Malware Analysis Report

2025-01-19 00:30

Sample ID 240507-lap7aaab2z
Target 20292e64555ce4a09f316afffa204a8b_JaffaCakes118
SHA256 9f31ab9eb5a2a1cfb324b4580ef43869cddb12f50ad5078d16c6627bafa72a89
Tags
microsoft phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

9f31ab9eb5a2a1cfb324b4580ef43869cddb12f50ad5078d16c6627bafa72a89

Threat Level: Likely benign

The file 20292e64555ce4a09f316afffa204a8b_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

microsoft phishing

Detected potential entity reuse from brand microsoft.

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-07 09:20

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-07 09:20

Reported

2024-05-07 09:22

Platform

win7-20231129-en

Max time kernel

120s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\20292e64555ce4a09f316afffa204a8b_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0043b4d15fa0da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421235469" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f1e2217dc51ef64fb9e67e32c35fa8bd00000000020000000000106600000001000020000000af26cef37980df07818c9a69a45c480b937f439b9f4bed28734f0a88f5c12583000000000e80000000020000200000007ddf0dd2dabdb78cba3fb8df9ffde0d8aa1479807137abeb0875a5a1c79e7e722000000013d324e8530ba5dc5f183dd34fef319d10fa7439e61063e8eb59c81a2a6c3b1a40000000c21dcd2827ba22f7c318f327980522cffb792d4ed5af239a312a666aa0523dc6ff191a7eeb6c221a63a282e9fe8a58d8a8b26aa32e2dbc80a76d25c117da7856 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f1e2217dc51ef64fb9e67e32c35fa8bd00000000020000000000106600000001000020000000e0ba41cf39b532e68e8e96895da8592ed25a921879cd75471cec53e2220d2659000000000e80000000020000200000004582d420585bb29cf72d84b73a7cbf542e880e9d1e222ef4f6753973bc76551590000000a1b1ad92fb0fd8cb928ce0d434d192339df6fcd2284b31a30ff6eb089c5a6bb60f91737e5929c18b94083ac3831c88a4712ba7ded530b172b85968e8506458c7cb0fb3db9ee7aea89d51dacb199c9aa83d676083c6d1cf8a6b092e488857a26fe809ebca4a90141350c45c78610e59a46833fb5909952ecfea739bcfbe65b68a0097432836c3c5ce126264f3d36b13e44000000096f45ae0a92cafd351b3b9f8361e563f19d84c7c0f4d3feb0b609a1bcf89d1e1cd3fdf98d18ff7f039d8a3b3702cc3a2d9c8597816bc1ecca88286d019fa73e6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FBCB29B1-0C52-11EF-8EEA-EE2F313809B4} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\20292e64555ce4a09f316afffa204a8b_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 secure.aadcdn.microsoftonline-p.com udp
US 13.107.253.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.253.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 13.107.253.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.253.64:443 secure.aadcdn.microsoftonline-p.com tcp
GB 23.73.138.80:80 www.bing.com tcp
GB 23.73.138.80:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1AE1.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar1C0E.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d987d530126324f55a52cb5843aa8792
SHA1 aefae358414c62f9d6b42385e14973396d86e8ff
SHA256 91405380af084526bfcd91d3c73a87bfc0ca5d0ccbc4b7fd58be5e58dc840764
SHA512 697a5755bb91ac64d0534c1a106e0289bff6bfb88bdec361736ffe19be905c54b81747c27f2acc38eecda4b4405e93ed248ad0512105f64893cce3bc2a425473

