Malware Analysis Report

2025-03-14 21:55

Sample ID 250126-2vda8axpfw
Target JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1
SHA256 e44177bdaffa42c7c3cc816548f51468e6748693f01ba3bca2beac313008d59f
Tags
google discovery phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e44177bdaffa42c7c3cc816548f51468e6748693f01ba3bca2beac313008d59f

Threat Level: Known bad

The file JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1 was found to be: Known bad.

Malicious Activity Summary

google discovery phishing

Detected google phishing page

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Program crash

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-26 22:53

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-26 22:53

Reported

2025-01-26 22:56

Platform

win7-20240903-en

Max time kernel

144s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe"

Signatures

Detected google phishing page

phishing google
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60830f3e4570db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{689D3051-DC38-11EF-9917-D686196AC2C0} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000027f3458c5493094a8bafa2091daceab600000000020000000000106600000001000020000000ebc25fbef2b05caae91dbad5b9c871afc633a4da9b015bf620ecab78b798f83e000000000e80000000020000200000007604aa9840d6a4fd11647148ca260c8b811eea5a889de46c07bc24a24d717bbc20000000ecff9a195ffddb8f95f949d962cde398e1e5e0c66fcab0072aeca4b1f0c0af96400000009af9844332dc231a5a81bae6c082b81eeb2232a0262a33c838f70bf250dbbdb60c9e27ba7ffa82dc5d6c0b56a8a8c8040833f00be1cf33d58ca0dd79c8d86249 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444093898" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000027f3458c5493094a8bafa2091daceab600000000020000000000106600000001000020000000f6ca98273c173815c2d745416c72ff57977cc8785b0ae1d906cfbba71bcef50e000000000e80000000020000200000007d3500e8900f8f07ffa08e6848ea6969996e490f1e80fd14c8722309b49c7f719000000003ed2716d6764c907de142ca421d6f2847f40b7a39fc9ecc1be27b1f183537f2adf1dbf0e5ed383e21cd068463bb412b8e4e6af1a52cb9d64ceb328f79116c78b77e768b9261bc451a3fd58faa2f60b3296442c1457c450a289e7743fe2aef93ef83afd88ed5220e1c9fb88a8641969ce0c441eb21b4b4de404ea039d7eeba3cb8bc3f30ba58a907a7e5ef5a5ffbd82940000000177804c967d26e96026efcff86fb6137a5cc2ce714aa46bc0baeb398a44381a1dce9c4bd865ae177bbc901184c2b6525adc743d11da5e2ddc5bd06737a95139b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://grupoarroba.googlepages.com/recadastramento.htm

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 h1.ripway.com udp
US 8.8.8.8:53 grupoarroba.googlepages.com udp
US 104.21.59.39:80 h1.ripway.com tcp
US 8.8.8.8:53 www.mafa.com udp
US 104.18.8.204:443 www.mafa.com tcp
GB 142.250.200.51:80 grupoarroba.googlepages.com tcp
GB 142.250.200.51:80 grupoarroba.googlepages.com tcp
US 8.8.8.8:53 sites.google.com udp
GB 216.58.201.110:80 sites.google.com tcp
GB 216.58.201.110:80 sites.google.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.227:80 c.pki.goog tcp
GB 216.58.201.110:443 sites.google.com tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.187.227:80 o.pki.goog tcp
US 8.8.8.8:53 accounts.google.com udp
US 142.251.173.84:443 accounts.google.com tcp
US 142.251.173.84:443 accounts.google.com tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 142.250.187.238:443 accounts.youtube.com tcp
GB 142.250.187.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.83:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1187bc58be15c922927f4c8d0265a0a
SHA1 0aacd7bdca481b79638d43cd475949a48e6e713f
SHA256 d96b51a68a4c6092a025d7da306f1dcbbebd67b0ff4afbf20b396f35f054ba48
SHA512 ca2ab783f4940b0752906c748668c6b7b08a59829bab3336b97bf0c3eb7dc8ebe00036bd7848c2608c732eacda6901a22833c24019c5ef8f86e3b5ef95e7af68

