Malware Analysis Report

2025-01-18 01:15

Sample ID 240613-g4rjzs1epl
Target a42dff9b0784e304fc15309c07e3bb07_JaffaCakes118
SHA256 f8718427804b901d507ce2a26f06fc0a9240953af37d3d98b45780b59191bf88
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

f8718427804b901d507ce2a26f06fc0a9240953af37d3d98b45780b59191bf88

Threat Level: No (potentially) malicious behavior was detected

The file a42dff9b0784e304fc15309c07e3bb07_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:21

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:21

Reported

2024-06-13 06:24

Platform

win7-20231129-en

Max time kernel

135s

Max time network

139s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a42dff9b0784e304fc15309c07e3bb07_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 706630325abdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421579" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000038c6556835cd124f8c6590f30a182e5d00000000020000000000106600000001000020000000d50fb74f31ab2a252d412a102d7893ade82b2920c8136dc7f0a721880b384224000000000e800000000200002000000032f22866dc9f2b6cec72873dae3946e0caa11317074d05f1a5a917872e80ea042000000066b5cb144672593ff26ef709193dad5cc00d8afac517fdee0ede05a14c9516e9400000004b887080a0e227bfae5571d85c98fc94cab63b7fae4966c5276cb022ca9b8b40d1c144f52212710981682c8be4356f47338245424906beb7a00a5966ad359bf2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{38BCCA61-294D-11EF-B9A1-EE87AAC3DDB6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000038c6556835cd124f8c6590f30a182e5d0000000002000000000010660000000100002000000048b0c6bd2b9ec8923bad53d063d70d4f7de43a28be2e0e335d7602a38d0774ed000000000e8000000002000020000000138a900ba10aeeb4b9d929352279ea09bb3ca947642ed22af8ac64a08526857390000000793f1580fa013ec9945793f857428498d1d26614a70c1a57e89dca9c30725031f2ab9ce27387036a71e678be355636ba87dfbe18d29e6cfeaa6129bdc4869571c228dc50c0654037f29c29f30bc908442b6e220e376ab01a9a793e95bfd763688921ccdb49370b566dad911848adeb04972368004123866fb3d8c554a0784ffe22c91ca30d1251d34cbae5b0ad1a133540000000e5f165aaa1a36cfd1f66a0565cd1978616e02a7cb600294a4c06d34596d178c05fdda232821cd7638593a8888b834ece6d44ad926e538452a74836cdad03a9e4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a42dff9b0784e304fc15309c07e3bb07_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1420 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 w.sharethis.com udp
US 8.8.8.8:53 reddit.com udp
US 8.8.8.8:53 forms.aweber.com udp
US 8.8.8.8:53 www.stumbleupon.com udp
US 8.8.8.8:53 www.createliberty.com udp
US 8.8.8.8:53 apis.google.com udp
US 151.101.193.140:80 reddit.com tcp
FR 18.164.52.115:80 w.sharethis.com tcp
FR 18.164.52.115:80 w.sharethis.com tcp
US 76.76.21.93:80 www.stumbleupon.com tcp
US 104.18.36.205:80 forms.aweber.com tcp
US 162.241.217.225:80 www.createliberty.com tcp
US 162.241.217.225:80 www.createliberty.com tcp
US 162.241.217.225:80 www.createliberty.com tcp
US 104.18.36.205:80 forms.aweber.com tcp
US 76.76.21.93:80 www.stumbleupon.com tcp
US 162.241.217.225:80 www.createliberty.com tcp
US 151.101.193.140:80 reddit.com tcp
US 162.241.217.225:80 www.createliberty.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 162.241.217.225:80 www.createliberty.com tcp
PL 93.184.220.66:80 platform.twitter.com tcp
PL 93.184.220.66:80 platform.twitter.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 151.101.193.140:443 reddit.com tcp
US 151.101.193.140:443 reddit.com tcp
FR 18.164.52.115:443 w.sharethis.com tcp
FR 18.164.52.115:443 w.sharethis.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
FR 18.164.52.115:443 w.sharethis.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
FR 18.164.52.115:443 w.sharethis.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:80 www.createliberty.com tcp
US 162.241.217.225:80 www.createliberty.com tcp
US 162.241.217.225:80 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:80 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:80 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 8.8.8.8:53 6411300.com udp
US 50.63.92.111:80 6411300.com tcp
US 50.63.92.111:80 6411300.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 162.241.217.225:443 www.createliberty.com tcp
US 50.63.92.111:80 6411300.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 widgets.digg.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
US 104.24.21.71:80 widgets.digg.com tcp
US 104.24.21.71:80 widgets.digg.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 104.24.21.71:443 widgets.digg.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 216.239.36.178:80 www.google-analytics.com tcp
US 216.239.36.178:80 www.google-analytics.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 apps.identrust.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
BE 23.14.90.80:80 apps.identrust.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.213.3:443 ssl.gstatic.com tcp
GB 216.58.213.3:443 ssl.gstatic.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
BE 88.221.83.192:80 www.bing.com tcp
BE 88.221.83.192:80 www.bing.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1347.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 82babfd8b49278742feb86d13d72b6e2
SHA1 aec5253f598cd753543eb19f81557b40e5047d8d
SHA256 2ae8ab802ddc5db6ed69c3756796d0dea4597b190fea2abb89a29aa9e0a50cc4
SHA512 4c408107800d0c4f27939549ff2e25c450d45cab9bd90085e977d082009edd0df48041d65da54859557d2c2bba18d9973e5417c00f0c06d419b550d11e617c4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e68d0536dd9c639b5d3fd0b84914e0ec
SHA1 86711e79d54f1b9feae7edacb2c59108ed283940
SHA256 9e3f328ef7020522739e64a8fc84a892bfde70e834af61d73eb3498f62432188
SHA512 7df2d865a1afa2ee6ead1819d7eb5dcf787abdd5ad72acbfab32a1646a143f4bb232640119a76c4b8eda0ec0c7fd09d8b282f60b14e9fbd8c4e1853cac175ffc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb88112c435244601a9f060273f0306c
SHA1 10df9d07e630dd75b636dd3d02b7a3d7ccf5bb98
SHA256 d0b13167f7d8174349140718c98446b1199e0d8d0e1f29d2f06bbc9952b48f26
SHA512 39c41bf2da498bd83f80775486e426618eb637cd98b63840d83234e7f96f331dae546541d0233b2ef0d1d721eabfd904c9f277d445180c36a2194cc106d1ca05

