Malware Analysis Report

2025-04-14 03:19

Sample ID 240613-dvbkmasena
Target a3a691a37c15512ef326123e8e6c81bc_JaffaCakes118
SHA256 f2867cbef9d77ffc2e042408555a522dc9b12a1c3204c869cef799766a0a0202
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

f2867cbef9d77ffc2e042408555a522dc9b12a1c3204c869cef799766a0a0202

Threat Level: No (potentially) malicious behavior was detected

The file a3a691a37c15512ef326123e8e6c81bc_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 03:19

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 03:19

Reported

2024-06-13 03:21

Platform

win7-20240221-en

Max time kernel

145s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3a691a37c15512ef326123e8e6c81bc_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c079e59240bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000000f0250ebc8c7a4996c6c3ac375da87f00000000020000000000106600000001000020000000a2261dfc78d7c45ac190e7a99ea0973c2f8eeee3c15785655fefbd55d59f50f7000000000e8000000002000020000000cbb8942158b1935bd4e4009867b83acd27608390b4c987fa6e60dec9efc063d39000000070ebb80be59cd1f257a0d5d9766da73e97ecd86af5658d95491238bf486343c10e6247b333fa35d5a8861304f321737a2ccfe7a1745c2159dad4742566c30f5b2e9199e5c87632e1dd90486d6060773f317baed62c33b6a8c9e36f98d5792e538fa133669a893bf4e00ae18d5a4b590f33eedbde8c766ecada68990d1a124b79993da2283656e5836ef20a9b42ca2e994000000005d2e6f1b11ca8bdbe7ea3d341fb9353a6ed2270a5baf7ae38bdbf9a464f3d7e05b38c245aa6f499142ec27f6aebe29acf2a64224bb019ee6d0229b5f9a62f6c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000000f0250ebc8c7a4996c6c3ac375da87f0000000002000000000010660000000100002000000069310351b74f4d0548037a947e371dc5db14f29459cf6b9ff03c42c86ad4f2bb000000000e8000000002000020000000f6d1c571019290ede7ea769863b2ba276a241d854cb3eccb280f9e14a50a30622000000069ed167d643c2d12b51960e35365e8c7ce02e5e09dc5c62170f5f7a8e41a9e024000000058642ea6c2d69235f61e3eac91daa69f4a9fec967dcc32b055237354e0fa49e8f8781269cbed1a54a1888dcbd288a00a2041caf94bb8adeb204dcf183086fb3e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BAA57FF1-2933-11EF-8F9A-6A55B5C6A64E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424410630" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3a691a37c15512ef326123e8e6c81bc_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 i43.tinypic.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 i41.tinypic.com udp
US 8.8.8.8:53 www.betobrasiltv.com.br udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 dl.dropbox.com udp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
US 8.8.8.8:53 img857.imageshack.us udp
US 8.8.8.8:53 goo.gl udp
US 8.8.8.8:53 2626-1.blogspot.com udp
GB 142.250.187.238:80 goo.gl tcp
GB 142.250.187.238:80 goo.gl tcp
GB 142.250.187.238:80 goo.gl tcp
GB 142.250.187.238:80 goo.gl tcp
GB 142.250.200.1:80 2626-1.blogspot.com tcp
GB 142.250.200.1:80 2626-1.blogspot.com tcp
US 8.8.8.8:53 i40.tinypic.com udp
GB 142.250.187.238:443 goo.gl tcp
GB 142.250.187.238:443 goo.gl tcp
GB 142.250.187.238:443 goo.gl tcp
GB 142.250.187.238:443 goo.gl tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 brasiliantv.blogspot.com udp
GB 142.250.200.1:80 brasiliantv.blogspot.com tcp
GB 142.250.200.1:80 brasiliantv.blogspot.com tcp
GB 142.250.200.1:80 brasiliantv.blogspot.com tcp
GB 142.250.200.1:80 brasiliantv.blogspot.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 whos.amung.us udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 172.67.8.141:80 whos.amung.us tcp
US 172.67.8.141:80 whos.amung.us tcp
US 8.8.8.8:53 maistemplate.net udp
US 216.239.32.21:80 maistemplate.net tcp
US 216.239.32.21:80 maistemplate.net tcp
US 8.8.8.8:53 www.maistemplate.net udp
GB 142.250.179.243:80 www.maistemplate.net tcp
GB 142.250.179.243:80 www.maistemplate.net tcp
GB 142.250.179.243:443 www.maistemplate.net tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 use.fontawesome.com udp
US 8.8.8.8:53 blogger.googleusercontent.com udp
US 8.8.8.8:53 templatestopbest.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 172.67.142.245:443 use.fontawesome.com tcp
US 172.67.142.245:443 use.fontawesome.com tcp
GB 216.58.212.234:443 ajax.googleapis.com tcp
GB 216.58.212.234:443 ajax.googleapis.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.200.1:443 templatestopbest.blogspot.com tcp
GB 142.250.200.1:443 templatestopbest.blogspot.com tcp
GB 172.217.16.225:443 blogger.googleusercontent.com tcp
GB 172.217.16.225:443 blogger.googleusercontent.com tcp
GB 172.217.16.225:443 blogger.googleusercontent.com tcp
GB 172.217.16.225:443 blogger.googleusercontent.com tcp
GB 172.217.16.225:443 blogger.googleusercontent.com tcp
GB 172.217.16.225:443 blogger.googleusercontent.com tcp
GB 172.217.16.225:443 blogger.googleusercontent.com tcp
GB 172.217.16.225:443 blogger.googleusercontent.com tcp
US 172.67.142.245:443 use.fontawesome.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 142.250.179.243:443 www.maistemplate.net tcp
GB 142.250.179.243:443 www.maistemplate.net tcp
GB 142.250.179.243:443 www.maistemplate.net tcp
GB 142.250.179.243:443 www.maistemplate.net tcp
GB 142.250.179.243:443 www.maistemplate.net tcp
GB 172.217.16.225:443 blogger.googleusercontent.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 968b6b4c955e2e7daa61bba759c5ebb5
SHA1 cf3857f58bfd08e2684ebdfd0e28bd111d6ceb25
SHA256 d0fcd49e3c7caf38a5ff4dc2df6c03fc2f59644d2c500832d4f4c0a2872b06a2
SHA512 93dfce40e4f3c48f331379510c9bc53ab4d11f8d93ea8ff025c8b4fcf336d5d3a064638de31475b2a83433415754a2c832199d9a9ddb6823de5401168d4ed398

