Malware Analysis Report

2024-10-19 02:45

Sample ID 240825-zz8ltavfld
Target c1975d5cba9e4bb44dc790286083d907_JaffaCakes118
SHA256 5b1c586f30edf4fb18b74ab580ae557349a7aefa600dfc10591c3a9fb35befd7
Tags
ramnit socgholish banker discovery downloader spyware stealer trojan upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5b1c586f30edf4fb18b74ab580ae557349a7aefa600dfc10591c3a9fb35befd7

Threat Level: Known bad

The file c1975d5cba9e4bb44dc790286083d907_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

ramnit socgholish banker discovery downloader spyware stealer trojan upx worm

Ramnit

SocGholish

UPX packed file

Loads dropped DLL

Executes dropped EXE

Drops file in Program Files directory

Drops file in Windows directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 21:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 21:10

Reported

2024-08-25 21:13

Platform

win7-20240708-en

Max time kernel

118s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1975d5cba9e4bb44dc790286083d907_JaffaCakes118.html

Signatures

Ramnit

trojan spyware stealer worm banker ramnit

SocGholish

downloader socgholish

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft\px4309.tmp C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.app.log C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened for modification C:\Windows\Downloaded Program Files\SET30A2.tmp C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File created C:\Windows\Downloaded Program Files\SET30A2.tmp C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened for modification C:\Windows\Downloaded Program Files\swflash64.inf C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\DesktopLayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000a74404dee7c3a89c79bd49acfc0ab3a024d43a2b5ac68c9e7d535f9d5f2bf03d000000000e80000000020000200000002be7f80aab1a1fbc1acf7acd734379d1989babc2b9c411d26d922b9a67cffc7590000000a8361848524ea38390e07ea0970d54c41d1a4be2d852e0e1f3fe09ffa0cf5aa1e5d038025c7c09a6e767c102837d6c12072058faf200d8e61b06bbc1edeeaa715359c3ed19411158506573c5693bc854e874aa00167747033da303eae34ab362d6a85268b8b51acdf988ef8d7fc2c613d5406404f407ce2a0b41fcd404a4d4d685f29f46b53cda5cc19b5c60dc475e8740000000a1b977724b90b6ab6b65043a538477da4d6e5a28e9be3ea82292ad4710aceee3a50aec5345d5dd3190435fd2fc3735b69298517df542076b4cbe36d1caff3721 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0c7ac3c33f7da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430782096" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{744C4FC1-6326-11EF-B586-DECC44E0FF92} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\weibo.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000f8e40a5bc47327b7d469c5d3d0a6ccd7422768549e1cf2e0a177f93598de2e2d000000000e80000000020000200000008b931d170a89c5db75e0d06daba639626e5168a36d51f40e9b096d8b1c488c272000000008154f50621fe8d560284b983b6a7050179cfdeb768d43e73ef2a04dbc87949240000000835dc3ecbebc31b27ccb8d0813bff453a167d5958d4e6968aabf7ee631f3ef17747f3de64333f8bb004956798fee1b86c3cadd8b424fe6cc6ea4de56fc066166 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\weibo.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2716 wrote to memory of 2696 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2716 wrote to memory of 2696 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2716 wrote to memory of 2696 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2716 wrote to memory of 2696 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2696 wrote to memory of 1764 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2696 wrote to memory of 1764 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2696 wrote to memory of 1764 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2696 wrote to memory of 1764 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2696 wrote to memory of 1764 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2696 wrote to memory of 1764 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2696 wrote to memory of 1764 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1764 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1764 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1764 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1764 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2716 wrote to memory of 2244 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2716 wrote to memory of 2244 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2716 wrote to memory of 2244 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2716 wrote to memory of 2244 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2696 wrote to memory of 924 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 2696 wrote to memory of 924 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 2696 wrote to memory of 924 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 2696 wrote to memory of 924 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 924 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 924 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 924 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 924 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 1112 wrote to memory of 1892 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1112 wrote to memory of 1892 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1112 wrote to memory of 1892 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1112 wrote to memory of 1892 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2716 wrote to memory of 1452 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2716 wrote to memory of 1452 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2716 wrote to memory of 1452 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2716 wrote to memory of 1452 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1975d5cba9e4bb44dc790286083d907_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://get3.adobe.com/flashplayer/update/activex

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:406536 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\svchost.exe"

