c4453068be6c463e83c64d000df300a524c5
SHA512 60850b6ed758d7a16c653748d5d472461e4f9863fd4a61f016db7480bc565a4fed0ddedab663b36236c0012c2531a9d5294f59f72e8efb29677aba3d8d58b911

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 383b1e1c9e97ed0a399f6d6e0dd110f0
SHA1 339433e901a94b7e31d2604d8a4c32c57d3f5769
SHA256 b73833946d2d5f5624d1cbfdcf6c8bc6cbd1ffce72caad06e13d1bd8e2169eb8
SHA512 3f819a771e551c250b8b766929ee85370026e8c03e2381e9626337a54667abc908521b0ab1531dba344e41fd752428ddde5c556b59b55ab148380c00868ab68e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6bbc0d83fcadbb9f2aa1edf3486db516
SHA1 69f12a12a137779f7fd109c322f47bfff44764d9
SHA256 a3d33392710b6bedc3fea7ad96806bc0d5967d35cd5518a0b3bad0f05e2b5301
SHA512 5153b15587817bb31c3b23deccaa07d426469a5c8fff11b9490f811bd207d4746f56456c50727a6ea6df121bd9328af74b0af921907e65e1f0b412e117d4d679

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ee1ad6814bef4726a7673d153ab4e94
SHA1 398cfca19413a5c7d6df841e5686a3f5343645ce
SHA256 f5eb72584de9fc038a5b4c18576c187f0d95159db401031edc6dba890c2842af
SHA512 c6461726145363f35738dfb9f76f075d5af23dbd4af9a1e7aa448d26b52eb57dfb060173b730d7b986136c3bfd920ebb8aae7522e3e0731de8eb99838a14c524

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08823dce5d2e40792e02f82117beee7a
SHA1 565deb96f2f4d944cbf83125300a3759717a0e90
SHA256 d1ed8a00f76eea666b8815035ab233ca1e88c9caf5411bdd8b0988c146c80146
SHA512 67cc6cfcaee723e0df065e39944ac349c848ac2ed807ab8a467daa320b10eb10f360969eeb6068230230bcf09e17b13e98db6d82d50c82ecb16cb2771e92f04a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e9de7dccaa8b3bcda3ca1e14e027b87
SHA1 82586cf65e438ee302a75fb147eb74555ccac6b5
SHA256 a3d1873f52b15075c51c9f3add05589d23ff0075185cc35aed7c1f1a4e5ba732
SHA512 9e10f600400a45eb839883ae8c296602eedae39c4758715eea908450ce266de448e0fbda96ad76ea81bf70718f4111000e9d338c4a3a59291c63b18dbce720e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5947354ba0c99b19f14a2c4110972a4f
SHA1 879026dcd7c65eae70ac9c5f5d6e1b389c125045
SHA256 f45d3bd23b3fc0c8283dac131dde260419c82a8df415d7d378dd23b340c97cfe
SHA512 c18c504e5959a4c70668cfa19261df9f6014c26fbf6fdaae355e0b0587f78abf3cfaa3ff01ac099c8e983987c4268cd1a06d9f056db24b18a2dd16702f1ca116

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8b13ddf0f959ff757cf161c82a3b1cd
SHA1 3a87fa7c3e364f2fce58105272eed2088903e2cd
SHA256 717b41f389bd7fd263601dc6a4472cdd25df9a01da671630d4d8dfe41f2af6a9
SHA512 efb95ba9995b47f83bbb80f43aeca232bc8a724afc05c03f6fb33b677be0ec83aac24c9764644fa564946ef08ba1c127d4dd0b79aa964e3739b99cf8fe35bd69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 9eadf2c6b89d4b52ef2349b7d0629552
SHA1 09120694d45dc5519a753e7512b2dc7c6d4a7450
SHA256 2b9566c2c1a49184125a96222457a2e38ed79e25203e5ff6ffa54b7fedc098d3
SHA512 fd2f2b3e7afa7c8c041bf84e958fd7093535d52047df3d1eadc9211bcfa13bfe075e5bc995cf143bf24b6038fc9f0cc19af5c79f4f8ca28396d4d142f1a3da4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afe1e7f5b44d9a1551a9864d785bab52
SHA1 f1c7a804dde99a6c682dbd5e676a61ff46929d9b
SHA256 ca6628adf2b3d1655a5db342de5ed9ae46aa0b9b7a042acc4abdca1a5e0573ba
SHA512 7bf9a392bc4c78cd1848112b8a6cb2e38ca7ff66cf44c0c1b5c821405ab4d3a91a045a51e8f7ca88d7db9ae715f24654619e3b2e01a5f6086973621f5fd3cf82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f768cf39f38148e5cbb63950d5e127d
SHA1 30b43b610dd61bf9e770d81aa52494e6b81bf2f2
SHA256 e9ef27726af77844f11c352cb2b27e75013159cff703db1bb4d17eb4ee881118
SHA512 dd89408f03c2f4028ee86c18ffd3d01a7463b3660cd79b0c9bc2ecc7b91b5b63a5a220d9d3ce7cb1980c53fa272789a250287b715468389ffcc1343ee029f97f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d96bcc24e2699c357efa9e7a336ba68
SHA1 562bf4e86612daaf0dd47191a8e46c7bd54d1db4
SHA256 af395cdb54fc62f3716a8e62c77ab8c5fe808732477136cd5e0ef0401e45d1ff
SHA512 f22a88326afbc0d3e4368b8471b00351c38234ca021dec109e7f64f0bc46ca53c0a409242da06e9ffdc96878e5fe16ccf3fb260eb73c869ffe1078f9630ffa62

