Malware Analysis Report

2025-01-18 00:51

Sample ID 240613-rfva3ssbme
Target a5f25695d749480f612c075fea959d6f_JaffaCakes118
SHA256 5b1642db79f3f7c1beb97c8b1f0b6b793318811afc12e97e95fa321b86d3d98d
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

5b1642db79f3f7c1beb97c8b1f0b6b793318811afc12e97e95fa321b86d3d98d

Threat Level: No (potentially) malicious behavior was detected

The file a5f25695d749480f612c075fea959d6f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 14:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 14:08

Reported

2024-06-13 14:11

Platform

win7-20240611-en

Max time kernel

145s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5f25695d749480f612c075fea959d6f_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6D9EA0F1-298E-11EF-8F67-D62A3499FE36} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449585" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000b894403f678a888d69fd785b0b870450db3dee4b78b6c25d409711513498bdc1000000000e8000000002000020000000af43147b5ee0e05d9d63d1c51a6ea06172e67d1aa498b9bfe4dccc496fe18cc020000000b6a5048cc6e11d4680f79c5ae97dc9bac23cfe03dbd98d72ca0644fc7bc2f498400000009ea2ca9932f93639135e1f88b34257f42d804c40d1c28f88eba0cd9c5248838fd6afa1003ca815ef972bc2cd216227db7ba3c2b33641c1f425f8586a82053ec1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3077df439bbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000012cf0ebf42a0ffdc8e86e371ea74265520dc27b2bc3257fd1e3f6a6b7010d38f000000000e800000000200002000000048c12240b904b8aa2d88989d33bc1fe975f578c4a83f1230a3ddc494a032f3f790000000f0e15bd6334d2662480b7b53bd9e39d4da956945ab627bf9545fb111061c95a86e44654ebdf418e204457b861a43659917111a7976966f4e98f0fc30495c47b47a6354217a6ec5e187048d9403932cfd85452b3fab8a0adf0f769d570cc0542ac5c020c52b11b9a8ec9476bdac0a2f2b0da3cc0ab91449eefc3e277094dfc8a851133247f9925a4a995b5b03f438a04e400000008fd14f83e6241034b9e8bbe8afd17c6f6c8830480e5601043249ffbf4e1484a1a22e7289dea678774168f06f38212ba08f20a49c796f1db4f960d05ac81ab2b9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5f25695d749480f612c075fea959d6f_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2652 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 bux.to udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 tinyurl.com udp
US 8.8.8.8:53 utilnox.com udp
US 8.8.8.8:53 img43.imageshack.us udp
US 8.8.8.8:53 img41.imageshack.us udp
US 8.8.8.8:53 img36.imageshack.us udp
US 8.8.8.8:53 img194.imageshack.us udp
US 8.8.8.8:53 img35.imageshack.us udp
US 8.8.8.8:53 img4.imageshack.us udp
US 8.8.8.8:53 lh6.ggpht.com udp
US 8.8.8.8:53 lh5.ggpht.com udp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 img207.imageshack.us udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 s10.histats.com udp
US 104.20.138.65:80 tinyurl.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 38.99.77.17:80 img207.imageshack.us tcp
US 38.99.77.16:80 img207.imageshack.us tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 172.217.16.238:443 apis.google.com tcp
US 104.20.138.65:80 tinyurl.com tcp
US 38.99.77.16:80 img207.imageshack.us tcp
US 104.20.138.65:80 tinyurl.com tcp
US 38.99.77.16:80 img207.imageshack.us tcp
US 38.99.77.17:80 img207.imageshack.us tcp
US 38.99.77.16:80 img207.imageshack.us tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 38.99.77.17:80 img207.imageshack.us tcp
US 38.99.77.17:80 img207.imageshack.us tcp
US 38.99.77.17:80 img207.imageshack.us tcp
US 38.99.77.17:80 img207.imageshack.us tcp
US 104.20.18.71:80 s10.histats.com tcp
US 104.20.18.71:80 s10.histats.com tcp
GB 172.217.16.225:80 lh6.ggpht.com tcp
GB 172.217.16.225:80 lh6.ggpht.com tcp
GB 172.217.16.225:80 lh6.ggpht.com tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 216.58.204.66:80 pagead2.googlesyndication.com tcp
GB 216.58.204.66:80 pagead2.googlesyndication.com tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
DE 185.53.177.10:80 bux.to tcp
DE 185.53.177.10:80 bux.to tcp
IT 81.88.52.17:80 utilnox.com tcp
IT 81.88.52.17:80 utilnox.com tcp
US 38.99.77.16:80 img207.imageshack.us tcp
US 38.99.77.17:80 img207.imageshack.us tcp
US 38.99.77.16:80 img207.imageshack.us tcp
US 38.99.77.17:80 img207.imageshack.us tcp
IT 81.88.52.17:443 utilnox.com tcp
IT 81.88.52.17:443 utilnox.com tcp
US 8.8.8.8:53 img32.imageshack.us udp
US 8.8.8.8:53 img29.imageshack.us udp
US 38.99.77.16:80 img29.imageshack.us tcp
US 38.99.77.16:80 img29.imageshack.us tcp
US 8.8.8.8:53 img39.imageshack.us udp
US 38.99.77.16:80 img39.imageshack.us tcp
US 38.99.77.16:80 img39.imageshack.us tcp
US 38.99.77.17:80 img39.imageshack.us tcp
US 38.99.77.17:80 img39.imageshack.us tcp
US 8.8.8.8:53 img19.imageshack.us udp
US 8.8.8.8:53 img13.imageshack.us udp
US 8.8.8.8:53 img8.imageshack.us udp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 38.99.77.16:80 img8.imageshack.us tcp
US 38.99.77.16:80 img8.imageshack.us tcp
US 38.99.77.17:80 img8.imageshack.us tcp
US 38.99.77.17:80 img8.imageshack.us tcp
US 38.99.77.16:80 img8.imageshack.us tcp
US 38.99.77.16:80 img8.imageshack.us tcp
US 8.8.8.8:53 s4.histats.com udp
CA 149.56.240.130:443 s4.histats.com tcp
CA 149.56.240.130:443 s4.histats.com tcp
US 8.8.8.8:53 img190.imageshack.us udp
US 8.8.8.8:53 img40.imageshack.us udp
US 38.99.77.16:80 img40.imageshack.us tcp
US 38.99.77.16:80 img40.imageshack.us tcp
US 38.99.77.16:80 img40.imageshack.us tcp
US 38.99.77.16:80 img40.imageshack.us tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 fe0.google.com udp
CA 149.56.240.130:443 s4.histats.com tcp
CA 149.56.240.130:443 s4.histats.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e72dccf6c033fe96eb1bef1ce1e8d6fd
SHA1 4555e972e8b14abdffa962279b91774e6d46fd66
SHA256 157486368dc32c9e5f1a671df0c94275b031b2fcdf4660a5061a65981cde382d
SHA512 934669273f6c0d5cd72e3655a811ba226440c3880e61346de7b95e7db60c0afb71dc91347d5012f1cc11f2b331c9c42c25d819a6a34432a00b98f53b90608695