C:\Users\Admin\AppData\Local\Temp\Cab782C.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\KC51X31E.htm

MD5 ac36dd7c710e100726d8d8fd4022e5ce
SHA1 acee0568302a022407b0f1d5b9784898cd0a96ae
SHA256 1de88cd8f8443d4fa4e716573eb8e68c7a69ee9ff62c68853477c6afb832dbd4
SHA512 e65ba58acd0c3b598b6c8594e27f9d62978e4a2323536228307ef68d9bfeb48b6447640a35477049b333b5c07755ab3531921d624a2aa6c761c668a27a4b5404

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\mv7[1].htm

MD5 0104c301c5e02bd6148b8703d19b3a73
SHA1 7436e0b4b1f8c222c38069890b75fa2baf9ca620
SHA256 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
SHA512 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6DA548C7E5915679F87E910D6581DEF1_AFD0C460FA6EFBA0BD0D581BE830FD1F

MD5 c83274aa9506b5d41e6e5162145afecd
SHA1 f11e7711c3c185911cfdbd56f57034cc9dbc3e11
SHA256 39361a889f8ca1e09cb1cf07ed60452cc51a641be62c883a06cad482c83cfe94
SHA512 fd2ea664636aa8d295e8a4d1b7916ee081020990c0b6663cec2df75ae0071a5c28e2925b89a74d8b050ccbe950920852e31de8474f37b43ab8f20958f4d27b1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_AFD0C460FA6EFBA0BD0D581BE830FD1F

MD5 23bd88c6679d2b74507919d865455138
SHA1 fac0dae4d7dd584e9badfcedeb92879d7231fa51
SHA256 d30fb478121d72fdc19e4b87c44fe3326ee8886d09a8ee4bed026f6a5e2dad73
SHA512 6fefce8bddfbb4f3bd882e62a338cc5b3f7fd8db3d34c709134c908bd276135912ae17bf5f9c22b79e3190306edcd91ae8bf18c884bff0fad97a16c84eb75c84

memory/2716-122-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\gsz3hkd\imagestore.dat

MD5 24b6aa59feb88dcd7c481acd59266662
SHA1 b85f460f3d02b38491d894619787e25c77764c00
SHA256 06e51c63d82b4173630a6388b0bf1ab85161332740046e1369bd5b1b457f8f4d
SHA512 d59d1162bff3b0ae36081513a2617c2b3ff74fa804454010ff65e8779a9b87df0216ca1622231be2b00cc950d4665072114cd6d4b3c546cefaf540ebbfa2ca4b

