Malware Analysis Report

2025-01-18 00:25

Sample ID 240613-l6h3vatgqe
Target a5022a184cab2e4aaaa29f3badcc94a3_JaffaCakes118
SHA256 851cb8fbeebaf25622ddd54b074224c8d06c3b29bc545b545bedead87fbc7222
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

851cb8fbeebaf25622ddd54b074224c8d06c3b29bc545b545bedead87fbc7222

Threat Level: No (potentially) malicious behavior was detected

The file a5022a184cab2e4aaaa29f3badcc94a3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 10:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 10:08

Reported

2024-06-13 10:11

Platform

win7-20240611-en

Max time kernel

121s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5022a184cab2e4aaaa29f3badcc94a3_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435187" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000007e216d55ac85be2382e2167685fe8b45db5ace083b3a63817c47d668f926dc42000000000e80000000020000200000009d82f6bf943484684f491c78f7c2a82cb4324b7aa4bec4a74c75b7cd8b63134c90000000d8403513eaa30c37c8f527785b4aa7494cc813bcd1b76336a390d5b9ba1f6aef3707f44591b29e4492f2f667ce92618182046e2bc959644b4b20996ad2f191874503f678748029a58d04bc17510b7c050651ae1c6576963435a7524154a8d54d750d96084503e2863fc0d05818e29841f4f1c02f78bfd68565246c86d45c50825258c4f0fc3773d4bc8af0fafb0782d540000000a529b8b178a0e7f24273c8ab5dcd1b0dd7fea0ed0ab89641131c4447e517f2fa1c2ed6707d66ff8e24810d861a6096297db823bdf0735146b1da4c3a5df291eb C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 603e6bbf79bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E7C0A6C1-296C-11EF-A05A-CE80800B5EC6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000522a65622f388a65388eb1d70ea42a626de638fd050d19cff5241be1aad35490000000000e8000000002000020000000a6d13a3c628b63e915de09c98d417b66c12afc235130e8e2e8a8dd60062ab2a220000000883364912ad85ee71885ab5d0848cffe5e63417583a2d6734ee0a35718fc1be140000000d18bb5f07e65fbb8ca2fea93aa98c2abc9cf385df6592840f97780bdcbaa1bc5efe2b5cfc900ae6db4cf743a0c7730b394746f4594c425c0ba8ab9115bafffc1 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5022a184cab2e4aaaa29f3badcc94a3_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.barongroup.net udp
US 8.8.8.8:53 widgets.givealink.com udp
US 8.8.8.8:53 i2.wp.com udp
US 8.8.8.8:53 s0.wp.com udp
US 8.8.8.8:53 s.gravatar.com udp
US 8.8.8.8:53 stats.wp.com udp
US 13.248.169.48:80 widgets.givealink.com tcp
US 192.0.77.2:80 i2.wp.com tcp
US 192.0.77.32:80 s0.wp.com tcp
US 192.0.77.32:80 s0.wp.com tcp
US 192.0.77.2:80 i2.wp.com tcp
US 13.248.169.48:80 widgets.givealink.com tcp
US 192.0.73.2:80 s.gravatar.com tcp
US 192.0.73.2:80 s.gravatar.com tcp
US 192.0.76.3:80 stats.wp.com tcp
US 192.0.76.3:80 stats.wp.com tcp
GB 216.58.201.115:80 www.barongroup.net tcp
GB 216.58.201.115:80 www.barongroup.net tcp
GB 216.58.201.115:80 www.barongroup.net tcp
GB 216.58.201.115:80 www.barongroup.net tcp
GB 216.58.201.115:80 www.barongroup.net tcp
GB 216.58.201.115:80 www.barongroup.net tcp
US 192.0.73.2:443 s.gravatar.com tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:80 www.barongroup.net tcp
GB 216.58.201.115:80 www.barongroup.net tcp
GB 216.58.201.115:80 www.barongroup.net tcp
GB 216.58.201.115:80 www.barongroup.net tcp
GB 216.58.201.115:80 www.barongroup.net tcp
GB 216.58.201.115:80 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:80 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 www.webprez.com udp
US 104.22.70.197:443 static.addtoany.com tcp
US 104.22.70.197:443 static.addtoany.com tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:80 www.barongroup.net tcp
GB 216.58.201.115:80 www.barongroup.net tcp
US 54.153.1.168:80 www.webprez.com tcp
US 54.153.1.168:80 www.webprez.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
IE 2.18.24.9:80 apps.identrust.com tcp
GB 216.58.201.115:443 www.barongroup.net tcp
IE 2.18.24.9:80 apps.identrust.com tcp
GB 216.58.201.115:443 www.barongroup.net tcp
US 54.153.1.168:443 www.webprez.com tcp
US 54.153.1.168:443 www.webprez.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 104.90.25.32:80 x2.c.lencr.org tcp
BE 104.90.25.32:80 x2.c.lencr.org tcp
US 54.153.1.168:443 www.webprez.com tcp
US 54.153.1.168:443 www.webprez.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1E2D.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1E4F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 6bd53ecbb5ba71bd1fa0c40aba42dee5
SHA1 6891a6186227b759f58066ba5543320e5799fea3
SHA256 61439b637ced8d087456748b1b2bc01d7fb72d4e1bbfe30dcd060c4e57d2a4c9
SHA512 2a05da6b58d75377bb711b876dab7e3c47dfc36d89a3f2d82a000e6b5e4ccc3c567ad324a72f0a830168f98b656d8d0c9cff46e952eacc6e732bf16e2bdf7197