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d3049f1a4b143f13261e38abab901109
SHA1 1810917619ef7b98f40697c12f35a75575665f8f
SHA256 69df6863aa24aedecf107a7e2e0353d592c52a5905cc2833d824c2298733e9d6
SHA512 6af844057e960d6f4165f297891b676492281fc4abdd7346a220b1972124fabe2a9e0f7b3825c9f67c1ed885262cf6fb994c4dcd607c1981005291a240b6e958

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 c1ec2892dc4c692f4222235a0b5b407d
SHA1 adb08315ddf71f0e06c38edb06a763f27e525ac2
SHA256 9a738b98074e2a45fccf511e91af4f1e63f3562144ffc8e8e2d090a6f9fd33ae
SHA512 0bdc78df4ba5ea8b5659b5755af70ad7559492bfcc7d6789ddb4c6351c13f7ec1cf78b71eee7cf67ccc3f66a579771425f08fb262e70eb0306fd099e7ab911fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 945c62ae176d5ed67e588d309c8fcc91
SHA1 f2699255b425206e52833597af493c5c566aeaaf
SHA256 690fff9fea14e1b1ced7d93bf61c5c1e0631336b4f34e1626c7f92b0585c16d2
SHA512 fd073d9abbad72322676aeae8605ae1f80f10f6e6577786d8e791685ae132e541746ab980534f9eb3f28799243ecbc735071bec2e72c280ea8f28f4638ae2760

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 a4c3e4b3f212ccf9719236eaa8f728be
SHA1 e017a18974a9969ca60ca2499ac54b464d91a2ef
SHA256 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a
SHA512 c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\plusone[1].js

MD5 53e032294d7b74dc7c3e47b03a045d1a
SHA1 f462da8a8f40b78d570a665668ba8d1a834960c2
SHA256 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2
SHA512 fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 d157608864bb7117489ce9ce5ce0fb96
SHA1 4c1e456e5dd23163757fbd1c2299992d38dc91d2
SHA256 747cad6be1751b1cf3cd3b328b40ff375dbc1fb110c065022900a30a16916aa2
SHA512 fac6b54217c9128179434aa027e5377a2a2bfab46b9ad747490839a4c6001a878377e2cd79de874fa29894f9a0972839aa57eb1f5def65a955984ca3272b7f16