C:\Users\Admin\AppData\Local\Temp\Tar906F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb656c79b90d44fe8a3eb6105a1b0b94
SHA1 524d0c8a3e962d68cb648f8ecc74e13acdba6eb6
SHA256 214ebe0123e43ea532b7a8fea774547cac16acbcb64aa625d0159efe37027a12
SHA512 a575c76fc51719baa5950a512a58dfe522272b1ffc1258b2c2d93171e62a55f8dcebedb104ec7be279eb6a31cb3f8cd2203aa0dedd95f83540ae2c845e6dc2aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c9c0aad17de4192fdd52eea0d5fc5e0
SHA1 bc09f8050b188040fc1a704297a0130368c1e3c6
SHA256 de6c6043b0ce218faa275fa1db68370d18a8abab55b63a01fb36d55c01f1bfb7
SHA512 4c99c99fde5750965248748de49b4b1f6959df9ac161f8120b1a32b86576475c8caa0a52d64cf60d0817441bcb8ee534bcfc1077d667d1a53f58fa950c74b6ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4abd56275faa128480ea52f259688086
SHA1 3caf6617350676862b1e8f0b7a8f62bf72dbf4d3
SHA256 45746c03651c24b04c51d6a29f16579f2d36f49c78306d4933cebcbd474900fa
SHA512 ba2451b1d8c5f8658017fbdb35f58512a998b1643464899178f490d1616b49f690ad61edf7e3527f9312d9edcf18646850c90eb05e04195d8b562982bb32ab99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3cdcbf9f0d83df6b522a35f35bfdb48a
SHA1 8d8033749c3fb694cd93f1b6e5dbbfd814cbfaa3
SHA256 5409d6d96bc07eeb8fe63746541b0fff86c405c92d68d3fe09c7a463bcb3ea33
SHA512 1e2d42beac326b3045812ccfd0dfe79b802373f63d5861294b140f227b06bf5298cad183047cddd250c320eae4475896d900969a07cc87dbccc1c5c6c983ff8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be557bf56de2f59d89d023f92465c8db
SHA1 70a4d45a66324aa3b764651bc160add8dd9c0820
SHA256 8f02d8e18399a3bf7e0eaa4ee55db4fe0eea812831583a98a664c009a89fcd50
SHA512 86020f693c55883e6704ae2403c1d0a1253406e1fc566403ce57a426933a6508e527bb5252add75ac6c90467fbe6990e65a16b6f8b8e0cec2dae3f08bdd8adfd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8f08e46449bd3a873721041298b00c1
SHA1 73bb88b58b7addf14983dc86cfe7e6f1266b4dcf
SHA256 b39424d8d7e1b7c5340ba0d88e01600de272a1970ae2e36273956210865b4992
SHA512 68379ff07cb72aa9276422f70374aea68c61b88d173c30faa64bbd4fbfee14edd82294480634ec13446c256a563d8ec1ea34ed47ee76e768002562542ca60a80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 672b1e4b4b96786c42295e10c013702a
SHA1 8897a96b7f96df0adc8b1d8c9d57ce9e46199e48
SHA256 602d3eaeed1ac29fd9d2ac6469ba9c89d1d3b9b0aa87a4205aff265719e2893b
SHA512 aae59595af5b382a5b465ba341b4d61c9a2c18d303af360bdea56661c020d4355bc5e53c92e83b36090e721e29f99c54820678aabf1eb8bbdb95fe90a814e06a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e916beefbe5f7543186b28f9941aacc
SHA1 920c7f76ba1eef0ee7b98ad85c0ce3ab8f94b8ae
SHA256 456d48ea2cf7b38e0bf8cd80e0787fed045bd1ac5263e54e5ebde9701a99df50
SHA512 cb3f0a05272757178a62e1bc8e718365e77bc46d6fe9f3b7bbcf80e602edff3c092a5b8f26c60afaff80b09c27c1488125aa027852aeec6ca1690107cbaeec38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c872ec3c3a7874e073d6a9510ff0e327
SHA1 54f1a85a4f158073a555fb4cf0badecec5390a60
SHA256 88869860421aa3880956d340c563dd473173eb2809cd709ac768874d4fb9b133
SHA512 162b06b2590f878628026f6aee3a8939a1f36ded06c375c93f6d070c0e3cc1c9246452d5aa3e44c348325b71465946a8a825841dd3d2f9a0a2d1d0f240f2a35d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b2993f846efaf83e0c51d7b0738e3f7
SHA1 5d9e93d0ac764cebf653c55e55a43dd49db05e0d
SHA256 f74e533b05a125471fa7a769ed29205cdd7cb1b20c793755db68f20b6c1a1200
SHA512 76be7816cd80a666f0a4f57bec10c626c2bfb647bcc4d7fef7c4aa2aab3da6bebd32b6352bca272983a5a0eeea31b4ea8e7e7391ba5b10dce66ffac1540d8d01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 849ecade30fa7ba7a56d14c3451ca1f7
SHA1 4d04f304b94d3ed5cd55b05ba709ed54f9ac205c
SHA256 c1d038a77818dfdc68fdbe60e1ab3021f80be57d8e4a043469831b223a4c4ceb
SHA512 0fea5d37cc61a5b572f759f621d4f0b4fa178683cd8acb6b00d1c804279c20f47f805fe5a26b1c2ff7f20c526d7a05ba70bf887ff4303d2c206a2aec6233b3ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 9b2604fdf3cfb068f444bc2bf2ffa622
SHA1 7cc9451bf4fc33f0e60ce2e4aa6dd69728288cf1
SHA256 9e563ac778bd70178bf59d2f0f01fb91506ca43f60bef887e6ba66a8c77155d6
SHA512 75de00c7a76fe23d90589ab21ff2e1a24326949d716c774e08f11b482c4a3a68fb051f26d3b1afc9056d643545b302bd25ad43e01d8937da660b956ca17bdcfa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98b48ece3d4352a18aa7e3200981a22b
SHA1 ff44da25af2675f71cde66e27e8c7fd56986d9db
SHA256 d91a512d895738bf1bc571e8fd1413c1af680c729cb37705f6e906b563c17d80
SHA512 a90c2c5e992e01c97389e990dfb88f965f016aa2e5244125b8687de31ec387a2decb396d47577ec477c727ffa97071d6ba227ea19367b4d02306e8ceaeacbe6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08c600f402725235361226badce46cee
SHA1 a056ed5019e0bbbcf72b475ef0ead1ad49d8c6b6
SHA256 884528faf7dfed94dec63c51d9333e84ea80613fb01331e247905316a895bc15
SHA512 c4ccfafa9a1f0d3d4c844ffede7a813c36e1d0306015cd75dced5514dc2de7772414afde214aa0528e38a58331e8ce8ad076e7e0aa9a26c1852f11d8539432bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b31f743d717c0885b1001478c55f75e
SHA1 d043fef914cac451ee09fc373dc75392372bd065
SHA256 9311b0c072b2273f4f6798a1792863f9400731132163c2c6d17c626784defe95
SHA512 b6a43946022a27bcc2e51ba1592e7f081d29434fdea61e3e3eccd1cf8b0c5c983e54fd16da62f1cb0b46afc44f7313bedb86d44657be3549ab558c9fc5e42940