C:\Program Files (x86)\Microsoft\DesktopLayer.exe

"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:799756 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 tjs.sjs.sinajs.cn udp
US 8.8.8.8:53 quanjianhuoliao.net udp
US 8.8.8.8:53 cpro.baidustatic.com udp
US 8.8.8.8:53 dup.baidustatic.com udp
HK 156.225.153.25:80 quanjianhuoliao.net tcp
HK 156.225.153.25:80 quanjianhuoliao.net tcp
CN 119.188.176.49:80 dup.baidustatic.com tcp
CN 119.188.176.49:80 dup.baidustatic.com tcp
GB 163.181.57.234:80 tjs.sjs.sinajs.cn tcp
GB 163.181.57.234:80 tjs.sjs.sinajs.cn tcp
HK 156.225.153.25:80 quanjianhuoliao.net tcp
US 8.8.8.8:53 www.quanjianhuoliao.net udp
CN 220.169.152.38:80 cpro.baidustatic.com tcp
CN 220.169.152.38:80 cpro.baidustatic.com tcp
HK 156.225.153.25:443 www.quanjianhuoliao.net tcp
HK 156.225.153.25:443 www.quanjianhuoliao.net tcp
HK 156.225.153.25:443 www.quanjianhuoliao.net tcp
US 8.8.8.8:53 download.macromedia.com udp
GB 2.22.133.225:80 download.macromedia.com tcp
GB 2.22.133.225:80 download.macromedia.com tcp
US 8.8.8.8:53 fpdownload2.macromedia.com udp
GB 92.123.143.243:80 fpdownload2.macromedia.com tcp
GB 92.123.143.243:80 fpdownload2.macromedia.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 92.123.143.169:80 r10.o.lencr.org tcp
GB 92.123.143.184:80 r10.o.lencr.org tcp
GB 92.123.143.184:80 r10.o.lencr.org tcp
US 8.8.8.8:53 get3.adobe.com udp
GB 92.123.143.120:443 get3.adobe.com tcp
GB 92.123.143.120:443 get3.adobe.com tcp
US 8.8.8.8:53 v2.uyan.cc udp
US 8.8.8.8:53 v1.ujian.cc udp
HK 156.225.153.25:80 www.quanjianhuoliao.net tcp
US 8.8.8.8:53 img.ujian.cc udp
US 47.88.10.96:80 img.ujian.cc tcp
US 47.88.10.96:80 img.ujian.cc tcp
US 8.8.8.8:53 pos.baidu.com udp
HK 156.225.153.25:443 www.quanjianhuoliao.net tcp
HK 156.225.153.25:443 www.quanjianhuoliao.net tcp
US 47.88.10.96:80 img.ujian.cc tcp
US 47.88.10.96:80 img.ujian.cc tcp
US 47.88.10.96:80 img.ujian.cc tcp
US 47.88.10.96:80 img.ujian.cc tcp
HK 103.235.46.94:443 pos.baidu.com tcp
HK 103.235.46.94:443 pos.baidu.com tcp
HK 156.225.153.25:443 www.quanjianhuoliao.net tcp
GB 92.123.143.120:443 get3.adobe.com tcp
US 8.8.8.8:53 unmc.cdn.bcebos.com udp
HK 103.235.46.94:443 pos.baidu.com tcp
US 8.8.8.8:53 bdimg.share.baidu.com udp
HK 103.235.46.94:443 pos.baidu.com tcp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp
CN 113.142.207.38:443 unmc.cdn.bcebos.com tcp
CN 113.142.207.38:443 unmc.cdn.bcebos.com tcp
CN 220.169.152.38:443 cpro.baidustatic.com tcp
CN 220.169.152.38:443 cpro.baidustatic.com tcp
CN 119.188.176.49:443 dup.baidustatic.com tcp
US 8.8.8.8:53 www.ktsj.com.cn udp
CN 115.29.171.193:80 www.ktsj.com.cn tcp
CN 115.29.171.193:80 www.ktsj.com.cn tcp
US 8.8.8.8:53 ocsp.sectigochina.com udp
US 8.8.8.8:53 ocsp.sectigochina.com udp
US 8.8.8.8:53 s4.cnzz.com udp
US 8.8.8.8:53 wn.pos.baidu.com udp
US 8.8.8.8:53 unmc.bj.bcebos.com udp
CN 122.225.212.209:80 s4.cnzz.com tcp
CN 122.225.212.209:80 s4.cnzz.com tcp
US 104.18.38.66:80 ocsp.sectigochina.com tcp
US 172.64.149.190:80 ocsp.sectigochina.com tcp
CN 182.61.200.11:443 wn.pos.baidu.com tcp
CN 182.61.200.11:443 wn.pos.baidu.com tcp
HK 103.235.47.176:443 unmc.bj.bcebos.com tcp
HK 103.235.47.176:443 unmc.bj.bcebos.com tcp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp
US 8.8.8.8:53 eclick.baidu.com udp
US 8.8.8.8:53 api.bing.com udp
CN 110.242.68.137:443 eclick.baidu.com tcp
CN 110.242.68.137:443 eclick.baidu.com tcp
US 8.8.8.8:53 ocsp.digicert.cn udp
US 8.8.8.8:53 ocsp.digicert.cn udp
GB 163.181.57.238:80 ocsp.digicert.cn tcp
GB 79.133.176.166:80 ocsp.digicert.cn tcp
US 8.8.8.8:53 js.t.sinajs.cn udp
US 8.8.8.8:53 timg.sjs.sinajs.cn udp
GB 163.181.57.238:443 timg.sjs.sinajs.cn tcp
GB 163.181.57.238:443 timg.sjs.sinajs.cn tcp
GB 163.181.57.238:443 timg.sjs.sinajs.cn tcp
GB 163.181.57.238:443 timg.sjs.sinajs.cn tcp
GB 163.181.57.238:443 timg.sjs.sinajs.cn tcp
GB 163.181.57.238:443 timg.sjs.sinajs.cn tcp
GB 163.181.57.238:443 timg.sjs.sinajs.cn tcp
GB 163.181.57.238:443 timg.sjs.sinajs.cn tcp
GB 163.181.57.235:443 timg.sjs.sinajs.cn tcp
GB 163.181.57.235:443 timg.sjs.sinajs.cn tcp
US 8.8.8.8:53 ocsp.dcocsp.cn udp
US 8.8.8.8:53 ocsp.dcocsp.cn udp
GB 163.181.57.232:80 ocsp.dcocsp.cn tcp
GB 163.181.57.231:80 ocsp.dcocsp.cn tcp
US 8.8.8.8:53 widget.weibo.com udp
US 8.8.8.8:53 open.weibo.com udp
CN 36.51.224.123:80 open.weibo.com tcp
CN 36.51.224.123:80 open.weibo.com tcp
CN 36.51.224.126:80 open.weibo.com tcp
CN 36.51.224.126:80 open.weibo.com tcp
US 8.8.8.8:53 api.share.baidu.com udp
US 8.8.8.8:53 nsclick.baidu.com udp
CN 182.61.200.83:80 nsclick.baidu.com tcp
CN 182.61.200.83:80 nsclick.baidu.com tcp
CN 180.101.212.103:80 api.share.baidu.com tcp
CN 180.101.212.103:80 api.share.baidu.com tcp
CN 36.51.224.123:443 open.weibo.com tcp
CN 36.51.224.126:443 open.weibo.com tcp
GB 163.181.57.234:443 ocsp.dcocsp.cn tcp
GB 163.181.57.234:443 ocsp.dcocsp.cn tcp
US 8.8.8.8:53 img.t.sinajs.cn udp
GB 163.181.57.232:443 img.t.sinajs.cn tcp
GB 163.181.57.232:443 img.t.sinajs.cn tcp
US 8.8.8.8:53 rs.sinajs.cn udp
CN 49.7.37.33:443 rs.sinajs.cn tcp
CN 49.7.37.33:443 rs.sinajs.cn tcp
CN 180.101.212.103:80 api.share.baidu.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 92.123.142.59:80 crl.microsoft.com tcp
CN 49.7.37.33:443 rs.sinajs.cn tcp
CN 49.7.37.33:443 rs.sinajs.cn tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2BF2.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2C15.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\swflash[1].cab

