Malware Analysis Report

2025-01-18 00:43

Sample ID 240613-qxk83a1dkg
Target a5d44c907cff66e2233615f9f53dd0df_JaffaCakes118
SHA256 d35cfe38d6c512738e985d6450399a507d2177787005af64b875cff1a8ac339c
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

d35cfe38d6c512738e985d6450399a507d2177787005af64b875cff1a8ac339c

Threat Level: No (potentially) malicious behavior was detected

The file a5d44c907cff66e2233615f9f53dd0df_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:38

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:38

Reported

2024-06-13 13:41

Platform

win7-20240611-en

Max time kernel

135s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d44c907cff66e2233615f9f53dd0df_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3996EA01-298A-11EF-9266-767D26DA5D32} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000f0c117e2c1ee480098429cc3bd5ec460864ef3933feeb382d41ed40eb89e8a75000000000e80000000020000200000006bd7dceb6f2b65dd6b0a203735fd55bedc166ab4a4bb39958b1e2df9a252673520000000b5020b2c6e8e491de3739d522d29953eea839628335af32ea68f54602ef2d38640000000327b86030a3aa6e7a4c37d77c2ad38cb451606846d7b277a66dce7ab63797146b0e754a26f8580d2006a0e87f77ed7cc643b34a4e5fe8210f0413d425058282a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447781" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000009e9adae0d88cdc45faddf0dd33c7ecdeae5067f2dd2a5a60520e1122c4461aae000000000e8000000002000020000000b653b2c8312a57b53f13d25f6b604d2f0ab73afbca6de73d685f5a3b91b9261b90000000a24e5505b47e07bcbc1ba1ffd51f1a7c7b577bbcf17db4600b60833a9716f079ed48a4bf87f7b53be6435a3a7edcc7840350d7305aa6adc33bcf7009eb437a0e293c0f21c0a95b2d4fbc893fd73118fe090bbb346448204bb0d0e63eae63ecc5fe1515c568a8749f24f4e9d5fdf76f5e2d74624966435bcc8a9cd07d08bb46d649195c7392b8a2d879a4dac41f47bf2340000000ff9487785886974d6aceb90216b7f4c2179484f773c4282b71ff1504bea6f57f1c11b15d703ca75f6bd078eae1ca74ba0492b455e6dee84e12b7ce33ba533b6a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30438c1097bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d44c907cff66e2233615f9f53dd0df_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2840 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 natalieevamarie.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.16.238:80 apis.google.com tcp
CA 23.227.38.65:80 natalieevamarie.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 199.232.56.157:80 platform.twitter.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 172.217.16.238:80 apis.google.com tcp
CA 23.227.38.65:80 natalieevamarie.com tcp
CA 23.227.38.65:80 natalieevamarie.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 199.232.56.157:80 platform.twitter.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
CA 23.227.38.65:80 natalieevamarie.com tcp
CA 23.227.38.65:80 natalieevamarie.com tcp
CA 23.227.38.65:80 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
BE 2.17.107.226:80 apps.identrust.com tcp
BE 2.17.107.235:80 apps.identrust.com tcp
BE 2.17.107.235:80 apps.identrust.com tcp
BE 2.17.107.235:80 apps.identrust.com tcp
BE 2.17.107.226:80 apps.identrust.com tcp
BE 2.17.107.226:80 apps.identrust.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:80 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:80 natalieevamarie.com tcp
CA 23.227.38.65:80 natalieevamarie.com tcp
CA 23.227.38.65:80 natalieevamarie.com tcp
CA 23.227.38.65:80 natalieevamarie.com tcp
CA 23.227.38.65:80 natalieevamarie.com tcp
CA 23.227.38.65:80 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA512 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