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13

MD5 037ae8164352ca91e80ad33054d1906d
SHA1 1d6520e9f51637e61ee4554393f5ac5eddb18ebd
SHA256 07c018eb07002663d5248daa8a65eaf587955e3db45735e7e3ac9cb13d7d664e
SHA512 a092a9e43bb47bdb0e081bd4f2c0ef7c6f0ab9fbe3babd624d577186ba52e52e86209a527ced887275b74aa127b03e83c476a2a39a1d6dcf0ba1d024e7bd7730

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F66C41EAA2D81999FE21D0505464F585_C176EBF37ADC469920341144AECDB053

MD5 7132e381c7bf0365e705410e29870675
SHA1 3ad47ef50b190027beaeb6900f6b865be2e098dd
SHA256 5cc0a75c8270971e4f822cae7a5abb3996e98bbbd1fc6e4eaffbb3f9228bbb24
SHA512 f6818b3bcfc5b2a28da858557bee3d1c9e8cd6dc074742b836870411c773b5419f4f92ff45557313285cd228f16d501cf5be64a4b0adea36faf2bb05e0e5e8c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F66C41EAA2D81999FE21D0505464F585_C176EBF37ADC469920341144AECDB053

MD5 90f1b54cd8d0976ae9f5fdc103076a49
SHA1 5062e76c272e99fad5fe09472fee0c08a179f355
SHA256 86e8992427b58647bb8a641a4a43a4b9529ade0bcda1c3d6596a1bd54bdbb1ac
SHA512 0a30f126412ad5cc988db9dafdf49cb8d732d6a48b18ad31dccd83814ae107fc6ec512e11efe99be472d51c404fab2704b01c8e0f67b8cec67171b440187b7c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F66C41EAA2D81999FE21D0505464F585_C176EBF37ADC469920341144AECDB053