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 318fa6ff35dc44778edfcec2e7385894
SHA1 fd8dd5b5258896dc595be22a252883a738fb514d
SHA256 212a012beb591c8f154d0b8cf2093946119c054cabf152a2c8461170f115ff06
SHA512 2dc93eee2a70592e82d919b21cddfad2eb52f35b4ac87961c295cc01c3c4a17f2e9898590311c153ed7c7556315e46f848b4f4b900fa724414f7826f2b971a67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 7b1741c1b825eb84417708afe78f926a
SHA1 038bff19848caada3c89c839eb0772e666e87092
SHA256 1e645ef6cde8e774d2958f4e2988ff3470be621f24ce874c929426fdde8a22bf
SHA512 aef01e0fb5a52894b90bba998a9033e14edf4ad2dac1a329a5a13709a9157fde4e6c56cc5504bda373ee2efd1191ede0c4529072910dd8a7550ee16069094da8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 b260b1a156ea542600980518fdea0bde
SHA1 5584fa6e7ff7d691f95b02179799fd2117a50d15
SHA256 10b6eca9aa3fc00a3bf2641866f8ce7180b4721ebb868276d205baad73bdf980
SHA512 7472e80e4351daa4bf6670535a66e1a06265e3af603db9584ae10faf4db367259c21b5dad172df86f0bd45b5612c1469923d91ff5b6197a55e11312603bbe5f4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\platform_gapi.iframes.style.common[1].js

