Malware Analysis Report

2025-04-14 03:54

Sample ID 240612-wxgtjaydjn
Target a1b2d6464a5b94c53deb506f3c8d2d57_JaffaCakes118
SHA256 63026b8269a26e98f9063f8c64974ad7bbcca10d379510d25ea0bf1b49a4f12f
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

63026b8269a26e98f9063f8c64974ad7bbcca10d379510d25ea0bf1b49a4f12f

Threat Level: No (potentially) malicious behavior was detected

The file a1b2d6464a5b94c53deb506f3c8d2d57_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 18:17

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 18:17

Reported

2024-06-12 18:20

Platform

win7-20240220-en

Max time kernel

144s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1b2d6464a5b94c53deb506f3c8d2d57_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378142" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1646A921-28E8-11EF-A499-62A279F6AF31} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1b2d6464a5b94c53deb506f3c8d2d57_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 use.fontawesome.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 draft.blogger.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 toplist.raidrush.ws udp
US 8.8.8.8:53 m.media-amazon.com udp
US 8.8.8.8:53 project.dimpost.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 104.21.27.152:443 use.fontawesome.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
US 104.21.27.152:443 use.fontawesome.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:80 resources.blogblog.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
US 172.67.193.225:80 toplist.raidrush.ws tcp
US 172.67.193.225:80 toplist.raidrush.ws tcp
US 185.199.108.153:80 project.dimpost.com tcp
US 185.199.108.153:80 project.dimpost.com tcp
US 185.199.108.153:443 project.dimpost.com tcp
BE 2.17.107.195:443 m.media-amazon.com tcp
BE 2.17.107.195:443 m.media-amazon.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 104.18.11.207:80 maxcdn.bootstrapcdn.com tcp
US 104.18.11.207:80 maxcdn.bootstrapcdn.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab13BF.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar13E3.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 8e432668992b29edf12163bacda597d9
SHA1 931cbcce112bbde1e70e298e44fc34282a8a64eb
SHA256 cb546ebaaea6b5847d975045bbb915dcdae4a2a9cfab7c18bbaa3dc84c758924
SHA512 dc10fb3103a1e7c6084defdcb63c2bc4836ed96a2225704ae9addad2ececaa9da6bcfbadda7665cce75a5207cc9bad1b0e4412f508749eabf1b0380b45aa2fb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 660b6e28b38ebe7e521064e60113fffc
SHA1 f2c25e9f931876bf6834191ec5b409f47f869129
SHA256 3e203426c4aa1403e940966905320c612ce4006cc87e03eb64058eaf6d402433
SHA512 96868e652d5e0c25b4d0f0ada20d345115f0c6fda26d3cab724c0c1867386d2dcedc408c51f776b7e019ce2e22755017d99bf663cdd9fd0d88b26182c6434bcc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 7dab0be9bf4dc6db01ec20206c5cc803
SHA1 c2c963c2ab1508acf7062c0d71256da917c72f27
SHA256 2617864d04f7e1ef8a4a90adf553e1764a72b56b1fc34bd02b797b532fa64c11
SHA512 e234f5b04e8cc60a5464150c83516771794341e687344d4d8f4d9a4ae1599dae23b7816898ccd5f60c5dac131baba80b812b244a28e23cac9af51421c42e1c16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 866ba8c4e0ecf2d4cd685e3c84db6d4c
SHA1 478247ad8647fcd611250b7b68f3b271c2054cfc
SHA256 d5782e4b36395178808581d80f8b62c005ff238e99e0e7061c15323e967d1c3a
SHA512 cdd5a48b7090012df4ff1881050dfa74f756e57030b50241e62e85d6ecf89e952aac066d825377bb58aa56f4ad269566cf3168afbbeede13dc1e36e0d979ed73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 fcd692be78c2335f5bbf330ca060292c
SHA1 3a9fb9590f54494bf6054d8268d20a2461054acd
SHA256 741412d885e60041e5a5154e29317e3faa0d7b0fb83624d00a275f03081b6031
SHA512 a702a0a6ec428dba5ff97fd9419c0f984a0f0edc05dee8c1462ede572f76a0ea9f22038a76d96d3d5bc6b91e95c71d444854b1780d92bf04c919cae6264fb164