MD5 b3e138191eeca0adcc05cb90bb4c76ff
SHA1 2d83b50b5992540e2150dfcaddd10f7c67633d2c
SHA256 eea074db3f86fed73a36d9e6c734af8080a4d2364e817eecd5cb37cb9ec9dc0b
SHA512 82b4c76201697d7d25f2e4f454aa0dd8d548cdfd3ebfa0dd91845536f74f470e57d66a73750c56409510d787ee2483839f799fef5d5a77972cd4435a157a21a4

C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\swflash64.inf

MD5 60c0b6143a14467a24e31e887954763f
SHA1 77644b4640740ac85fbb201dbc14e5dccdad33ed
SHA256 97ac49c33b06efc45061441a392a55f04548ee47dc48aa8a916de8d13dabec58
SHA512 7032669715c068de67d85d5d00f201ee84bb6edac895559b2a248509024d6ce07c0494835c8ee802dbdbe1bc0b1fb7f4a07417ef864c04ebfaa556663dfd7c7f

\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

MD5 47f240e7f969bc507334f79b42b3b718
SHA1 8ec5c3294b3854a32636529d73a5f070d5bcf627
SHA256 c8c8cff5dc0a3f205e59f0bbfe30b6ade490c10b9ecc7043f264ec67ef9b6a11
SHA512 10999161970b874db326becd51d5917f17fece7021e27b2c2dfbee42cb4e992c4d5dbeac41093a345ad098c884f6937aa941ec76fb0c9587e9470405ecb67161