MD5 682c26af19b240f98d2cb951721fa54d
SHA1 18e58b652c7f82a55ab4b1910693686049e25d62
SHA256 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980
SHA512 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\cb=gapi[1].js

MD5 f9255a0dec7524a9a3e867a9f878a68b
SHA1 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b
SHA256 d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d
SHA512 d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04236a8a03f49f0abe06d3aa70459c65
SHA1 1662b0f73d2967c20b574a537c2c47692d4a6de7
SHA256 f0eb65301d763a8a9521e72a2dbdad263b7263b27120f50b962df8d7e942c257
SHA512 52d3bfcf4b08884d94c776b4d47c095258dcbb354b7b4812f32ec8a8dac536c25c5f0c04240bffbf89be111fba4893ed2388b34a7b310aa077706c3546097cf6

C:\Users\Admin\AppData\Local\Temp\Tar476F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\Cab476E.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4be8d6b94bf9cd7927f4f47473f20151
SHA1 e918f8621862b64d123bd75202e2af168b4f21e3
SHA256 1a59ae624acc3d97ba1ea4975b64df82e92f5b3f1c27a1cfa386f5ecdd6f3752
SHA512 f5dda472e4f550da968090d708f77a04129ca7ad9016df6dac4372a39f47b6b9ba0cb63f4798a452ff5a43f2761e1a4013383f46b0aa802bb92717e6030cd064