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d7669bf65a8f3bc705bf8d40780491d2
SHA1 fc124e8af083ad055b9598f81f0089c6ec6be3dc
SHA256 3840dc00a06bf00db250d67b0711b1a058d069e606a2e518fc387d26d1ca2df7
SHA512 b8452835c05e16b835fe14b010ae723ef28c813a481451903735182f7064d0336a4a05511881f2e0f0823f41932eca9226a74c246c039a9431cf8b96762a2e67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 815cbe4253b7440618833fed60973ef7
SHA1 f39821c36ca800ddedae8c0ae2be3f338b4a8057
SHA256 8318873616bc2277f32d8413d8dd3cc975b4f13925a9985ae17b15fecbfa89c1
SHA512 7cb79e05d3643661da0c025748b70de0890186753e799f7b6f8352bc9897fc9dd07a9b5685ae440944b0e91831074a1c6f7242603dce4d00ca86564da62077cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1525.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 04ac83e4a683e902d9b9ebc0e0f5e19f
SHA1 c6faa2bb773422da6d4c1c0fe77b2f9718c5a30d
SHA256 d8451ea0a9b80fa157381ba7aead2619743ac57674e5c6a831b1548ba785277f
SHA512 547b92809629f3628b4da420d90ef457f0527d2580d6f344bb81c2f2274c44b88fc05da27f6eec4e8700de3ef805c8ad5ded3c9ab99113d8afde2c66eb5c2eab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B7BAEDF8A66155214D6AA1EDC8BB7778

MD5 561cf5b2cee2cd0c2651f80fa7ef378d
SHA1 ec8124dbeb7f615600a5a8fc56d720d1cdd14a39
SHA256 1ba632c59c78154b6c28b9992751de944a71c6fdf56c0504a54c35cafc1d884c
SHA512 e5825026701f23e5c01bb2e4f868f0ba7cdc3ea8912670946405a5f128932947eed75101f73078ccfe8eaded9707de0cb19df56f9a525993637a95b29437a506

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B7BAEDF8A66155214D6AA1EDC8BB7778

MD5 891df76cff3625487c5c6e7c694f3ad8
SHA1 86c3dcd70ca364ee66a629147481aa5eda27ca0a
SHA256 00155eb57e73039b4ba30145979037c2216924e0be19d86cadc41a84f85bb5d7
SHA512 fd73523f95ac2c0308c0675865576c5d9559de621cec8661cf188caf8fd3bfd041aa2b383529e99aae407cca419e1b8c0d2c320df366a19f806c8ff2956b5d73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 934586237a2f0f19d3ebda35a2cac6ca
SHA1 48d36afb4cef8390776ee3b3f24ef8aed53ce344
SHA256 4ff41bbcbe0e8af390d56bc2f5e6cb088dcba9835b10f75185cf02f27e762908
SHA512 08a1737789f62f69fcaf3faa65438af2a83dcb2acd07907d07dac85ae846268fd2f4329cb8aa1b9754a409902d77808c2f402c067e24ff67084ae9779ba11607

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B7BAEDF8A66155214D6AA1EDC8BB7778

MD5 7f171176d84919cffd54ddb4b0c0ec68
SHA1 95545f831fabd9ebfe10a8cdfb8cac343e6ada1b
SHA256 93c3126612de4b4002dc25bcebea1dc7236959e75f4733a41de18f611d1ccebb
SHA512 4b442056e6720202e54924cfa87fe66d73326971b518700668bb48c5e191dabcb0e5d8e45e568edcb1dac306dd844fe94b37c0c57fe6fb89833b6992de17c0af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B7BAEDF8A66155214D6AA1EDC8BB7778

