Malware Analysis Report

2025-01-18 01:14

Sample ID 240613-g2w2paxbqd
Target a42aa76baa864bfb51abb8537d0a4c06_JaffaCakes118
SHA256 57a82b15b0c45989560bda0888a3e0fe5884122980f43b8304ab9efeb9ca8692
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

57a82b15b0c45989560bda0888a3e0fe5884122980f43b8304ab9efeb9ca8692

Threat Level: No (potentially) malicious behavior was detected

The file a42aa76baa864bfb51abb8537d0a4c06_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:18

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:18

Reported

2024-06-13 06:21

Platform

win7-20240611-en

Max time kernel

148s

Max time network

152s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a42aa76baa864bfb51abb8537d0a4c06_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000009576de2c4a78a2a42b0100dd390d3f93d0a194e6078f53487fd4c471beaf16d9000000000e800000000200002000000027ceebc8c77113abed9852f907e40c5a5746e81c62f1043b40c729e54c9bea1990000000a91f92cf8bc1ebbfd3b2fd0cda28fc3a2c947d6fb5aec048e12ed406bf7b2b6a0dbb455c600a3dc152e2f7005e0c4368e619651bfef17a5af41da5208da4f837c72333291e738289c91813225a2b988a5790fc02f17900a50dfecfae4dd436a561d92c866de6b9a09915930759bd6235aae38b35b6d1a0f5c41e5872582a0c8b12e1af7718eb3491c4380e7ea233380240000000622eb1049e74907ed75fbb07f80ba82717007a9bea5ce7727b835c52d3ffc7afcf330d2ee60d0716c7f1f7d0a80cf09d140545b2b8649d0b02d9413e8b5adbf7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 909d329d59bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421388" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C6B429E1-294C-11EF-9E55-E6415F422194} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000a5bb7ea169291fcc958e6cae699832132a928ad718f561ebb83cc699d368a7d6000000000e80000000020000200000002bb299eeb2b75d20349a639dd9880bb572df7c3307acc383f6a2baf8d10a3b2220000000233af738207150cfb1483cd8a2e6d9f723871b70454517bc79afb891972ebd3d4000000089920d6ff40ecfdd643335f73d08c4b23802daae3979449c8ac8f40ddeb49dd21ebf9808f6237a61f257546c016b4285079de1bc98540eadd61d0d2f5e8f410c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a42aa76baa864bfb51abb8537d0a4c06_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 farm3.staticflickr.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 draft.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 farm8.staticflickr.com udp
US 8.8.8.8:53 farm4.staticflickr.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
FR 52.84.172.83:80 farm4.staticflickr.com tcp
FR 52.84.172.83:80 farm4.staticflickr.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
FR 52.84.172.83:80 farm4.staticflickr.com tcp
FR 52.84.172.83:80 farm4.staticflickr.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
FR 52.84.172.83:80 farm4.staticflickr.com tcp
FR 52.84.172.83:80 farm4.staticflickr.com tcp
FR 52.84.172.83:80 farm4.staticflickr.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 172.217.169.42:80 ajax.googleapis.com tcp
GB 172.217.169.42:80 ajax.googleapis.com tcp
FR 52.84.172.83:80 farm4.staticflickr.com tcp
FR 52.84.172.83:443 farm4.staticflickr.com tcp
FR 52.84.172.83:443 farm4.staticflickr.com tcp
FR 52.84.172.83:443 farm4.staticflickr.com tcp
FR 52.84.172.83:443 farm4.staticflickr.com tcp
FR 52.84.172.83:443 farm4.staticflickr.com tcp
FR 52.84.172.83:443 farm4.staticflickr.com tcp
FR 52.84.172.83:443 farm4.staticflickr.com tcp
US 8.8.8.8:53 api.myobfuscate.com udp
LT 93.115.28.104:80 api.myobfuscate.com tcp
LT 93.115.28.104:80 api.myobfuscate.com tcp
US 8.8.8.8:53 astudents.ru udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\11734950554_d0376c4eda_m[1].htm

