Malware Analysis Report

2025-04-14 03:21

Sample ID 240613-fpg7bsyepr
Target a3e7a4ca9f1faf47c99a9dce98ffed31_JaffaCakes118
SHA256 aa92d4a38b9d4350eb6f9bb43875cb40ad5256d35e16bba3e472f6dcc257207e
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

aa92d4a38b9d4350eb6f9bb43875cb40ad5256d35e16bba3e472f6dcc257207e

Threat Level: No (potentially) malicious behavior was detected

The file a3e7a4ca9f1faf47c99a9dce98ffed31_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 05:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 05:02

Reported

2024-06-13 05:05

Platform

win7-20240611-en

Max time kernel

137s

Max time network

140s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3e7a4ca9f1faf47c99a9dce98ffed31_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2BF31511-2942-11EF-B5A7-FAD28091DCF5} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10163" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a080fa054fbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9618" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9618" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "498" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000fff8b6a54a625c6a04ae728a94a3ee9c824029095a77f297a7c24f5539e3caaf000000000e8000000002000020000000cb6a60b864fa97def1b7d36e4ee275f69c745ce2099084a474434fca9c96bc1620000000d68f940074b4374a15588a622431c8fa1db6c70715af3f0e0e08e5b98de2e4c440000000b0af5de0d9775f4a5a77091dfdd63ab6d3d7b0e44e6703a60bc3c657e0d6cdd1052ca133adfec0ebba56eeeb7d01ea2dc5527143a1248a358f6b0a7dec868db1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3e7a4ca9f1faf47c99a9dce98ffed31_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1912 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 opi.yahoo.com udp
US 8.8.8.8:53 www.noithat190.vn udp
US 8.8.8.8:53 www.doanhnghiephanoi.vn udp
US 151.101.2.137:80 code.jquery.com tcp
US 151.101.2.137:80 code.jquery.com tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.204.78:80 www.youtube.com tcp
GB 216.58.204.78:80 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.6:443 static.doubleclick.net tcp
GB 172.217.169.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZIK800O6\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZIK800O6\www.youtube[1].xml

MD5 fa381a402e260554138bc76848066942
SHA1 15f9a953d263748005b51e108b36db0ad2bb2a3f
SHA256 dcd72ce3552a1d6113faf06215cbab2112fac21944f513a6069c8a00a149dd79
SHA512 7a95eb19477a45af99d67b5c6ba5fa821d7db67bbd325d649bf709d8de22b5ccd886e19afef29686e7b3a7d7568d8312b9c59ffd39da7a97c7c961e62f3cae81

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZIK800O6\www.youtube[1].xml

MD5 15ed08fc4cf5dc34bf1cd25d5f8a572a
SHA1 bc6fcd3c913bf2a7936b57557bb829a4b51ecae1
SHA256 ade328c7cfa7bbf328685cb104b8c972c811eea6bbe56eec9e0091c03614d626
SHA512 e5c8b40e72a87fba9507da75a8c5590a070f93b2401c867fbfdb47ca341297da8e3d5efef1defc702aa4ffcc1d309e323bf2b008596ba3467428dd75d08f7c4d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZIK800O6\www.youtube[1].xml

MD5 43575d51a07ae5d165e010c6d71fce63
SHA1 ec21853a9cf0012c3a2e981666363a2720e9773e
SHA256 b466827ee78c48b38714e43d3bb552c07c631e7b6f86a1a7fec706c3471a57ba
SHA512 1f826744c166711fc0ababf41278e105f404109920c28dcb379a89d06bb7ac606950edfb8c71f2b4def417cb15b58e36f21af2a75d42db45c8c196f4adecfcdb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZIK800O6\www.youtube[1].xml

MD5 0257ad28a42d2dd71452b878095283f6
SHA1 aba2bc531e970df95442be5547302215e12cf1a6
SHA256 bc8e02cc22a81bdd02c76bb5924d52a2ca7bf949844ab10433f82b9637da919e
SHA512 4a740fb2da4ad5f3e98ff35f3b45a0b10850b95c15e0d105b491bb5e9d5ed0954ef8fb35fd0ef370451a717eb3376dbc745edbfb1d86357ea4b2850313348838

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZIK800O6\www.youtube[1].xml

MD5 35aaafb7497f37ace4254be0d79b3a52
SHA1 1eee6c9d34e4848ed9acd4993cc782dc80239f2d
SHA256 5487db6eebc92c3a558263c652f33036627b697a6bfb7ddcab5a07f697539936
SHA512 e32ccb364ceee3a81d02158a8b0ffdee9fd4aa5afa6ae60693bca3bb534e136c96a260d0da6396d7a5be5aa416a5863f6dcc1eeb808448dacde4300de13ef436

