Malware Analysis Report

2025-04-14 00:26

Sample ID 240603-ktbybsag85
Target 91308d2271d2b1352c0c96ca61267341_JaffaCakes118
SHA256 02adbb77c61825b0b3d47d4b8b81039186f37f187bf399fbadda79cd481578fc
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

02adbb77c61825b0b3d47d4b8b81039186f37f187bf399fbadda79cd481578fc

Threat Level: No (potentially) malicious behavior was detected

The file 91308d2271d2b1352c0c96ca61267341_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 08:53

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 08:53

Reported

2024-06-03 08:55

Platform

win7-20240508-en

Max time kernel

119s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91308d2271d2b1352c0c96ca61267341_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40dd738a93b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000f0311c064f7dd4e291cbf7d9c8aebc169946c79344c4311ebb18c926bd9e5039000000000e800000000200002000000025108bca317d0fcbcabb59c60ac0ff1e3f82d5873a824a06a51f60791870d39c9000000007a806fa37dc1a2ef6ed304c838b8b15c2a4f16e849b791e5ff3302d612c946bc8d4b4d8a533f48e312c96344a6f270dc8c71f5d7645171007de6316b12cf1b4b593eb7dcc1ba9506ebad1b3db030bb1445af5efca50faf11db7792928b9e5603fc4440b693b3381fb28d02d643419fa95923ec4942414c0bfddd994787282787eda0ddd4e1cbe23614deef5820a6cf24000000065c1be40676508cb9b706c67f9241db49336755a9ed5ee952506fa71900d59134ed5fae0a77638748b7da40da522072cc39abf9f257a90a11cdf62add9857104 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B38663B1-2186-11EF-8B04-EAF6CDD7B231} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566656" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000d24c1c4bd0874638d8764842d949a20175a4f4f89584cf3575687ab2feb4e8fd000000000e80000000020000200000003817dfd657c98675128f9d6c666a5e809063b28dca33bcc3044ce87bba89c74f20000000f5f48245eeeae7b11129683dda088de4a46bcd42fee5632dbbfae480e4871e7840000000e0e1122f39879fd21e1608d6e9a41fe24e6442e119463f3b820790fcfb4f5c1895cae53ad02fdf721b2b0120ce2f883302c91e107b4e79d8fa9079c5d1c1671b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91308d2271d2b1352c0c96ca61267341_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ir.ebaystatic.com udp
US 8.8.8.8:53 rover.ebay.com udp
BE 23.55.97.144:443 ir.ebaystatic.com tcp
US 209.140.136.209:443 rover.ebay.com tcp
BE 23.55.97.144:443 ir.ebaystatic.com tcp
BE 23.55.97.144:443 ir.ebaystatic.com tcp
US 209.140.136.209:443 rover.ebay.com tcp
BE 23.55.97.144:443 ir.ebaystatic.com tcp
BE 23.55.97.144:443 ir.ebaystatic.com tcp
BE 23.55.97.144:443 ir.ebaystatic.com tcp
BE 23.55.97.144:443 ir.ebaystatic.com tcp
BE 23.55.97.144:443 ir.ebaystatic.com tcp
BE 23.55.97.144:443 ir.ebaystatic.com tcp
US 8.8.8.8:53 i.ebayimg.com udp
US 151.101.2.206:443 i.ebayimg.com tcp
US 151.101.2.206:443 i.ebayimg.com tcp
US 8.8.8.8:53 svcs.ebay.com udp
US 209.140.129.15:443 svcs.ebay.com tcp
US 209.140.129.15:443 svcs.ebay.com tcp
US 8.8.8.8:53 rover.ebay.it udp
US 8.8.8.8:53 ocsrest.ebay.it udp
US 8.8.8.8:53 srv.it.ebayrtm.com udp
US 66.211.163.23:80 rover.ebay.it tcp
US 66.211.163.23:443 rover.ebay.it tcp
US 66.211.163.23:80 rover.ebay.it tcp
US 66.211.162.13:443 ocsrest.ebay.it tcp
US 66.211.162.13:443 ocsrest.ebay.it tcp
US 209.140.129.85:443 srv.it.ebayrtm.com tcp
US 209.140.129.85:443 srv.it.ebayrtm.com tcp
US 8.8.8.8:53 gha.ebay.it udp
US 66.211.163.23:443 rover.ebay.it tcp
US 66.211.163.23:443 rover.ebay.it tcp
US 151.101.2.206:443 i.ebayimg.com tcp
US 151.101.2.206:443 i.ebayimg.com tcp
US 151.101.2.206:443 i.ebayimg.com tcp
US 151.101.2.206:443 i.ebayimg.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Tar3402.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Temp\Cab33EC.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD

