Malware Analysis Report

2025-04-14 03:25

Sample ID 240612-sj3bjazbna
Target a11a93f9e549180a0dc586916a2cdbec_JaffaCakes118
SHA256 31f24e362237b1a1ebe302a486fcf4caa2728643e2385faa3e346cddf4bb4daa
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

31f24e362237b1a1ebe302a486fcf4caa2728643e2385faa3e346cddf4bb4daa

Threat Level: No (potentially) malicious behavior was detected

The file a11a93f9e549180a0dc586916a2cdbec_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer Phishing Filter

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 15:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 15:10

Reported

2024-06-12 15:12

Platform

win7-20240221-en

Max time kernel

119s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a11a93f9e549180a0dc586916a2cdbec_JaffaCakes118.html

Signatures

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = c078db9fdabcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000020154e39d113a64eb85e8ea5957207a5000000000200000000001066000000010000200000004a1515c4580062bdc6d3ea161d0ba29d444cf485945aca9085bfa95a14279adb000000000e8000000002000020000000a08db503fbdaa1667251aaa27f33306f9fddd326f919da6dc97ee5bcdd5399fb200000007b82199ec4273aca0ff896cfc385a7dfda93fdd082bd8ae12a1be5fc33009db3400000005e43c8801b44f090ff5de486c5b431908be2288fd6f181bce378bbf552caf9b8c784fc66f9af2e9d6fcb24a52e04452c720388677a879badbd160b8fc14d974f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80caeeb1dabcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DB387DF1-28CD-11EF-8356-E61A8C993A67} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000020154e39d113a64eb85e8ea5957207a500000000020000000000106600000001000020000000698971d2f21c331cbb11d4230b78e6403c7bbfeba7f07ea5be79e29726ffb25a000000000e80000000020000200000001ca2d62287e0b3ce3f23c3d4012395f95480a785dcdb248e33c3d31a6e37aa1a90000000cd6c3487ec2e05b9eba815e38ce989def71421fa8654336f56194f6b434a49969787bfd70d2f6aaf8d65c5ca482d81dbfcbe2cf7eaf1ea9fe346496e7ae30ea11a85daee739d73365de0d6b8801bf918156aff90c1852e513aee3868da407aab0b2ba1606afac450a34b8a9304293c0f446b64c42b71541fe44b22fc11b94fd2b3cb420080ea4960e6c0bed9980a927f40000000b566c0c4a9cf44a36f5e4cc39ec813f0880c7d39c9de56c0684bbea5f86d257a60239db27986ca9fbb98a9ce5d0dcc4a7c0b925f91b8beea9a968b54c23a7339 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424366876" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a11a93f9e549180a0dc586916a2cdbec_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 static.mackeeper.com udp
US 18.172.112.90:80 static.mackeeper.com tcp
US 18.172.112.90:80 static.mackeeper.com tcp
US 18.172.112.90:80 static.mackeeper.com tcp
US 18.172.112.90:80 static.mackeeper.com tcp
US 18.172.112.90:80 static.mackeeper.com tcp
US 18.172.112.90:80 static.mackeeper.com tcp
US 8.8.8.8:53 mackeeperapp.mackeeper.com udp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 13.224.191.223:80 ocsp.r2m03.amazontrust.com tcp
US 13.224.191.223:80 ocsp.r2m03.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
US 13.224.191.223:80 ocsp.r2m03.amazontrust.com tcp
US 13.224.191.223:80 ocsp.r2m03.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
US 13.224.191.223:80 ocsp.r2m03.amazontrust.com tcp
FR 13.249.8.192:80 ocsp.r2m03.amazontrust.com tcp
US 13.224.191.223:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 assets.kromtech.net udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 8.8.8.8:53 event.mackeeper.com udp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 18.244.18.41:443 event.mackeeper.com tcp
US 18.244.18.41:443 event.mackeeper.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\cookie[1].htm