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad37ffa6c97771636b4769c2ef2e7890
SHA1 6417fe2b6c82e62db185739f9d350ff090af8290
SHA256 39cc08e24a9fad2cd5a18f8756a73e56ccd004113555755692a7dd307f2ab3da
SHA512 eb44bad8557bd7c9180781f09820cd1bc41ab816f43434ea33182ef35526ce5741f17015a9247489668379208e4734a06cf431bd779f1950ef9c24b0a343ab2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d46362dbdaf83abc20464f33e0a610f3
SHA1 d6378d9030da059ef4d33fa3f2bfc56b61919bdb
SHA256 22623965ddae2f5a37fd9d3930981dc25044f5a81e7ffbf684dffcc1fdb395c3
SHA512 724873a6fdb05e5267d2fb8bd51980632085577b21495742dc8703050f7ba9de645cfcc93782a89fe39e9cae2290136af26efafbf062fee77f5d8b8399792073

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fb1ff685f09e28a524c34839212ebf1
SHA1 890d091f6b08fbd7e23ae6cbdad2a5ea34fc7e0d
SHA256 aeddb4090a90984f65ef9dcbdd9447d8916b4a293a93968abe63629aea1926ad
SHA512 4deb1a413803e94d083dc626263369a2aa04d189d6b122e7cf8a228ff45536d299e020771335e1f68b65f3873f5f319a99af18d1f21e98979cc5073cb05f378a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\gls1[1].htm

MD5 4f8e702cc244ec5d4de32740c0ecbd97
SHA1 3adb1f02d5b6054de0046e367c1d687b6cdf7aff
SHA256 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
SHA512 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a97d7a40293dd37d70d853ca0a1a217d
SHA1 79534c1eeef5925606852dc8ed77dda8bbfef2fd
SHA256 142d7bb6e39fc9a0e15fbf7842546c9f36293abd15221df7c78f9c9051104668
SHA512 5d859ab5f50526b9408e86cb2e34504eeb675b143ac98850fc5528d9afd30c60ddc573451b9ef357d42ba2fa9765f9a7f407cf426bfd2de5a50f42080aaaccd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0f07e775521815c8bf881e26768d304
SHA1 d72b4ee2221447f8a1be192e9a2b7569e89e1575
SHA256 d861a0d36904f20cde0d10af8a19db4e5aad361c65f3118eff39a498cb8f542e
SHA512 e6eb7f4967bc6d97f9d78e1295dc00f3d3fb27078379d676ed8a25b7cc1549490c7ff1ef6820a7ca90406fc932ce24354bf545c9b091d6e71d01e19971d5df58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9b6decd79efddd599c6bb8a878e3250
SHA1 379649206dbd1fdd47b8e420ebf32027a7c469db
SHA256 3cf9f34296696cbcbf4f08930d19ab12cc5ffd390a19e3104c5d1a75fc79313a
SHA512 dc624d40a50f9f46999a27ebadcbc962f7e3dc643bb860a3be3093973b3178960023883626adfeb65ec798fa80469bf963fbfc0b01b6a2cb28f58b9a1c2234ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32d5db864fe6b886e15b6061e03154be
SHA1 bbb2b2f4c2d26c40f55b61e482ca311cc179a7e4
SHA256 0d1652be9d205507c9aba60ede2cef469f160fe97aa2d0a51af729e13fe65069
SHA512 790bad0a20add77fb6f725b02539ecc892feb67e71e87a46fa22b75e3b9c16fb92bd07ed16f7a264178562c86e5e9dd8ec2d42d557054674543e513f5b7c63ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0371de35fdac23018f688dc8e323e427
SHA1 ca24c6e62c604e904012f63186cdd032bdfcefc4
SHA256 6272094560acc2b42f589bc2238f8630f01b8c3fe8d73b7610a9c31253221f72
SHA512 0ee95c7a117593c9e558b3d5a3444bfe697ebf64a5dfd7ba654972ab183eb095354aae142186564fa3a79da69f5daa22aa5c9da7f4c02beca92919e96f382a38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10dd749930f280af830d13a784a58f3f
SHA1 0bdaa434d765e4c3d2d594c2307381babb15d65d
SHA256 0712326060d52ec3f58b010d5d5a569df097e9f90f5fc2cab48b2377555cdb76
SHA512 0379bd30ee7395401acf86545724362a89c5799b4b46ab71f08013454f54e53cda82ee5b4b838bb90a15b409237333758c41445750083a94841442ae165756c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6bd5628575e67d3922f3f0aa458ed1f9
SHA1 cc7e9b396f6ad70bfd329956c92d7dc54b47e655
SHA256 1beafcb02372036bdd8d95398f62aae68dfeaa04f2bfd918fab1c1089300c895
SHA512 267b748e8614ba13000650b951134bab9ccb3cfe606fb17f158384a7410b6b2c833e9d47abff380c16e138915350264610b7d2629d7361c86a173ca2470d37a0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\c[1].js