MD5 64635c078aa0bb7477923e1695806394
SHA1 39d26ba961f3ccee247ad52e9a62b7f7ac795859
SHA256 2895e81e1faacb7fa1170b8597e46ddc5e66acbf05373d6418cbc7db640d4a87
SHA512 ad1646c9c57999a6ba213710c7ceb3c7a8007430419c83108ca128a12a6ca412c865fda5fc6a6895b1e2f0f193e433db512eee0bdd6c4a83a74149d2ce9148a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95f472cd1dcea67633beb153dd1a3244
SHA1 15fa325e83667a461cd2aaf20a79215b0dec46d7
SHA256 8237aa49b431092d58afa254058f85ae3ef3d793528c909c934bc566a01e984c
SHA512 0e7ca9d9fc0004168b5641946963feeea85cabdbc100cc36ffc0584cbd5685551557dff046ec0f0f9472e8ff001286d29d121cbfcb95b525223c660b3b62c9b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 635429d6260978b191d1cf180f8660e7
SHA1 b050e3458ed47b8237d4f914be16e4ddd4abae1b
SHA256 e079c91b91faf0c4ee63140cf93ba45f5217c8c20162eca189e7ad6f3287534a
SHA512 797e7e7c21da323a96824499c651436de94a1c56fa8f99aa6f0113f11bb3f9615d65f79928c898872d2ebe2a244322d3b56b16766663e85b8a9f7c006a71c1f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be51b1e4fda16ceb3ccb87e97af21512
SHA1 3a1ccf1f29a93f12b8173d72b029c532ce430632
SHA256 8c83448cf8bf43952598bd23aa3c70ed6f917a8ecee08cea391629b84afc1ab1
SHA512 adc5cd24bc3a984f50764fb8ea8433e2b88dfd915be3ef9ae2c521875910f6c113447ea73bb69b038f2640aed5d7b4e93aa6fbd7485b69e6cef919c3936682e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7e58128c1521fdb6c86dfa7743bc26d
SHA1 52ee21259ab488e1b042b848a53582181b6299a1
SHA256 ba62f06f635b43dea8ea4218351ec1fa265a30adc41d9b8c943510bee289d1c1
SHA512 0d90af2f9469d5118f9bc34338758540939666b7d328a42beaf2d10685269f3e12bea2c161327d3c614c402d29683973a7f6cda20275cdc7a3c57f54f079658a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68834f123413598d3ea3f18a0d8c719c
SHA1 162d28583bfd91e63a393ba79f1a2f91aec081bf
SHA256 6d4be1979c2bcadf55e241060067f2d592bfd10fea156ca9e195c309d4e8d115
SHA512 6700006696558ccb0ebafd863cd41b8fe20837f3d624476ae6c2ba1766529096421dfa55cb65179e9918df3eb0253525e7a6239a23330c5d6274271685a9dbce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1e683b70a6c3a8115d3be90b0fcb293
SHA1 880ca6aa0ef6a7a881e528c333487f09618d5bfa
SHA256 8e678502715046392842f4420a7a714e51d350bf4549dc812eb48e617dd662a7
SHA512 76d7597707bf525612038680131331508a8a06cb88ff2fccf46588f539fe6b21db33135920b9eea35be26a9d9de5de98d834616c9ddd3153e15665c936138527

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 035c9143cdc32592be2bc2378af90309
SHA1 73ca5c46e317840d115a65e8790f8701f571d1a7
SHA256 98f03ec9fbed25547185c37611489830522a25270c4b7d439e4589dcac002436
SHA512 ab7c1bc71f7c0a012b2d83862d4d922f1a828b8d321658becceb4d7ec3ab6a9d1c3ba10de12ea97b418c00111b483a1f51bf48f40d3adc1abfa2513927dcc0d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2b5fc07a48d64261cdc8b9f734207b1
SHA1 856c5d2a32584caed75add12b92d56c669024dad
SHA256 173b942b878b36db0b4f68fcf82d0d97229adf632909bbab24e44f9586258624
SHA512 f5a3ebfb5cf839d88542c6d0724ddf2d5af8ef13bcf071b373bd81592dd406b2424754ae88eeb9d6a5a1238dc85e6fedf03c6636a204101670cefc0069c6958b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de1c133725ae51595c5503cc03d042e8
SHA1 34ed45c484e0080a4d69698ff868acefe58aadac
SHA256 90c0ca914a15282fdbb7de07030efccab27c6c3f26e2beb65f5b512983580a6b
SHA512 64e8a13372219a247847cec9e309f2d6d1b10be1ea761d101e8b350226d8bea0f4d0f751dcc13b6f56c3aa99759d99a88cb240ed07b18ef1cd7ed974e531c888