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 574ac005d9293a55727f3e1e3471aaec
SHA1 2f11e7f3671a012f01b29d23aef36783efcbc500
SHA256 de025197ed605e215ff58a116c86a0298615b6b38007cfce5f347d2648acf393
SHA512 c673c86d14bdfaa798b65477fe00bcc47aea58b8ad1b5e31e28ff89dcf8dda53dc9c7f53e0d89ea7c406bb941b15e15c1df4dbd4e0e29a7590f8d8c6ab17410c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0065f05a7043098abcd8ce2e56531a2
SHA1 994ba24873207e697f4a861b97c0ae980e9f0813
SHA256 a60a89b2976f70e17e882406e24d15b528c1c1ee85c2f5331e36faca50843db3
SHA512 34cbe2cfaf1f2d1a0905aace5ebe94122885a9acb5748b77dbab86442896b668f8daa7fa2a6c005b7fea0e3aa1e3647e750ee587ed4c5e29e49ce6a618004da6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54dde5a7de30ae4d4a9de2406a5e5d80
SHA1 f18f48933032d88815aa7b2aef2ed8df5eb7e662
SHA256 85d37931a29d03f6e5c7e6b43c553ac7e4417b8e113c3fc1c130958405e030f3
SHA512 38d1295ff2dd34314da6be141ec0a9ff21f4764eaf78d3bf39ca828e4b8f50dad29e43c99b44eebc25f56c1e8dbb145069a4efadb901d462de073a6c2997c4dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c6892757d7dc2d1a595ff2560958d8f
SHA1 6c62695212fc1138d6d1c5f72a52210f23547700
SHA256 182ffdb691c07fa54ff42478d8fa7b59fa63d07bad6486766ad827baf0458bd1
SHA512 071517d17edebcc193fcfb08b49d4b575877f92c0a669a8a537f2a5def9f5ee68c824ecdd0084b2c1312ad19596550698e6ba828906704212678c7a96a3b260c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 584fa4d54bab26a1a81c6e8b68a46e9f
SHA1 cf81f6b8d80c71d9a9f6fbbf7deceae6ea90e474
SHA256 32073e0feffdd3b6e937248c6e58c92e9b4f80cfa9192c2a4c99f6e6a6e87d96
SHA512 72d1dc9aee484d7f8d5b0034b12546fd478a63c7f9acfd81461a6746e56ec7923311c237ff896c327efd7639f10181d1af5b19108bbb93a6a626ca1479607c08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4206d95b0ef17a77b9dd08672b313e2
SHA1 b0e822eb34d202eff8a3cd9dd8ce934d3349095d
SHA256 ba53a6d2ac40263218a59e90a195cfacd6f7add1456d4c3978cd7529cab02be6
SHA512 6c1316af57b365e705519535e6d3cd6f974ab729b56f8fd5cb7ca1f4c74e7b25e34ffd85f1495454e41cb4495d3238ca65bb69c36886168d39221d0ecebfac9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7685b10cc36edd37cfc7088878e30bdf
SHA1 7aa8b0b837c4a4b3cd807837abb77659443437f1
SHA256 90d51ab58e8b878a6980551c7a78bcba19d2b64cd2727494e18365028e50b0d3
SHA512 2c842985654062aac090149ad4899664b0dc710ba8d696c65d1ce2cc78312109a33d07ca99f5521db7a9d67a8c2d50d68fc470571bf23fda081b4d66342ac49e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1e4269da03bac8708c965b26057ac0f
SHA1 e9ef5b1bcea0bda3c1dc6613b75d679ea8fd87aa
SHA256 2159fc95533ecd04b979dc66b8c603e4508346669e32c032e154fc71ae4e6753
SHA512 d350a64740fab388678f8b41f7d070e144da219ced31037073606652e1de6556857d704151809db2fac077b67d8321f7141d8032930526f94314ffa26a9bfb65

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\e[1].htm

MD5 c2b26b17141e97da490556030d44f1c3
SHA1 fe0d875538ed94e607d4f3fefecfc8f797ff3ea9
SHA256 892d55861a7789eec2cad963b875d9ebf537ff3698f08d0349ce86395d224262
SHA512 67db732d53c80d1bf30ef6ee75a73ed69ed071ac4e84ff86789a16dfae810bef0d2cef472d6e8624247196334b7f48a65158552fc8a012f968ecdd332a840235

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ae3cce52a025ef468e131ab5418ce96
SHA1 ba8b60a6be2d598933d00f66884a4c2f776d17cf
SHA256 ceede172628a4568ca3c69a7457438dfffc662d4728ee8ea0d98a56f2a5602e4
SHA512 bb051ae837374e2de760ffedd59f733f2b6c6107cb5638dee10e54673c8fe0fb6337b19c1c78c83ff596e77aca54223feb5595fd28393be83eee6aae12f047b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3db51dc72691406e6c996189c86e122
SHA1 fca9a7859b65e6ecf6f3c9b136d97d622c14e2e7
SHA256 82e907ea7130acc5b71704ac0d2806e65d28378b520ccfceea6fcf46cb21fff9
SHA512 07eb24a8228e6786e53437a575c422cf8c58468372393c18c947fa2b64134cfa5cce5aca635c616be14536deacdf207922d6a69548c4f87170b0541d4f06e535

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c48256b2845ed568c56dca5febf76190
SHA1 3abf6ca479e722e690312f2fb33a57b78d30d80d
SHA256 9dbe0bb5268a8869619dbeb72fef6976a43f42f3ad8527253d6f9e00b47c6c45
SHA512 e5bfb31a38b84580a50f4b3048e2eab2ab847db636753a21b0287edf21961a40cfd07ba0381c0b4fb7b308a2f16155e7402f326120731c393779628a02477469