MD5 f5d40b7259645010f9a248858ad14178
SHA1 b3051d17a6ec8c9e166bf09a62b48261ab86957b
SHA256 7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
SHA512 1e82bc2d067f726670b3e6054d73e57868f6e7c50eb979696bf927daeef699f2d8f8de201e8252b86b0e9f86dc69e5037fc9fa08ef6c271b033f29d4f0f4c1aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\Local\Temp\Cab6FA5.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar6FA7.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 cf59573a8a588b4042af9c193c718140
SHA1 c63eea54eae6f9c09a5dc68c5fe4555125f0b0a6
SHA256 ee89cfa0556605ad2ad25bf334a64bb5a09f077a9e963a126f9cc55b8563bb02
SHA512 a2031236eacfce8a283b8a487cc625503ded8f753cb0dda18a37ebcb3653e6899c86ecd264458d2d4d17bf198ace2c65cb5d3262540972efa668c0192ca2f8b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bebf36024d0252e1de66ce6857265ec
SHA1 4f856589ef2538c3af4204aa8bd76a6f3971c694
SHA256 5761256c5d51bcd54f6e8e544d18f4decb6ccb2c7299e142be62f853958b6975
SHA512 ed66d7f29ea703363e43f005a6af243b4c86734bde896805c18b767f0310e24a6957a9a2d3f91edfe65dc60b6c653d714385bf29b8803fbe27d67b477c17b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d85d1ffa6b700b17996433ed49131dcb
SHA1 8fb522f979ac48333bf83b296bb6828d343b35af
SHA256 13b9c628ed2252587892f4576c31089c722c12c30b74cad2f0779be6e5e67038
SHA512 4a5497787aac2b0e0b49faa39831908027454d33f05d9b82596db4c45d19a36c89bfe55f62e463e1c7fb12f4cf2cad428b0bf90ec6b810b4d871d9327430d2ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0485a2a8966868ec3060474641b6f43c
SHA1 d5f938a4b7698952c02c2e2090394d58c002eb4f
SHA256 d92c961a21085f24cf717560c738392aa7f2272454b7fd5fcebfca997e0df66b
SHA512 c969cb7dae57193a37466b10f3237e5fe09585833cce2221840479237f13dfb17d93669ad187be4e77a7896e6d70c1f339bba060bd3673147d7341abb17d1884

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 123ae571afac17959efb7320a4996e7a
SHA1 43f6ae4f45f647d7aec8762329d937edb52676d2
SHA256 d5b23f6315c5ea0dd1d4022f3991d188a2b8a9aa32af6415ec62ffda9df27ec7
SHA512 be797012ddd1e7cfb272e01fb6518540aa6ee92e959260cf49d03b1432983c3fd21f8bfd51470d1a706b4a3992944510459cddfb6e7521dfd6fc1e926ef2ffc6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b24fef77e65a6f714afc6f30a192de69
SHA1 1768ec6fd0a9b5eb28cf501acd478f71dd78ff33
SHA256 5edcc438319232c81239084017e51cb503d3a165c7ae7dfc201cd9dfa4a627aa
SHA512 cac04a7d12b315cff880f18804b57ebcd11960577b214abe8b143d28bcd5214aad2a8e151c06989cd65b576777b441e82bf38e6412a8a9b3ba937d04b3836b5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2880e0704ea4a72a20c7e7bf01e92411
SHA1 50b6327331a5139efcf046934274fe7d9f01d08c
SHA256 8b0bd2317a4b35840a8cee55d7e6f8d9175889078fb74d147459314ef9729657
SHA512 03098cb47f9f5707880934c4d88aaefbe7123285107e4ebb1063ec8f2b759c6315e0ced07a65a2c43826f9daf3a652f2a60bcaefc59a4ffba2d9e934a8e8b269

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b420f3ed564b1048e278da842f1f2f3
SHA1 acf308ac1e9d9a7ad90a4cd2d1a2a31505ebbf35
SHA256 09ca7f6a40753b69c8f4af4acb4284a8849e810515df0b4cd6b8520916f4c653
SHA512 58d817de495c2cdd8600d35c63160099ddfbeacd9c88cc46460cef207e22d78fff9e5df0f28240241073d6051bcaac286af8a60fc69c14e00e259b3b957cd7c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c6ea0021b9f56ddf52f512ff0a5ecc1
SHA1 47f004bb6289e310529bd2a43a7d650cae574e0d
SHA256 990da68130bedede0740759ef51086bfcce31444bb652397a3bae4ed4fc7154a
SHA512 624156158ef88e51a7399a9c4ccbe8c3cfd200592b5ba5ddd25c71f58a7ce695bf4dade7ffd4fe969901cbcff0834ada68dbbb922dbc24d1d3107551a768c430