C:\Users\Admin\AppData\Local\Temp\Cab6187.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar6188.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3372895bb8889a73c693d34eb4443f1
SHA1 74453f7660722ffa9b57a49df069e726d178d8fe
SHA256 cb8bdb71c5a252c468d07f47a284794e0e24d1ac3d9043399bd0b781d381cc5e
SHA512 42c9a331b7f43ae7cdf8e070f970c68af5270fb44b033e5868326b2cdf51f5cad75f451c8f4f3a7c459feeed691edc6933b8cf01e3332a1a7464d8075076eddc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6346ca503ec64a38f3b91fdd023f1fd
SHA1 ace01fbd8334413ad8d47db211c363286ecbfb9d
SHA256 daa6952d059d7cd8ff168a434a4e5450e2e898f1f22d28e53386653f91875254
SHA512 ab46cecd3cbb19b40d0902d7effebe6c1c0bb7c06fd78c2b00f44276ca2e70e4ec509bc6e2898cb5af491e423b4dc1a4a688ba610e198dc6dffd6d38dcc51f5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47dc96a15747640f539e246afdf3587f
SHA1 7ae1ff8384bba8efbf7b4a95a2ce88d8d62938e8
SHA256 2b9e40423441dc363592e6381578643af3d953fa215818a17543f7f82e3870b4
SHA512 0b3c7e0aff5df19400a65a720a7b4d77e51cbdb5ddbbd59503f7f73a81de99fe2f09e556414852cb6544a866b38cd391f1e561d7e4f2841e151306d3deed9bb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 31fec55baf8821b396dab74bbbe2443e
SHA1 2e13e7589f9fca22dbe634eb057998fb0565ad2c
SHA256 9d9556591148b973eaf3d56b378522e4b8a321ca250fd06dfca07a6f7df40da6
SHA512 feec96d9dcb6799d63ac825f2c4e9861ba841a2c8429596ebe84e147da46331dea8bfab7043057e2c9dd0d86c3339cf2b7b5cfaaa27665f84b59df60e2acafb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 822467b728b7a66b081c91795373789a
SHA1 d8f2f02e1eef62485a9feffd59ce837511749865
SHA256 af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9
SHA512 bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 905e8b00607614445f93b9e29c5c660e
SHA1 77efef2ba80b9728a568ac59bb080f9c72a76a71
SHA256 f40367720d58494aedb1d499ebe5a2495cf3a9f6a973f859bb9e16b868c1b076
SHA512 682edb41baafe38a36c65f053e2b49709bebc53432333b367055ff0c9fe73e34ff93377f7316343237952fa7d016f34e63ec1e36b8889ddc4cb5e89efa71a009

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5585acb12b17e3587c6d81f5091fdf6
SHA1 9a30e67b66468416cefe4b8a589673d74dc88877
SHA256 907dd147dc8586d4a488734c1d23c9bcabd0e9ae14af3c5b1b4db37c0779b6d6
SHA512 1a504bb8549b7fb2cb58cc9fa6abf7f3b0f74701d4b56a692073c234d91cd838d8603d2007e4a6a714deb23c6aa013264e59952ad72067de5246705baa001a69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69f7c46659a81967797e27e7e849c92e
SHA1 c1784115ba21baa9036176d283146e0652b8a24b
SHA256 1b51d24110d226e4ef44c4e628c55ef7df1c5c55166fda7dcaf2d2c836856958
SHA512 d7f5d0ea037046cbc2216cd7adf135cc8fbc4fdbd6c42a10d131ff13508296362ee44e96ed4afcaf74e85a989cf18a5a5562bdbc012f26502b585057dca118ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1e7aa6899b6ac07cd1204791b258b5e
SHA1 90f06d9f6ab864e63c773174391051b548259529
SHA256 0e5dc31763c953c340859d73123a0995227471c29f019fd483b33b9e26555e79
SHA512 c850177d399d6b121a4fe5c2749d9e831d41f217f8254b6675c791dbc3f42cd5d570a19990153241d4e282b91c6d4dd04fbafc8a51745527419a75d831abc439