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5306567243c81e011d2977f94414a753
SHA1 07e15e8573bd1a8181fec83740a60d1da26153c6
SHA256 2c23632808708cc3acbbfc2d38cebcf81a59a39841c6b7bb34777c596a23ae37
SHA512 7dca9503053ed66c5a629e502cf65f7aeff18c2329e500ac3d261462ffbbd7554e9b1dd532566b786b4df5b3b9d775fc76bfb5324abdbfbea7ec32adde606f5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 199987f8c03b555aba7efd93564863a7
SHA1 c7168ab6e2e819b986165fd790ebd8e20c7dfb19
SHA256 519ee4a946dd8dbdac354f2ceab02dc949e2de01002d4106dc2bb2a57116d1fc
SHA512 6a166242633534d5b1851f393b9c6d789baa137ffc480a2894c06c2014903e795109fa92e1f86f6e5cc28040003976bbfa59530945d636a83631ee151c588e7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 04b3f4cd58e8067dbfd067619dfd028d
SHA1 a2ada828518192eadc9d36d30f942828375419be
SHA256 c3a4eb8a51bea56a6bb12c363793e6c8c40185bc55e9ca9a7bcdca1c6205d621
SHA512 15e4ae659edbb96e2ed897b8ff0315be7988b2af54e3a8936057421b28dde0ac4dbdf12f52c8e17afc618a1523caad076390635faf8bcd695623e0de8adb71af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27d3fd782951cfe7a4fa316cdeb34fe6
SHA1 c39ffc45ccc92bc1041270291bfe2d50a95a5c8c
SHA256 a65f1985056f0ed24695a7aeb4f0278b67f472cc397c36b052a787e3c8eae5a9
SHA512 1f8e1fd6df274bf1c51f25388aa9bd1edb4d6418885049d76cba65d3218d5c96964879d452a96a49d3347fe19f20ad0bb7cf19cbbac2f1269252b6afc55e4885

