Malware Analysis Report

2025-01-17 22:48

Sample ID 240603-qscfcsga7x
Target 91f5148673d2ee29b999d513f507d912_JaffaCakes118
SHA256 abe462632894efed03413db5e48b79a5dbba29315c5c7c1b5e077290ae5429ff
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

abe462632894efed03413db5e48b79a5dbba29315c5c7c1b5e077290ae5429ff

Threat Level: No (potentially) malicious behavior was detected

The file 91f5148673d2ee29b999d513f507d912_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:31

Reported

2024-06-03 13:33

Platform

win7-20240508-en

Max time kernel

139s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f5148673d2ee29b999d513f507d912_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000002073c6694ea45896c2c558708dd6673e5c8352ebb8b413b696c5141b6861acfc000000000e80000000020000200000004ef03bb4a77aee68715318581ad8ddfb1244fb7f7be30544919e2cfe6e5bbdf820000000e98ab639cf2cca276d5e0125c8d7132545129eca903aedbcc52ee9c1ac222b2f400000004f1fbafc4be48984fa8b723e14df369abc2a9aaad8b8570a12dd170f71f28a2627414575b395b025a845180d46a1ed2f821e4b00dbd9d89decd19255d3317991 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a07a5d5ebab5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{869A4A21-21AD-11EF-B6D8-6A387CD8C53E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583331" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000cf8e141833584f0058038336fe84ac176a74983ff9eb5d4f05a032f9b2aeeae4000000000e800000000200002000000034c0acc2de9807fe744b91416255af8e5841eed6154066ca9ebd469e99298750900000004588bb161c26d1217c11dd40bff525b39fc9168b33d96be080bb06a9ba218b68016cacbd04f7674696745ac74454fd407503f62fc89afc4008ae3ab9b3ce2c8ca33891653a597f4691ffe058fa2d49856c7dbc53f1a0b110bef51c8bc7b867ad22f89ff084083a453ada4748a326e479e1ef37273c8ca5f91f48c69d988079808c180085e028f8594ebde7b0ead016fe4000000060b9004487656aa3b02368854cd495c969c5fa32fa40e2fa0f6845bafefd17a0f66cd490d255a52ad37f65fddec044c0a61b60697f27d83d0115767422d59b76 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f5148673d2ee29b999d513f507d912_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 www.americanbuiltpools.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
BE 104.68.81.91:443 s7.addthis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
BE 104.68.81.91:443 s7.addthis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 8.8.8.8:53 www.geschenkeversand.net udp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 platform.twitter.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
NL 192.229.233.25:443 platform.twitter.com tcp
NL 192.229.233.25:443 platform.twitter.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
NL 192.229.233.25:443 platform.twitter.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1B7C.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 399365997c5f82b515817aee78e9df56
SHA1 d02e4a8a9ef44afe1a64998aca469144a27e92ff
SHA256 6de647359e21a56f0e068d6cc5d27b6e566e85c111aa9d026c1d52a1f736dc65
SHA512 6f3548412b37d438fb10735eca2fb3872c9a4545e551a30fc223adc6118f76c959ab8d3cf3e55e735562aa7384f80719e9b8c01742389787b72b6e9f165291df

C:\Users\Admin\AppData\Local\Temp\Tar2BA9.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\plusone[1].js

MD5 53e032294d7b74dc7c3e47b03a045d1a
SHA1 f462da8a8f40b78d570a665668ba8d1a834960c2
SHA256 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2
SHA512 fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276

C:\Users\Admin\AppData\Local\Temp\Cab2C27.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2C5B.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50feb0c4a374082c8472dcfc2f06476e
SHA1 3292bebd3bb0844dbdca78503f5097c6a78cfed7
SHA256 31aae1b032ebb2dace9660bc58e833c8caeffd8292b5fb0d3a91b1225672bfd3
SHA512 f0880a68ee6627e4c0b590749eb874fde7b35e16d13198b2be730c2e5386317df6e4c6fb9422042ccef33b9ff39a4ef0893c70e0e89de97b475dad9a868ac9fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 508c1e679adb322eadb895944ca7ef89
SHA1 27db075bc3a303dd92633462c501ef6719c459cd
SHA256 ed26a841d1276319047756f862502bf30dfb2d3cdf8d22db9b3dba2dff996795
SHA512 e0d58a0279015cf70f8b5fb33691339e7a117f56abfda425922ba3da0af618c45f353b8bb18a4c815f702f82cd57952780de3ae2cd284dd2ed0bfa293a3aa920