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 470f6ea0033b9e6b1e5574ec77ce8e45
SHA1 55ed9f63e21557bd067228a51855e999e460a093
SHA256 69f484167490f4dbd5b108fa77bb8d042f0135b9676e67ba35d3489e80c8ae47
SHA512 78cb33986bea1f10c33d3a62e7b25ddb1cf9cd30870a17635fca1912c2ad65ef9a232efa81f54a49224fad8f23ff5880802a04794542748c2f51aa86b2e5ea4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8aabcafff02d1a39a62b608f0a690b8
SHA1 c9687067594698bd286d7b293e2ecbdec8d5eef1
SHA256 2204821aacbc855278926b5e79905d3821071505cda8393d466d8e2f6ecb46cf
SHA512 518ebf1a3eeeffbbbec3b38d9586c27387640ba875324598d45f169c6a6147fd10c9b38173b48b8f236ce2d65c4899e775a76f646b73cff89245e27fb14dac5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8f97ca6631b0e26143cc3d09fa1e4e7
SHA1 5cfcf743254f8b2b5d0dc049e1b0708c04e2cdbe
SHA256 9b16ab0c48bb88248d82fcf76d271182e8ecabcb9150c84b82a61b2f16d03b50
SHA512 d4e7f55f94ca87b46e6e4e797e75373b82d2ded332b5f77caea536c7ea742e50478bb15c578cfca717239eadfce62368da9fd5340fe30e5acfd6d91f006d6282

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a906f398c629ed42119136667d047a04
SHA1 56b79c35fe905262840631376f35f33928ed28bd
SHA256 c590dda512915fd9c8bea4f07c71c774326d7ffba433867224308d739d655580
SHA512 059ad2307cb66025c1f3cc831b00eec8617805ca2968d040222c7b0dffa63616d61d7cdd236ff7b636f82b95357e76eb8aa4f2510e65c77e33d1efdd0c8a0c71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a92edb6538fd5bc10a874ee0e09bb7b
SHA1 3296be3de4d0ebc71d8adef04bb332afc6106790
SHA256 f765813d6e581e59e14a02a8da14a53f7eb323fae17702fa6ac6d18725b2a717
SHA512 b3ecf90aa8916913c57a43da5e0e542144ef0688f1c4438bec0dc598b6da94eb17683b96c47863aa9d1194ae24d5d8579e658f6fece75a41cd14e909eceb8335

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b3643f0f9536a00c43f2a891534b009
SHA1 31b1ca15c9075696b3bd3a7549f156a563d891c6
SHA256 2c2f9659651a3fd1a86a1037d1cadd7aaecc2468f1412173adb20e73c21b630a
SHA512 079a47e9976ed49b21ce3d959d17c441e78f1ea8202aaefefe805d1d3dcb4e2565949ad510e8aaf939a1f631402fc36d3fef455bd3bda5adfcbfae3768a52919

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a76f5e626fcd297155093ea3d6f37250
SHA1 e79b72d87ece64295d8fc5648b2a708246d3a458
SHA256 310a7bcfb89023ec1178260421bc99b88161092dce6c980dccfbadd5de606082
SHA512 fcc2e4bc5e9e063712ccab311e1795436f1db45f08b72fa71fb23f5b25b923075f39ce862a5751ac3301007d4770a1a18e85cecdf2b435a71a11f9838242fb49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2b971acb3ca3d096e176f809d21bd87
SHA1 41b9190c97e0b6b8a226dfede0e1c7de9098c7b8
SHA256 8c42404b62ef9fafe511b32784cc90e40f6ab536166e4ec104591c81a9a1c95a
SHA512 3871b80dbdc537cc237f05cd6fd867d7e10ff7a97a9de70f69c680d9f84b13d5046389d782dc6857348d2f40905be9d39b13588c2bf34f8cb56f50499838d5d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7708b850238a7278fc0f3c023e59b5a
SHA1 b31833e711341ef62b8c7b73e39059a47f8566d3
SHA256 8faa982274f6cf5577b372e59e5f75ba16853031a2d2a8f95429964e91b1b1c1
SHA512 74adf41203afc5746138fb9f92bcb3b92e2867ad50c1c8d0a80475ebcc1ca5755530d62582abebe1d21ddc5c0bd3df88d5974555d9335ead379703dd76f6dc63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d626cdd76df03241dfaf57dbb084e3ce
SHA1 9833a57a2c5218c0a28c9ce6c4899950297f4dd7
SHA256 50e99981db741bc961a1185c371a68fcb399a2828406dadcfec8d3c490010b01
SHA512 bd1e96f9bd0f4689aee3d9feee4c56bb2dd580713b3ceb35fcf730d3bc56c3560401545739e4018698cabc7069574e2cc8a46d39e7ec2ea8d1dd8a9b31e5c94f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0599f7b91cd0e58068ee7edd209184b7
SHA1 f88d9403cbd54be3a5ac08d05e5f320f78490c24
SHA256 e950a22e9e69e30b3f3b110ac9c572e0c531c8af49eab9665af5c02b5c85d09f
SHA512 ba3495cfc7c487e3269223fe32b4d73e681489c7912f95d35baa690ae81dc26d605117e49fc49130ec354cebc1eeb72f3cfc1b5a47193e90797f70c98b709459