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3635d4e540096188f832127cd9bc8ae
SHA1 cbf564bb44bd0fe717e1f9a9a6d6d81fd6574fca
SHA256 162ef4b94c2e4dd3f59f11722b94e9c83402b3a65f80a375d5a60648876d26f1
SHA512 af6b6add7fe1f76a5da7e20a301172a90bca2db8a7e655cc79fa9a75f082111066a057664cb27832a3a5d30958f5f2e0d6a0b94b34f42cf56d5b83adff03552a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c21bd272977da47b98590261f2d98949
SHA1 cc39b76f01cc877091c2d301e68c18c277d9a239
SHA256 964b36de48bd00ff7123c5c33b74581234083c40b26cb3b0db3dc43867b4b418
SHA512 1bfe7a4347acebd084b00b0c545521887fb2a8f1878b44fd4ebd17124560f83f17c40d8d8b2a9f129c2362880da51476774a7ab8ea7d8aaa15e09676ac0bfa07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef42f651df2535a9ae9564f17c4ecdfa
SHA1 bc4dda9caebc27b58a77570860417d1ff826d30e
SHA256 cb0cd0a92804d605e6d9390a51a43aa95ebb7c9af870f89f3d7fe14ecd85b5ea
SHA512 8d276f544160cb5691a3024ecf5a586626cbfe54494198cd46d05e996805b42a2d27d484f9ac050e1b933ffce0e55a0980aacf29726885396cade5a55252373e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42fae7257e8539e1cf3eb5fb876ae5ee
SHA1 117e914ffc16603d7c2a9753eb752de0b068cf73
SHA256 6506621b44345ffe9b1f48a7612cbc3c8c0d52255485693778a75f458f0db588
SHA512 de461bafa903a555f61e9ac2e61787d31dfaa71df9f1676c9cecf70b81f05a0d408f976601b53e2f9ad2a145d7569557adb531f82e1f6b9835dbd5970d33ab2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 035d656fec3c3e7676ca0b31e5da9857
SHA1 632e9881d81e7ca36db9899554004e05f198cdec
SHA256 2eee39e2055cf60d23fff3ed77782e9a60bf9e7b2aa34035094ad57952fb8f9e
SHA512 18b9977b7b18fdf6495ea926a4fadd51d090df82ab5f69bee8db5acae778beb5013caa115f08191f4b894f007370d1c083f0a8fa46bece6e90880efb80e1ac03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c930d3946d57b54dc8324aeae9c96c05
SHA1 26b0658e0fe941bbee6ceecde4fae9a70a1736fa
SHA256 80b0e2b60c100438775ecbc7a3eb8a3b52bac68d6e0ab45cdf6aff36069e91eb
SHA512 546262a36cb36c785e972b106b936bf584e1bb0e2e86277ac390608b3c2e83a5a2511975f169a7592d287af63aa3c9d8c974b49ba98e4ec431b906f787a0fa61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d48f62a0f8d1925f1827445582bfcff6
SHA1 c7c51ab8e9f39bcb9a8ad273679e49bb16e90fa9
SHA256 54bed8bd9ccb247c97fc9fecd96e8e8f6799fd749497abd1711b00503089e5e5
SHA512 191a9d09cb4ace57334ffecbdf6da2822be05becf990a9fcfcca62ac381211ce7ef7fd21bbcc52a26bd0c7c89b77c65d2a0ff9dd775c687c43d92f574e37a32b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cceb32aaa6330bb0231b7292e8858bb2
SHA1 58592b10633eff3be0ac8d1c65489900f19a5e63
SHA256 b6324d9750a76e9d333e3535bc3c1869fde4221ed3b84b573dc5521703620186
SHA512 850227e576a98e6a7413641704c017a945b8d7cdd0e0896e5117f27387dac6bd867b70a79b52052e11451fbeb0c95a9c887adcaf0db552e77c6c3f423f6a90c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97adf37fcd46021299e7950e35e94429
SHA1 3b72779fb39d50a0bb1f0baed44d189e5dcb339f
SHA256 de85b24cab5668c266f0dcef4b129ce4b4c4370d0a1ace34fe158b81f578ea46
SHA512 87b7993ea27a456c970f7132ea05971abc7824b504a73818e5ad34dca88c01e5ca49650aad6fa8e9f4d5066af834be99e35d5ca389e9a8f9bbf338209664f6b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 553b7f055877c95f2e489598b2d5956b
SHA1 10ac232d0f9f37d8ae26379644ca96c55b32f3ad
SHA256 c60b5c47ff70f9e4f93f8a98dfda313369ff647c6dc9793f4168ef5d376cdf63
SHA512 5ca0b7807fca23091404b445cafb70634a826ffa67e7810df3404abd908f5c4e26660ca441ec25e8bea478c506364ef682a5b84332c0a00b7788a0d6735d4c7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d0513c634da94ec4ef8940a82d86985
SHA1 75ed0d36c0d787e9b0e33a1cb3b2843a78e3887e
SHA256 bc3610d42b5400f01022722aca0a42438800a5a44a2e16c3e52357ae78a66d2c
SHA512 9f6b9515b51668f6b735bc2a3b66055a88ed4a3765a931c378efa9c3b4027e06595db909dfeb0cb5ad7a7f776b927214095dbb0f3404816ddb821f086de528f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49d3a65660eb88054db3c3d682e9e577
SHA1 dd703884ad23bc2e8ea24cf69479e0f0c1ffe1fe
SHA256 5cda504b608372594f5ee1bcfd1eee73f1183339e360d3baa86f8901e43b205f
SHA512 228c57821b6874782bd2fdf55eae5836a96a0f60215eb430ce0f9dddafd4a0c00e8e04a5f16c7bc1ce4aaa7e20442c5776acf157264f560c000b096d20898f5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3acbda152694b28e82342b29fd8b925
SHA1 484b3e6774d62f2f64d2c8bdc3deb517884cb656
SHA256 8df659d1d276e757688580034d392c43a8b0cd4c1d06aa5534622ddaf65f31ad
SHA512 b9d70963a8e331fba6a7155dffe1269718cdabfc0ba0bf99fae10ea90b3514f9c15132e70e1e301b0597ee40382b4f891f7fb539dbf25caaf3fe5525f6c2d70b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df9a8a12021463ca9f038aec3108cc86
SHA1 58a29f4f0e356b733ba1eda4ebf1c928ca490932
SHA256 209983da85c7146cd37051e1db56663837a440d58355da44c8cff26b06979bcb
SHA512 c80f09171bb9fd36135e7bd4060bd7a0c0d5fcf164a6abff7dc8f02c548bc012042447b2973cf1403ef3494d021d4f241ca7419c8547149fb59a8dd9137434b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19f887723fe8ca53de264a4e37b39ba8
SHA1 e90f598c839f21f850621ce5eee4547282f5696a
SHA256 9b3b4c35c767561b4efdc6997202e39441e4b6a191478020b54f5fd12039b500
SHA512 9bbe12f70b6db0fc37dd01b1c4d0caa32b1a2b4fa0e42d4c1b56daf0078c8f941ceae4d9077ba77fcc91c3b6f6e551a73384d0a9fbc4866372451b5044ff5591