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96f1d4eaa0f1e582b562877704d72040
SHA1 258ec818ff4523d1b4c22168664bddcce16c27bf
SHA256 f567a8ced143533241f70235c29e29c72197c1609d16484e088a054cb47067ae
SHA512 d81475cbb34326992ca48dfdb42a4967a98fc178d8ca788b8bbc9a2cf2fd8953bbbd893aa0c52e595cee27a7a05b290f5ed6915497354ee7220bfede1956d203

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f70eda03d04366e4426eae2d2393264
SHA1 b2c5dbddf95a18990463b009897cfaad28e95967
SHA256 3d15fcc250cdc67734bd67b3d46dbcd250b2c0fc331fb464c38e67a3951f7055
SHA512 01f07706d8e999b9f70163d63761f6013137561b0302163c4efff7bac1ba018a407e1855fa653e378f7317a3d7e90b5d5f3d301bbf27df632813847a8e264143

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5cd6fe7210a624580242c7bba1817a2
SHA1 a814a171f23c339e25ca1f3774edd78c37092534
SHA256 0d413a31a46a94a43f70106540ecca6fd030524f1205c10f44e271e4d9f7dbf5
SHA512 538c6592660a50022e7dc1da652791fe141cc30fd6431bf2ac224c64b26324a87346a8c59898f41981deb06f6e28909b2d66c549999c341905e679a9add3e3f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1756474f38c2d453313f7b4069bafd46
SHA1 28d24fca9f3bc42afa50c5096c4060200084259f
SHA256 26e5505b7f15515778faac9f2094715cbc43cc378c49940c19bcecd6afc41acd
SHA512 7d80a0d5fcaffa6ac45897f762db2fc2775b77f4f2eeac57e4fe9046768163784faa51a50d239cc688ba260ead97945ae6227f0e2eaeece7fa9f61ca3377f890