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e627123ad663a64b20ce67c3ffa532a
SHA1 f7d0c1a8fa16de6b8d41b94fb3648baff437e73f
SHA256 27892a6e1af57b791e5163a75bdbcf4180d77fb287864762b4d999c312a6bf27
SHA512 40a170d48fd926c98de3e2a5c894ed40cf32f9049fbb28b9af2afcc87604ad3fd33988b5a322aebafbd66f1ce886bfd4422a8a48c6241cc01f07d25a62cd86af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4836f00a279f015ccbc5f3e2984f158e
SHA1 a7fccf1ec3d8bbc302bf2d5f83584c5e7ebb98d2
SHA256 01e1774cd6f8a476baeb6090caeb18b23060aa347f7d1028675b3112f6a29109
SHA512 7cca88bc72f1a35877fb34d283e4fde21c96f2b7cedcafd59cabbe8b46d1f41fd4249652096a7086ce2177094bf1211106fabe9bf17cfebcb2edeac1d89d9f1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94e7bfc8f5249a3d89da822d4e425ad4
SHA1 5d1636f3a465805623711c8134c3997b990af320
SHA256 403115980c22fa878cc4f7e5b846dbe2f2172310a9537cb4caf5ccc3627e93ef
SHA512 fe569430330a03c6ccc1cfda18faf253741175f54f73b8411530dee296b315c8ab740a2d709fbe58193c9bc2c38338313223213d242468c4ec20dd9af6dc5d47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21b2d450509d6523cf2073f433eeb88c
SHA1 89ca304dd72d434f8c7ee9a3f4fd9030c64f0c3b
SHA256 e442a1bbd2e0c1edac472430bd58a1c04f9448442937237b26d6532eb9dffc05
SHA512 207c104faedfd11f995f19da80931710e5162266324bf7f04ed302ceef04928154001a54b8c65d3191145486f901104b3b9e0dedc3662055f3c94fb28ebb8918

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0d49ada85380e85e06fccc35e549ef5
SHA1 28a59c0e38b720ac8e96be6c40b9b335b113f041
SHA256 8439f6669378c8e891e21245567fb3ad167a470ffe237e9516cfee9f2438b96d
SHA512 92b40ed644fd0ee3e8f56c5867c0554af253f424d2eeae7dbcf9bf4e056d01f7fcfee1a909007bece1d35f77bca229d6276f5cdd102f0f259ce179f1f08c05c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b033f3ff1b02cc5c4dc4c808cb26c0d
SHA1 dd2f32799868fba1149b6e8772a12b2c10539eb7
SHA256 d9d25b9f240f804ba5e8fac7ad6b66b8fbfe34c51b53a2a1b62da568bb8cb941
SHA512 145be61ab46556434038fce4679ee3510a45c4bb7121e967954804cb3cc5374154845d327b42e0999a4f04003cef1fd66ed6709657d7f58f3ec2393d9c9e3580