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 624b230142fd07d3d71a4c17f744a771
SHA1 c09a91b8107b8c5266ad5d1b5c2f39f2930e2b9c
SHA256 ce8751f37169cca578938613baf981694458770bf1df23fa3e01bd2977fd6687
SHA512 399aa525cc6c5176ec2ccdac8148fca6631f0516489a01c8bb7068a3084fce3bb7c766890d4b3cc59295e0780b7147f0eb9367582fbc7d1dc4a5a3a3ba578f96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98deb1eb40ec4fdcb4adca9a9cdac80d
SHA1 2cea958b70e599787a29da60fe68d0bf7457d0b4
SHA256 c6be3b4536989adf0fac2927316ea45d28e29acd2fc0265862a9c8e13c264f05
SHA512 ff62bae50986f24f5d4bba13c17b4706eae12171e978e1a4852eb07876de0951645c1021cbe55c41d5190b9b202b3422b7d5404fc5b8058cce6e5fdbf28e0b56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a04063051bcce4080641dc19cbe05d6
SHA1 95aa3729735cae32d94271546b0285c3c34ce190
SHA256 835dac63413cb1b992e52660a42edcb749fe9263e66bbe2d79fa44e42e49a55d
SHA512 b2ac24887490c8eed9d80cc19432330959fd2da3c39c21205c5dbf00537585bc911f26e7f4586875474aa35985039014ce1183144710e7307eddbd48f3e342c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d749d2830cf2a4cd97634c07c50a7f1
SHA1 59516218c02abfc32caa298cab6d91f51677cb88
SHA256 0b2958f88fc347cbfba864323986c9541f004ea81743944f85350f2cf1f0bf3a
SHA512 a29db7f204b4651b5c3c5d804490e7d89440242799b429b15bc0839b518f7586dd49ed5249debd12ee003060e0c15c2eba1071beb1c2f59e8547fe8cbe8229d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16bb80c496b13abf438f8d81744c3687
SHA1 cd1dc1cd6a78551cd5a583b54e65ae38af351fb0
SHA256 43107c11fe5293f690dd6720afcd5b2bab3236366cc42a22546e57f0f9a97852
SHA512 62597f87df4a8c13bf428f63979fc34b835e0bdc414595375722a788554f2da0e452a0d970f5bd15b5e789ae3c9a4cbafd43cccd27e97ade39655836ec6b9ac9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5d7b28e2d9c4cb198868b78ec615674
SHA1 93cf85ed4b7df73de8502e93b1371bac6e228c25
SHA256 c1235b9adcec00f0bf132b6ecbac19b90093d9eba6e6d4c1b9863e58bc329457
SHA512 38ca403b91dc56612072e22a9d690687bf7040f22c110fc29d549a5368c5ca20a5e46ac93a3890b08425c6f7803c7002fda3b5d362589425acb356e2b4131930