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 d83d6487dcad0b0879703505cc5b57f1
SHA1 6fb675be1ea7a9300d6c5f02b0153aa50448c310
SHA256 ab88dbd445477b770e6f12485bdfd1afea682157a83ae7b8204d9dbb6f571dfd
SHA512 f61e57927f5024efb5d529f8fe8897596f408e3bb65e70222acee717b7bbaca7e8367e5842407f8b158bd7dff8483e66da5b76b5a47690307edc6bb91abaf52b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 ebf43c6753e1ac74f84bc77ffb927092
SHA1 ed8c30d982cdb489aa3b1583c6318ebcbee2a9e4
SHA256 c76af5e2ae45dba4716f0080786e4123d2877574ff215c4dc209df548382d746
SHA512 cbab43438765f80e3f2c4813126d692cf8dbe3df7590229746ea013e289739723c7a574aba284ddea08f76a3361886e019390d0da6d444620ec312cec45eb0ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 e5ebc80a28552e8cb23469be653b7d16
SHA1 f95c4840210724ca4d4f2f00de20ea1c70b13de7
SHA256 dfbe1e6a0d5a419d38b5d28b830a5b918f2b20aa5876708eddf26de55641c6f4
SHA512 9a0e59d580462984d92274f58c51b1c44640ef6ce960801a3bb535641fe43ca9633f658765696359d9b3750b6afb16287bcfb111a838e4553e037057b11f10aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

MD5 89c9e0f32f3bb1d5931a6c20406cc447
SHA1 be8ddbf835a6e13d632904572345214a60968399
SHA256 456f93fffc81fdeec7d82b29af29602c71f420dd4a8c33df998e489e4d30be9a
SHA512 75922c9f4ebf4b7c45c892e5721ea54795fad0759ad2be8ce7718dfb1810f6eca0ea359b91a37704f863edf6e0b1d26dbc7431c6903a75c2ba6d7514393f3e97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

MD5 11223d28e150b264b67fe8abef52c16e
SHA1 03499bd514ef61a75e42760c6eb6e780ba25e681
SHA256 f580b8c55648fa65f52ddc0b7bb862b08e72a56ed6af6e3f869481126f5cdca7
SHA512 4f83fafe3f1991e284f39131c3bbd8543f347d76b26f963eae7a3366f13fd013605c84ceb8fe8d56ade99074ef0eec0ddf1ad2aa895e9415206b7751992a350f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\platform_gapi.iframes.style.common[1].js

MD5 682c26af19b240f98d2cb951721fa54d
SHA1 18e58b652c7f82a55ab4b1910693686049e25d62
SHA256 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980
SHA512 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\cb=gapi[1].js

MD5 f9255a0dec7524a9a3e867a9f878a68b
SHA1 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b
SHA256 d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d
SHA512 d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa3afdc75e762723533e11e3cec7f9c7
SHA1 beef3577625f76ed25877f1bb25c2c9689edcf0e
SHA256 f9a6d3436958f698d089e91e6b5da2d699cf46791af3f9a725ccedf35cff4404
SHA512 74ef2bc8dce61f5b28c153e0601120f43d2ca231f377eccb90244e6e6d0296b3153ca166994601ca18731efd7fddd041ecbe78cc2ecb27b31eedbe678db97399

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb7c75295a38a534fd9b37c0299ef275
SHA1 001da970c1f2808e93f6ebfaeab7a45f1b9a35a7
SHA256 2a599917949eafb54c88d0d9aa7da666900f27b0f25166c90d6db4f597a6c534
SHA512 b20e42908665111f189a203aef4539724174c04a8b12b6046cbd335a7af09eb40b36cfd1cbb677db55aaa5b1adb0aac11bbc649ef457e3fdd58c26fac5768d31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c64ee08425b0ac59a9ce129f86680b0
SHA1 fce1c2a4bb63e1b738088ec54bf816b3f0bc3583
SHA256 6cf6ad0bc92e52dbeb0375fb006188b3dce3ddd76fb18b02899543607c8c233d
SHA512 1a7b2ab69ff94b289e2ecc852d057657826abb457531a123f78ec3be77d496d321f1dc0cd1522a162bc15fc2fc0c0b3f1bc861183437ce60b4fa67c94b197054