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\cb=gapi[1].js

MD5 f9255a0dec7524a9a3e867a9f878a68b
SHA1 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b
SHA256 d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d
SHA512 d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f36e0330f6ca206f1475bd3965e9a00e
SHA1 b2288703413cf1ef6189d9ed6507b6379e246e6d
SHA256 6970da9893cafdf04ebd267d6715ddc56d98ceb0c450951a3173b6a73cdb3eeb
SHA512 b7cc59f9555238d999aa9044c1a6b34123d704b9c922ac3d05827a871fc43cab682a8586960d7f8ea87e4297e59f8ca306681459f54bcff13511702075986a9c

C:\Users\Admin\AppData\Local\Temp\Tar373B.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab3729.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_95776108E5303B05527E9B63C6628F47

MD5 31c72108356bcbb5569409aa463923e3
SHA1 647712555d187d6763bdafc3e9c2ee9645bae56a
SHA256 16c8fd04d2e7f175e0092f4e468aaa9b762e79720e99683c787e4ed130404cdb
SHA512 4768ecbf85c6c15bad385b1c5b6937e4243aa4bdd0163ef49bf219047b6d9920a535a860cb29cc02dd5a427f170ff43d4e6e7fb5b3505233d24d671e84205e60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar381C.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55cd0c76e2027e58344abd24838651b0
SHA1 4362e0ad38210f2a62639054ddbb91d95bef4b5c
SHA256 55c43ed290d86bd963724cff4f8dc40e4c17ede884fc3b36ebbf26c98b619b52
SHA512 5ae3fe89a186440fbc04c786b10bc91d1aeb2d3eb1dc41066d7ca9acdc0a4e7333396e6a61e8fd770f1ccfc243e7e4e5ae8eb88db675d3a536b62359ee87eb40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e859562a1f2fa069fe4ad30c472a1779
SHA1 20af040ef50bb130afea1b0e62b151f453ba9391
SHA256 1f9bb4978a21148f860c32e416fc1caf7d205ea2aca2935a328e602b37ecb8ef
SHA512 fb0ba06ef61b5317cc9cd791a6fb81e553e8cda204593ccf12f49a646cb0aa85737f2b35d12f789de5f5abd465839824e7306ada9498163cf3e06491eb300f52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5e9fa854abc652ee4461713e4391f85
SHA1 ff3c6dd524ca28ac261e2571e4f5a65e483b83db
SHA256 16205d0af54a61cea80ad535b9fe9a2abd10dc4a04d731c6d6599a1d29224086
SHA512 06f35627202be34c46eca6c3dd85177969508ead5abf0135937abb0f0d0e0eefa2c4ec8c409dc4f3171e43f4c7fbf1c421c264dc5f941fd90ceb2d038c4285a0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\favicon[2].ico

MD5 59a0c7b6e4848ccdabcea0636efda02b
SHA1 30ef5c54b8bbc3487ea2b4c45cd11ea2932e4340
SHA256 a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f
SHA512 bcfebb2ca5af53031c636d5485125a1405ca8414d0bc8a5d34dd3b3feb4c7425be02cf4848867d91cf6d021d08630294f47bdc69d6cd04a1051972735b0f04d4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\sxsuh4u\imagestore.dat

MD5 2def9cffdeec417855c7a4f4155ecaa3
SHA1 fad09b7058e8dd5927d56a62d1ba5526b29f910a
SHA256 7700711ce609f4ea87596f3731eda4940dfdd0d96aee6bfc70be8eae41e26327
SHA512 1e489e352c1e6abab10455950b10218615764ff5d7b5c2eae0d10d2bf3656ae81ccf652cf274138e2b0dd2e21000756cb01b6e95f0871594de7eb5f33f98944c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fd60716bc90499843f726d997013dfb
SHA1 e99261758b8e99e8c47057c3252151488c720200
SHA256 13e3d5be4bbc5ceccbec12644d82ae5bd2aace157961a072e9e2f47ce8ed4196
SHA512 9f5e9f7097e2f98e59f312a403aa085ed3ae8935ace0a9a6e95a0d1c5a0005f0c82a98b794be0850637bdb4364c187ab1c24a372d4b6b6e45a3076d12c195462

