Malware Analysis Report

2025-08-10 21:37

Sample ID 240529-jlsensfe3w
Target 7ffc753090a8917ef7cadbeeff1c1146_JaffaCakes118
SHA256 95debe8ad62d80b2f69b21faf23494d846ba9cd7446f80f0bf5900265c40487b
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

95debe8ad62d80b2f69b21faf23494d846ba9cd7446f80f0bf5900265c40487b

Threat Level: No (potentially) malicious behavior was detected

The file 7ffc753090a8917ef7cadbeeff1c1146_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-29 07:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-29 07:45

Reported

2024-05-29 07:48

Platform

win7-20240221-en

Max time kernel

135s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7ffc753090a8917ef7cadbeeff1c1146_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a40a3a9d66bb5c4e96df4d0c057aff910000000002000000000010660000000100002000000007999af65ded23bf520f3b49070e74e4b6c277f4c3c55d1f20833897fd120b36000000000e800000000200002000000018e60acb2142d07a67d4d5f27da306d5ff4654a9a2ce65d01dc048be05664e2890000000a4444cf21ea80540f6cabe1392963f978322c75e19cc05dd781511306d612ab5c0f76faaa9495ade68379099390dc10160e71d6850e14e0d5a76a77b64faab841cc696ab93d3e048143e6f9dbbee1809fb009abe0723439c9b0d541aeebb851ef0645ddd84a3633e338297760572ddcb4c5736c29f22ec436c1c13beb596484857dbfcf044488abb69ad627af19bda2040000000f27c70c434779ecf809452ac2213f3e769bf2dd2384c023d6034e0176382f4a649a598ad925fbad340b6ba1ca07d005cbc1db4a5b836d67892aa167fb2846bbb C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a40a3a9d66bb5c4e96df4d0c057aff910000000002000000000010660000000100002000000042bae03f9fc682279e205f87864bf85422064109f0d7105c0cf3df50e2181627000000000e80000000020000200000001769681c69faccb024abd56832a6d2aaa7d662103b4c7c4effd96e8d5ffff0fe20000000b2fcf4b85d3cc40709b1726ce6a69f3d81e1e38c4ed4a2a29ce8f9e0595cef4940000000b931e47a7ab1e497adc79b80345da80ad63720d9107b4578080d5f580adeff3e6df21888fd3d3f5094de0328d7ffd5e5b7efd6896dfc2e6dfaedf61a6b10bba5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{77E79FE1-1D8F-11EF-989B-729E5AF85804} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1099f24d9cb1da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423130619" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7ffc753090a8917ef7cadbeeff1c1146_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 use.fontawesome.com udp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.18.11.207:443 stackpath.bootstrapcdn.com tcp
US 104.18.11.207:443 stackpath.bootstrapcdn.com tcp
US 104.21.27.152:443 use.fontawesome.com tcp
US 104.21.27.152:443 use.fontawesome.com tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Tar95CF.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab95CC.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b9a6ce2d8d958f97f33e4c90383555b0
SHA1 1dfc439a009c45eb482547d65aeee88675679279
SHA256 35c92a56b5f0f8520f27ee9b8d093c80deeb4f7599dbedfa8619559986db3c03
SHA512 0395ce6722e8663e946c8ab45bf6b28dde3d77c42ce893dd5d9174bb1c2c287b5ec4cb165ab2c606c13b39a72af14ea2d1b63bd3f21b766f8969b6d18db920f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 8354286702cd4a21493674bb822f9a7d
SHA1 b2ecd0a7f5047f00eff416f6be04a26669931cf0
SHA256 a0529ed2580a24896d5bcccfac4898dd50df70aa219ad6bad903e7fc9cda45a7
SHA512 9a667f05afaa247c07ffe694cffc2eb2417010e0ec4c867b2e865972a67339b5ba72a7bd159d363e2e032403d902026dedcebccdc8e99f5994066d2147bb1952