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C10PYA2M\cb=gapi[1].js

MD5 0fe383a7ddb9bbaefc3105b3297f5583
SHA1 f80c9d789f251909c7560bd91a9e1b9a10c26362
SHA256 d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683
SHA512 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1865e830c82fc97e937b4d0c702d13e7
SHA1 f5c13dcd7f1e5d3892feb66a0822f09eca5b8a46
SHA256 cec92a971b5f4e3f32945b86ec3847da043046241bcd68df51f87bfc42a2c54a
SHA512 61851f8b1fa67b54d7285d1de7a0e7fc40a4d7213dc3f59daf611cb193d828523ec489dd50a7a73a099a8ba2ed373b844653914dcc23ebc2faab210f301990f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a40835ae6070301275491382b1d0d4e
SHA1 132bb7a599fd84a08a91d922b6232dcc6cbe9ce6
SHA256 f09a944f662f05c4404e1e96741794ef91c888fb123d2deed5f46daa460381ff
SHA512 bebbb7876a2e3ebd3fd9b0d8861d44001744ab0f9df9acc61feebd2e8b77b8de485ba6eba3117252e423fc7d609009f9923a6773d31cd01a8e18c7413a193dfe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce0e3beb35bef5777a45ee65ba2d080f
SHA1 aa0e4f633fea90749a840acdb75eb5dad47195d1
SHA256 5cd807fd0a7df2840797c8f1d19820689f1becb55dd296aee331a39de719e517
SHA512 f87a651f6f2399b713e62a0c97b7220c147c5ac8e96b6e5d801e43bb78bc009a7bdf3f5ca003444408399069954f2150ad6bf04a1f0448b87be0b73f502708e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7079e99fcf3f57fff7a3dec02dfcfb0d
SHA1 0732e509881ac62d5a08a8b674145106c35dd8de
SHA256 f0e7bbd6e8f60505f1f3deae7cf867e55ab101769989ff3589ec91993ea186cb
SHA512 dddbc5226a1e809572b8bd4b6809f08381cee275cf1d7ff75a0b6c98c378054dd4ddb3dade2337976ca3e0eaab61c9b5f370612078c97423785fa6a17746cbe8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f221b20a066e678988b819bf56edc3d
SHA1 0664bc27d8fec9f9e8a1650fb532d9daba4fa64a
SHA256 245466657ac446eecbbaddba79e8553e17d64b030b9e6c2bb9e623b4f6233f04
SHA512 8330355ed3ebf9bc3b1dcbbf1f429902d5cb9d81c9203c0cbdfd27d39dccfcb0814bcded8a054830d308ee21abaa9c9a69be54ef01b380efd266bfff1321c537