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2439934a5ca6f75ade3303462a2166a4
SHA1 c98740977e394bc33c0b58cf274cce677e86cbc2
SHA256 12a6ccb941ef9cb512bea0fe663b83fbf448e290f053e02164687f99f1254a64
SHA512 51daba73e4bd254c1cbd5636e2b7c2a19c555be3adb241fb55a249bb56adb997e6158206d4172f99bbe13530f469cad0d62e912d3aa6eabe49afbbdf8ecaff72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a1097b312e82f92749e8c111981f445
SHA1 ed03b6ea1da849174c856de78d8cc0c1db68f2ea
SHA256 741a99ec6364804aa76204389576cccfb1e4409c014aeec7d3701ce85b79f6d2
SHA512 7c09a7f15afaced0893584c75564a20c1af5a2a60f158d989e0147dff596c14c2b400be2516feaa4ce5960a0f7e493a90154ecfa0124cbbc60bc313fefeca888

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6882b653ae0068e3f335b515e5dd46be
SHA1 f0eaed7401db7fefe14d45c7d20303748ceb8e06
SHA256 2a8b4eedb2c2b376b89501f8382fe53e1dfd1f4afe5602432019a5194b77cba0
SHA512 510c0581498cc6fa8a9fe176740415e2876cfc23cb31f752445b2c3ebd1e270670a38ccd1739910da7f415cfe79ee9c7b19eee32f087f746370c33dda5e129eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d3f230a4ca5a931503f89f5fd70458f
SHA1 e73d06d4886900810b95b8f90da1f6e7c9735ef8
SHA256 682d1d297de0424e951b90a2c8055a1abdfa1fa8e91ab13306e227a89a1a4d5a
SHA512 f3ec41445abc249b5fffaeba2f35cb8da2f057977cb5e96e65bfbd9c266fd6310bdd08fdd272e53ac7636d7fba73726243dfef582c14df1a3d66b0dcbb7ab400

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47378cf0462578181f638269afd69b35
SHA1 22a476e970986a6890ed2271874dea7abf4e86b4
SHA256 406b9951001f115fcfbddb76f5a0ec2ff983fb4db8713ecc75e7e96c8588fe2e
SHA512 313b64775aeccb03519c58665b3a079fc5dcf4e508eed3844ea0746fb59022ecb8cbb7847c490bc51b92bac1708dee467a56a9c2a4afd201e1cda5ef6dc62816

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1c0be2584c80db0dbd91daa036f6956
SHA1 b6a048a22fc00cf8a85d7d3a1ebc08bf07796ae2
SHA256 8af98253c81095e5b4f99ee3576b90c29ef54161b216d9146be1843f20a17f18
SHA512 257130b8c73dab9d09532c93e480f1b99f9aa5637c29aa48cae64a2b34dda3e4da7d7eae68beafa08d19209ad75112425dcd54e5bd653e89d8f300b946a04def

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 663efb9a37f526f6e46f84e171c91d5b
SHA1 29b43126a4a5664396124b2a5569248c815352c1
SHA256 6153bd868a73230bc85972b6fd588287d5f9398c8561f313b5177900580b97b8
SHA512 0f54b16c62ecae1c4703c8cca998e9a087a0062e235878b81b160d90b4a1be764a8a060d57788b6d9222453d8a896db2445b13836da3fcaaa412f052979c3002