MD5 285ec909c4ab0d2d57f5086b225799aa
SHA1 d89e3bd43d5d909b47a18977aa9d5ce36cee184c
SHA256 68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b
SHA512 4cf305b95f94c7a9504c53c7f2dc8068e647a326d95976b7f4d80433b2284506fc5e3bb9a80a4e9a9889540bbf92908dd39ee4eb25f2566fe9ab37b4dc9a7c09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD

MD5 88314a8bdccdb643a09c4d4928ee6382
SHA1 5386d5bcd4e47fb34b76cbc1ca07ec04fb36cea9
SHA256 6e71f232155c3236709c94bb6460eb3c4c9b038215bee4c63d53c7c5128de69d
SHA512 dc8515d7706a5a4a852c8bb7ecb2687be9bce28ee791bb9b564dd741ff96793ba49f04a3a0023ce9c3e1e627368a43a092dd35cfe5d4a9dc855945a7fb70f056

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar352D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 5650d042c83759c5c76481780557bfbb
SHA1 d4a78d5a8b1f79f851a070f93e8666a6b31fb0c2
SHA256 ae5298e9c3360357f8442454a5784ffcb711f9aedc75817ee0e0f22d4cd9821e
SHA512 eec59f713ebd2de2f59aed6462424c25c571504d1d4049b75903862478880f622b821450ba2f479957d8990c3e9482b376c7c159003d5d5f2562c76e749629b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 3d00d62649fabda301baabe4dc70e82b
SHA1 f7c217db4a1294d883fdc7c9bcf9704cc9b83559
SHA256 cdf81b2f133f429c1ea37a280e14acb84ca5d612c26f980cc44c78d6a0d9af0c
SHA512 79fcad996d88a35826b8fa7a729de6bc1fb47f82b6a716bbf4be565ffa703cb55458b78edef180f9caee5d94719030085be258d7858283578ffeb85061b1602c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

MD5 e179b3bb13b2fa492860072feefe002d
SHA1 f08d0846f89079cf5c7496c25c9121a9ec73ec68
SHA256 9db668f073799480d1e9b934785cbd0f216c52fc3de394f5213bb51252ecdb3d
SHA512 2dc63bb312172115c670da6de7f34d133e6a8298d8130d5162f35ea8ee80ebf2760911839e493861a3f01a870c1c9cc40aba3b7f47189e1a58bb3cae28b5ce3f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\9[2].gif