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c61f19c13702ab620b174af9f27cc6b
SHA1 b6cbb168c992c715fdc7997e4c46d325d2feacb3
SHA256 2ab9dfdcdb7dce16806de5d9083bcfb052bf1fe384a2cf807cae7825ab98bc08
SHA512 537f85af0cf9e7cd7eca329547967a219e19ec83ea56862a9330f3eebd249cf9393cb8d6a5b5c7ff06e6562af8e6c97500697a0a982d1ab6ab57b93b51eb9be3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 8fad00c54b360ec978a5eb9671695dec
SHA1 5f27cd359ffe7dda2ab07757f2dad2d14227490d
SHA256 b85b6c984920e64bc49609b56a311d1b411d8c67c03ae3b0cd20524c97c5a7ec
SHA512 961e9282f67f93cde900b0c073c9c02744b5fa12a5ef179f82f6cf24cc1071dfb96594e0b9036a74534a92e64051bd1a73e0b932c8d5c3b782d730a71f229f8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 321267b282920e2cb93183633486ef91
SHA1 c1c6dae06d6e5704a5367fc9763bc94f64fce08e
SHA256 e3100ac683cb0ff9d9b3073e5938f9e3839d6d659b6009fb08c0aa99d386b2f1
SHA512 b52e8a81a4ce7968584f784d4bff5ac810e29413ef83e910ec83429040ddfd4fcda6eca4e3e14813c6acad2ee239fd15993a26f8cca14f0a7171d9b4f84c7345

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e40c03bba508be4cfe0f18804fc92761
SHA1 d0cad2e815dd546bee72d8f1f6b3b99e0fe1951a
SHA256 aa96bb8a51fd9e5597bb5a03bb44019543037f190f049a0ebf91190a746c424b
SHA512 40762849c8875a0e7932e05a3ca3f63a5e0eac24e2cd6fa8d25fdf249ed35f87540609f24ace572671eb146388f69d3c933183f110d701d73543b48511b51220