MD5 c2edb252d10b60c2da05d7dd5f6933d8
SHA1 a22cae9b232e0f829ad8c6d646561c452724e35b
SHA256 76b68b8ea610a2136a46f016ecc5daedab4bd3cee1cbe57f20a5c3c18c486b24
SHA512 a288b4e268f4c85a8872e8a6d7d14dc5d115a907567fdd993376852d47c15d82a43dcf1df47b0c2a00bbb3b85108c288d90568c49a01789da948069f99fdae26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B7BAEDF8A66155214D6AA1EDC8BB7778

MD5 995c932be6b73902c95da370fed9d2bb
SHA1 bfc65555d46d7072f7b2749d563b627adb54dfa0
SHA256 4deec6a53cd9e88001aaac43cd6028f4dda18ada5e7cf2039c0c6abb7842c477
SHA512 bdbee96e42a4bda6de67a8c1fa5f79d76004ecf07c6552e68e5b7df61aa4a450c9cba498d4103ba6c60743a6a0bf9210aa11031b16c03cfa55b0099576c7a1e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B7BAEDF8A66155214D6AA1EDC8BB7778

MD5 fe8e07287cde93dc6b411fb1de3a0f34
SHA1 561a3d908e0baa5c7d8f2967a43400ec53a87734
SHA256 9083ca7f0348d62b7da382e93d3bea0e11701b0e1a1b656d89ed124cc78c2c69
SHA512 5986cfb0e9a3d7d4230e29f4c771a37348072d036931027a14dedadfb683454681f4822f69266e614539e31edc9e20437b920101b868c908198f47899a1ab9fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 a4c3e4b3f212ccf9719236eaa8f728be
SHA1 e017a18974a9969ca60ca2499ac54b464d91a2ef
SHA256 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a
SHA512 c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B7BAEDF8A66155214D6AA1EDC8BB7778

MD5 5c02ed5d9a413fd44e13e87992ef4b73
SHA1 8f4c571bd773139340980fec789cafb823df61cc
SHA256 baee2721d72aa2db5c3234f81a5f1ddc0b68265991e78edc719117441d68790d
SHA512 21153ce432527ba4e35ef6f74b46e6ffd1f57fab157248be400b31ce97bb12591490a9aa2b05524a5e909ad28a5ae35d68eee439263204450cc26005f77eea80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 680d3c71b535a55a948b7b44a176c151
SHA1 795d701549e2151004d5afada5326d96c58a4e13
SHA256 604670c928d37664c7ecaed24aff4e80f4f7cbae7ec6c98c641107a02ff0c66f
SHA512 ef321b93b72ba0b88d695e93bb2137a0f531e3963bcf093fd4c52944bcb1eb4df576fb6e46e65d01fcd15f8b776b2e560227438bdd0d0b5ff26a3b368a2cbac7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d1a39eee0c11540d5b67ba10448035a
SHA1 a83c3b5e8b74ec740f81e3a3b6d60279faafc6cc
SHA256 8c3acec54b4ca3baed472dd024c8c054c1e7e9226fc2ab0fcca1c739fee290eb
SHA512 948ba63f63b58c183814de9ea9238b6f6b9eb8dbbb41abc02043781c8528aa311aabf3880a237265eb588e3a9a24d0b204de6aea5aca3e9a61dc75a857272c31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf5d1101e5bbc0f78c90980d5e89c092
SHA1 be4d6a007e13cda72b069b80a7d4be6195d1ef72
SHA256 df73f94cb8885991e3f8c56225f1cc25a0be3412d92da64308bdae6c635d5c37
SHA512 816d1c0d2bc93c99cab992e0424953b09bae5640c8d9a72f4a0d7a8ea4c3a0b9afc2e5e5cf02e4a2d8ba75c180cc3fc88be692f0f7c9ef01a8486d69ced685f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58a44ca8abcea32f3ec26ba111eed289
SHA1 8c83393123753d60e8fcd06b5f80e710b5d18f57
SHA256 93c09b1a24d94d2ab9d75f467eceaa6a1f60fad799825f9f163b334f606e5ca7
SHA512 e97ac479a06946b52cb572762be7859169518ac0e15f6951d6d92e64e5c7d5bda548196745616417a14fa9d4c3c0992b81cb8375b8a6ee3a4aebc4e55cfec8d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42bbb0703f56c7e898c11c9527618a04
SHA1 29c492acf334d2f21d782154fd3da94c8c8c00b0
SHA256 aac9d3a5d7a9a510f4cedf655f6429a0fa5be5043026a773ffb54982028d31a0
SHA512 96ea23a76befd28aac4b58060eaf403738cf04d348f3a2b40d466ec8b055a406e8fc2edb30578e3f62b7027402e8bbe36b063206827cb8dd8926c7ef1db017ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b99d4e9ba63648fc7190cdd17c41a78
SHA1 1e64a13b6b69be38cb886fb42dd480acf90b13d6
SHA256 5717d3b84c3468acc82352a89d07c78161c83a12344d0088db0f3439f37e0fa6
SHA512 44b4749fe2cd404cf3cef34690f658afe8b1d8e502a2049821a2dfcaabcadb809c57709b0807020340bccc28f15a31415961d0345ff22c962a05dea0c9105071