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36f4189977e2f5fb9287547bc2df7ea0
SHA1 eadec34b78770c6570a46c2ec3d79f437f39f4f6
SHA256 8dbdb1a1643a014ff4696a71062c3b01ee7f63f03062392f3f11d99fd55c5f32
SHA512 63d2f76c20cfbbcb898132a8d85dd148fbd7db90b3f6e288dd39e32bd01e37d75f73ef30c47e7964ac754aaa944d2d3e749670a6813de080aa397fbbae3d3537

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c91d775bbe1ec6f7b9e098bdc8810214
SHA1 ff773cee1ad9f89c3dc32f8646922c47c26ff5cc
SHA256 b72824b2faf0464f63bad08d550504091a0c01306345f55456afdae5b685eb06
SHA512 3cb5301b722f069aa905b7304e7f7ff604c62794b1bb5ad3cb2104a086ee0330b3453492a57e172d97d4ad127d9b93b7b29ed1c93a75ab42497bc8358cddb6c8

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-26 22:53

Reported

2025-01-26 22:56

Platform

win10v2004-20241007-en

Max time kernel

146s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe"

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4252 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 3660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 3660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 1444 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3700 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4252 -ip 4252

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://grupoarroba.googlepages.com/recadastramento.htm

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd421c46f8,0x7ffd421c4708,0x7ffd421c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3552 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 h1.ripway.com udp
US 172.67.212.156:80 h1.ripway.com tcp
US 8.8.8.8:53 www.mafa.com udp
US 104.18.9.204:443 www.mafa.com tcp
US 8.8.8.8:53 grupoarroba.googlepages.com udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 156.212.67.172.in-addr.arpa udp
US 8.8.8.8:53 204.9.18.104.in-addr.arpa udp
GB 142.250.200.51:80 grupoarroba.googlepages.com tcp
GB 142.250.200.51:80 grupoarroba.googlepages.com tcp
US 8.8.8.8:53 sites.google.com udp
GB 216.58.201.110:80 sites.google.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.227:80 c.pki.goog tcp
GB 216.58.201.110:443 sites.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 142.251.173.84:443 accounts.google.com tcp
US 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 51.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 7.98.51.23.in-addr.arpa udp
US 8.8.8.8:53 84.173.251.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com tcp
GB 216.58.212.206:443 play.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
GB 142.250.179.228:443 www.google.com tcp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 142.251.173.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA1 4d16a7e82190f8490a00008bd53d85fb92e379b0
SHA256 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512 d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

\??\pipe\LOCAL\crashpad_3700_OJBSUOOYOLORFRWM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e55832d7cd7e868a2c087c4c73678018
SHA1 ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256 a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6329b45883a8091593ab3ef29c389bec
SHA1 cf610d7cef8b74d29e06d7ed89d5d53667e62e57
SHA256 5e63fcbaa677fabe1cac04323d9f58569295482d6d87c3e29e15df5f7a357d31
SHA512 644ee08412811156e0f0c6882dbb3424190402291fc012644b98ca658972517968f00adca95c119b2772f9fb05bce314b037e2268bb7efa4e80b7eef68a99ee5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YY018DS9\4U0WZXTZ.htm

MD5 ac36dd7c710e100726d8d8fd4022e5ce
SHA1 acee0568302a022407b0f1d5b9784898cd0a96ae
SHA256 1de88cd8f8443d4fa4e716573eb8e68c7a69ee9ff62c68853477c6afb832dbd4
SHA512 e65ba58acd0c3b598b6c8594e27f9d62978e4a2323536228307ef68d9bfeb48b6447640a35477049b333b5c07755ab3531921d624a2aa6c761c668a27a4b5404