MD5 4aa7a432bb447f094408f1bd6229c605
SHA1 1965c4952cc8c082a6307ed67061a57aab6632fa
SHA256 34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
SHA512 497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\Local\Temp\Cab13A0.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar13B6.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar14BA.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77462a648b93edd806c58677b195a0a4
SHA1 d4bc7325996bdcaca07a9ec61be8d1b243ee833e
SHA256 3e7769fe8b07b9739cb6f22075ee18d80de406773e8af4f86be8c55cc9514b7b
SHA512 644e3e44c3354c9e4b91f281eeb460bd358f896a6d115a4df4d940e152535115821b3b3d12b411cf2c5fdbefce4bd3499ac08489326c0e3bf75790eae9baae0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1262c4843b65d5c4a627d2c11e3d2ae4
SHA1 e0307ab86dcdcbeb518a1fd7b5ff42de0d6a3d69
SHA256 631c6f90f793bdf1a41f96c447c4cf0a940241f00e5bc2f963a5efc4cb8ae82c
SHA512 f0e7e0bc0bafb767c01c3958eae79e7808e3ac6e93eaf51e88a03dcc857d1cebf3b30b86052c33329103dbc7f7690fe09bd616426c1dd58869ad278ced7ad7b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 a435eaead940560203445c2d8dbc3e32
SHA1 3d3617e51264626a5d2c06f1c46c1017e5333db7
SHA256 52c3f42ccf20f74b05e6c04bd6fa496dbcfb8402dcc242405bff8670e6a3e7d3
SHA512 46082c20357016e43893a805f0c5e3a6d833699edcf1652d41b4b7f467d0689210643c3d7d5e7a3b46c932bd76e5204f710ad88d0d5ccd61fdc8d39d5b8c14a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ce3e481dab5eef5e78c86da61b12a1c
SHA1 c0e7b74a29f745f95bb9151753ed8bf4287907b3
SHA256 6e919b79be007c8be0aafbeb5d4c3e263f459cd7bed50354b7038f06acf50274
SHA512 9a40d7f51ea5174dd269084e718de558f44b6113399bba845e21ad8da1668016d55685f82cba158791955070d681262d6bb39d9f7fa350d4107393dad483bf64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 504f0a82f99fc8ddf4781e2b3814f14a
SHA1 b7d4a2d85e3ef4c9a77dd344cde5cb704a2a9b5e
SHA256 8555152bff0e2662c08a34fae54950b2325be0281ead2b3911c4c5b7abccbccc
SHA512 5ae2d18f9248cc44c51897fb27356a0795d427de8848139b07268cb11ae40428652a58384d08688c88d385e7a64b75bb84dcc490ec8ad43320270f0d71543223

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3aff09470b4c4c6f8d5db1a559dbc3bf
SHA1 7fc09c28e0d8a0ad61b8c61a7453df2cac722d04
SHA256 f7c5e8aab0b631bb67d7c1fb8d267460ea6fdbf6f88c159c854f53a2fd242147
SHA512 305a86c5bc9baae2df5088e1492d5ce9d731b12c030aa574d2db63a0756bdb8551e2d666eed4bba59639919a4a53d9773443fee1a9685ed059e389df144df51e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 79a72d1f0d3aedb0a047c06d095ba5d0
SHA1 fdd4b89ae4c9dac4ff2472a2295af868f769952b
SHA256 2c2f77e5d5974d00dc146b5ac76a72a80548a9d53d7fa840d2d8681cee0805fa
SHA512 4e51f1073aeaa731d2cde6f7b069b7f8586acb0d32b0e649ca646eca487ee86db8b1d8a748afb9a242ecbcee5500c7073ee43cb807e6fb2dc814e4943e8d5598

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 18c6e5d809bd2e2d3e970fd6461742b3
SHA1 2199e65018cb865f681ec6772feca27f1106463e
SHA256 4260963ec95ad42f7fe8eb6430d19c9d50f7161d5b339f55f8c661c2824fc2ea
SHA512 39a95f1c414187d289803ad52c0ee81019a46e93edbb7e14b388e0ac73bd86d276a7a4937c86e7fff46cf87b899931152197de6fafd039b5582c72df39dc52c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 5565f32a192373ece59d8398beadb2a2
SHA1 51f78cd07e923edf9c604d9d96b96429eb0a7643
SHA256 9efb3e8defa02038a46ebc0032a50498a8da6b13c03c5a5fb3888bc187e7bcba
SHA512 7ec7836866e2f561c628e2732dda2c82eb386d1d327f2c7a062465da8e82016bd7a9e127699585b2110a9bcc3a7991014fdcf9796f456c61b96fd8898aee45d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 1bf4d60af2793323988192d68ccb7c1f
SHA1 5b20ce5287e48460532a07802fb155cd19499f8c
SHA256 f00cc0d7815365a5a0253eb01c125121c70ce33ff16856f034aa0da9eff58e1d
SHA512 cece782bd2a530eca216ce2e2e391e8fdfa87d58fe810d2db90cfb07dcfc0d5057c51607c7e325bd6fa4b998fe95ea9f9205ed63ec7dbacb6b76d455757cb513