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4e811c6db5d0b8db34c4bc9a99018bf
SHA1 8c5dee635e25b98f1d1d69c26992ba4b1b9de0ff
SHA256 4d199ad07a7f2e3cd6e7a7699f21056d29da1e25d25b381c8587097af933bf5d
SHA512 d634a4c0fa30996807c9c37ff790786d795f057b6bfac2126fa0b51de8f417c3113c212654a8e4912da55108cb417eb405cc49f65e4dec8d607a11b072aaa3b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62d6cce3750f20edfc78bab62417b861
SHA1 dcf515215ce4036a797d8837600d0a4da0d1e6d4
SHA256 88bb7b80ec138dc5e036089f35870a39741e788b328ee25c382d91b5874ee9a5
SHA512 3c87494876a25c934ca2f858b2efc09c73b38f13f252e6ca2f986c6c391b604a9b7ea6ab27caf60f51d6bf46d1ca51de66ffe8f63e3c9b89c9663276b1ec293f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2bf483518443687d1a2d3c5944c11ad
SHA1 7ace119656776fd807943d371659add8e1b41a75
SHA256 de336c9238d3a9d29ff909f138836babe46569b88cb896b2565cdd0473865217
SHA512 da208f1446b8f112da6cadee3b9856f0e79d29a936cb849df3c1af1a93a6e233ef63aae4a2b0f88da324dc1998930f7ab96b5e7ac41bc568b69400d8ce264ba6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad2e159fd3fbbe6e9ae574b444f86132
SHA1 615b9f299c7279061342e2b6ae24cca3ead95f00
SHA256 54b42408c2880fb38856e2df57013e9797d9e64fda7f384ec990b1da9fe790ff
SHA512 62acaa2328528e9c2e17329360ebb67f6135f00a98c4eba14c2a71f0e1e4d1a4529b9404281d1e4f124a64138b33cf811b826730be34a022565c3f159c66c7ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b69a082433abcec7e049c40ab00500fc
SHA1 725981f147c91edcecc5fb1b8bcadc42a1e4d289
SHA256 67824eea0aae646cd29505fd5342139532e76f076b8f437474d8898037af966b
SHA512 804f0c83b9e0ea8f879b03e044546ddb69ef21eb44ef640354691b7bf33a8d5709e6911acdcc371e4f5ecc2e5198d04fe1e73a0365dd4d67585eb1d0473b1b37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59362d9f46bd2dffe56fa80ad4e2c2bd
SHA1 a142168867a2755ce7ceac9553a595ee3f9a543e
SHA256 b83e57da666bbb47db7911793b750dd5e549d0fb077f08aacd979ec2c8e62674
SHA512 35d2946d80cd1d22ac66e23eba4571e50938c3d1e5f1d303f681d6bdcae375af318a6167a362e3c7166e22f09da6e3342820161c1bb7dee3a3260dc570f0fb2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b98dad31ae8c38d832aedff12a5c3e1a
SHA1 8cf3a7e563c10feee822188cb3b5630634db3fa3
SHA256 20cf4b44907f082c47931cde061919f616dd9f51d6a86f77e05c74fe14fe4e71
SHA512 23463bc2618a3175d8bff0098be6d2f53451a9831692e44ec3b6baaf6a3aadeed26fe4aa0322c6b73c284536a8963093e3a56fa7ff612596fff6cda288eee853

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d4fb593893a2b55a671918861e65d97
SHA1 5b5e71f44d40517504dfae47652953b1a2765433
SHA256 9c58f404cf5a2217902e20e32fc3ad02c655cc7ffeb63940304e9afa1c504a8f
SHA512 b5cdd22fc5b05782fd5c896535d02ae7929014050642711996a61718dc26f3aafb2c0b82e88a0936868cba8aef46010b8bca552cc21585069986d6dbc8358e33

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 039c7b97454c5dc7de8e8f9408c5d0a8
SHA1 845462d43e8886971806d6bdc94e6ff30bd3ffaf
SHA256 1a4bf667fd0534fdec1e0e285fc03ea290805eeec8a83ef73fd9e248b0cf41f2
SHA512 be236df3a075e65a22d82501c99e36746ec62ca2c054b7e0b2dbdca9871abe1a28f6c5502521d8fd8957048d6432cdc3299d4ea8c41b11e9e8ffb509ca8f6d78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6bc5c092057dae60f28b4dbf13485c7
SHA1 e4fd45f9fb38b3141e65dfe6cdce5e678ebee310
SHA256 15d27959c77f2e8a02aadda1ba8167247f1192dcc0f90308daa57ed7359e540e
SHA512 ccd69a14acfcc9f4e71380b2afaf237fe9c15bdf1250f83ab6f7bdf4bb6bdff1727f9d4c0793aae1507e65aec4ee613c409d8bc765ac9cdfe519c6dfb4d822fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 234b1c046a8927bac6fa91fcab7be13c
SHA1 6e67dbdcb85ac9413a63647bfeb3c53b1555f998
SHA256 ae8c8c233c4dab6feded2d918702d3face09614e2f6b477fbffc725ea6f8eaf6
SHA512 095cfe6f50cea1883ce2b30de5bbe514cd104c4c51a0d3f79c47c7516af22f5d28ed2f695cb57b8b4a2e5c4948dfe079118bc412187867738a7255322d2573e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47aa44117af4d3399f8e09b0573019df
SHA1 bb0dcb76a79e749ef03993e0613aab11f1d1bc04
SHA256 3c5675e51caad86f2665e365ab8d9a9246e8e2654969f8c9fe4ca3f87414f0ac
SHA512 1d5a881815da9fb9dd1fe9a34eb3251a837c9baa41093179afb27bdd5f24bbabde50f806218ac55a3cfa488d6a73e42852470be12d0eb39c27da5807cc914698