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 78511042ec1344e6fec9f12dae6e3c2d
SHA1 c189aa86f088689574a1d271c66939adee6fe4b6
SHA256 12aadc4d3000e862c146882360bcd44e5dace71cf0a01de48f7fe95e322a7d64
SHA512 2ecf70d5628d813f647649abe13f8c5d5109f1f9eee8afd5a4279db628555643c037fa16416e35f53efa74b42633fd7b6d5e2395dc21e1610aca10b4dc3cfddc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82d895105c829baa146fc321df6128b7
SHA1 a44b9520b72873463351699039d8962b6a785948
SHA256 5b0ab78356d532faedb3abc6a453dbdda22ed663ce221b261cae03d1f8bbbc11
SHA512 bbac39c1035fe32ba0b9a595f56015796a695984293aaf12ca8fcf30840d483d19ee0e530cb37cbb75e8074d8e61d87390ac17843ea44d23d1f67ad75282847a

C:\Users\Admin\AppData\Local\Temp\Tar973E.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 1e2db20b648a971862a4b322c8a4ddb2
SHA1 ce82c42c6f97f8d2ee171f9cc69f7c546afac9fb
SHA256 b1484b824eba562ded6ebb39715057a1f687b8e0d93c05a20dbb99ded662998a
SHA512 cb14a633880430d891811c0ba019baa96d1e23a1d25efd0892531e34b56c6b9f93ee41ba979167de1312c2b456347da0a912630852b19a6063b62498e7fd3117

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23a3d4e7e802f6a9119c6e14f0efabd9
SHA1 87850f4a68639027cc4e96b2fc27fab986035c8b
SHA256 296808cd59b7032b024c9119f0265c26f1a2a4025103dd7f30599088ef733f8a
SHA512 ef4b4cf5028a162dd76fc5df5eca5c76420b124cc01d17a93cb43821b6b281fd42a4a8b56a0e5c33fe55696ec9d5a6d8972800438f0429f65ad40581c02b0419

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 0dc9cd43cd104a66fa5ea7a04686c41f
SHA1 465dbcec0bf817cf4b2a790f839861ef0035df57
SHA256 c2f31ac96e1248bd2b224d34251fec630f8b72275284814fb641f66b0eefe85e
SHA512 825aebb019adfb979de391275c84d59928113b399341f96213002040bf7e90abc1ae2449168e553d971a062deb03d0d920d85aeb4193d7b781aadb14dd00479e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad40b4617dd6a90c34d4aa101b269378
SHA1 281fc6e4a023b27441331f7ed550e0c4acdb2df4
SHA256 75e9ebce364e908b2ec7804d5e09d1907c0638e60d8f8c1c178ff4893a711153
SHA512 826ad4555c4e0f5bc1eaf7ad7dd8c5f09adceaa8922f05a16d070a81bbdff58ab428a0df32d2f1cc3960b63fb0d343e1aee9d5af0f885c86d407cd76332d0ef9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40018a67f5b03c50d6829824974d2e50
SHA1 8a4de12712283d0f5f4113add4a236ecdf9d4b2a
SHA256 f04835fc29a63b4a9d6b0e6747a1ce1083fa2acb34694a28767ed56a7114f7ee
SHA512 f9ba7106b45c0a4b2c6c86d62fc82b0da0ff39a7a67b55d96815d87c14879c5d735cea0c16459ff16453ced7ea4d14c13bc6b2ce1908cfb0b3e9eefe3dbba472

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75ecd13c8f47cd3ca78ff886cd4427e1
SHA1 ef577a3be1006719aa63b7b188ee294e34c9db94
SHA256 bcfa97422f4ba02b0b6197c827bfb0bd42f58b9a716ed93b089979f16365776b
SHA512 93850fd5265c6eab792831c77c5ccdafcbf73ed26155384dd2f2a37f1abe8862a88b89bf120c2062fbaf4d3a66790e020249bd48e7bc792c3268652c972f1f91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74477960b9858fb05abafb56886e81aa
SHA1 e557b0d5335f1690ff25a0f81c64fdc06f7a4719
SHA256 55677736e09b20d61ff9976c83f1f433901ab64bf5ae900b88bef256cec9c766
SHA512 81b52b86ff3b41178a3a9d395079cf621fe131e09c9eb25f65e8fd660e5ada9e2ae852b58d926ed7fdfb852886b0ed5ebbe41b53bef5c05fba9d270d92779470