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16fce5c4e445930afbf3004950245e28
SHA1 280d7d0c91effb1153d2049d3727a6aff27a4864
SHA256 93d61e4188449876733f2a0db0adda208fd8d9400e8fa0969448e69ba18e89d1
SHA512 280df3d67caa540ba40da23a71eff05e49707532146976293f939c02abb9f13c9d42a6e8ca254fb4cf21fedcc51867beb23688942d05bc4ce6009ec8a86c2f07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a39163e82e0a8cf5410b79c8a8d12802
SHA1 a1ab62dc07210773af76c4289b2f3ff983ee5887
SHA256 f3d7dd780a161b9a3ff73f2d1343baf138ab0a95d8eb297411777aad2cb58038
SHA512 837825e3014196e886d24dbb0e08710dc3cd6cfdbf2a34571bf27fc3605a5706ae310516582e958bffef03010ed676fe63030c41aa355d99f54d0b0ab3392f42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a49bcc15200acaa8a53e2dae151dd90
SHA1 1e57f74f0f907245fe8424f3f61456149a5cec5d
SHA256 c159156e2f2b1eb0652cd7d102fb12bc06343691f535aca34cc4dcdccbffc101
SHA512 f6220422e4708295acb2b3467f6d5ebbde300fd91024a38a3e75a447bf425a39b3c7335ccf447a48041e1723c77edc812eb8a26ac71e22cc246812d886d1ab86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10af31b3bdd0be03cb70223bec7cc917
SHA1 b3196dad33d89913e7fc28b275cfb126ff695236
SHA256 29c1ea37137b3a524b4eaed16705101edba67d09e025e54cb526b2f151c02422
SHA512 660dab1f6e54563ff38f07ba420416b66c9eb8ee1476c41e13f2f8ebb21b28ada7a37ceead3b0a1d32428b9fb6319baed7b5d47166dd8d73a5f07652f68b9207

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8484f9300b45823c8cce413bc19c47db
SHA1 f1c756770986307345defc4b9559c555b8328656
SHA256 d3e600a9afd30ac1d64bc23cf86602f0b5110340188e7313235e348cea7af783
SHA512 e2650da0c1af52b2ad00c2fa29b4842942b4a2b106bd846c767e304bf649ea1669fa9423361a2fb96fa67c9a15d2dbf8ec308ace5832d7869e5416029745a93d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78a275207dbff52fca398d6bc0379bb6
SHA1 57052f8c4953f9a62c8308b80954649edaf7f59f
SHA256 c3d69aef0d608a45500f175b2d12c8e1bd4a796d9bbb8a13a4ec7c096cff0466
SHA512 ccba2e6cb6a8c523ec7eb16da9d83a347730955dfb48092c9e4ff1b196b3168380f8bdb95f85c5242ef04213009b99ffbe40670f86dade8601bb9bc081df0fad