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93f7e742209f9f9217dd7b59ff2fe74b
SHA1 36a76a7da6f1f9063745a16125bc31d8c01b4d65
SHA256 155a12bc397c3f01cc8989d8bc7475903b10f3b39c0ecd83967dbc1fcde64ed7
SHA512 75b9befd7e29fa2702718fa2ffe73b7f00dc41fcfd9537b285e9325738fcc0308ec16aa2a5eda37bd3eca677ab1ce701faa5e7c95b2f0d0e68c69396e985a5b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1ca1546660833d5ad7cfe8a3c3363d2
SHA1 6d582a49c984ca62daf016639c9b710f130475c6
SHA256 aa9a3d7dcf76862736e59e97d599c3cdfe0577fdd7161bcc45c214f65d1fe0df
SHA512 eb6280acc26ee47d2ba367e0104c60e59a1c33c02604f419df4d3ce6fb7f1c529bc1fb524e5f739dcad65fab1446c990d1dc55d0ed98e0eb8117dc4374ce587e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d85af1b66fbb4d50072f4ed447ce3c1
SHA1 90c41ecde7cd65fa35991c6e0abf3d9d99fa539d
SHA256 c488304554462ce2adb452c1a73cc31241ddffe39969783870db3d88474d84f7
SHA512 02e2b7bed173aa37ee6306f11ef0020fea66176dda30458a5d664ac1154591761a07776491afef2560b9ad7183ac05a46acdb0e88a16f4dd7fabaef0103e25b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 064086b6e309aa14b28cab30c08b4c43
SHA1 43005d50de1c91b866e08e2435cf16c2704fe263
SHA256 46e3c5a2437233c70088d7f803900a60e2ad15fafb4754308fae50bbf4f0c99a
SHA512 7768b875cfe2817c9897a8a83bec448783d2c58f6913b12d144e164d116f1f3d203547e470753101513d832d55343ce29ef058d224af2c1d0940c5f1c9568693

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bfd3907229c93207d72e9f99814d21c
SHA1 01b5a808b34aebaf6df5cacc5993b4e0d69bdd7a
SHA256 f15384ac6235ca4dfae7d9cce3b1a81ce1effabce9e4279d9aed8e784930bff9
SHA512 dd9b5956fc8256bec50dffabc6ccb56b8e8c5ce30dc499f489b5662b730e358805e678adecd5ea50642af1181a700b60c498e0f8c07f7989a69fa61f26355913

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 185a8bae9e70b77e901e2a7226b44d51
SHA1 26083d7cbba4a75433274dd10e8edb13617dec16
SHA256 e4427e39d2566750c5c47ffe601f14a8282e3b093bc6ba677616e02d52f3c510
SHA512 b777d90485b4de88ff3ce05431d2169ebe8da6a75d9df463f5c23da0893ad76c2ed7b2f54e0dcc13dee27c52c6e75ef42c2edf9537344b0540d5da4fb6a3ebb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e72ed2af90bea483ce580a9492c9b697
SHA1 6ae1c4df444d9c7a7c0ee899d9cd8e15acf90bd9
SHA256 0b0619998b35821bd3654fc9895efee2ea8cbe6d9f7342adfbc541cf0511f5d9
SHA512 24d3832d931d157ff30f0f209b5320e018e617738612e4b5e0f8e3ecaf505ecabd2c438bc33895c2591df2ee9d73c6e3993deed1bc5008de305875d76967c5d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53fde939e53ddf3afd798cf7b1687e85
SHA1 c0cc1e38c81dbea53eef46ab08ea27a1968e44b1
SHA256 2508eb5b77b0a75755ffe69e09d3f427ac0db32a809b1ae6b1600385c7c85271
SHA512 4934c25bf4555a441d8cbd2781577f6e94d59c1a9cc517fc315d9716bee1deb4e3cca177d6f943dfe9fa6c97fc5413d67973d4c94a3417896a866bcffacab975