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78c17add762d87c79edbedeb4a65bd36
SHA1 5191036658a37f013570721b4d227a03d3516b95
SHA256 01bcb593410b2576c5b16eee035461a14bc78a3b711555e14318c3514a8478fa
SHA512 582a993025fabc54b8072e5a4256767bec1a79fe5ec11be312f762a27a7eb11a2828de653b0fe462d2b596cf9f19de823dccd54e1d1bc07f35b718654b25a8c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8036302f1c8c82e9a2af65a54b28d257
SHA1 3ceb6d09abd73dd9630bec517c0e821cf491a021
SHA256 c6ff593e4ad366c7b5116a7feae896ea8fc0adf20b8ea544681ddd75f9e56601
SHA512 19cc6257bbcf20762173feb0548ea7092a1df7f5281425add29d836d6110fd06bd749546fbbb71bd31cd334cbf5544589e1455f86df05f921e317ae184e3dee6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcf2be79385893cf7ce00dd7d7440c70
SHA1 c0bfc2bd433d40feffb10df264bff93344b7336f
SHA256 f0351cc9f5ffd7edd7e9660b3901ae6a1e2283e7b10bf8c2afa98a9756868583
SHA512 19f21b9502a7b717be61bbe31fb9b1550b5d991cbbee32550a9c849825f5f557e035c0632444896ee1bca60285f3397c3ce44fb8ea16a5b010e5821052bb7099

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e093183371ebb8eb52c4107b48e39bf5
SHA1 9216b33e9797eb3829aea5fe950880035cd787c1
SHA256 eb9a5cf296c614be41f399242435c71c1d948bef805e390a530893bd4e5b5320
SHA512 644c45dd7f1ac20fed645c52a38a15afab34eb0f7e9b13fa5e0c0315bf930a9762675e849a648727dcd7387ae392d484973782ee55a635151a1427946392b123