MD5 b4682377ddfbe4e7dabfddb2e543e842
SHA1 328e472721a93345801ed5533240eac2d1f8498c
SHA256 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
SHA512 202612457d9042fe853daab3ddcc1f0f960c5ffdbe8462fa435713e4d1d85ff0c3f197daf8dba15bda9f5266d7e1f9ecaeee045cbc156a4892d2f931fe6fa1bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c01bd776f9214be78ac565a68602b9ae
SHA1 d37d04539f9c4bdba462ceb241160b348c5c10d2
SHA256 b508f86b6f62954a82d809179f825c15358785c225206363fb48370545bc9cb8
SHA512 447d2afccebea088f9c1b3d1993e79d75481c42e17812da064f51a69cac0a6e451dade1ce6f68f8bb885eea2b92e773015c60f5447606d7418795b48e73b8f73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 322f34ce2feea1a85b40e88d7507cce8
SHA1 07654a93f1e4a27c4acb80afddc655b2bbd5548e
SHA256 7a83dad135e6d7b00c4aafcd37e3f92436b278b06e4f4c7cc9bd2806bbaa8a5a
SHA512 0c5f17009814204dfd8c095e035ac873370983ee923572d7705f5d085b0171169cbdd80cb4fe0d7f2827e35618088ef3ed95e1517371338c13168cdea339445d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cdcae01af3002e9ccb5f54bf039c7d13
SHA1 5dfa7f7d92bc967cbc61b9355b695676a6fd1ef4
SHA256 3b097870b7a0469f80321ac012408caf4f94217f468fd835ff28f53d1606c336
SHA512 2dfe2239c37c2dfd0729f24c2f239060bc00a46cda90fc1184e288f29b30b2c0267e8eb8c8b292c75f0009611da4a535bad5b73eee4eab7048bf6a472f894cbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2576d526aea848414026c76f186acc3
SHA1 fa91e3de5298807db59db5bfb45266f941067f0d
SHA256 48902b46d3b7c32408e19f9255521c3630d08b4b4373b8118bb6449ea626deb0
SHA512 4b35ce002ce9479c4c00d1fd3fbd8ffc68ac6bab282fb47ccbefb7eaec10a69595548a87c5d2ca61186f3406eca6e8401d0a329cc7ec1a3409e4f207cd5b4c00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3366b78b25d4e874328b22cdc501924
SHA1 d1b6a4f1d64183186f8bc4f4e6193fa70459c45c
SHA256 7b9f26defb38c06ee10e8c4b7358284bf3a96cf8631c9a692e5656d61d5264b2
SHA512 7eaffb74d6454bcdc6949724311f3f066bebed2169c39acf8404d5fb2fed899bed131f7ea8668a73b628a5f150e7e2429679d3d396d437096c0dd556a57e3eca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 baf99566103c41d21bd9a300fa1828da
SHA1 4f08a589d9137ab8ca36cfa2189e1e1f713c44b4
SHA256 0dc6ee635d0e3a5a42c5b7620cf934877e2d9bbd1da5ba118c36038531241893
SHA512 0c5897d5865a9b57fb60c1e31402be6a98d956fb0c9941dd955e259ce8497b6a5eb3eb1eb068ded9f6b9c74b0ffd5e2ae73dc8fe02bec0ae9a1d1c4469ff5415