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6eb355d67f1f02350f075094fd2201e6
SHA1 184cb3ed8a8ed2bfbac450064941657870229128
SHA256 b5b77cc7f0b1af9898ce79454870db9010b02b2e0abe9624d5b1133ef52c2b89
SHA512 aa114b8fea6001c2548897ba964b2d0b4902add783c95e3d730893e8c422c5d640d7e7de25f967d0c7fa692f4a9c80c65e4ca757315d7a436420c2db07cd38b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e3b612b7f8a2cd29fe1f1e2b1dda2bc
SHA1 90f2af3ab8943e12fb053d80187e491e009f56eb
SHA256 a82af19ca5101b6359b2c7bd8d0eaa8d1b271b558d5032fc7cc1d1d08e03495d
SHA512 617b7ad8325d9263a8536223b1a7cc917f7bd5e1260bc69ff7e1ad0a48f77b5f06dbca264658b3532b95c11134a506ff4217e0ef52058ab7523dfee3d9e75d56

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13IS2KVF\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13IS2KVF\rpc_shindig_random[1].js

MD5 6a90a8e611705b6e5953757cc549ce8c
SHA1 3e7416db7afe4cfdf3980daba308df560b4bede6
SHA256 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679
SHA512 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:21

Reported

2024-06-13 06:24

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a42dff9b0784e304fc15309c07e3bb07_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3516 wrote to memory of 1332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3516 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a42dff9b0784e304fc15309c07e3bb07_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc65f46f8,0x7ffdc65f4708,0x7ffdc65f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,15624707805964773205,13344480717564480473,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,15624707805964773205,13344480717564480473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,15624707805964773205,13344480717564480473,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15624707805964773205,13344480717564480473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15624707805964773205,13344480717564480473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15624707805964773205,13344480717564480473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,15624707805964773205,13344480717564480473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,15624707805964773205,13344480717564480473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15624707805964773205,13344480717564480473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15624707805964773205,13344480717564480473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15624707805964773205,13344480717564480473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15624707805964773205,13344480717564480473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,15624707805964773205,13344480717564480473,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 www.stumbleupon.com udp
US 8.8.8.8:53 w.sharethis.com udp
US 8.8.8.8:53 reddit.com udp
US 8.8.8.8:53 www.createliberty.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.createliberty.com udp
US 8.8.8.8:53 www.createliberty.com udp
NL 52.142.223.178:80 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_3516_LHWUQJCUJLPLLQDE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d816f1a56f34a345f67b7c031486d316
SHA1 1220fe1da21d49876819d5a15a4b1c93db1d028a
SHA256 7df2295d3f8a7aa6e0d12fdb782c68f94935f195ae81ddce7bcfe1a4f801f4fc
SHA512 65d578b64dc724372bea55442026ed93ccfcaa8ebbcfe499c791ee1dc4be905f12ef0a50c09c3d3e7884183a1ada64b058d660c756c0a0d4b1eecaf85c728531

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1045d5e77d9ef3cbd89f4d7a9a846808
SHA1 3387e40e77027f82d1641943a5a536ff681d78a4
SHA256 bffe9ce0d2c36690499ada9aa62834cadfda128d5fc974afa03466a72337d6e9
SHA512 12b4a3f78f080f750d869958bdf17579373c7cd2f76e490698a2037b22cd584cc114d059c6c24813a685ea4bdf49d6a072c63507ec1509a190c55763854f2f61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5a7c91aabe0678f4d7e41ffa7d132198
SHA1 c9e196b67701cbf8508ed00b7e0a5f9478f54610
SHA256 80aadef1153c0bd1897b7b4303961d3a460eb1ac423c85cc914e544c4ccb8a26
SHA512 b748b2926171ac42091f6cb36ca5691f69029d8bb6b2176449417a8f8bd93432803f826ea22fbfd7e1b60b11a0a916e61ec198579021560e476725c1ba1be164