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e354aa626ebe90633ec70e46945db7f
SHA1 c59a4b804b9cb8fa04c3bbf00945b27a15d42f11
SHA256 293a1b370017da4e166068ff7389129774ffa501f5c9176cc7ebf05b2c218e7a
SHA512 4906022feb3e877002013fda4b4fb5e6584adb9da44aaca603e3a25c168051274754d1cb9bbd1261f10a39ecef32c9395b68a6b2c7204ba38b32e86b11485f6a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ae1a6cb8f41cb703594a04fed36bead
SHA1 e8b968acb02ac8c6f26149dcf57b3e15aea95b75
SHA256 b0ab9dac3f1f14666bb749fa274516a037198d006e88467f92064098920d371b
SHA512 0b66f3698ea4a0d233c6a0680eefa0914410cec8191764d7430273b55ea5cef6c4490c209c1c4c55eff692ec2763b6720d7478fe7fd496315d7ee0abb0972e0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 903b0ae416a1565916543d70b0762108
SHA1 914bc65e137230f1915840523b43cf0e60cac0f9
SHA256 0dd96aa55e7b2a568734a53f62badb60046b448fa12150e8ffbfdc79ae112550
SHA512 4cbb594f854f8290e9de4bca8cee00104dd4c7bc59f0072422206b00e369343bb1874124a5ac5ec8c7ef827e0dc5d69125d67a84c384fde8c4c0fb57c800befe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5d1b86afc084b3bc2cea78cb15ab700
SHA1 c56e18d8c9b1d774226824ced699aca2ab4d9c90
SHA256 5c35ceeffba0020fa77c9795a73f315f1285ececcd75e703bcab30181892c457
SHA512 c60d00503abb202a663904e13b12fa55e480cd379413fb9121a213ec681616e845c643069dc73879dd126dd6f91e2e798be1ee9857a0d87ef607712c95e0b50a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6558fa38318b2fa4285386d447cf3568
SHA1 5d533aa910802c1beb7a27d1475b51cd83e6c050
SHA256 e5c8ffdb53cbd5b990b1b0cd4189fb5fdf17c2983e0401e3bad384110d7ff7d5
SHA512 ea363494fc84766fd9ea2f23c88334313aeaeaf2425b7c1c212b9dda6dfefda75abf3be4d6713b63290880646cd804089929bcc5b54a420debf639df86db35db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb9fa761ba455581636426b1c08a9dee
SHA1 d5793d3033455433d740966f4bac6168e5c4f16e
SHA256 46d713e156c23fbf01bf39ade7351c28dbfbb481756e9b934de74001e10bc521
SHA512 ea513f58766a9132d5b80ee85ac6a448795d8685dab1495ad09b247898b588f2f78bf105b7effd161e616c1d636e41b0829feeb4a64869df80d892ea7645ee6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f96f08a0c4a28a175f35c69cde21840d
SHA1 c6df8edf4bced7703e733e08cc4b38d38a0d189e
SHA256 b19723029d472e7cc34a7d21cb2f9ac38b3aa078eaec377264d57a5775abb790
SHA512 ae0f714198900e0133dcd86781ffcccc5407af9877215ad48590cbd4013948cb59af322440aaa9ea82d7248153933ee73c08534c45e1d9307e01cf95021b9a11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d4bb75f285655d077e89230cc81ac5a
SHA1 d444d08f0298c59591a5537a96dcb014761cb376
SHA256 f7fc37c57d79b2f7138552413b2307d648f2ab6d7137639ab2fead934502366a
SHA512 d55125f3310a2d1c76a4db1b59c8b05160b06ee131999c8419acbb31fe32f040ed43360d7ee0adb8a55e61a5bf43a1711d6c912999b84abdf9856efb2fef495f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c31fc2440818ef06582aafd339f0577
SHA1 cc0451c5a18fdb97bdf2d201207f6578420c9956
SHA256 cde362067de89c333c4109068f10bcb2249052f43113879b5ff4f18778937153
SHA512 b7a2948155999b4ae47fed0ae57d0428072a0546c33b5cee96bb60ab71682340b43a640d80592b78344e139629b74cd6a798dad16876ad0ed140b3255694b837

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93d65f84e4cd1b3a34b1433a7863574b
SHA1 8a930d674940c3f6d040abe2b913287996de3039
SHA256 7a620e042f0530535c63ba2ce96193bb2b0e75d6e2ac287908b03e4c772d98ce
SHA512 11157ada7e719e2521b2cf79f70e6b20cdfa5eb90242a47b3b7f18da67ad4a3ab30d77133b3e3efc6a2453e1e012aad8c8305df05651f5230b247910fc17bf95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 015a513bc50318095c666a9919340b30
SHA1 3fc3bd2c05d957548a50ca5d4a2bf5bd4c3c2635
SHA256 bcef9f8b8091d87e3c5be100eca90235e015bc9044ac4d1efbee667ba428d905
SHA512 da8357692743344c2207830f85d1d49f803bdea9e8e3323f7962567d8c87cb37084500daac9b1c0689dc0ad2daf69c7be4a98c4d9dc5c0d62faa32ecb5c2b248