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b02f91086944b1c8813c4805374d2009
SHA1 c27d3ae8561c45d2842e4d8ae53264be59b2a6c5
SHA256 c9ccfe8b78aefae6ce385d148dddf95367507977b27470140c06d3d1303aa90e
SHA512 c9401683b337b5aeb48d6d2da59486b399cb5d0ed167ef884582196059dee742e3a6492de46ebb9836a83419b8f56451749e80c260c6d74744fef33a1f80d1ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25a437f8622d1e94d7d86db4973dfed1
SHA1 9a1f30cd1fbc2227d48a5204f7dbc3a6ca91bf46
SHA256 855982e3d679a59cbec89d6ef1e93ba23057f56e1c7983ddf1f5f4df25509703
SHA512 020e020e6f084d3b285c658661fb126ddbafdce96932b2e25fb3d2ede5f1a74682714a59aab3c181d008e3438b5fe03ee0d8ea7ecfa7947e21e933e47b051c0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c847cbcafe4731e36b2b56ed15b9ecb
SHA1 e720414645064d3a8fe6bed3cc7c19b60c696a82
SHA256 13804b53236c36593758ed9f3f541a1dacf6e5c82920ef2f6a70eedf992105ca
SHA512 aadd2fc70cc246d73e97fb34e2d9f8ecabc74c4af4a7c40dd8a12d7cb4f78d9c5e28d207c0f28475272cdfedbe771ab80819fc285cd5cfb6416155026e6f9625

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 186719bf02e322a76eb93ebd15c13762
SHA1 3a7878db7587d335609236d9885ac965b9b045d2
SHA256 e485fa9e83d00f35a8aa35cef0f50b41401423c6bc0ede4270739e25cf430f17
SHA512 09787a70644a4ca0bce9dbbbddcd90127052d2a0a42670dcabdfafd48cbf980db231d3b7005217a2360784d614e96ae664c35eb1269f2ca69ad3c3ff5ceb6cfa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a109b3b2cf9725eff1002f65ca87b881
SHA1 a468677d4425af347681b8a5db116f9dd581d805
SHA256 0dc8dbd0e905af3e7c6ebc84487a624d715019e4b776e5915df0d4e3ef380b09
SHA512 eafd4daace34897ce6797def665e9beb5ed9efe47af8732bd8066a8c6572509691fd6260817c1ee3d550027137b21d4b74a3ec669aef83e98eb00f5f4dbf20a6

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 10:08

Reported

2024-06-13 10:11

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5022a184cab2e4aaaa29f3badcc94a3_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2656 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5022a184cab2e4aaaa29f3badcc94a3_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd90b646f8,0x7ffd90b64708,0x7ffd90b64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,5650980103228801014,9480387161090911919,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.barongroup.net udp
US 8.8.8.8:53 s.gravatar.com udp
US 8.8.8.8:53 s0.wp.com udp
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 widgets.givealink.com udp
US 13.248.169.48:80 widgets.givealink.com tcp
GB 216.58.201.115:80 www.barongroup.net tcp
GB 216.58.201.115:80 www.barongroup.net tcp
GB 216.58.201.115:80 www.barongroup.net tcp
GB 216.58.201.115:80 www.barongroup.net tcp
GB 216.58.201.115:80 www.barongroup.net tcp
GB 216.58.201.115:80 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
GB 216.58.201.115:443 www.barongroup.net tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 115.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 203.197.17.2.in-addr.arpa udp
US 192.0.77.32:80 s0.wp.com tcp
US 192.0.73.2:80 s.gravatar.com tcp
US 192.0.73.2:443 s.gravatar.com tcp
US 8.8.8.8:53 32.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
US 8.8.8.8:53 i2.wp.com udp
US 192.0.77.2:80 i2.wp.com tcp
US 8.8.8.8:53 stats.wp.com udp
US 192.0.76.3:80 stats.wp.com tcp
US 8.8.8.8:53 2.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.webprez.com udp
US 54.153.1.168:80 www.webprez.com tcp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 i0.wp.com udp
US 8.8.8.8:53 i1.wp.com udp
US 104.22.71.197:443 static.addtoany.com tcp
US 8.8.8.8:53 apps.identrust.com udp
IE 2.18.24.9:80 apps.identrust.com tcp
US 54.153.1.168:443 www.webprez.com tcp
US 104.22.71.197:443 static.addtoany.com tcp
US 8.8.8.8:53 financialsecurity.video udp
US 54.153.1.168:443 financialsecurity.video tcp
US 8.8.8.8:53 197.71.22.104.in-addr.arpa udp
US 8.8.8.8:53 168.1.153.54.in-addr.arpa udp
US 8.8.8.8:53 9.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 optassets.ontraport.com udp
US 172.64.146.119:443 optassets.ontraport.com tcp
US 8.8.8.8:53 i.ontraport.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 119.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 app.ontraport.com udp
US 172.64.146.119:443 app.ontraport.com tcp
US 8.8.8.8:53 static.hotjar.com udp
US 18.245.175.78:443 static.hotjar.com tcp
US 8.8.8.8:53 pixel.wp.com udp
US 192.0.76.3:445 pixel.wp.com tcp
US 8.8.8.8:53 script.hotjar.com udp
FR 18.164.52.73:443 script.hotjar.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.175.245.18.in-addr.arpa udp
US 8.8.8.8:53 38.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 tracking.ontraport.com udp
US 209.170.211.179:443 tracking.ontraport.com tcp
US 8.8.8.8:53 73.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 179.211.170.209.in-addr.arpa udp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3a09f853479af373691d131247040276
SHA1 1b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256 a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