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ca03c63431bf42a586aaa6b7e0f7b2a
SHA1 5d0f01beba11af9b5712f3f287fd6a180833069e
SHA256 14d06e992c261052dea8932a1a9f0d46df6842b588fa0964319fcd08cbad4768
SHA512 2d189e3d7a8ae7c8006230f2642ae468e8a9e920b6386d12b603fd2aaf9c4f085124336c951b55a327fcff555368847365dccf0bbb382df490509fac91064f5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9513438042651d314e134529e0ece696
SHA1 0d724f547e39e8978be9352a9b9d721ca44cc52b
SHA256 1f9f8387e2ef4a4745e79f8a0113b86e5e63acb9beea942a971fdd9ab6b1bf65
SHA512 ca129f49081dea47280ae6683fc4752a5e55b2a6356ccea35c2fd8d72796437ca518f0438a03bce8e87bf2247ce251b99c2aa9a245912599c765cfcb983985ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4ecf072b869a3be1d639029194d215f
SHA1 4056f14f815f276f9a6f8c2d03986d1922e59b7f
SHA256 7665a25f189f60b53c2ddb51ff7864572f1ff5ec5c21809d175dd8e0bd9e2015
SHA512 da4ba8f5fffbb29330053e43d09b21b6d84ee227bd1c88c1759217bcb835bec22c4e4f9a2e9da319639e2d1d1143d3c558eb25d633d6e5b8e0480f604c3cec7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b31e4a4cf116e49fc44166e8efd37d41
SHA1 dad9c9242e5dce6fe24987bd8e937eb66a4aff90
SHA256 5eb516c781d682c60e10e909ac01d75a7d90b554a403095cf5440563444d7247
SHA512 553006f7c0b291fe4009faa8792ed1fd072338afeeca19d3d29e76f4a5cdf9dcb029c26e0450feb8ffc5ccf7abc8944a135ba71a793d55aaa616add23862c080

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3891c0fd783d86335cfd651682371827
SHA1 c6ee6db30c6c7734a5f9b24bdde3c2f8b38eebfb
SHA256 f02da56829f8d975fad9e7cb7be032cafc6a6cda05804aea7072ff709cb5862d
SHA512 31cd152583633b41416c2a582c44de0e092757487903bb8257cc256c114e8c3da9fbdf507c29ecf3951a147f026e13ae3cda5d1572b9728195fe433c22567426

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f22dfcfb014eead7e4a0f2142de3eae
SHA1 0148a0a0ae0db4c34a19986215c4be7816530fb4
SHA256 e6800d2307574385dd0a759768eadc37e77be389caaf3a64a93f3ffcaccb163f
SHA512 290049236559fd11bfb038898caf9194f39911f1f10d87a764af1f0484c44193ece68ba63768a90b36369894a4b093d9c707906f4c39658278f5a1ff47080a58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 ee000148097186fbc398ccf680f40931
SHA1 6cdac6b2ea8f6b73b590faa19b7b476c458c98c5
SHA256 1b104bdb69b1397b2d9551d6f11746a4c4f9194eeb02e162c702a52cabb38e89
SHA512 f08875a15b61c06a9631b3da3e9b36cebe6caa0124aa43603d2beba9e6a0e57250feb9877ef9d48467040b737bc5ffe20d41a3b28823cb345b418698994a1c5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7cd8f0a101267616826178a6816175d5
SHA1 4858a9786e1ce079a659766c3db956437244381f
SHA256 026fc53481b5ce24a951138ae4050e81d7b5b376f426403475c5e4416b7e2f9c
SHA512 226e2cfe9eae96a7b45aee0fbf53071fc6553d0f8b25fd01d2a55c39a19ec711605b2b5f2b2cabdce7b7b8ea9664859b55fc6cf8cb526e66b09558766309c518

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52bddf6704dde3906ce27767233dc63c
SHA1 131425e4d4746b94dde9a9ea64827a2a9ec6c4b2
SHA256 ba2be453297218b5566f93f7a394f8b9504975b57e1ad42055437234534595be
SHA512 e318605433c6407cc2d394e9e2a3ec27287a25ba75a661fa177fb9d64bf3226745ab806b5da848c3ac2973cbc142ff7d03b52e7a768a0079ffaa037c3e9c8882

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 921e1c9b4ac21d544095f39741c08766
SHA1 5e611182718e8fd7a39138e48887cb2d2699eb3c
SHA256 74c12ad6a9c09936da12db76482a2dc9e1158cfdbeb75792333b341658e02bd2
SHA512 19f33880832d3d49220ec62d6f81be325630997fa7fcad50b46ef95be4421feb1ed724b4b028e0c0ea746027858031a179a5abca93da6419f117c6246a0d31cf