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZIK800O6\www.youtube[1].xml

MD5 1e9d0e29808584918d118c08a71af20e
SHA1 4e232f3ea05c4e622d1337b940d8e599aad7305c
SHA256 1fc1837c91a89d0e8496de2a4e3da00e18d4e61c181cb98966add54e2737e606
SHA512 143f2dd35083cf684bd2959a150abb1197bab09231083bd1e4dff921355af82f1d278af930428fded54c92c7b3fc4a35c3649a31fb074da1fea8bb125fc0cef1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZIK800O6\www.youtube[1].xml

MD5 2d1e4a2aa488e9e97c2630f3a9b76ab7
SHA1 593c053b4cb591945d5198f66aa7c46280bd1f85
SHA256 3200fc8248b79b1fcb8182a521522f06852b7e4784ee709ef386d37976b39ca6
SHA512 efe2c1adbec3331c1c53abb29d14629ecb1f499379fb5b7ab79a81f33f08f8432ac80b3a26aa01974382583ed6f8e2ec530775a020f98a5b6bc496fc61596c87

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZIK800O6\www.youtube[1].xml

MD5 60e2c4691991ba12296ebf207bdf2b02
SHA1 820e16943855ccd95cc4a4defc28af64ca071964
SHA256 c0c33b28c87dd99703edefeddb018632867546e34f0fc5ac5a24943d2e4325a6
SHA512 7eb72e71216ac12437aee9911293675060629862b73067c8d19782ecbb9be34c626f735cc91e59a84a4370d913c40543f6fc6e2d627ea953befbecefaaab76bf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZIK800O6\www.youtube[1].xml

MD5 dddbb257e27c9c93724bda5a5c6bf58e
SHA1 9eed57e05f86bad7dcd034a8bc39f84927023416
SHA256 51b360b8dd0fcf1a4f99c6610eb9bf84f63da6a62f06b9906508323aea4b8251
SHA512 92f87279b9639497dfae4c9614c4995c8b89274e44ec6e134398fea35b3279acf8f0ddac117945c4de3b05306a1d5bf6f172f7db88640e908ce2cc3e340969c3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZIK800O6\www.youtube[1].xml

MD5 7bfb141b69af8ac57db2aaac9b05c9ca
SHA1 9021f5abb00096fd986aa73d2f09a642a56f7dcb
SHA256 3191ffcc539632b61d68d7a5edf67eb74eaed7eb76f3e31d9ef4b7df9a7f9790
SHA512 16cd7b972c11b49dac98f0f648bc539218ee8c405369c52597e3490ff51e699e0fb926c7d6b5d98f0eacb6c24a419fdf5752616a037c3b6ee75ce22e62195ae7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZIK800O6\www.youtube[1].xml

MD5 cd01560e95980f26e07a2674230505c8
SHA1 36eb63d907f804c6dec81d07d86b319b501de26a
SHA256 80d3a289bfef0c789de1578e4c7e8497fce5c639dccd538edd8eedebb7695f40
SHA512 6390b329f3b86c512fefb9faa2b7e0ec49c8291fbe6f847f176bc40367044a241d62d6343ad87e0886383f333495e1654fbe70ceee7f355b9ffe0a38c78c5e05

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZIK800O6\www.youtube[1].xml

MD5 0742ff71ac5305b5034fc0abbe178139
SHA1 33b213f73e6df87866bcce6e293fb368998722d7
SHA256 1724d6f5de0cdd5183eaaa1e7ebb98c0b9498213351bc34d33ab580261fffdfa
SHA512 c30240a04f43fe7eafe256b040a69663f145ed9c8048d8042cff42346d13da665091a1f7ad2c587ec335cd020ac91ebd8346b7b62401652ab9dcfdf3fa8cd3c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e05a534368dcec1b9bc8aa76ebf27374
SHA1 c2af774cdd27fe2f7c853428d179cb8946bf19ab
SHA256 7f0edf836576abd44782f35094cd1821a1a9db5d6e4dfd0ae1bd1d91dd677c4b
SHA512 ea36530e0afaf55a0c963abf840d21cb7d0e68c839a556f0123a9b8c403c885b0ac5efc3672fa3568de013ab1984b7975a45c3bf5101a88d3e7cdeaf77d75967