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd08ff2cfb955b301e0d52ee141f3ef1
SHA1 78783a880a87281fb7213ff254bc3051d1275c4f
SHA256 3e4822e17df7d4c06761ef2758e3f7afab13b4bd336c723a6654dce8535cb1a5
SHA512 3e4922c9df2cdde69264964279a9145623cce5c9da138b8b20aa82c7b57e99c26ba8c24851a9c68b8ef7c9f79b93cb4271eff17cf4b2eaaf8031b339a2b7c7b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 13304706b96872b93e37f16b548ebbcb
SHA1 6cc94f3090aebf23a7b9cdc59c7677c148058ac3
SHA256 6f150cd89f0776a31fbcc5ca65042df727e3046512a11f824519bfbd020fe127
SHA512 4283a6bb337818ac9d4a149424e2f1e7c3a4b8be67ce6a91d378e22a15d818c5a6d818d1e6f0fabb81ab13539579be62f5265ba9e7e5bb1ee0886c5be32c521d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a70cb8ec9e3716e719616d19cd60e5a
SHA1 c6262b039cf6da19db4e7760858579da309012ee
SHA256 6d141f35f14e6d13f8de05e1658cc49352ed357d861531e21651057bcf4a8c11
SHA512 2b3ee69a2f2a0dc891791ae2423bc578aa5d42925cea6d03393dbc10844968015d0e7eb2e9191ad6f704482bb4162d3b9f200b31892e5a10bebf8cc4dc750578

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51b6071e98eb9bf03ff43517032c814c
SHA1 af2155b3b243b62009b73952e08af4a40a718bfa
SHA256 cecdc011c920591459f20bb080c339067341f146796fdf9a915f19e09d472f68
SHA512 ba9344d7f3b390f8d915a1a7f0079a25773bda212be2640949a264ca9d340ebb9db13be346c1bdf4fa9f28124658874626fa6ecee55fc0a494dd8bed0fc702c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f8ee3dfe898dd4c5e16521d4a4c7750
SHA1 921589d4cd50fd403b942e90590f494165a86bfa
SHA256 1b968768e8927ed6305a77f9632b4a94f967f8118e054077177b9ebf810dc48a
SHA512 a3e3b5b7408d9e518431224c2e8ef10902806897c8516909328205ca54fcc050dda0724ff225ded4be92f90ad380976513653d7e5d083f94cae30fe9050772b6

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 03:19

Reported

2024-06-13 03:21

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

124s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3a691a37c15512ef326123e8e6c81bc_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2976 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2976 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3a691a37c15512ef326123e8e6c81bc_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcca3d46f8,0x7ffcca3d4708,0x7ffcca3d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 dl.dropbox.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 i41.tinypic.com udp
US 8.8.8.8:53 www.betobrasiltv.com.br udp
US 8.8.8.8:53 img857.imageshack.us udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 2626-1.blogspot.com udp
US 8.8.8.8:53 goo.gl udp
US 8.8.8.8:53 i41.tinypic.com udp
US 8.8.8.8:53 i43.tinypic.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 i40.tinypic.com udp
US 8.8.8.8:53 goo.gl udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_2976_RIDIRRHHBJQQCSGC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b20fc468-b7f7-4405-b4e9-b17359de951f.tmp

MD5 ab7edddc906acdb943928c96508a84ce
SHA1 756761dabd997cdbfe280f360b342d225ad031c1
SHA256 3c518a126fbd55af226196f4188f38f11b70c0e7c77e1f4794e8f3cc623ea845
SHA512 34ae07829576e75defb3c29e3aae0973c928ed3431eea2e6ff63ffcef6a52659c2e7536e9a6bb20bb897f621c8e923652c9e2c6d25a63f3f0b077899768ee402

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1fd6ecfcd422bd3f847ffaa1b1e572d8
SHA1 dd09a73af719d334f5497f2f3b6b9b7c371400bb
SHA256 426914e427c2321dd326a4a79a145f7bd5c91cd8727c90c0618b3488c9f3a460
SHA512 5ed631ce1b0f45916647b3964403ca0ef3ec784b61e0ea3bb967dbdc565510747e8370ac7500bc7ea282e54b7f59b7804ccf2e992952b1053234828cf964f697

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c530ec867f0fa2ebaf2e2632cc594a4c
SHA1 321cfd9f6cbba151e3b3b7c5b8a5e76d43468547
SHA256 480b3b5aaefca003796ce54b680b3dc37e7e2fef3d2a7cc22b7cc64173ce27c5
SHA512 991ee523e040253f2b7bffe19fed469d52064cf5410c76b53350c5aa2f13fdab7a780614c8be196b4c5045a0dfb086263851382943af9d80dd172bafa86f4b36