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6858f287675b181121ed9821ac3f9533
SHA1 1e5483b129bb293bdf411f0f09cb188cc7692547
SHA256 35c1e813b6d30fd0fea385e3cf75dbbfc254d5d7be841a1294b00b1d6f99d804
SHA512 53e1198c39bd01cc247e012daebc21a6873c08ae9b4384d9bf0aca0f2de196f43a5d688f34efa84e169c7db1eee8c6498412285ee4bb60fef5949b4e4128ef75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70297c3f7c4b402b7ff8e4cb9e67aa2c
SHA1 3481f23f133a346a184fa7522050a086511213ed
SHA256 11e8b3bd9e23247efff50235192f24b864f224f54e6befedde3db81f1bbfceff
SHA512 54a7aabf1719b3ad5582aaf08fc001e26570b678c2fd44ca7ccf84aee49459ddff9decc5caf969601463786cf015149719c579ac905c3aa9dae752923989ad56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4607a131ad3086e0f092a3d3ada09945
SHA1 b2507c2663860e9bd147be8b37315edd37d73487
SHA256 227ee054e2cb17023d2f3d0f7e4fe51400fd82aa1bc8fef4545c888fdb3ab838
SHA512 6103d0bf4073f66d6ba4692ca329e427acfdb44ec86d3a01c5f5e700b3b1e1be260edd0858cfb78c9e16ef6d279d83512f8cfd7b629506c7cec7eb01d27a3c48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d0f5a781b2789699cd65eed6110bf48
SHA1 f64351f3b34f29e759292a05b307bc0e9a0bd335
SHA256 2e6b5afb1dfebc5c7b0d5766f824fc8de3d2df1e5da92ba6b659dbd6cb0f1cc3
SHA512 59958a3cb131e687403356b16d4838a2bc7549db23925a535a1c9304f4322fe0f1e402e0c22eaa26aeba71ab6b85dcd238a1d2530db58e2f19a515d53876cfdc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 8da3a6f49fef50c27c8f864af76f759c
SHA1 ab04c6a510158db3537c8b264e383f1b323de284
SHA256 934d320a6276e78fef09fde9236e7464ce3db66905c881d34a927a1483603b61
SHA512 29bf585092cf05f019147a9518310108a85bdaa9dc31a875298a39765a27c144f7a9912cf629906094422a6ca356c824f16955a105e7ef5555582835e277ee56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6aafdc01e5ee6eb6c02f23ceca1b9fe
SHA1 7e0e04231d20b6dc5b308a21954d2392753037ae
SHA256 2f09c393d13e926542992d38ab014d7e9af5037aac859aa7f0b49fd64f416d28
SHA512 29a371fef0a42273b70aadee21cbecf2dbd7778ca7ce0374671bcc059921a56b3cca94c0bde6ccd7ce354aae8903ee091341d3ac45095f878b26911110160e76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bf4fa4bd5c72e897c911067f1853d58
SHA1 c37589fd4a853e39753fc36d5e773965e8e1ebce
SHA256 028134fbcf94641e558097f3fb1ff41fb92fd99b03c2003d0e3e4264d312b0da
SHA512 69ea8f95e2d9bad23d0ec71ce7a2021a90ea18bed1c121e29589a5f603ca2eab6125e9940a3056cbe25a75c20a08866c37ddaa279d27862ab7f9d9a4527ce3d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd04fd59e63fb33f4dc11ae53d6eda22
SHA1 f881251dad5944522aded5fcb47ac05d7cd65645
SHA256 ad54cdf1bc09159a6616041d5403f4717cd0fa253584fbcfc8f96f5182edb2c0
SHA512 1a86b187db4ba1a29da8c989da1e9fc66a3795328032ccbf9bc1f39fcda1983897d4f30740d448deb7285e0d71012bbe98447651fba26054676876f7f0a4dd98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57bae4996573088035a6115fa2c6f4e3
SHA1 032065553882484989061e18d5755e9e04aa3593
SHA256 5d9cbc4be53707921927c62dbbc849a3c073a754e5ce48d59d5bfbd9cb61c851
SHA512 d29d35b860207e6f6e94b4120f339c2ff2a77a63b28c71c9804a6d174a2f13621d742b40f18ff2d110f823a9d6172af8a5e5b4f71ea5d26976a5bfbca135abfe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da43910473975d4cdfb078e07988f3d3
SHA1 201fcba80f1ce06fea53293284389bc1a3b98640
SHA256 a589cc77c842ff4d539327d7d3ac0d7e84840edad52901b5bd438ac84f5f6edb
SHA512 a12cedd18dbf46e7e573d5425989b228e08b541884110aa157c5297bdc6833d3b627f7f828c2f2adfaf1378501827e13efae1e8d086ae55b8bd366d03538953b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ce951c1a6b004cfee0bd7d0ff984a45
SHA1 04eea728e2fcd794ce789f7cb0dbcd4f0c60d049
SHA256 167065e789791c644b679a0cd774be5a0ee0a760063154e06beff7dbb7b910b8
SHA512 956c33516023c759b31fb66ff751d29e60b7f39a8cc9c9c6f0cc1bffe1bf7d71aa06bce8dc37da69132f1e9de43cba815d2802feb799a1d6ac4057de3c7682e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e7af682b3546a515a2e80ede7e998138
SHA1 5dc762da038c37fe1c3e3a9ad375ff5f693bd13c
SHA256 39a599090be104e0d10dbbe958e44e9f3ecb1bac969f29b43dfee891ff9a03de
SHA512 1fa6be46055bcf9e076fe4b5442df5e4bd2afb28b8fcf2c24957a5969f76b38d8b2e5e10ab895edf639c904e69f9ee768a97cd8d1ee47f6d7487cf3e3eadc00f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5b04824e9dd6ae3cea35b3d2a9d06c7
SHA1 bd32bc69ed8a46e6223ae3c006dd9fdea3c6d73e
SHA256 2fd63fbaf6f7101c87710c38a71269c891e3ffbbfecee0ede54588685677422c
SHA512 cb228963f0e5853350a93d07890ac9a8ff06a6ef137d611221ce015074c4cc6aae94677d28158c711b2c47ff10fd70d5c721d4e16c1aa6322c5803d50188485d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a6f81784cd5aed4f00accf15c3ded52
SHA1 bebfa7cfe07adc9d86de4349219e76face90cae0
SHA256 09d585b110322b017710d4c07e1fb1db85d43e4c4590ce577202d1d76df62122
SHA512 8139045f477009ed0c8a692e9e21ac4a6d99f0a004246258c7012868203eef838450346c45f785251f77e9fe178bc7def155581e2caaaf433d24820ec6b12c88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f7bb2ae87bc7e054885c587e841fd1a
SHA1 abf94fa3889d69d26c4d5a9924cd1307f0a17414
SHA256 c312408c578623a9e64de6b6888b92184026098b856c857c9e3db6d49cec2d90
SHA512 c923d1f36d74f006a9a14275c004651f4cfc03e128063d8e130762ca4fe153ebee1b5eea6d97db8a78cb70c35dafe2f3d126bec6bbce15f194fde69c2f66d896