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1402253c651238c576bd1bac13cee5b8
SHA1 d6f5db84a5cc5adf2896d91bfde55bdd5b2f502d
SHA256 c2201e54a4ff3ee28ad7913a57e5c107fa0c8224e9345ee209062fcfa4d2e0f7
SHA512 370d1fa5523ce9d5c027f9cbfa8353a9a95cb682277f6e5d7f906b80bd18aac9b00756ffac57e97d2236a6b1004cca32384ce24b7c396311ce26d550375e0b08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86a365d0b0bc00ccc818878301783472
SHA1 de376e63dae34dc0158a2593139c94f71fa908b2
SHA256 7147653314317f16489d6c0eeca8f2eaf7dbfb9d16464bc66a057b2088228515
SHA512 0957011ad56f47e3d2189a695ac90c8f1c5e72d72d479b834938d33cc00b5cca2a3d0a12b034d334c9ae7c43b23791c9f239f7de3c93b4c88f97e48abbcbab61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c1d97ddf640e60ae83ffc047aa0c49b
SHA1 0a3efd8ffc703943236dc3e5d4491819d0dd02b9
SHA256 5b6d9978c89ae657a807a4fcdbea784cdd0e047a5e1feeda90bb9b658e3c48f4
SHA512 80ca5cada397c37ca6e64e7a967c27a5e9c26311ad2872ea29d0e11d838e82a653c289a21bb1a88e8ad1241142380df2d67bfccafed55bb263bcf79116290b53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b256695cf2b3092d9a87f9fd80e6a58c
SHA1 5616e16e54206c53f22df94afbfd5899bdd987b4
SHA256 928f41dcaee5118afdf5f39a9aab6b8d778758cae61c41b3c56b6efd50c9a40a
SHA512 b8c73bc6eb54b1c91f36ffd70c03f2a8d518f13d7e15d791edd00f468b73cb32e470b7ebf2fb451b7718c5288e1824e57669c3a1381588ae78f19557d2156ca9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63dd2b9b34447e796605dc57ad030a91
SHA1 eac66535cd9d87b260339a4c9c18107c462d80f1
SHA256 231ac779134c36c14c8ccf2c94f9549fc607fe3aad8da7289d29397a042d3480
SHA512 1058a1a33186552bcd38cea88ecd957efd3ce62ea4aa5b6c2db010befcf7b1c9a85e57b459232e1fbdf1c7df2860f2abd8075bc00178f747d5fae927d64ddfc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8b7deacf39e64aed321c699e354ab27
SHA1 9d2e9bf2b0cc033374064ef54426a6d35c02eb88
SHA256 f1f184b101c297f06eeb8104a31149e13bf01325b1233f327866cfd10ffd5bd1
SHA512 33b9ca6ac06247a0a7efc8b4af1657b174619f9f5391fabd6c54dfe47deb16179554f9d692fd45c99dbbbafe29fd40ee1a34196daf48dc73f45abe27c61465cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33f8da7aec6d5dda9b256c2a03bf54be
SHA1 7bdfc5ef960352ffd22e35b615783c7fa8029db1
SHA256 a28cb50593a1d10a32215738660113ff48d89c3b71d509ceea482f03189c57ee
SHA512 b40b217da7f96500e79149af0e7a662fa9b24ebff2e024428c83c7021f69ab281a4d1bb4722ab0992ff79c31c13c25fd1cff87fb089640a959b31e8a04693872

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e058712bec1a73fd32f7da46943517a
SHA1 a200adae0715766c3a2b6451c9ca8c53c5eb27ec
SHA256 3cde87708696178e905c103c8bfdf398fe3027a5e2e0cc403aa1797c9b6bc694
SHA512 4b4fb649dfaa0da6c6cd11994bd1009e0ab6fa696e6070ec43c4d5c9549c251379775db020710ce44f139ccccb94055ac0c03a02e45604c3d9c5a795275b9a2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40c121cf21679372dec69ab32b2453de
SHA1 5f2c83b3229c5461566f45e0611e49692cd6a558
SHA256 47dd52d54450ea4b6d2e0fe9b9c512f54b1d53dfe88e8acda459947f8a46f5b3
SHA512 ab8482465d45e8e02627816474ea2797a0bccd19af678e6d1b2f384e0ca26a1a41446825311476df74b134cdedb0ed9a118d73544a2e94a9265aed59c334255c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66f9f9809e68065afe664ad1934076f6
SHA1 ce6dbcdbf3b1ac77d6d3c7b65fe41514a9ec69c9
SHA256 0c5381e48d2b55f927a03f4ffb61e20d8a964ff78c82269f7ea715eba8367e57
SHA512 bf202c40891a19d4472767d2364881643c43ac605647a2487f2b854346fca4cd941da6ccb00ca1ebe75144e32eba14fc31d7e4e9751f046806ac09b5bd67dbe8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c3b5b4084cd481e52bab437d59b3e3c
SHA1 531ed43cfb15376771e85e827eda13455927864b
SHA256 eb93c1618558c3dcc651afdaa1dd484456df5f09bf87ed0f1579886f1b9947b9
SHA512 e1994b8cd276c1d313fa2f539994a36409e6fa3c0131281ac2bfb6b37d2d92062ddae4ca0c3d1522d844b365fed0e0d3423cce75f25e8fc80d80f62fa4562ad1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f031c6fc30ae3af6407bfa4c7c5279f
SHA1 67d549f0947e62807fff5b8d7f5dde4a75727068
SHA256 3ea70887efeba16917ccf6d5180d67ca5fcaadce46f96c822a96b5fc02ea626f
SHA512 144bc5e2da6cb5900569dc7794a3464903129c36813a9d1d3e15b84d8c33b5396567359ba1035b999aa693058aab8e60ff28f498af18dd53f4c2a37afdcf8699