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c7d0328027d8aa12dd4b017563b88e6
SHA1 0e4d834e362a80094b7006630275139cbe292470
SHA256 e11c4ed1df6707f580f0852327b6b4245bc19eebc6777cc4208f3666401e0b62
SHA512 973b715b3d7bd160bd2388f3a924ef064d3b948c06aa6f6df2adcb7f2187c2cd19966dbfb13d2bab1e0462a1fce2a239f16dc9434526b87df79c487d627f566c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 522cee995262d531f23c0669a73bc112
SHA1 b9a3d63f35c59f49e35a6977356130946fa69a81
SHA256 96f623a036867dc2b477c5e8326d236124c106a9b84efa85fa08ea22c5a9b642
SHA512 6a1a5c662ee0d51ddcfb640896936f20b43405f08ad1addb1c80f4320f48e93b0c07fc5803d75658d195d696a39f189be164d30699bc857b3723ac069b12834f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84c4a4f62880f69de333a314c8ee05d8
SHA1 a03fc3495545c8750fc73213337bfa8fecaab843
SHA256 9fc3a6ce4c9c1bdb057f310493e83ec854ef4a61ae94c7e3b3fc8f2fa5cc7def
SHA512 4f35bf7f010cea37879c7fbd6600bf0687513a3e7ce6e5c6bfe3a31880d94042328fbfb303334fd15b9a8699801b53f3bd9d0ab9ad0c9714e6f534f6394c8afe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce6aa1e2296558c7934b26b26595554d
SHA1 efd5d04c8cdb802d5b383b78e856d37a8fb5b55d
SHA256 c2f31e019e375637a4b54e2396fb39d0230f30a1d9e1d6e7852ad401c95f004b
SHA512 4032c71763a2a2f6c5fe425e46e69b3309241aa8c1131ee620bd37f5dad31adb298639384a43011fff22e7b4382754b3c21961e08ad1e8003bd6ec159cae4566

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c924849aaacff419ce3b7d9f3d9850ab
SHA1 f6fb40c897ac653939763d431c882b7d55d41756
SHA256 6505da9b41335457a8dbb3d2b68afc4de4ec4ba8f22c4a26a9e28d7f8eada181
SHA512 6845397a777926014d801b179991305811fd826db77e4f4a8bc277c157a27a6d5b73a0dbcd1812fc3b4cb5e436bc78e4a5ecdcf54960576078b87761157d1bd0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f016f91d1481e331717ce8e6846f0475
SHA1 8f97f8e6f63160db0364f3f50d4bf977cd0bd1cc
SHA256 5f6ae9675326fb791ccd8ab4ba7c1cb2925dbd1d49935b306b4f7cf768cba702
SHA512 c9d5ec4e63a9e683fa699894fd3898ee4a7063e7cffb9cf1511cf90c73913f150cb4efaa8316b105843bc69ff371669d47d853682381110e7dbeeebf47533a7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d97a1953d07545e0f64cf1c21fb1c317
SHA1 10f5341e49024556e6a0bcfeb5965d9253f2a6af
SHA256 c095d3aeaa9409a80caa72ff8d045ad06845a008b9b71ad69d95f8af7963ba27
SHA512 6f693d12c71ec34bedbb58abccdb2d1a6498da25f5a9d49036e780be118841cf3b2cbb0399637b4d6706ef1c1f8ae5f74c0e908bafe279705133b5b513972302

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d37f1581e2c78980068eb64de30cf5c1
SHA1 2c352fde4e35d5d502b6eaa82d5f8f35362fd483
SHA256 0e505941ec169a5240131542cc26f6797310081335fbd5594bb3d34be46e00db
SHA512 ee8079ae3439d1962c1fe6a813dd095bda87472a6e0b94fcbfc91a91a32cbd9593ee83b18607f329f93aa4760e4c07708cb781558160549117d3b2bb4e0abe43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b6d9947d7a85c1f4cfa8d607770d686
SHA1 44157eaea59398fcf5b31c203fbc1e8a749b2392
SHA256 136d26254d4db5cc77159c27ed5831174ec0ef251d13149de2ae28c58c76398b
SHA512 2bb5cb5d46b4a7e0b230d275596c1335c47eded2729ceef25e9c12e8413e66b20aa3a391858b8f555009bb2340146fdd93fee80686b59e1b642b292c402d0462