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D

MD5 760cd3d40f345d36f7facbc6511b5e86
SHA1 efaba60746570e85a5ecff762bb519311fba7150
SHA256 339d35e67eab6e527b6865c2e7d176e766d675f5b7695f38bfd059932bcdd359
SHA512 775b32119732090b6b3b8145f0b8ddd60631edd0ecb249b8503c71299338d8f88ec1467e939d71c3bc1eeb1567342212b0ce42f2ffe207fcce36180f999369af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae15f919a3fb8e08f79a7636b6c534dc
SHA1 52c08b481bc9c77c766e27338580a30494281332
SHA256 62983c14c49a240571423a776328996b67192e3d3bef691ec7afd4eef0767ce8
SHA512 c9588643b98259802d334049bbd459b16d6d47e78a47e1c68d0703a43608a1679b13063d546b8b7f24688cf4e6c0b60ba53baa7a3bd1c2067f9b42d85a6d0405

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 512f0055dec5af1c44bcf320742d981f
SHA1 222c6ac2231883d886efb486f8a71026e33c1913
SHA256 240d19912693061adac3bba4d33a79e821badeb92a7d6b052558cd7699d68734
SHA512 49bb1ebff0cf4ad4593ee66baf5778b9a236a23042ea0f8c502d600671d752d17878be17e2107966c6f75f1dfe47ca88bb9861af54a9b48af68f8ad07b52d23a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ceab5b506b9c39bf6049912e29deb916
SHA1 a6c566ca8bde1ca0ceacd280e0dbdb5a06b48a98
SHA256 ecf2baefacd3fc09d9c2cbde077ed8451ec2a88b440853e3d5e1283dd7a9ba96
SHA512 c8b2064957cfcbdccfc698854c9c0d94ef9fe89f66788827cf4bc1367394a48acd951521f4511961f3877416445b092ca7724d1953f3916ff2b242977b79c0c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06850b933628810d060c40abd002c32b
SHA1 c7bd774a00a49d51f100d2e446f4a6923605cdbe
SHA256 fc860f40948fd03c9a7109a2a85ee178a88dc4228cbfb46c6fe542fc44ed0d1d
SHA512 28bba9e3f8384611b3236ebdf8a59dd9623e4b7af31aba0164784dda9baebe0c38bc862361bbcbfd9ab8b54fa7c612442583f47808e22af6e9bfd7a3faffc896

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eef28ed3066f261e38c4b2b13e9dd6c4
SHA1 4b48d79d964d20c23f20e712cec49c04d128cfb8
SHA256 d0c981cdcf73fb771245c37cdfa0f1c990175b817f10671c21422274464c7a27
SHA512 7ab2e57b5b3467455ebf91577495b9a076226d471d976b820d42ba3d3f77f7b9dbea875013a941d516615e7d6f15564231d844fc181c4893504419396369c3f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8842bb9d75d7288ae9a33dbbdd2e3bc9
SHA1 abf2dabffb445b21a37a3d12e529150ae89ab43b
SHA256 20b830fd2ed608be657954303704fea72411fa757d0284197461a891df1475dc
SHA512 749aa79d743110fd7df351bdc2bfc3bd493845ac63fb465380ab1a0e07e10392d3d1cd4f32206f63fb2fac70e9601552839b63097fdfa249319b18d2d8ca7d91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6dfa61d9aeac5bc0164bb1f8275b763
SHA1 d1c53a17e5c789a9de9e0f4e03ce98dc97f2b1a9
SHA256 9d7ce75db56c966e22b0194bcbb023515c2e6efbd9abc57a5ed4905db9103049
SHA512 73756457ab306f2f3f637b4e34df704f46c1606cee7061ed6a6630cde3c1dd2ac058d0d8082091c40cc6955bdb0f0d45247d9f038e19e62229046237000f5de4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db61aad4923b58046b8f02a47bbba601
SHA1 969afa9a10d141564705c5412106cd9469ce8ee3
SHA256 7fda8fe2aec4401e0241e0cc31d03433a623e3adc90cefb2fbbea1d4a0548938
SHA512 46e190df2ae1c446a38fbeda292a5d07cee968f10ad0e528da2c73b77fb487d0a80c5ec7d0b898947994fd8e6e95106a7522844cebbccd0665e84e79fa19f325