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ff2aec6f92e16a0c94b11fa8a5ae0d7
SHA1 0b34ee6aaea90dbf240b759794819195fdb8fcc5
SHA256 529dd39178e907efe534f882de30cefcbff3f054d9d7fb7a144e5ee7cdd310e5
SHA512 7c81ccee707764a0ff04d7489381dbac95d9583cbdc5c02f4ed3d4a816af8d2e5935161958736aa9388b4fad4d742821b0546e793060f9b0dfa3fba390526412

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb1fd04a8a942379c0b27d750fb1c206
SHA1 0c3f64184b2d54892b299864ae56a892022d89a0
SHA256 6d552200dac9b2ca924ca9ca0134114aeffc02610be3301f2ff93a63bb0b50d9
SHA512 7d2858b0e2bdcc71c5978a79f34f9aa0c87f9a0981805a42ccd4121bb6975a6aa0967c3cf369f433a2252e628d27f1aa0267fd5c0e45e419854f307d1cf76e22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a343292b68e64bcc9a7891a154951ba
SHA1 4c634e991a49b3befaf92afdec49bc305a3f8e4d
SHA256 0e24bb3ffba1d90990c2c3229d97cb7c612fffeed4fa029da61f829df6d4f057
SHA512 9c822304f5b403ab8003c4ecc65e17e0ad8584138d6596975813f0cda09b25aa91a2b82b2aae0f0181ad2e3c6e22bc3dd31c1339278608ebae064015dc0d8ef3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 447c9a04479d7687c0e5c0d291f1b549
SHA1 b7da337b7dbcc23b595e3a8a02d6f44d6b9a60c9
SHA256 9022822ce338ccb2cbb99e36d2aa387c023f29ae7238b2bdf559a32954be25a0
SHA512 5ec905f908ad026670d637b6b0284a669c42ce3c9ec48b723da1f9a85c05184063a3d645dc59c23d6e556767bcb1c95387ac3853e755349428e8dc8634940b92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8383c6adabbe5567514d56d63659ce5
SHA1 5272a4d0091a15af45d8793fe35ea37bcff4bddb
SHA256 cb1506cd345bf70611b9515cfc1280ea72fae12385819f7ed319e159dbaa108e
SHA512 8445bf07ecf57e0a0d6623c58b9fc2d5469fe4c58c180f98a249855de857659eb4492fff0e65bab1fbe77473b0227acc4497d23981eadbfd98c187b3b0970117