\??\pipe\LOCAL\crashpad_2656_DIIIQXMRUMTPMNLO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 db9081c34e133c32d02f593df88f047a
SHA1 a0da007c14fd0591091924edc44bee90456700c6
SHA256 c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA512 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 abc88fc7dc6368ad42729827c6530097
SHA1 0cb6290f45c10cc19c73b9de317936f619e86c6f
SHA256 a1260ab42a80ce5c11d687982762c4773df87bf2921b742e1aae3a47016708e6
SHA512 4b1af2e210dc0d501a46b0040b324b3eb1d55de8d70c8da1e3b48b0118e93d843b92324511a431ccd99c77bb984d4c637af5892fd5ae8a5066cbdd24ed541ffa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ff9f54393c1fa899e7bcfdfb529a0472
SHA1 a1580f0324498fc9c9fbb630794562eb5040efc9
SHA256 b182713a3258f28740ed0471472011b80d5caea8560a97bdde9a53525dd35cf3
SHA512 84641f6262f3d74c2d064a32e7fa4018de5c33bf508d2b41ddc44286876b2bf17c7aadce0f971409d8369cc61b4c1dfa370e4465b210292cdfc98a61ce76d6f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8835072e9b4da24ed0dd8d333d2a33b5
SHA1 55b4e60c0ddd0d25759030a29462a81b054ffceb
SHA256 9d42ff704942b04dd225397ca0c73803094dfc35910f04c4eb0c15f8cd9069bf
SHA512 1440e8ebbea2060bd37be3dec3f4d1949cb23fac02a37105b65a83e5d1c87d3cee66f3f21ae37795151f6a6cb04e3c058e3093835ad8b72bce3af4f01edea740

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2cc263e33873a67b6a8be38f38be92d4
SHA1 c0bd99593d3177db4b519493e04e885b1b3d4f4e
SHA256 34c2b4f41cfb73f150d7ab97ce5c1ab4073204f6de2730efaa17cc9c1b47d3be
SHA512 56cf81b06afb0ab2ed10b6d768f0b57481cccc402d2536e3b22fade972d482ee1da7e923f6643581afca141a3ba3a364a96cad67e537a3d291b1478a46b33b73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 67404637ba8cf4950ae40c859115fdea
SHA1 b639018ea02e88ecd5d305423df6c9f4cde43d36
SHA256 10e6302e5e1e012f2eba88d4a0a2d71bc6f55f45ae3b26958150fa52c64ef694
SHA512 9e0f66ce425e4874784eeed552f91739b259f3d94bf0a4b63670d6bd891b7d51f8c68d318845898e745c7520f75d5be6991738bc5237eb88c9a5898936d1baf1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b2b33889da1fd299db8692dc878797ea
SHA1 771f76eb553ca759916603bfa100cdca4e013ed3
SHA256 a764e2e8d802610a0fa3fb34965a720bc4c1d7ded7790ffeb7f21e7d9287555e
SHA512 c8c2f981e70081a5bdb54e293fd5d7e3a641916cc3abc4aa9901df24dbc946260eafd0c3e2202f661f36fa38338d01c63b4d3ace0137e4aa1b57366674b3d50e