C:\Users\Admin\AppData\Local\Temp\Cab5A05.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar5A06.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7d1296eca03845bfecfdcaba3bdc14c
SHA1 2b923ec1cad55fab7065cc06d0b77f9a8db6d634
SHA256 bf870cbdc0060008d39917ca046cac317875ed13a9b636d8a6920c6d2afbd219
SHA512 93986d0515a3a70950b21de576df1c9e78a4b7fa8a2e21da171cbad672ff96a31f94f8ef2ec5038d3b4686de368f1a9c75b27c7e126e52085828403f20fbda94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 379bcc9aef07db3028bad51642b9ea94
SHA1 f0db8ba8cc270d6d007b41f760a5ded1b1fbb3a7
SHA256 58d8f100b61cc971e1beda24c64a22d2e3d2862dbb03a2ed141fa3c059531293
SHA512 5a5076cf865e287b40bfac6d605ada9fda1506dc442e2acee1358e869521f0fc1fa5808f2d06985e3932fc918280d443286e7aaa13045b00063009ad4af70966

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7300f1603cec402d216979aaf567464f
SHA1 9bfc4fa73d8b4e23bac6ba2daa847b01090447bb
SHA256 c8e3e47760434ca515821f75cd8df9e1057cc9844424e63cd8156c4e42afc2bd
SHA512 a6e86c0a30674b58f38744aa26fca331b4c26b19cc54bf9de726e58a10cf74b39eca404a072864a9ac9a23f9e1b72294d98ae65f8ee36be6227ed25c2646ae0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0f0b59b21af56c7a8dac3e3d5955eba
SHA1 c3472067a5f6dcf7f91f138ef21a167dce113b0b
SHA256 7b2acd86cf0720ade5dbee514f7f2d721de899cd7474332335388cc39710fa44
SHA512 12e9f23db34067808bba4aa599096b5a6cf2ef39949cb9a6fe5855999b2e908116284134b0865cb71d332dc370200eb72b592df4413584f0dcad5dc5cc4ea964

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 619eac8c2b94093bbd284e6cf9a17f82
SHA1 85ebd90832d33e9448661725b7bfb581396d46cf
SHA256 c264af55ead678fef29ac4169acddbc2853c8544d3955a7a4c43b3b2a977e5bb
SHA512 882117e4f5a5879c583a6724f1b2fd6e515863116cbff047b08a7fc26dad9888ba0760a4bbac122104a378ec87156e6e92d749cd3f63319ab12b760d2512ae44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb782ecb1e08e241c7a91a1b7f3c613e
SHA1 3e18f1dea1e9224f83f01449d438310415933f25
SHA256 305178e33005e855c50fdd05147a8732c6e54051c1742c0c828eee806db81452
SHA512 c903d39aa2ad57a7d426731252cb9791a7dcac892aa989c5a43e729f710bd5f44b55db1b813a9d890d4ad8da24671184c8b9130aec309f7a887ee7f66a5f0bee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 faae88a6ec8dce0a31ad75a39b95a391
SHA1 d59ce2508e1afbe38d91151f9072d8f4c38af712
SHA256 2721b95a2630924e448aa7eeba898114924efb7d8a641dc2af29f0a8f35a8bb8
SHA512 d5962296f83b643a878707f9584158eb3b32618e3385d34bcfea476025f6bbd3ad5370ad6146edaa42ff051b299d7339a1d2fb4e985451d9a60be4f65cb60da8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 add5c85b17f9be42a0ecd5c88ecfe61e
SHA1 69591b8a76fdff021b76c77b46dc8c86ad70cb53
SHA256 1304e92637b4ce440337e7e7f52c2c17214563d9329c681e2e957631618b6b87
SHA512 0745154310e8f645e604d4e139d296093e2fc27d1648dd7dc26bdd724becc310ac963837a122e3da57bf11c6f718fa089116eed5375dcccb6b7848a36a6c9491

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d66167107965cb875d6765f36dc395de
SHA1 0edeafe8f6b653edcac52cb26c1217a3176a7fda
SHA256 3a46ea5d3341a1863e4ad656fa26f41f3ef5d6bd364ca9422e6cb1322b8487e6
SHA512 228a6f0af582fa37c22ce1cf1be6685c1473523d0b3c4808a2a7816a86f1694d8f20c62d60185a9ab869c06a343b1481c865a9dc2aa9ec015dd98c57ceb6addd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZIK800O6\www.youtube[1].xml

MD5 a47a71f005b4baceec3362aa4069ac38
SHA1 a7945fac61920956f68a8643eea148d570ba9703
SHA256 a28770a7bb9a65b17532be1b35a68c7851de80e4ea89e3a65568b669a029d57d
SHA512 d857daededd609ab3972796c4055b2f6c853586eef9abb4b745d36c0ec4b3ee07f1ade514a5a34474ed0ea6fab18002de4e6b10bb3605e5ba4a6e4193845bf73