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XH3Z2ZON\mv7[1].htm

MD5 0104c301c5e02bd6148b8703d19b3a73
SHA1 7436e0b4b1f8c222c38069890b75fa2baf9ca620
SHA256 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
SHA512 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

memory/4252-91-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b6d21aa4aa47fbddad1c5e7a80277723
SHA1 9776698906fb66e9dc535bba40b63fa43b9b3181
SHA256 bc01a0796490f0554e47b306deb07edde26cae734b0ea74d8cce25567701561d
SHA512 3c041398829392ac06f51191458d24d2b790e6248060fc95cd20bbb9339c5f848a7c57e736f250fbabb151ffabe28104511889970b327509b323ba1f35d2b80e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6d7a6d4798cb3e4cd7ca7b176e8e8f6b
SHA1 badfd749b1b8bc7f9f62a3e48080ee096da3384d
SHA256 7bdf9338f46895258c3401f7dd7028d92505cd980f201ee87248816ebbed9d64
SHA512 d8e38f5fe8ac6e222b93a2d9388f9358a2e3f66db204377922f6b6d46ea92cf009e38f8e2b9ff55718610c5d89fa69f0a6e0c1cb8612911979d7ca591e2c355e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b671eed517daafb440f0b42411cee6c6
SHA1 e07076912733c2ece5bd55a6be597c2e3526e230
SHA256 e1b4a2e2e29a2710b58c1956f45d1dc49b0d48af74040767ec654ebd76af3b61
SHA512 1fcc6c503b84c076be01ca2b39f904934bee23a413e81862b10a994ebd317fd7207ac5019d73fdcfe77d7ea15f6e6da99f66d1d2c30ad99fc7adfa74b84350b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5ba59f3fa9021bc79a241f523bf08bac
SHA1 ebaa67a3ff06b0feacd7a1ea72d7eebce7f4aa65
SHA256 a5f5e66d728a7820f9f75c10be58dc7ca6c0caeb41d2e932f689cd9d0e75f29f
SHA512 0fd7b84e919e5ec327c3cec43c00d9c9c9a49effd129f038391f865f85ddc7d7c3c651dad16ed65ffcf545e698aba5f434dc19f0348f4f39fab4781b77d07371

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a709.TMP

MD5 86e466e62394d3e2c5b79310ab5e23c2
SHA1 5fafd48ea3254f5da373a2981698204a69c14c43
SHA256 09f75ab2679c0003cf4f14e541abc49d28de55c83bdcad09123d3cebc6f98644
SHA512 701fd6668cf34204482bf4721256946e22deba49e81cddc2b7914f1a2fdc950eca9941b4642518b83cc4c74b21a465a6365da2382ed553df3530bf587f7716d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 72cbe6265b56e16ca160cc7019b39b19
SHA1 3b270dc077f57b00fe6369fd8134cb7936075cf0
SHA256 63a6cec1372fb71062625a2511b4feef4ec121dc4f669fada9a4dedf15d494ed
SHA512 eae8e5b1b169a49dfda2c764d1b28707711d6e96fed4c866b9181056c5a8da4491dae4d97c15f858a86a0ef175595df790ce1038c708e6ddc220df8c77beb699

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ec09505353bc4fa7fc654913d3ed3c76
SHA1 b3893bfae7b6fcc47b8278ef1ee57211c9806580
SHA256 95a7ffa94b598076024f32ca40268bcf53ffc250e3d385204ae09193ca3b7f71
SHA512 7fb1e0142f1a027b3ac3133963bfde6f438c7d3b95d3a7e86909e3d7d6fdde1ec440e552af539fa2231b5b0e18a5aa59bcf8bd654613953e03d282029e8c61bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 34926fb0d45263ba8e948bfe53babf7a
SHA1 5841ba9baeacfe21325732186398710a5824aa9e
SHA256 fa81e34b3015b9cb2ce51e3eecb1c535e1a1d0db2b974fa8944b5e7af5f37433
SHA512 737e29b35759e42d5e03df9418c5f3e9be217f58d8036866bb74c72dd0b01fc5e61b3fdf7f98f7329ca006f794f6ae4533f05a19d999ab0d84754dd663659990