MD5 bbdb059e7eff950cc35149f7849391db
SHA1 5285411944090fd33a51575efe4dfac6d8ab404e
SHA256 186e1acc18704ec7d3a4ab31bd98ff18d42b55cbcf4d72f5a3a7094ea8ff2616
SHA512 6bbce7aa40fe5aa50263021995dbb20adb624869f480750922550efb14857a0e23b35e5f1d04267d1866f2a7836b70f83f9d7ed7ee2cbcd83982a74845c55dea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14792e08edc16034612a9378ee5fe02a
SHA1 7c2ae43c659e3622fac3fc2230d6db76f934354d
SHA256 883af1965493b30550e1d516fc95044281a5028a3758d084377ac9d8d4c14c4a
SHA512 2f5a51d4550240a122101c1de493a6bae86bf36673d31e454c8c245b57568ca47bcd9cfeddbf0986f8aa44d1e03ec82f4ffe3374c81e79f00ae01486f3939f8c

\Users\Admin\AppData\Local\Temp\svchost.exe

MD5 572052b656fcf301d062d4a08afcda8a
SHA1 83b772dbb572db4e4a4c084d08ee3dacc4745bcb
SHA256 d57cb87af2c717fdbd410d59eb644657b61cdd790c13e7350060d90d89ed252a
SHA512 8f5d162a08a9b8665cbb52e4e8286c850d1921dba61380dda2c9b6b31551cd2e6f35ca247851cf22a27a1e122d7e4af54ec29ceadced8af4f6edcfb4c380d9a5

memory/924-669-0x0000000000230000-0x000000000023F000-memory.dmp

memory/924-668-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1112-679-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1112-682-0x0000000000400000-0x0000000000435000-memory.dmp

memory/1112-680-0x0000000000240000-0x0000000000241000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cca6fcb5a47b0a830fdbcd488dc7b617
SHA1 5a4695d560019ce00475cddc37d450f4bf3849d2
SHA256 0f975472b3ce15c41d2fe057b80098f26bb7e349582a091a14122631f78798a8
SHA512 c0d659c03adf6672eee94c0956bfbb9fe1f486c49e56f5f8c2ff014065414281ea04308b4e1d0df6293ba4a0d612e218e61d6e24f87ea43deb21bf42724ea660

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e83bb5c3a177f19c606106ac2406113
SHA1 3db5cd5c4b9c403c8a804407445a6a9c0cc9112e
SHA256 ba49b473ed85bb32a93f30ad5f755eb33040fd1d0d7eeeb0e72664d1eef78f66
SHA512 5538e1be19a2c4836eb3442fb0ed4b9a3a4c60ea28d4417095412720e765778ad531bee8307023738b31c74d7d69cceace585628556f657abbb06f83aa8c4da8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 29db30b8f468c21f87e43a660f6f4acf
SHA1 62ed4a62af89a99bc00bc1f90571b5f6da5ddf9d
SHA256 d134d4d8e5aa202a310dd3d8d5b509564df2d443b4084d4d35b38b494fd191e8
SHA512 8c6f9d81e5df9d4c573269f248463ef8db53b6b6da16f8e7e977eaecc367a9e8eaa096c3c79d49260522be2f8f0c55bb15b09e720fa10b1ebbf48baa5044e01f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5946c72a51aa74af4f439c3256deac3
SHA1 53251e3614f0378425b921a048890f90e3737a4d
SHA256 f7419b48562dda9cf2b0f412bd6068171b7568b8da382fa2765b9fca848d9e9a
SHA512 de8f23874d4311e274b137b86872dc832d0058c766c2e0ee13bacc72bdc20a87a807633352e71cc13b2d77620e3ad00f70d565a1505ea75c877f616398cbf8c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a22a81d8039b9c069403557d16b8ea9b
SHA1 389eb59841eecf0343b68adea276d3247afc13bc
SHA256 419770c792f50c624abf9e43e0288abb58e972cc83fa5a4392d2d30bbd890374
SHA512 36f47c46060ba7deeb179b0e6224558bababb318706bd72bf0c645bd7c927a6495a66d2c4922a49cbd8a322dff7775014454cbf38b0ad96115a14af6b6f2868a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f544696fd67295a6cfde059adbe30388
SHA1 55b015df4d7b4d93c52ae14bf1f0a2ad03b9c099
SHA256 050550869cfa79c94816fbac40ad9eac012d581a6a08e216f229907bb2ed5825
SHA512 1168ed3472ecf40ed28d88ee2a8f629428c80765a258974c3040e5fa4ddf758b78724aaf50f9a0a4881fe37fcc06c6285fdf8dd6ab8689f1aa9bd22ebeda173d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94669b3acf357cc4907695c4cbc54d96
SHA1 bdb1d08c82e3040fd73072781ef9577cd7e8df91
SHA256 d58c54e673f2eeaf90c3675ce6c04b4f69876348df25ccfe6a8700ab0243043a
SHA512 133697a245ea9b15d9d8a27eb6820814050ded664bb3d22047d9c7bd7d4485480e4da0849c67b8366165ac64a85f5330f82e5c3c810d198f32055fc875758150