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6112a5a3bffa54ec6ee91c988bb58b3
SHA1 4ffb8af4184e22f40f4342c0a04077661f94b7cc
SHA256 8d3fe308b1cc5a8e05caba9ec2697feb28ef87557a8a8fe97244db2f01c8cbcf
SHA512 cb0e78b0aecdd6bc093cf1271c9cf51fb2a9c34fb49ee04e8bc7fe42f45d2e614a0e1137a32a5c7a218f0ca796ae5b71b64fa366592487bd91f6d178c2303a68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 438de9a34989a48d0a408985f356aca1
SHA1 5145a6bcb95d195464c57faa6bebdb55686a9e7d
SHA256 cefeb4dd8bb84b43c2b43823d552dc88cfc7da0f0feca78556b033c941487914
SHA512 0c7a293ff9577e807c478b77505f54165a1f81bc1845855c140e02d68d5e9f1ba633d5c62bd538de5d880e01a028db4295e2d21cecc48ab04dea3e2311362c39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fade6e83e5525621d0e320c4ea49d57a
SHA1 a34de6d10e4292831449b1152391337a9959564c
SHA256 ae27b040df83e52ed49cce31a8cf35c7d1ace121285a1aff4749b1d62a3aa09c
SHA512 633907fd10c17a35caffb29a43c07391e07952aef7ca89bcba657ca73cf0753d126a9f784ea9978cc2ac4db1a551fa23e558858b76a4c7660e7ac58898f8cee1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 80832fc1ed9629a002da8c217614958b
SHA1 e5ff1a1b3a3954dbb80b3cd2ec092b81deb8197c
SHA256 a962684fcf23fa0cdd8dbd5cc26d7509f9ca1178b959999860350bf01015f50f
SHA512 a555c03994273e5d64cffd2e77b1684dab34a4cef5943b5f578866c00ab9859d63517cf28ffd6fc1b6bd397abe7a6066fa2d16877b5c6e2381b6afe54898660b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b75dee6900907a6d8276de8e09af18ca
SHA1 92a7de495c3b1462db50298aa04ffb1c8076033c
SHA256 01a1cecb85a0435cfee2bffc64bbd21ff6fdbfed71230c6afd9632f326721acf
SHA512 6fd55107267e0fe5db87b9282df97e9abbd7e64701901652369242dc988a523e59dba0b4febdf2e68faee139ce9443cb4b144ac6b07420a4250c2c2b11b8f3d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9e72869060483fc8bcd1cdd889ec1c8
SHA1 7364e7c274d87f2787ca23e6d8745f8dd5cd9211
SHA256 496defdf53afe34a16e06292232de44e76387e51fead7626d712d9e6ac3660c2
SHA512 e82dcad9f06bd55a35d80000372099c44924abc92f6c4db9b4eabdf53ce504521d2f82d8dfe250e0fd59a8a4733739dfbb76bf0b6a91ce251af6942ef8b25120