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 468f28c86f4e0de00aaefd94a3473df8
SHA1 ba1b215aaac2b0f2a21f9ea48cbdb0c5a62fb010
SHA256 49b50f9e1ce6176a53fa7b0e49fbcc94b430d6883772bd71c16f5b60b8c2c518
SHA512 a1188ecfeb4c1133ca5ceb403ea9b86c25e3d0120f02349c3e6db8b72972f94d9ee439b7ff1632977a9cfd95e5c564c2f62d739d9189aaf9fff750f38e35c1b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96e945a82c61d64172fac7ad3d3abe7a
SHA1 1239f8d84c1c8313523444b93466021ae1dd8e4c
SHA256 bb8b6033f5f7b47eee45e9ac4160c7390a9b2b436cadeb4a6d4e13644f8cb0e2
SHA512 5e6a5fc9bcb1aaf716f905c74b5aa7868451e996a4ecda1ed61813340a5f7cdf7540b482aab3b1ca50366f05682731226ee938abe362d53f574ff879bde95218

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 2bcc06a25470934622298dca502558c8
SHA1 abae43af6f48d125b5fa04e95ce734f54427078e
SHA256 602a922192ef3f4b62222c13695a0007e29303f193342776644d62a5845e8052
SHA512 9694e7855de20233dfec0f0ff7c0eec547724b0bd666cc946dd40bb9a634668c4398f57e820daf6203d4d0d7a37122e2009ce77f6beb952c61ddf9d92ba31dad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd2766e0eebb2ce76d9d688ddd112802
SHA1 6c20328a9e160bc802733e127cf07943a2b7aca1
SHA256 9a79e1719a4c08fb3c0c627d2a37ea8b569d9bc9d6a0e68c2389d642d58a7a23
SHA512 b567ab8215bb25304a2cbeeef02da9b082f021abcd00dfef60f9ce3c9b287f1300917ce75a52c62d050b0976faaba0b3cfef3dce9415e7daced801067eeab8ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 453b4d8c12231697c3d92c4e42add0dd
SHA1 76f0ca98f089f5368162a231289b365378177fe6
SHA256 c20d536970da2c6e185c2bd2ba224ead3221cf4f767d7e07016dd08c70446d18
SHA512 af88fba1f6d1b5d6d1ce3028110247a3eebafea18c2b568c40a752765c8e29c34d612eeafd661adcaa141f19f115dc7451a272cb60537f57f2460d6abdb0c3a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 447d32b8eeec71df65e628b099f15231
SHA1 a3e4fd785b4245dddb16e3d42a0bdb357945c819
SHA256 0e50491d327c4e4be2c621f8f297098c8f80c399eb0330f44ea96261f1b678cc
SHA512 594cedb85ee2ca7134c0d2d167d9f172bebe8efc51f627cc7cf83eb4b178238d2d1a85320b96e9700d3175a0ca786c1adeb5a8ae009cd2058f4b999ea9af200f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7594d3a98f0e44d1076dd23afc61e68d
SHA1 10d9d146d9d1c67368f394598c4c393f769828d1
SHA256 9c2d07ee7d21a747ee1afcc3122cb64d38d6ad96a54e08c6916559f4084764e6
SHA512 239db43548e0eea7ff4a0607b6bde5ca371110a6ec773ccacd611aa04e93155a64a4414e545c34665fd6479f16443771475e053930587f53dedc9b357609a27e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fb58b1482a63d6e74803beaec52966e
SHA1 b396e90f1ee98a8ca4865b9ac3c62193d432454c
SHA256 46fe6ecb2432fafa9ab10cc8173558bca4734502c4d393c2542d515b04d489a6
SHA512 b4749b3c6451a784c92e14f28206518cbd4ad64d14f683486a36c409174362425979831500b64d4c98fb5a2ca0115894e9374644f60fe2314d46c574f406079f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 ccf6030474623acb2c6bea57f1c9acca
SHA1 edaecc8abb6592e7b7da86a3a9012679ad1ea4eb
SHA256 2d2728eabe6f807ae839f0b39a9f403f55603d5c54f92138e1326e41b477fc88
SHA512 3dd0fafb073888dac179da6391b4f03b99c1e5e0458517e9f458f0fd8a5cbd98cb79f26e4ff3c83ad86b6be4a987c5e5c8378d8595affc0c0f7779371a1c9fa1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 475b19df40e41679f2e75dee0f0b2af3
SHA1 4fd8afbb6b5663c40c3f17df84ac89e648dec37f
SHA256 ad90251412808ddd45c489553cfc08dcfb252f5d4ea36ff0f2e9fffcdd6e002f
SHA512 1fdff39e8a4d07fccc7489e3687b42de88e3985fb793fddc44f45b2ba892f5f838444029d921cada561aeb6f3b41f7c38d6e8cd9285a05e5ab0ad1d2ae3a6be0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff54f214634fda30ad4a5f83cd1f8d66
SHA1 d9edec0b57201da24e43e3e5170c8ef4adcc11e9
SHA256 0e4db096ee3f1e68a7c0ec7fc1eb1ba018ae6f8eee8a2eab343e7231f20f4778
SHA512 806b9f7b6ecc17bc36619e3eabf35cb15590d26227218011e7a040a924a842a4b80cd53051f21840ff536ecddf8d2ff6f4a47f6dc7839df25e45f6f5e60f0a98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b1da5acf3d1afb4f323e91c2e0ac656
SHA1 347a53f2b015a077caa56334d473ba2cf8c9a847
SHA256 a8f4062c7b02286321d8825defc640e55fb2b9b162d13f418ad2c12947e22095
SHA512 146df9e2dc098cf7e7714d00d712c50c8009ab26faa1529911906baf0eb1755e141555ecde2203c4a0ecbde94f033e97bed14691560bbf3bedb30966291a0283