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c144e9f4592785ad75f95ffa889142cf
SHA1 817170fc7995615775fd90420070893443fd120a
SHA256 f121e4ccdf64efc16803f0de4b77f7ec936e91653c4a5446e32f68435be99724
SHA512 e96b2e34da24e997605f0097de5d4e47844bbfb2011564219461b1c641b40145270847297d1c87d132eada637a9e8ea5e70c199ed2a5a181b3f008728cdb3a30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6f9d3c2638f1ba516c82298b2fbea5c
SHA1 568f38c4ff98cd412e7f7678d983b804ab07b195
SHA256 0876dd2deb34cf1dd4f9a8883e0c183c03026a6237b4886927b03150f6c77180
SHA512 97d45a73f8482690e1d80131c9d2baf37f55a731ed6583c5ad2de6f38e5ea81debb9127feffb65a8d7c3b1b685dbdac7ed91fa51e6d6f826317b2448bf15b4a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5bd19597ff82adefce6d852d629f3610
SHA1 2e20c16399183c5c8d8ff7e1561755897392e32c
SHA256 abc8f381a8c98b47cf57cffc87c0261ee8d459e7e33b28cc90e0da75746b1083
SHA512 53c4ba88db5e858f60baee03f9bf05dd16729f0ad1b12af04ac482aec89aa9df2d8f4a79db96e58e4ad9d3151b7d2b6e0fd831c30a5de172c4cd6256a930f534

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 483619d5675bf36d63c2340378c1b3ff
SHA1 ea572a76e8d1ab82eeb03726252098d053a258a2
SHA256 eae7ed8fbf2275dfa6f9c262ab274e6918bef83bb5d3be53a7f22996456c4bec
SHA512 1c3a23ea51aa197a417e7a3b5e5f7722f2b0da64d0c0a14819802b27f7ebb0f1f88aebb46180d0dcc55852545e2ca472478026e0cfbd1696cf8cd51c1e164006

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de83f2d998e57a56b3ac8deaff168fd4
SHA1 d0227807a5a1e0f57bbb7d1c6e6addab5d425b44
SHA256 22354990ef93712fa0974b01c409259c7d29532dde7fc7e3e868037381bc9bc1
SHA512 cf5aa3f6411e333bcd9ae9b701f953157d83a28cf50a0493813d1ed62e4e42b10873071ceec39ac60f3688af79fd92e62b2d8279d151c19b0b69a1aa4026eb7d