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7fe1ea428e9a270b226582796fe20fbe
SHA1 b7a03dddf44c40a27dcd26d775cb6958aed8186c
SHA256 f7dd91a60ae18b90e059ba51f6a8eb53fd73f280e8c910bd21937276d82e70da
SHA512 f795cab52ef733ef7e3fc5384f01f4f183143bd7a17e12f18b125e474aa67f5fbb2e734949b49535c8fa88a78f6588624f9f4cb018ed7966ad7a1a438e1be151

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7bd4413506185882c2d4d766864a8e89
SHA1 f5609f644433d2e5a24a2808b977c795de0cb902
SHA256 835c318a28fbcd924f4dec1c0eb24c49d3ec0a458e389c395e69022122e1958a
SHA512 3ce278c7287140bc4f1592f31293d905a5d810d1db7a7325d411c41e5d7c75c1c5608e4195970ad7fc545680332ebf3cd04227116af73e176021dcdc4464967a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51a4386feb3d810079be62d35aa6d2b6
SHA1 bb9fbc8cd34eabb19fcd024a20da907d8f012ebe
SHA256 e60c29deb5539c52a2ef1f4c8df795813005f547f6e685be0ef04e98bb7d54b6
SHA512 c4e8e3fb6f27531f743ea40993046d25ecdfb3f9e765a495db82c76f1b007f4781a6f4a6c063dfa07bfffd8bdffc1a6b7282b4127062bd5ca63404f4b2ab9660

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b05f2b5031ac2f719cffd5c8b23fb6e
SHA1 aa25fe8811d707d84b34df36b2c691293f3cf8cb
SHA256 6f57f6bbb4b286b418f28f98c0cdf23bbfaa2a2ceb39640f33b9c58b30dbb361
SHA512 91f57db61ceafbc792e75c94393dc69a5ab7fda37f05561dc0fce0e6b2b823cdb5d25e51ee6e0122247029600d6b4ffaeb7f247d237996862eb43862dcc2cd4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 175967bccff8339a4e84eecf0065cf45
SHA1 0b5af45178453f7a47cacd241d2e30ee31f0e611
SHA256 ace5d9295d3ad6ceb3a4b1d6612b4d2f76b647a6a18f335bfc91a4cc678d3bae
SHA512 c8d85a418ec83803de38dc71065b30194249f74ec40fa74ad2d962a21f3e06a041328b8648127e5927ce7bca16dbc5f3d4e98e8e677b52165f969def22ecb618

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90cdd02bb1a8374442cf8ff839151a20
SHA1 54b9f56a179f521bc828d0f287c6936bb7bd9837
SHA256 f201abcb0bad51b2a4f03e7e73c27e0434d9606334edcea60682a8f44f18bdeb
SHA512 9ee626a72d72ede54d5e8da6af711d68d625ee40562494cc884b24ec39519ee96b042e31308b783f05c981512faf5a08014a330619afee18bb5cc1596e0d043f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:18

Reported

2024-06-13 06:21

Platform

win10v2004-20240611-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a42aa76baa864bfb51abb8537d0a4c06_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3908 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a42aa76baa864bfb51abb8537d0a4c06_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa025546f8,0x7ffa02554708,0x7ffa02554718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.187.202:80 ajax.googleapis.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com udp
US 8.8.8.8:53 farm8.staticflickr.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 farm3.staticflickr.com udp
US 8.8.8.8:53 farm4.staticflickr.com udp
US 8.8.8.8:53 api.myobfuscate.com udp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
FR 52.84.172.83:80 farm4.staticflickr.com tcp
FR 52.84.172.83:80 farm4.staticflickr.com tcp
FR 52.84.172.83:80 farm4.staticflickr.com tcp
FR 52.84.172.83:80 farm4.staticflickr.com tcp
FR 52.84.172.83:80 farm4.staticflickr.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
FR 52.84.172.83:80 farm4.staticflickr.com tcp
FR 52.84.172.83:80 farm4.staticflickr.com tcp
GB 142.250.200.2:445 pagead2.googlesyndication.com tcp
US 172.98.192.35:80 api.myobfuscate.com tcp
FR 52.84.172.83:443 farm4.staticflickr.com tcp
FR 52.84.172.83:443 farm4.staticflickr.com tcp
FR 52.84.172.83:443 farm4.staticflickr.com tcp
FR 52.84.172.83:443 farm4.staticflickr.com tcp
FR 52.84.172.83:443 farm4.staticflickr.com tcp
FR 52.84.172.83:443 farm4.staticflickr.com tcp
FR 52.84.172.83:443 farm4.staticflickr.com tcp
US 8.8.8.8:53 draft.blogger.com udp
US 172.98.192.35:80 api.myobfuscate.com tcp
GB 142.250.178.9:443 draft.blogger.com udp
US 8.8.8.8:53 83.172.84.52.in-addr.arpa udp
US 8.8.8.8:53 35.192.98.172.in-addr.arpa udp
US 8.8.8.8:53 38.201.222.52.in-addr.arpa udp
GB 142.250.200.2:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
NL 23.62.61.122:443 www.bing.com tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 122.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.blogblog.com udp
GB 142.250.178.9:445 www.blogblog.com tcp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 draft.blogger.com udp
GB 142.250.178.9:445 draft.blogger.com tcp
GB 142.250.178.9:139 draft.blogger.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 astudents.ru udp
US 8.8.8.8:53 whacnighming.blogspot.com udp
GB 142.250.200.1:80 whacnighming.blogspot.com tcp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 91.16.208.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b4a74bc775caf3de7fc9cde3c30ce482
SHA1 c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256 dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA512 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