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a424cfdf9ecbf4d55e9529f021e5fdfc
SHA1 3675961f42ff0bcabe36634a90e6ad50afd8d87c
SHA256 b3c499fa5a780e4d7c25762b038f6ae1d5c4d97b721ff01433cd3168219b434f
SHA512 bf2f5e36dcfcb811d30ba3a01dc4796dabdab3503f29fce9d55c49ee07f3af44b1a71ba648c0a712e411b1aa2f192a24ac8135178a96483fa3ceba56bb03538e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 44bed43dc4e8a665a456ee3002268c26
SHA1 67d16129ebe2f83837bb2cd9838497794c7957ff
SHA256 5b0b4831fee92460d5a6d9499fd9dc36826b5e884988a4a89faa1f56a5b986e4
SHA512 8c07eaa96cbec00b0d5e842f20e787a7a9cc47c3f37dcb51dde0e30835b2bb1fe0d47bf8eda33b45a83b8bc6fbc8f095dacb5c24246602ed2d97744db94692ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6c3fa0e576d232538f7b03afd9aed29
SHA1 dde3f508dd4a6b397d20e7f47df7c1c226c67c49
SHA256 99dda77e8ffc27d8f8be5c77d19169b6e9c41c1ac888e60f3b03a5ab3131925f
SHA512 c922681dd9140bd5058f5d2e23be52b2538225d56559cf367d0a67121f7347aef630a43b4db0d172544c5ebb2e710cf0195230fa3a48aeb6fb54fec5a0114e93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5155f221d641d544a1ca71484f881b6
SHA1 a822ebdb274c158e5001ee2083a6702924a07cd3
SHA256 11962b8b33ff81bdef368e655ea026d17c21dafc567a7c4446bab52c7557b901
SHA512 b47add4779959e367e77a61605d8245ddf4ca8d5f338a68027ce97df13bd10a5e71c2a309a6e590e0309f767d82d8b3b3c6614a3651b2890c5d922a1d2c561cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 057be063df3e3923129362595604fa3d
SHA1 c2577355f4ccf6745662ca8e75c53fdc9ee803e6
SHA256 37200b15374ca04645acf1bd0a05777b59f2cd14180d1dd581fbb1b51d30e53d
SHA512 790e6676502a1eb2eff9625a9cfc988a1a84eaf9ac4fc3c83ec44334ce7c725184358f98e2b066d2abc9c1f6cdc48fda642a424ba6e80378792919aec3b60276