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 05:02

Reported

2024-06-13 05:05

Platform

win10v2004-20240611-en

Max time kernel

145s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3e7a4ca9f1faf47c99a9dce98ffed31_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4544 wrote to memory of 532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4544 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3e7a4ca9f1faf47c99a9dce98ffed31_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffa9db446f8,0x7ffa9db44708,0x7ffa9db44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.noithat190.vn udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 98.14.0.27.in-addr.arpa udp
US 8.8.8.8:53 code.jquery.com udp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 8.8.8.8:53 connect.facebook.net udp
US 151.101.66.137:80 code.jquery.com tcp
US 8.8.8.8:53 opi.yahoo.com udp
US 8.8.8.8:53 www.doanhnghiephanoi.vn udp
US 8.8.8.8:53 137.66.101.151.in-addr.arpa udp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 8.8.8.8:53 connect.facebook.net udp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 8.8.8.8:53 www.youtube.com udp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
GB 163.70.151.21:445 connect.facebook.net tcp
GB 163.70.151.21:139 connect.facebook.net tcp
GB 216.58.204.78:80 www.youtube.com tcp
GB 216.58.204.78:80 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 86.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
GB 172.217.169.6:443 static.doubleclick.net tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 8.8.8.8:53 6.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
VN 27.0.14.98:80 www.noithat190.vn tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
GB 172.217.169.66:443 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56067634f68231081c4bd5bdbfcc202f
SHA1 5582776da6ffc75bb0973840fc3d15598bc09eb1
SHA256 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512 c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

\??\pipe\LOCAL\crashpad_4544_BKMDXRDYYIVNNKJE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 81e892ca5c5683efdf9135fe0f2adb15
SHA1 39159b30226d98a465ece1da28dc87088b20ecad
SHA256 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512 c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 183b7f13c88da9521b0067e447383535
SHA1 c3bdbf3f84fec11b464674e1f7dd10a3eec4297d
SHA256 eeb24585a3dbbefe2c8eabe6eabd179fc66fc4f25fcd3a8872e6bf7506e42e64
SHA512 da12d6a5e18496d9d97814836570f5026694f77bd8677f1c1f6d1c6d8225a3a243b822a363ec2201145412f3467a0fbd57d4db06e794152c63108c23b8d11135

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b8660430ea4642397124d09c5b6112bd
SHA1 b9a574131855eda69fc54d413d0de7c60a7ef5b3
SHA256 92d9faf769b62fc8f4782e1576d6ae82051ac684013df039a949520ba0005567
SHA512 e441d2cd33faae5fa900116421a5105d09149d216fc320f9b8a0f51a79ec2080fde0c45b478081d92295753b214090c375fe255682db7072f785dedd027e127b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 31fd9494b32087881f0d9f6878619d48
SHA1 6ec50e4b3e3c7aad3c07b0d79698ec1b00f858db
SHA256 387c9641eb0bd31d27615d5fbc11e4cb19e90f49f2fb1d011ba2d31e91a71008
SHA512 8bb04ec55a82ca78e97e82f83c9ae8c956441fd8d700e2755ea0d830ef4de2272aa1c8616cfdc321f25a4b87c7f866b7b8634fb34cff390339bffcabccf9f5b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b7641bc4e28670ab7b0b1d24669e17f6
SHA1 e0d66281d26aef9accaa39864649e33419a0ae63
SHA256 a4acdfb618f80c9057495f42789eaec7c63fe44d6f5efd3d02dbc2bee0882afa
SHA512 73f0478c25854758d36b04889b6de149115b63af5a6ae1c563a404d7d4380f3f2ffeda2c7544b354e3cec7c8f62707cff6b0a6a1eefdd8fe046caa5db1041a63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 737f969965830bd215fc9a058f39d829
SHA1 4916d75cb88b65465b499adc96d34c3d1fa80b40
SHA256 0f25f046eae754f250bc7adc2aefe1267c5ccba14afb7af1d32068d7e43d5cf2
SHA512 fbd3ba263f6daa5f6c13e7db3a906b5e04d0f2c23c35f056ad822db9a9152c1d3588d5888b190f1def5162405089b79c021c23b25d87047047c4744f88558ebe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9f678d9aafb509f2f9f9c54f89428596
SHA1 1f3b5e0a27fea834ce0078722be0bde40241b8ab
SHA256 6fa8c21444a546235499cfdd809729da30dfd91adf0af663b858b3f704eafe85
SHA512 c81ebc34400d3145c960c293ceb0e904b5eddc47e4c754377203b29ac9ddf32dae3906e47c2ea5bcf435b90bb257f09fcabbcb90599dcc3d40066f0a91bd82df