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 467fd8f93299e2709bad3433bf1bd0a9
SHA1 e91b7b76255057b2b517922ffdc6e86aff166e4c
SHA256 d661631a1e1682dcb69d72cd76978f95a445bfacdd4660e832d14fc6d47762e0
SHA512 0facd2ee3a62d870c4a4611fe914909f4aa9b56a3cf504e12f162075a84eb28706f0a86aacfa59ab6415e69adfbcf4b020ee56db8531a36442ccf8eb935e57bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c057091c4c3aee5566a69290ed9c33ab
SHA1 b9f38e545b12fe18d3dd2030f4a124342633acc7
SHA256 a485c61e067c6e2c71e96568fe8d896ac7176fed6974833092fb67fe2c7aa98c
SHA512 a4ff7e7e4609ac63596f9e7683835e4218e42534dfbe4e18ac50c733a096ef4043fd969924ef5e8bc504b69961f4e7c3714639cce4b8d8067bda3342c74ae00b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a46a37c332a0f08ca890f7dc682b6fb8
SHA1 7c9dfe5f5fad860199731fa1b9dead3b6a4e5075
SHA256 a6cad1066bb15972186973d4b0311b98f6c3b2ed5335fdd45ab3f6941ce8fb7c
SHA512 ed909fcc924debbbfc774471112ac620b274ec3a77ee2e0778b782aa4dbf04904daae15e52b894d377462862fb85e8ec88e101536b6903a22f3125d3204efe99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f146e273ac99f9ea488be5f57a0f143
SHA1 af6f24fa314f348b12588a67ce4a75193b94bfb7
SHA256 93d8301e2df5d5c39c641e8f02be482f4a87cc91ffc07b37ab90478dec103508
SHA512 8fd5ea328693cb994aec355b7a35f607cfedf59a64589ae2f2dc444dfe1fce3b4c11489a627cad65c6932414355c11cf2da689fe4685b7f2761c5b45730f7f9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 043d5c841e9ecaafdb5530c3be21bbb4
SHA1 73bf351359e8b7958769358bfe318c8e62d32682
SHA256 a2a367c08b816251f1437637b0c868cb1d4e72c8887aea44dcd202e64e1fd112
SHA512 1b9bac6a60a42cc754deec396bbe0db85c021ed8daef700a1a04c78d62243239139d94ee3d74b3cfb4196f41337fda3649aec08ad0afd28561617084ff1edd3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9d9a6461c987f552277bccba4c410b7
SHA1 61222e87ab71702b718fb530dfdbfe605ca69a49
SHA256 b96f7884dd5a58a1df2a7e7f5009a18f7226e6157983252d40851e127975dc74
SHA512 da625e8006876b91807b7b683a5464663adce0fb5e65e317257a8168be4be58457f190125ddd28b6423e22215a7466771c7f866bf9f3bc49cc2abe0f4e2cf00c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e50d34636da23f0c8d226d2cb5de47ee
SHA1 698db085b4598037a5a7336c8f62f4ad6e9497b1
SHA256 e87a86e14e95e2749d7f2cd773d10dd6e7633d81d5c643b484178d7502577c8a
SHA512 6aa130965d7241e04d9ee7cf4047b80dabe5c5e1cd0bfbf9990e9501addea969cbb9442467b59fa0b6dd7e1f3b169f0b7da8c7f84e3a506d86260dcc1d9f3bac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23ce6f45d0bd2d56df201c4f14118d37
SHA1 e4bbcd8c915829b1d3f758d2cb359feb7b061ead
SHA256 4363d85e9fb0969ff1ee6ce4981fc0666f56e726ed2a4ef502b226d58ab8baf7
SHA512 e4448db145bc1e92b57544d23ec293c6aadff626fcbc224490a2d9db5f33d3316d1e75b5c0d9794e9c7f67f0507f0b751e5ca6207c12e656761a7ce008591dc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 517adb9a9c4858fc3a43b6e623e1ddbf
SHA1 0ebf375cd965d5ec011b0b1afb4cc23c944ec1ba
SHA256 3cd5c4f4d8376a5ec85b71feb5ad80ad15bc97dd32c46edfcb85bc33e4b657dd
SHA512 653cd429445ab20f53ff5778e2971234160da01c68f42f4979efe136c71bb64a75bbf59703c8c99ecc13c24c1dafa933936a6545fa0f3c6f5df9edd56cb9fe78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 667693a96ffb79ae258b5fd060f25278
SHA1 725544503cd4141014c79367a095adc275a7e852
SHA256 3f6ebb66542f54b9032ffe6b9628b6b20bcb8554c8277767bd5a4207961d7db5
SHA512 0ba8708abb4be63ed95ab8ddd51a45e6397662527f8dc2e7ae3cccbaab18e512af13a344489677ed7efac5ee1dc8fd03b71ff06c8864b3d9f836cea52b1e9d33