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b33ecf641ba88c4ffe663294199b79a7
SHA1 1e7a458c422d1aad55fc84061f27c506a161f97c
SHA256 ba008af142584e1db7ac959a8c423f86109a1732b44c2fa1953d4da5c321fd22
SHA512 a422d7e829a09fb69651f764919bb760e0193ffb69c5ccb57c4890df21e9d23c8a6c88adaab16262aa2be171f2326f14b62d63669898b87ce687ad40562b8f75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcc29eba322706e52cf59d4d00ea8f34
SHA1 ae28e92eeb486647abb713ab149d65de7adb2e41
SHA256 772cd08f620f3ca043fb8912354920fe9c4f48bdfda6f1f19db1d42c5462d7e0
SHA512 a667a24a42226333b3cde89e01ff5c7e46c73b4d69bb448b3a42d82b82c8bb659bbd54151f362972e937ee304390dd5e606d8926a0e3e010bceec3c95a5c5004

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3dd072f3ff2fc416c6f2bb29932bdcba
SHA1 defaed59f264d1a9cac675823310ba054607fb77
SHA256 721590a1b7519aabe8b9d7c3f074ad5820946b7e8fd00d972db3175a04fad181
SHA512 c8f16f3f64f43a7f3a6336b400eb610fa189119b433a16bcf80f2da60c44d764b3dce90b3eb9761a3f28c18a8117f92d09c7d636d03bc92490cd6929ab38ecf6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 faed407f837b7e0ec053f8219f67e5a9
SHA1 73a0aa1aba2424d5dc84eb140bc856578231a6f5
SHA256 c6128adff7ec1a58e4cf665a5f0c4c7cf3356912ecc44ed01d8d73140369b93e
SHA512 23a07a55e3092fba3883de1554a203b80fab121e59914080247e2a571a7957c8e3748cd6d105566358397a857e119e9f3998389af0e15690e3efd41933835ba0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2b5e7bbcd02c40bdd925fc75d3ca8af
SHA1 af84b6902ef4de83ae7e4bd4f6ccacae431f970f
SHA256 af81846f0fcbc33821ed1c6de49d5bcba4c93d66bf21c750198af20d42013e65
SHA512 538b3bde6b4fdabad1c9f95aee3bc6819ab68eda540a94569fdc17c912da84478fc3729e5d81beeb4e6c2ed4531b10f8e69cc7a4f08bd70c723a311ccb6ed4d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0568207ec29df70749a3cdb65c54bd13
SHA1 6b20bf84e9a2b416abfea0456d518a2597383064
SHA256 63d9db18868a14672f8b4210e768aec648f18ff2fcee23e873c7229bbc592955
SHA512 766cc7ff0f58746e05c5d318200b43326cb860eaac437cb3137eb1637a7ee0598baa90a7cfcfe082bc6486ac888e17635bf496580835c318618dc25b022d1f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad6f21729db3dcb75a1f58af67bd3e66
SHA1 1bf6dcddf903a22fb95f6d6935811e2fd91cfa15
SHA256 3d78dc97b49b8df97b03cd33250287b52731480cc58e503d7a8a5481bea583db
SHA512 09b317a4bb8a997d16fbfe81004ba7d4ca853817a06216dc672c42aaca6af51c1f58133300a5c30774d39bea1e267a152992285e53d085604e20e248b1af3f00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d0706a0788a281d77d13dfd70fbc201
SHA1 32b5be3aaa3a407d3af131f9556b705609361e5c
SHA256 7a409c76415aa32b6288c5a963dbcae1a5957f2d82645db58a8b26e52e1c4c00
SHA512 eb2cd401db256b1ea641dfb7c6faf7dec58968cb27b16e271aabb559c78b92dd48c6b54cb279454775afcc71789f0c186868adef4f223b2dab050fca5f386a9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55616413f7f70a358b0e5d014239f90e
SHA1 9032751ee338e178ef027712229148e04fcb8de4
SHA256 f980458fe429189cf8332391c110b2c9a1fec161bb7540a17862b716324e5d46
SHA512 47edefc86c0e2adc9eca0ef768bba4daa6c7865c08b3be243b2b19c67a72ff430e260d4ab0d8c0e816fb3c0619bd7cd22cf7f3fbff517f83c7f00bba76d2b8eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4f193cc7a953f0aac3f4776a0741341
SHA1 5d6104af7997458d7187d8614a1b51cab2d23559
SHA256 f729e28783183950e2c0d993b5b68c940492ef11e74344bc04c6fd65dda3b440
SHA512 9f4445459be68e06ebc09020fd4bbe286e84409b763558b0dc7994696f74da6ef88c09565d379193402cae994a05bb314edf513926e585e4d1d048be5ec71dd2