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-25 21:10

Reported

2024-08-25 21:13

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c1975d5cba9e4bb44dc790286083d907_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2120 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 4720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2120 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c1975d5cba9e4bb44dc790286083d907_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad63c46f8,0x7ffad63c4708,0x7ffad63c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6757149907958165286,622035099437393126,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6757149907958165286,622035099437393126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6757149907958165286,622035099437393126,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6757149907958165286,622035099437393126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6757149907958165286,622035099437393126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6757149907958165286,622035099437393126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6757149907958165286,622035099437393126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6757149907958165286,622035099437393126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6757149907958165286,622035099437393126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6757149907958165286,622035099437393126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6757149907958165286,622035099437393126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6757149907958165286,622035099437393126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6757149907958165286,622035099437393126,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6757149907958165286,622035099437393126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6757149907958165286,622035099437393126,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6757149907958165286,622035099437393126,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6056 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 cpro.baidustatic.com udp
US 8.8.8.8:53 tjs.sjs.sinajs.cn udp
GB 163.181.57.234:80 tjs.sjs.sinajs.cn tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 dup.baidustatic.com udp
US 8.8.8.8:53 v2.uyan.cc udp
US 8.8.8.8:53 v1.ujian.cc udp
US 8.8.8.8:53 img.ujian.cc udp
US 8.8.8.8:53 quanjianhuoliao.net udp
US 8.8.8.8:53 www.quanjianhuoliao.net udp
CN 220.169.152.38:80 cpro.baidustatic.com tcp
CN 220.169.152.38:80 cpro.baidustatic.com tcp
CN 220.169.152.38:80 cpro.baidustatic.com tcp
HK 156.225.153.25:80 www.quanjianhuoliao.net tcp
HK 156.225.153.25:80 www.quanjianhuoliao.net tcp
HK 156.225.153.25:80 www.quanjianhuoliao.net tcp
HK 156.225.153.25:80 www.quanjianhuoliao.net tcp
CN 220.169.152.38:80 cpro.baidustatic.com tcp
HK 156.225.153.25:80 www.quanjianhuoliao.net tcp
HK 156.225.153.25:80 www.quanjianhuoliao.net tcp
US 47.88.10.96:80 img.ujian.cc tcp
US 47.88.10.96:80 img.ujian.cc tcp
US 47.88.10.96:80 img.ujian.cc tcp
CN 119.188.176.49:80 dup.baidustatic.com tcp
CN 119.188.176.49:80 dup.baidustatic.com tcp
US 8.8.8.8:53 imageplus.baidu.com udp
HK 156.225.153.25:443 www.quanjianhuoliao.net tcp
HK 156.225.153.25:443 www.quanjianhuoliao.net tcp
HK 156.225.153.25:443 www.quanjianhuoliao.net tcp
HK 156.225.153.25:443 www.quanjianhuoliao.net tcp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 234.57.181.163.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 38.152.169.220.in-addr.arpa udp
US 8.8.8.8:53 96.10.88.47.in-addr.arpa udp
US 8.8.8.8:53 25.153.225.156.in-addr.arpa udp
US 8.8.8.8:53 49.176.188.119.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
HK 156.225.153.25:443 www.quanjianhuoliao.net tcp
US 8.8.8.8:53 pos.baidu.com udp
HK 103.235.46.94:443 pos.baidu.com tcp
HK 103.235.46.94:443 pos.baidu.com tcp
US 8.8.8.8:53 unmc.cdn.bcebos.com udp
HK 103.235.46.94:443 pos.baidu.com tcp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 94.46.235.103.in-addr.arpa udp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
CN 150.138.188.38:443 unmc.cdn.bcebos.com tcp
CN 150.138.188.38:443 unmc.cdn.bcebos.com tcp
CN 220.169.152.38:443 unmc.cdn.bcebos.com tcp
CN 220.169.152.38:443 unmc.cdn.bcebos.com tcp
CN 119.188.176.49:443 dup.baidustatic.com tcp
US 8.8.8.8:53 97.17.177.163.in-addr.arpa udp
US 8.8.8.8:53 www.ktsj.com.cn udp
CN 220.169.152.38:443 unmc.cdn.bcebos.com tcp
CN 119.188.176.49:443 dup.baidustatic.com tcp
CN 115.29.171.193:80 www.ktsj.com.cn tcp
CN 115.29.171.193:80 www.ktsj.com.cn tcp
US 8.8.8.8:53 unmc.bj.bcebos.com udp
US 8.8.8.8:53 wn.pos.baidu.com udp
US 8.8.8.8:53 s4.cnzz.com udp
US 8.8.8.8:53 38.188.138.150.in-addr.arpa udp
US 8.8.8.8:53 193.171.29.115.in-addr.arpa udp
CN 182.61.200.11:443 wn.pos.baidu.com tcp