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a10c4ac23d07c301d8b1c0aaf32b8d49
SHA1 dfb7cebf3d16b3c2adbef5527ad2eb1632de023e
SHA256 e3f47b4f65f968149cb46231ec40208999d1dff150d98f2ede12bb5e9564b2b4
SHA512 8691ffa7f7e5a848dd17e610c7fc4c25df706c539da99de657a13764f63ea55dea780f3b5e3aba554b553e8c9771a6ea4d92517ccda0962658dded05a29d4faf

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:31

Reported

2024-06-03 13:33

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

146s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f5148673d2ee29b999d513f507d912_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1696 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 1800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 4068 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1696 wrote to memory of 744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f5148673d2ee29b999d513f507d912_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8930846f8,0x7ff893084708,0x7ff893084718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,18344515148520829661,3832514792106967128,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 www.americanbuiltpools.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 162.241.252.173:443 www.americanbuiltpools.com tcp
US 8.8.8.8:53 20.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 173.252.241.162.in-addr.arpa udp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 8.8.8.8:53 s7.addthis.com udp
BE 104.68.81.91:443 s7.addthis.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 162.241.252.173:80 www.americanbuiltpools.com tcp
US 8.8.8.8:53 91.81.68.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 8.8.8.8:53 66.220.184.93.in-addr.arpa udp
GB 163.70.151.21:445 connect.facebook.net tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:139 connect.facebook.net tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b2a1398f937474c51a48b347387ee36a
SHA1 922a8567f09e68a04233e84e5919043034635949
SHA256 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA512 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

\??\pipe\LOCAL\crashpad_1696_JHCUBMNAVMOMOUUP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1ac52e2503cc26baee4322f02f5b8d9c
SHA1 38e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256 f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA512 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4aef5707ff1fe80861f8dbfb10852c50
SHA1 6891dbfb2bbd2bf717327377803e92e3bd7cb755
SHA256 363e11843c715ca76bbe22372028caeef58e1c0fddb301d008bf53167d663d8a
SHA512 1fcb7f8fca79faa300c6fec5ca655e7fc9ad33517137507b964a12f336affb093104054d03b159b28be0f941f0799a58e0c881e4a18848630dc4b739436ab06c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 721bf5886ddf13a5af2cbea02a94cd5b
SHA1 37f583690dc7ab2337a7f58f27464c69e5dfcb5c
SHA256 df18c83d84e80ba5bfac3b36b5590187ca7ea1d2be6f5c75e67cb007efedc25f
SHA512 3743551d9833b050afd9206ed5869de9d5fcd67a4127273fcb8c763541f124da86a059f39dc6545417e0d1a81425fef157f4c6c44f50da5138bab8cb82026341

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 74e8cf59c1a55ecdfd6d4e6fb05cea1a
SHA1 7a607e786499af1c76d560253b9438a9cf93a783
SHA256 2006aa578dd7cc4431c6778dcac54e192a2acbc2bca7e88cc92e002131f4303c
SHA512 b0e9df67ea6709fb12a333a4cf27e1027f26cf3c0a90f8cd644ed7dce416834dbcff10b5377ac6ace224db52a48990414e49de4d871cd6792f6f57bd5e887941

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 daab9409f87a1528c09515ab6f17c272
SHA1 eddbc24e4c2acede19132e5960e00f0c6df9b8a9
SHA256 09d777ad19d2c989124a2cb1b2d815f2fa32c8d905ae25250ce957d8305a859d
SHA512 fd4d3b04c649e583317fc07a873b137e9db24006b110d18c5bf5c356c4e98df379b610934bcc0e0827ee395eeb8259ba9eabf75e469c20d2eae683a4c1835fdf