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 14:08

Reported

2024-06-13 14:11

Platform

win10v2004-20240611-en

Max time kernel

145s

Max time network

139s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5f25695d749480f612c075fea959d6f_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2552 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 1468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2552 wrote to memory of 3260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5f25695d749480f612c075fea959d6f_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffaab146f8,0x7fffaab14708,0x7fffaab14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4984 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 utilnox.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.200.14:443 apis.google.com tcp
IT 81.88.52.17:80 utilnox.com tcp
IT 81.88.52.17:80 utilnox.com tcp
IT 81.88.52.17:443 utilnox.com tcp
IT 81.88.52.17:443 utilnox.com tcp
GB 142.250.178.9:443 www.blogger.com udp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 s10.histats.com udp
US 8.8.8.8:53 bux.to udp
US 8.8.8.8:53 tinyurl.com udp
US 8.8.8.8:53 img36.imageshack.us udp
US 8.8.8.8:53 img41.imageshack.us udp
US 8.8.8.8:53 img43.imageshack.us udp
US 8.8.8.8:53 img194.imageshack.us udp
US 8.8.8.8:53 img4.imageshack.us udp
US 8.8.8.8:53 img35.imageshack.us udp
GB 216.58.201.98:445 pagead2.googlesyndication.com tcp
GB 216.58.201.98:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 lh6.ggpht.com udp
US 8.8.8.8:53 lh5.ggpht.com udp
US 104.20.18.71:80 s10.histats.com tcp
US 8.8.8.8:53 img8.imageshack.us udp
US 8.8.8.8:53 lh3.ggpht.com udp
US 38.99.77.17:80 img8.imageshack.us tcp
US 38.99.77.16:80 img8.imageshack.us tcp
US 38.99.77.16:80 img8.imageshack.us tcp
US 172.67.1.225:80 tinyurl.com tcp
US 172.67.1.225:80 tinyurl.com tcp
US 172.67.1.225:80 tinyurl.com tcp
US 172.67.1.225:80 tinyurl.com tcp
US 172.67.1.225:80 tinyurl.com tcp
US 38.99.77.17:80 img8.imageshack.us tcp
DE 185.53.177.10:80 bux.to tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
GB 172.217.16.225:80 lh6.ggpht.com tcp
GB 172.217.16.225:80 lh6.ggpht.com tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
US 38.99.77.16:80 img8.imageshack.us tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
US 8.8.8.8:53 img29.imageshack.us udp
GB 172.217.16.225:80 lh6.ggpht.com tcp
US 38.99.77.17:80 img29.imageshack.us tcp
US 38.99.77.16:80 img29.imageshack.us tcp
US 8.8.8.8:53 img190.imageshack.us udp
US 38.99.77.17:80 img190.imageshack.us tcp
US 38.99.77.16:80 img190.imageshack.us tcp
US 8.8.8.8:53 img40.imageshack.us udp
US 38.99.77.16:80 img40.imageshack.us tcp
US 8.8.8.8:53 img39.imageshack.us udp
US 8.8.8.8:53 img207.imageshack.us udp
US 8.8.8.8:53 resources.blogblog.com udp
US 38.99.77.16:80 img207.imageshack.us tcp
US 38.99.77.17:80 img207.imageshack.us tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 18.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 17.52.88.81.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 38.99.77.16:80 img207.imageshack.us tcp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 71.18.20.104.in-addr.arpa udp
US 8.8.8.8:53 225.1.67.172.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 17.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 10.177.53.185.in-addr.arpa udp
US 8.8.8.8:53 16.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 38.99.77.16:80 img207.imageshack.us tcp
US 8.8.8.8:53 img32.imageshack.us udp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 38.99.77.16:80 img32.imageshack.us tcp
US 38.99.77.16:80 img32.imageshack.us tcp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 38.99.77.16:80 img32.imageshack.us tcp
CA 149.56.240.130:443 s4.histats.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 38.99.77.16:80 img32.imageshack.us tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.98:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.178.9:443 resources.blogblog.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 130.240.56.149.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 131.253.33.237:443 g.bing.com tcp
US 8.8.8.8:53 237.33.253.131.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
BE 88.221.83.208:443 www.bing.com tcp
US 8.8.8.8:53 208.83.221.88.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 e.dtscout.com udp
DE 141.101.120.11:445 e.dtscout.com tcp
DE 141.101.120.10:445 e.dtscout.com tcp
US 8.8.8.8:53 e.dtscout.com udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
GB 142.250.178.9:443 resources.blogblog.com udp
US 8.8.8.8:53 tutorialautoit.blogspot.com udp
GB 142.250.200.1:80 tutorialautoit.blogspot.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 131.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c39b3aa574c0c938c80eb263bb450311
SHA1 f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA256 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512 eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