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-07 09:20

Reported

2024-05-07 09:22

Platform

win10v2004-20240419-en

Max time kernel

145s

Max time network

129s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\20292e64555ce4a09f316afffa204a8b_JaffaCakes118.html

Signatures

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3924 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 2096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\20292e64555ce4a09f316afffa204a8b_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1a0546f8,0x7ffd1a054708,0x7ffd1a054718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,12029731471334706745,2205062638359895424,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,12029731471334706745,2205062638359895424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,12029731471334706745,2205062638359895424,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12029731471334706745,2205062638359895424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12029731471334706745,2205062638359895424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,12029731471334706745,2205062638359895424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,12029731471334706745,2205062638359895424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12029731471334706745,2205062638359895424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12029731471334706745,2205062638359895424,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12029731471334706745,2205062638359895424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12029731471334706745,2205062638359895424,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,12029731471334706745,2205062638359895424,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 secure.aadcdn.microsoftonline-p.com udp
US 13.107.253.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 13.107.253.64:443 secure.aadcdn.microsoftonline-p.com tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 23.73.138.114:443 www.bing.com tcp
US 8.8.8.8:53 114.138.73.23.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 48.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fbe1ce4d182aaffb80de94263be1dd35
SHA1 bc6c9827aa35a136a7d79be9e606ff359e2ac3ea
SHA256 0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51
SHA512 3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

\??\pipe\LOCAL\crashpad_3924_AVAWHYLDEVOVDAAR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2a70f1bd4da893a67660d6432970788d
SHA1 ddf4047e0d468f56ea0c0d8ff078a86a0bb62873
SHA256 c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561
SHA512 26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 193938809b33709fd06ae1e965b3c553
SHA1 2f3a2360eb64c8275d0ace9e5d466c0b3323d979
SHA256 903992b724af67eb424d32d739e22fab690948e080f958597aac0e061486eae4
SHA512 3abe7b6d05071927162ddea8b60f1b78c4b73db9d688105e99524802b54281172822de219627922e353f83b0bc2771d110ca234caf3ee216e366ed739b75fcaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e28ae80ad8cfa7dbe71df314595281de
SHA1 ef02f5e6df11a8784d6319a77c068882c93425d7
SHA256 5e57e70c70c05eb366bc5c7bf55af923ccf21cb3cb8d57703e4cffbaba6e2178
SHA512 dd68cac8c07f92449439806cfda3df946391e8f37d8dae9c6b7e419a11233f4f133136ddb9eb1b084e2dc7645480b2876e40e1a5d8961d7eb69fbb47275bb2c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e1697722690b0344f51bd66996597af8
SHA1 93aa2f236dc683aa8f0e46ba39cf032256881e29
SHA256 d6926a2f625560f601ac885108c7794f937a19122865bd116ee9542c7ff2975a
SHA512 032741d9993a459f46df1ec45ba61be87e8c7d02928d594793e7fed11df3fee49ae3a60704451feaa59af2c1204879c6215ae20ae51fa3544e021c1650e09ddc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7f682555b9a717fbdfa40e3e6a705279
SHA1 bf3ecf42fd4ecaab2a2651b44404f99c9d636a9f
SHA256 aef3ac61b005edc44fdf0e7c664427ed0f111adc79e78d3d1aebc567b57c6b9c
SHA512 789156d84687970b385dde02666d53ce4e15f3918edeb6b01ec84869c2c993aa640e99bbc6881ba85500f29ea26582ad0e72f5f5e63087b92caaf3fb8fa68c0d