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2fa04c206a5fe2a367caeac0ff9d3ebd
SHA1 ac4ef4b816fee04e378e50953837d03827b282c9
SHA256 bfec9f6fc3a4efde5892c6c499ae7233b20b230ba9bede5a46aa9594071f1729
SHA512 753ab21e7c5ead78107995852e6bf79a404721a8fd60a4157192feb04f7582bf9f197ca9cf04b50d6521e3731b159c54f5da2d30d0583fe72d3257f11a077047

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4a4e4d3844c55b379b92246c8333674
SHA1 7785769762557cee1a468bd4c18165e863274eee
SHA256 7627ed27c393744a1a2c9c313894520f8399a596251a6488ff8123a188b387cf
SHA512 963f041b228c3f5fff0a8045192184511d440b9f735e05de71698a870a58fb8548ad2e2151a5d1e0159a23e81ce2a8a6884ba02d7a6263dac00bd3263c764f85

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 774fee1613749098b263fb6569da8b8c
SHA1 47703107ffe46f3579efc3d0e4fe49d0b84154aa
SHA256 e6d99e297aeeab0f0466802a609acab9082c04ff81ae39e4f0873da8937cd87a
SHA512 b081351b0878bc9c97e09506d19c2bd5e70c65829f5abb619a4a1a46458531a325d3d71c0cc2af03255a69ad27a74955c2bea3d969786c62b7c49045624cda5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ed6213b8b8c53466445015fc9f0b5cb
SHA1 297cb45c22a64e377a127c053322adf8ebdac3a0
SHA256 36e86d0c1918a4f99cdd4d641c625419869396990f23409b190ef14b2c4481c9
SHA512 b40a34077afe52784682ccff012b133d588019ed88a865e4e0faa3dd7019d2e5bf4b54d6d36f6eff574a8a43e3a0bcb1d527707e27d5b405b575b502fb73a471

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:25

Reported

2024-06-03 13:28

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f1e06ef0cb397bb1a95da46bfe5391_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1316 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1316 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f1e06ef0cb397bb1a95da46bfe5391_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5c0e46f8,0x7ffa5c0e4708,0x7ffa5c0e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,13600506704758844331,14264322122621569686,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,13600506704758844331,14264322122621569686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,13600506704758844331,14264322122621569686,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13600506704758844331,14264322122621569686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13600506704758844331,14264322122621569686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,13600506704758844331,14264322122621569686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,13600506704758844331,14264322122621569686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13600506704758844331,14264322122621569686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13600506704758844331,14264322122621569686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13600506704758844331,14264322122621569686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13600506704758844331,14264322122621569686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,13600506704758844331,14264322122621569686,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lax3-1.xx.fbcdn.net udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 31.13.70.7:443 scontent-lax3-1.xx.fbcdn.net tcp
US 31.13.70.7:443 scontent-lax3-1.xx.fbcdn.net tcp
US 31.13.70.7:443 scontent-lax3-1.xx.fbcdn.net tcp
US 31.13.70.7:443 scontent-lax3-1.xx.fbcdn.net tcp
US 31.13.70.7:443 scontent-lax3-1.xx.fbcdn.net tcp
US 31.13.70.7:443 scontent-lax3-1.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.151.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.151.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 7.70.13.31.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 31.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_1316_YSEZHWOFGDLCFWQK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 db5bb96524a4381733f8aa62d19df99a
SHA1 efab6de57918f604e630ade59dac2201303ab39c
SHA256 b11096a9d1ffcf197f28d9ec863efe2e87cf8231105864345f285ebfa6cb84cb
SHA512 2274147dd0a961ba23de717f943fd1089f53a841de70f438b1f29d513e2f4c1059433233a972febb8a89beb163e1327832e0671da6eeae749529354015c4f5ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 899d242e5d33b89ad8fed2f24a7315b9
SHA1 b49ebe4f37b6da9d17b94c0962daf6f23b933fef
SHA256 481630c557ef8e01644ef9bc78fe493f835f91a48753d26d13286536d7e64544
SHA512 7f1409b93d6886cf0e90d7b40475910122a24788464f69f9decfbf57343ec92c3a1728e8504101a3812a5d56066f7812ee5770340852dee2868e650eaccaf2f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bebc0e63d6d291216b0c72a353190221
SHA1 de7bb78067d4aa953b0396d834a69d2d4243fb16
SHA256 54b8e5d3da1f5aacc49dd999503a45cea234a80235e2aeb23217798a7272656c
SHA512 f5a2f6a30f8b8a9e39c1a4a83667d9e4cef7a6b840625bb3fc8741f86762814df41e5e605e27b811cdf870ddd880591e9170ab4b2f40c621c06356d885185f77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 46cf334b40cc42d01af5c70d9a584a80
SHA1 b3fb0f8a3e6903cf2f6628222fa90a104734760e
SHA256 adce0576d974518ce811ae688f70cf06923eaee4c3638f6745e413247b9233bd
SHA512 af43ed0747b9a3ff3c00914ebc412a8c13048112d3689083716b339c1a4166734e0cf2e052657d22da0880efb984396e07f7cdedee8dbd93d4f7ef2291d31f0c