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-29 07:45

Reported

2024-05-29 07:48

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7ffc753090a8917ef7cadbeeff1c1146_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 392 wrote to memory of 1036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7ffc753090a8917ef7cadbeeff1c1146_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff86fc46f8,0x7fff86fc4708,0x7fff86fc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,15099922688200908991,4605882574678157756,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4932 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 8.8.8.8:53 use.fontawesome.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
FR 142.250.75.234:445 ajax.googleapis.com tcp
US 104.18.11.207:443 stackpath.bootstrapcdn.com tcp
US 172.67.142.245:443 use.fontawesome.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
NL 178.128.249.247:80 178.128.249.247 tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 247.249.128.178.in-addr.arpa udp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 202.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 245.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 72.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 83.90.14.23.in-addr.arpa udp
NL 178.128.249.247:80 178.128.249.247 tcp
US 8.8.8.8:53 ajax.googleapis.com udp
FR 172.217.20.202:139 ajax.googleapis.com tcp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.144:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 144.61.62.23.in-addr.arpa udp
NL 23.62.61.144:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 178.128.249.247:80 178.128.249.247 tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 87f7abeb82600e1e640b843ad50fe0a1
SHA1 045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256 b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512 ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

\??\pipe\LOCAL\crashpad_392_VFYEZPEEMCNZYCAK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1 df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1e95e550b74e00f135d6b133edb881f0
SHA1 59c8ed4316c81e512d2e308aada104d162dff8ad
SHA256 0d169eeaeb3568fcd9b4ef5a346baab2e50fcabb8d0e5b73bb49fba14547d694
SHA512 5996431426cae6a7eda10579088f9241b235956645964898dfc2f7e1fa53ec0fec5a29a0855cb5f29a495ff00e48c02da2fa7ebafded0d186af241d96c279cb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cd83bb4edef067657a29ff1916b6e0b5
SHA1 9f3a3cc8dcb2a445b06e0a503174b50823e26c2c
SHA256 fcbb9c17d06a00e3d148d69d4bcae4c3abb7f05cea40cac951a9e85953b5ae59
SHA512 0a965ee4b1b84b042ec19c04a977dd0a65f9cbef0760fcc8df42b485b79bf849c72742cda13bb3696869be1ed9abc5b1ec2b046f54e732cd8e1c7e4b3405c485

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 acf212aacbcf33c685801af77689faad
SHA1 80ebe7b81f122bb9593d2bdc774a1c35c0db9e89
SHA256 ce51e6921316cb431e0ffdf93c85dd33d6542c564156aa0b8857ce4b4d18d952
SHA512 f85c7ea791a5021f2c11ac757bfec5cb77f214c8ccd6e2993875ac1d2135007848da0a9e288d4cdd9d77bfcc8e93553706cea670781e873a1aed1233867fd473

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1dea72cac1550383a8247b6f2580c361
SHA1 11b5e4f373f4f4b5d24ef2eb39ea078a2983c529
SHA256 6dbc7ef669ba51db5e902188bd4aca6ec0d5b87080f1a0f1324ed5443e82dcba
SHA512 0c77392ae2b7177a83e436814e2b0f0bec9e5fa2874479488d3c9844212a32f2630dbc18cbf9dcb180c09a4d8e15f1f383463fdff7c15a50eb4fd2e7fdf5f135

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 87d6a1372973ff553406a36210e2fe8c
SHA1 5624967d3f326d2d79110cf422af3c00cf2be998
SHA256 b49a5ecd79e295aaef628a7045eeb316e255a492becdfa20f4bed5acb675bbdb
SHA512 42cecd68e969d9a0ed51053f49f781a7bccd608adc6b9a3a328a324435b8dd24b80b6ee377652060c7589a4625b5dc64f8dc8ba7b46acf09696df82600769636