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 18:17

Reported

2024-06-12 18:20

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1b2d6464a5b94c53deb506f3c8d2d57_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4812 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1b2d6464a5b94c53deb506f3c8d2d57_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa088046f8,0x7ffa08804708,0x7ffa08804718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14232126809998869273,3276716228710007882,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,14232126809998869273,3276716228710007882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,14232126809998869273,3276716228710007882,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14232126809998869273,3276716228710007882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14232126809998869273,3276716228710007882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14232126809998869273,3276716228710007882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14232126809998869273,3276716228710007882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14232126809998869273,3276716228710007882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14232126809998869273,3276716228710007882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14232126809998869273,3276716228710007882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14232126809998869273,3276716228710007882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14232126809998869273,3276716228710007882,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5292 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 use.fontawesome.com udp
US 8.8.8.8:53 rawgit.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 platform-api.sharethis.com udp
US 8.8.8.8:53 project.dimpost.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.yqmmjmjxdigdak.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_4812_XGNVTEFXJHXTOSXS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 efafacf8989f47c3957272910536523b
SHA1 aa7ff128a894384c4bc1dd16745084a7fe9f5fbd
SHA256 464be7ec59eb9eba383a95ba0f873eaf68c14ce948b68e7c0749bec8c017c3c2
SHA512 e712541ad75a1a6536dfb2cfef3ddbb04ac4440cb04326467bd6f6bf0a8b09e088a0a977833e95617f29f0d5d7e029b8461330244541c2920f574eb039cdd316

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1623478f1814e717788b49923e9e13f0
SHA1 399ac104d779b85dc374102f9d56840dde742aa3
SHA256 9528c3ed3af3b4c6f79b2e98e76af673ac52923a2bb44990d8509551a5858daa
SHA512 dea9b6ae72ee7829e06e6cdfeed92e1959c6732eee21622361eefbeb7c62873a0a9fea3bb6aa29407f2c114762f943b1423bfedec114754e72832735316b025c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389