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb58678ddd2c1b81c33147123dc72449
SHA1 857494461e21711a6f60b3068f3743fa45836270
SHA256 7b50c12bbcd2044c8c62d85fbca42bfeb82ac9695bf72f8becd0deea520d2544
SHA512 e780dc96001f329ce67302ce82cfab92ad0ac2c64ccec76c029f7a650e1bff4b277643a075ff765476992e528eac1652a3fc25aafc97a3d2780763784b32aa9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6247f01ffe6e8ad75a74864ff20f383
SHA1 c87a5528bf4131a7ff8b40a3704fc09ae2b022a4
SHA256 264d5665278b3715c308dd3882c04d457ed62e1079f4317887f0c9f44c8f1118
SHA512 20fb86f8ddd34521287cd7982da7faf8495b63761ab548d46bf29546d2ef2f46096f39f7d9766e30d8e3584e9c00cdeaac1f76a6134956a404e26a68f96165ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a53fb507c294c2f41b0dcc6981cbfaf
SHA1 167dc70132bfe81db618271304b7302d5ef06b5a
SHA256 8355fb14f157f619d540f6169bb68b5e0199ddf9bd2c7bba5ad2d84fc32bb77d
SHA512 c6e0098db9db895f4282cee2d0bc5f37a28dac4b018154c02247024d0cab5cf12b68f8741f22eb4e6da257e67e44542a1db6bdbb7a62c5c3c645c5aac08504b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 64a3034d668b1da0423b05b8f375f46e
SHA1 45045882fcea09fa19e2fc3a195e2607b4bcca07
SHA256 ef18bf4900313f5e0c6e3b4afb1f7ca60e18998c61ca43d1417c7dc4d1295bbd
SHA512 25da7ff73411e9b3854f819b9e2109de6344cf23c3abe9d1637d2237dcacb48ad28117adac7d8adcd8dade65be29e52bc83c5099a62378db3ff2bfc2352fc71a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ee41b97851f91acba6c2ae0e6363dcc
SHA1 212ad4a3ad287dfc98ce60d67dba0f1b87627fc8
SHA256 861ceb08b8a146ceda04074a3fd846db96678f7ae53f5169a5a92d4748a56046
SHA512 f8113715f5dccd403dffcb11a13708a4097d6b473aa368438d9d7746e6ed5630e41d5c17a42d789fb3b72d8d632aab2ff502510975dbf903a4d9446c6304e5ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da3165a07cb1b4b8c3d9060825e0694b
SHA1 b3d5b6f98bf454542d381d952388c9547465465a
SHA256 b96edaf317f03ded20f372c4fd8d970855cc40e05337273945fc7181516e15d4
SHA512 809c6281ecae1293660cc613ce50fa7d4b2328beba31f807dcd49198b190fd56b2edf789b5afd9696a1887aa65c75c3967c712b8f9cad6f825263b81d93a6f2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c38456d26c5827034549c01f9ba7effe
SHA1 0429bad61697b16a1b117c78a586b8eb7c23b5bb
SHA256 4e8392f9f7fab88505acf74783f2016d272fe8d5b3250a7ab2eacf6e5d77d2d8
SHA512 f65b862346ce86120b10fef8806c54ab3283bdc1ba987d4a4ab5c6d82fb1d79030a9d733c850121e45f9601583fb92f3e221c4d7d0f9dc87c9c4bf464260267a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 15:10

Reported

2024-06-12 15:12

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a11a93f9e549180a0dc586916a2cdbec_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1232 wrote to memory of 5084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 5084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a11a93f9e549180a0dc586916a2cdbec_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84ef46f8,0x7ffa84ef4708,0x7ffa84ef4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,6966636396323526048,2490885399784574175,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4304 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 static.mackeeper.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 static.mackeeper.com udp
US 8.8.8.8:53 static.mackeeper.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_1232_OJGMLMZURXVOQRXE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 39dafdb3629b16fef576fbaba1315581
SHA1 5db85a3269cc9fd3c0f2ed2841b9f7228332c953
SHA256 3202f252ba84a012d05a2b5864e0abbaf7feecabc14cd07b5a0f946985f63c72
SHA512 20dd6500459e494985b546a9a8c4cba3888fd7d66982376712ada288a8d6ef336c26f1bb91f02d69aee1c6a47dfe92d36547082bfff6319d118e755a17f9b6b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bc6d7f55095e6fef6170e3131bc9eed7
SHA1 d14ab8e8ec2d939facee8de9883f7dd09fe8f031
SHA256 b558708ec4118a476986993b370cf87233cfeb1ccc9ea98f6fc4bdb33bdbf4fc
SHA512 c2736d4284e5781a4cadc5fbd9833468a4efc4df45bdf2d8c9133a5990a3e7957ad12c9106ceaccb0342a832b0de35dc8b3359242ee99eeef0b057b8984dc2d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c6580e0978c8f794ff3955f47c704aa5
SHA1 b724d9155a72c348d2599d896257d28b4592d9b5
SHA256 72ca03a53462f152478a07bb125a5fc80fe6b6b224db93437352b080603b4aa5
SHA512 a72ef27494720a80e94d06ca5b64e5b69128293cb77741c8b595bbbd8753e28a5f14e7754e6171eb4cacd95c2cf736a62926ecb1541a5f1ae1cd452f1a8b795a