\??\pipe\LOCAL\crashpad_3908_UKHSKEQHEAAZOKPE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c5abc082d9d9307e797b7e89a2f755f4
SHA1 54c442690a8727f1d3453b6452198d3ec4ec13df
SHA256 a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512 ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\532efe6b-f9d4-49a7-92eb-12933788eece.tmp

MD5 84dea15d678cae1fbb5b0ca4902b3beb
SHA1 6bf3a7b73656119d3339923b74f0868c65a644a7
SHA256 b8eb4386f2b29f6c5819fcfc03d9b3eeee0e297bb173e2bd24bd76d6a73335b2
SHA512 481bfda4bb0c66c87f06d90c15e52768bf92f69fa53a84db35755d75da38a7d0ac6b0a7218445d2e807e5873b435ff458172374bd99f729af3f478e3ca181592

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 454eaef59cd3b936266f1a8a1e0056c4
SHA1 755e92ebd3fd742e78e3762248d6bc258b182fc4
SHA256 bca73268b4ab43edb8ea26d5ad6c93085fb9a50cbb1dbbed735a693c5cfdeaba
SHA512 6e99d6c3b55c50121e92a5823cbd31cf1111bb9b37f274840374f1b7b53c2406fd42ed10a623fe26230a82e87060593e2dbfa51aaa1492197f13f96400f8a608

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2c90684afd0db24577f11450b9c803e0
SHA1 04515017d1abf0296fd3282994f3086d91a50766
SHA256 3044f1f2a5c1a1d69679f7676ffb8aa006fc0f475b53cb146a1a294c41af2a6a
SHA512 f61970ea1e5bf0d3c97ca533c97025664c6ffb4e15fd4aed053d71cfd2dd7308965b677239a8e0a822d25c9e8a7aa02b1c33ad45da3e5a42cdc6b6fcfda2f430

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 59d91f503aa3954a9f6fd4d949d28793
SHA1 212cd0d08361686ac41902815d6ccb654fbf4d8a
SHA256 fd52d1d7a1d14d459fc41fa341b66d7cdb07d10e0b3ddaf43bd38ac2f5ebacfa
SHA512 ba21ca6b7f90dac3f6ff28ccd7109506a43a4646e082f84a92e38046825797bc99e520d440ad9d777139642d7e0bb377542a713fe08b9342eb72c0f58d086fd0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 baf4de68133d929f6f79ca41a8d030d8
SHA1 8f3e4978aa844c8a31923a86cc044d97b2d7cebd
SHA256 552c7046d7fb65b328b9ec9191970619499f5ec71dcadc7c80af2cd94f61f0ea
SHA512 beb212dfd616e9b918f139c7f8001900308d006746f9a33d402948883a387b11767e4567426ae9a32dfe04bb6ffc066dc961ce96a2d08cf30fd9c33598a02dc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6b372dd02b2d7f96c980848feb459e43
SHA1 3741bced77bdaae4901e7982be8eb440b81cc0e1
SHA256 a0eff44c126ea6fd4a8a7574acf80792e18d5b57309df5b3d3742580694f5630
SHA512 98a906b51d82434ff82c5aa0da7023afa4e76d583dadc85e9eb1c255f3460ce39df8d53e4fb34256cdb2281c26462e870f21b8465eda7ee328a3fe0789d02566