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:38

Reported

2024-06-13 13:41

Platform

win10v2004-20240611-en

Max time kernel

145s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d44c907cff66e2233615f9f53dd0df_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4360 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d44c907cff66e2233615f9f53dd0df_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9526946f8,0x7ff952694708,0x7ff952694718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8153615179336773126,3956767382077587087,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,8153615179336773126,3956767382077587087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,8153615179336773126,3956767382077587087,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8153615179336773126,3956767382077587087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8153615179336773126,3956767382077587087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8153615179336773126,3956767382077587087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8153615179336773126,3956767382077587087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8153615179336773126,3956767382077587087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8153615179336773126,3956767382077587087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8153615179336773126,3956767382077587087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8153615179336773126,3956767382077587087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8153615179336773126,3956767382077587087,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2500 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 natalieevamarie.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
CA 23.227.38.65:445 natalieevamarie.com tcp
US 8.8.8.8:53 natalieevamarie.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 apis.google.com udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 151.101.188.157:80 platform.twitter.com tcp
GB 172.217.16.238:80 apis.google.com tcp
CA 23.227.38.65:80 natalieevamarie.com tcp
CA 23.227.38.65:80 natalieevamarie.com tcp
CA 23.227.38.65:80 natalieevamarie.com tcp
CA 23.227.38.65:80 natalieevamarie.com tcp
CA 23.227.38.65:80 natalieevamarie.com tcp
CA 23.227.38.65:80 natalieevamarie.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
CA 23.227.38.65:443 natalieevamarie.com tcp
US 8.8.8.8:53 apps.identrust.com udp
BE 2.17.107.226:80 apps.identrust.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 157.188.101.151.in-addr.arpa udp
US 8.8.8.8:53 65.38.227.23.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.107.17.2.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
CA 23.227.38.65:139 natalieevamarie.com tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 131.253.33.237:443 g.bing.com tcp
BE 88.221.83.200:443 www.bing.com tcp
US 8.8.8.8:53 237.33.253.131.in-addr.arpa udp
US 8.8.8.8:53 200.83.221.88.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 apis.google.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b4a74bc775caf3de7fc9cde3c30ce482
SHA1 c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256 dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA512 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c5abc082d9d9307e797b7e89a2f755f4
SHA1 54c442690a8727f1d3453b6452198d3ec4ec13df
SHA256 a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512 ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

\??\pipe\LOCAL\crashpad_4360_WICNEIRAZARMBQWN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 87a8e16516fb06ddc5f956de7acec2a2
SHA1 64678198ed28892eb0f196ae732765427891474d
SHA256 dfa5c3e29aeb2068f6455ed800387b93068cf51bb496d5849eca9e1154cb0ec1
SHA512 c5ddd7faf1eb78a756c59832d7396c081ecb825e5ea3a7cc14d2bf5ef5401ba889859460af3ccb2f8bc0a5994158b72d4053528ec9852570ce07155abbd288e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dd1161efca101dc9f19e9126e01a8227
SHA1 e87ea92983fd5c9e3159a63a85ba6a662423694a
SHA256 7d7ec2b6cbd96f25199427dc92e89ca7e4806119e42f76b33e04bac2bb182271
SHA512 47afa91ab7cb90324da2da1823726f53a4c92008d19f9f248412b987f75fc85d45ce575d1b1d1be4c0ee3e7e75c404b862db97969749270e6a47dcce45eac22e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 250d36d3102ca4f6d417f69a9927cb95
SHA1 21e34359e60692a23dad8a865f81b21af2c1036c
SHA256 fcd8e00d067d89de9fe1e1eca351230d9504e56fd3d4301a845c2458373618bf
SHA512 11930c6a0e220d93a2d869852eabbce4fb66f5b145ca72eb2585b02c8d148080bbd0c2ed42333a9eea037e066f1a86528bae8e79d969a00964c6c24940bdd518

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f61fbe76d60c1331d8d66b0203021fc2
SHA1 58fb1e82ba6fb2f0cda9ef3b53e91a1b83ce061e
SHA256 2fe2c5db99ee64274f4f71f4e680fabfc50a4b0c0871503252640092b9af677b
SHA512 8acfa44133dd9277eecafb75960f4613b195411fa0cd24a0abb87755a70d28b96ad99f09facb9f4476dd7e65b7f94c76f01897e822ac51eee930151a7c5babd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57db6c.TMP

MD5 798c9fe0068cde6ed4b7b398c81595be
SHA1 347d445de2598f8c7a1e5a9f7c090304c2899086
SHA256 89c7d6e4cf286fe8c25a845d66e456469d8c684b67f066dcdd6318c45934f72e
SHA512 aa6528013d992b70b6b9f1ead1f872347088976758b9feacfd8e4e9f00a0edd61dbfb9b8fcbfdfc7f41bc4eca12dfa0f68817100639978afba4ef86cc3f65116

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 77b37288d250fa5d7f9cec9b1fa69078
SHA1 d3efb3ca2adea74087c516ba235177e316f771f0
SHA256 0fd3212e1b5f73bdcecec4091dd990abf3c6dc026b3b2af8f3dd4b064cb4ebba
SHA512 7cc5d0c4edbc1bd759980468425c9a7b7520d0e25a1080d84d69b48b15144e8172b11e71a9c502a5663ed8dd879e9e2e64bd7ec1679d37e2bcdde107f7623d2b