CN 122.225.212.209:80 s4.cnzz.com tcp
CN 182.61.200.11:443 wn.pos.baidu.com tcp
HK 103.235.47.176:443 unmc.bj.bcebos.com tcp
CN 122.225.212.209:80 s4.cnzz.com tcp
HK 103.235.47.176:443 unmc.bj.bcebos.com tcp
US 8.8.8.8:53 eclick.baidu.com udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 11.200.61.182.in-addr.arpa udp
US 8.8.8.8:53 176.47.235.103.in-addr.arpa udp
US 8.8.8.8:53 209.212.225.122.in-addr.arpa udp
CN 111.206.208.190:443 eclick.baidu.com tcp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 js.t.sinajs.cn udp
US 8.8.8.8:53 timg.sjs.sinajs.cn udp
CN 111.206.208.190:443 eclick.baidu.com tcp
CN 112.34.113.148:445 push.zhanzhang.baidu.com tcp
GB 163.181.57.234:443 timg.sjs.sinajs.cn tcp
US 8.8.8.8:53 open.weibo.com udp
US 8.8.8.8:53 widget.weibo.com udp
US 8.8.8.8:53 190.208.206.111.in-addr.arpa udp
CN 36.51.224.123:80 widget.weibo.com tcp
CN 36.51.224.123:80 widget.weibo.com tcp
CN 36.51.224.123:80 widget.weibo.com tcp
CN 36.51.224.123:80 widget.weibo.com tcp
CN 182.61.201.94:445 push.zhanzhang.baidu.com tcp
CN 182.61.201.93:445 push.zhanzhang.baidu.com tcp
CN 163.177.17.97:445 push.zhanzhang.baidu.com tcp
CN 182.61.244.229:445 push.zhanzhang.baidu.com tcp
CN 180.101.212.103:445 push.zhanzhang.baidu.com tcp
CN 14.215.182.161:445 push.zhanzhang.baidu.com tcp
CN 39.156.68.163:445 push.zhanzhang.baidu.com tcp
CN 36.51.224.123:443 widget.weibo.com tcp
CN 36.51.224.123:443 widget.weibo.com tcp
US 8.8.8.8:53 123.224.51.36.in-addr.arpa udp
CN 36.51.224.123:443 widget.weibo.com tcp
CN 36.51.224.123:443 widget.weibo.com tcp
US 8.8.8.8:53 nsclick.baidu.com udp
US 8.8.8.8:53 api.share.baidu.com udp
CN 182.61.201.93:80 api.share.baidu.com tcp
CN 182.61.201.93:80 api.share.baidu.com tcp
CN 182.61.200.83:80 nsclick.baidu.com tcp
CN 182.61.200.83:80 nsclick.baidu.com tcp
US 8.8.8.8:53 img.t.sinajs.cn udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 93.201.61.182.in-addr.arpa udp
US 8.8.8.8:53 rs.sinajs.cn udp
CN 49.7.37.33:443 rs.sinajs.cn tcp
US 8.8.8.8:53 83.200.61.182.in-addr.arpa udp
CN 49.7.37.33:443 rs.sinajs.cn tcp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
CN 112.34.113.148:139 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
CN 111.206.208.190:443 eclick.baidu.com tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 214.143.182.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 38f59a47b777f2fc52088e96ffb2baaf
SHA1 267224482588b41a96d813f6d9e9d924867062db
SHA256 13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b
SHA512 4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ab8ce148cb7d44f709fb1c460d03e1b0
SHA1 44d15744015155f3e74580c93317e12d2cc0f859
SHA256 014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff
SHA512 f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6b0dcacece2c69e24a1758a7bb3714f3
SHA1 a27415226a5958c7d597a4194b7d981b605376e2
SHA256 454755744285a1daa1c0873e182e35b47f93976b31f1fcdce4ad5f2fc01851c5
SHA512 816062096101be077a95f7edcd1f74a5265666847bab17fe235efafac196e59a526dce1d4836f744c4e66124ebadf1256f5e8af80a3f80d4d75fc05f77f01aee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 65a35b6f9bbaa29de89dd102cb488f1f
SHA1 199cc22640236d69e947a002e6a5926c144c4653
SHA256 027e7ed25a2cfd98dfb47435e961cbe7fba58040990cf6583f9a389fbdee32eb
SHA512 3ec46edd8674d66e84309f2ad7480e93d6f1920333acec4b4818cedc31febb4eb9f79e02e8fd0c669c77a30e80eeb2485e712220288b99401fd1e3758bbfbd6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 055cd9bb5ea0ecc9108631bc6ab0d022
SHA1 a76bda918cc3eb67fcda9de12e819f9562a7ccb0
SHA256 2d9cf78c5d02c0205dd57f652824257c4d12e117e007222a0d3186254281357f
SHA512 5076e117fb230fe8e79b6cb0817a8469a4530b3498393bccf68059a519a756b88d8e65278e1b2083cd5f8bfd5a0ab92dbf78653ff44cd40bce19d86a524e54c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c5d8cca0569c42ff11cb295ddcc7090d
SHA1 856028dcb7b74a1d3519178d773f716a718b814e
SHA256 411cb374d0f069d34c941a75b2d30a726a4c5e8671ac257160b63802db84e490
SHA512 45f8fb4a65dff6777ad5e7e227ce805ec3928240867bb960bc8fda88c7a5331d1b47e3d0a4ad3ef6894d3598e8b9eaaf6e1457b54713531bad8f53a3dbceb995

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3f9b51898f5e4584adec12b2797d3b01
SHA1 6c38739e27eedd6e35a2b6739f7c59185bb4c3a5
SHA256 82c4603c659f8f2e72578a1e3fc632655ae8fea5a055851e65c8e18ce24fb03b
SHA512 fc59dfcd1804c1583772229364b42f0139e4c33bff912363f3f0e3fb2cd3b469a0b69cc5e4405b30b28a6394c501f3d51c48a3977897fc74e14fdc2dea50d78c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 76ec17301e4b1150d5ecbf7389c6fa2e
SHA1 d5784ff7f7d65475c79e0ed81ef0a7cbff66eb43
SHA256 88fe804e98b4739fd80d9e203e6b38260a1f0a66760a01ca8b8f3965e795ab6d
SHA512 2d8793a1817add16c92d8f86b1ee1c644440a0d4a53817fbc0d726d266fca284f6d9ef2a1d49c1367500f1f98948af00f6d89922863261ab69be6790db79f4f4