\??\pipe\LOCAL\crashpad_2552_VETQZEESUHASJMED

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dabfafd78687947a9de64dd5b776d25f
SHA1 16084c74980dbad713f9d332091985808b436dea
SHA256 c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512 dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ecd6d16f189087f19f412564bde62a00
SHA1 5f470a7f500c311610e89d5b9a9f6d7f42eb6434
SHA256 7cc0823bc949cabd344562eef790289d0f8c6c3cbaf1ad51e09c2284aade2c25
SHA512 882a314dba1bff720ecb13b8746d1b8ab8198ac931827cba49e6c857f5c3a3ee1ac6cc6632c10a2b2aa40864a25c40b29dc32ee06f7b1754aceb9e47f851335d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 23536ccfe05b737ae639fe63ee4cc435
SHA1 6d2e9822835dc3e6117a4d2addfc8f241fbdbc82
SHA256 6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce
SHA512 f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6bc4fc1afc5ed8d700c6636617de3ccc
SHA1 697a01ca0b9225c721db03def27413937a38e86b
SHA256 21ab560366e575ca8a1d6b841a6d9f34429737d75aacf0869351a752b486a02a
SHA512 e4feda2d4282f821f1e62316396c2b9672d856b9061d5bdf6ccc3cc593addd7f400d8ade0eaeefcfa5f2311beb3f0cd14bdf76eb5d9776641f5e4d3798bb1cc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 256d3d2cb80b7df9c101f7ff17b5cf58
SHA1 f1ae4f712ab98e308c75ac4e06f06e23e415aeef
SHA256 ab208ea683eb5985f38c292de524effb4394a278c58aebc25b00b9c7187356de
SHA512 7bcdbe260c8462e7f7189a21ae55db3ad1b765b13dd734fda8a97d2095cd2fdca34f2f942d58c6edae18634f1a9050490f2c89d1ec61ee36d87c921ee77e9590

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 48d001d57ec47b53088fa6fb20569896
SHA1 edb0483127774825e2f2a0f9060ef4fe2ccc04c7
SHA256 fc36fa1b52c17531cc27566df2692aa9e965daaf62fb1b582c4b68d5418cce53
SHA512 ff56537506a4c227178f07abc44df15fdb012753cd82be08630e7b9cb5eb861df84def07ab9b151f979cb3a409f6a16ec04336b766ebef8c8706eecb34615fbd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a59d9fcfb5848f90c432efe6611ef404
SHA1 987e9eeb854d2e5a30d352bc27b865db7a8c3c56
SHA256 5297a09e4e2242203e65872a4b2a4a1637450bd236335034fe7802ae12e05495
SHA512 2ab59cd6480c4d80e875bf85e19109789f3247eb31e28258c843c4fb8a7afcc52d4b330df5911ac5a2162448334d388b2670ce6b262d84024b3d5137dba6f4fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 83da5a6dc69a3c8e2fa33828dcafb539
SHA1 7d072228fe4c30cf92229b273b9b0b1b718f2233
SHA256 1dd803b4a327e13c807dc74d4afe6c9aa6b47216b0fc0bdf4d557e687ed57d74
SHA512 eea879550edfcff615db13ccdd347b2dcc5e378bdc681c2466400fbb19024997ee35674f2bee47235b2223df0b6f4f438e52bd3cddc6179ce8e7a573ceb4cd03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c6874b719ec74b73a292eaf66b07e96c
SHA1 36b610ef1500312e234fe75e2510cb52ec20e264
SHA256 85b16d09f09480f8664aac603df1fa0dd4909c53812e559eb874692157e8977f
SHA512 dcc1c8c10c9b77f2f2746d5d16eaacf2c1800d54f6dbb699750e408bfe4cc6670b9bd7cfef2c8ea52a96045e467d1bf2f0f8a13843ecb6fd4d535c598dbdb027

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9a202aec26a477a814539e726e79628a
SHA1 f35aa6d99c7f17080b7d3ae3d3b5e84ba5889142
SHA256 1f27689f7e558c53f7e89585e73655203d1ad857f33621bafde85543ee319bee
SHA512 cb5d4a1d25b7c401f83c2af97f2efda605999c426b52b45057cf366b470599ef977845b0877f48de2c68228cd31e18c27be241be5c2a0e42b5f0072ce946c9d7