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da90dd5315d00205326691bd4e9b5fc8
SHA1 22ac2ce1c8e5697473bf705fb59b24a107584348
SHA256 b5ce4e3eea358ce0aef3be67d680fd7bfa8907f120b68e82a1ce2e5b4285f0b2
SHA512 d67c954a5d44a10af9e71491148f9c678446c7f639bb443dfbc2834ff9d5819dff073529f966af4e0fabfe3a33824e65fc33ae93f14ab79da48c41f86f842512

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a167d70e6a381a96abb056f1684997d7
SHA1 1499557e3cca6baeb0d88f6486ad1b4537b3563a
SHA256 3e56a44ee75c4a5d745a46c722d755c672d6ddf32bc3da816079f9b74bcbe185
SHA512 fb8062f4bb6244da99356ed7e836c97b4535cd839844fc512efeeca5b12b5444f1974844e2186538aba0d6f67cc1b7a32a1e361ed082af02382741aad81a62de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc457842329d1c5bcd915f063734679d
SHA1 7699aedeae0da4d2cd8023461c187f428125e5a1
SHA256 1eec3b1d75c2e048fdc352f5d2705458eeda4178d04d9c8ad9cd5e4ba4d7e73d
SHA512 e0044f6f1e2548f047b18c3c022db81045762d6925e9465d9ecb2b6fdf2c1c98707fc55dbd2225cf4e80f136ef16d3c51d520d1e645f944044617507fe6499e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b59bd565f523a85e4c2bd9ea6e263f0
SHA1 ce1f1f2deac0c0aa4aaefe14472b6a55f75f29a0
SHA256 fe7f7bc3ef9a9b1d50eef71791189e278df63a7cad30c2ee82e385ecd6caaca0
SHA512 450ab0c03becf72b15425c0efccec5f55d4e568c33ba58505091e3d4d4fdbda084132bd7957748b5d298ea7b804fe6b13062f928b71bbe7f6e8c656485832827

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab7cb4bb575a6dc9d0a8e2168beefdfa
SHA1 fed150ad3b2a261adb19a24fff28408918302ce0
SHA256 54dd4feb56218fccd14171f29c3af559f0b3bb8dda63bbc170b1a92a99f2d70b
SHA512 1f0f70f5ae569b356c9ba2b4cffb807cf566d90367286654b7cc232c15c86445df8601565aa357dabb61934b0dd8b70d0e0e6e23a299e45b667cfcae319931d8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 08:53

Reported

2024-06-03 08:55

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

148s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91308d2271d2b1352c0c96ca61267341_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4712 wrote to memory of 1124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 6100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 6100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 6100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 6100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 6100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 6100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 6100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 6100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 6100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 6100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 6100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 6100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 6100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 6100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 6100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 6100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 6100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 6100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 6100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4712 wrote to memory of 6100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91308d2271d2b1352c0c96ca61267341_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa127d46f8,0x7ffa127d4708,0x7ffa127d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9777736106593538074,5374539174747932883,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9777736106593538074,5374539174747932883,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,9777736106593538074,5374539174747932883,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9777736106593538074,5374539174747932883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9777736106593538074,5374539174747932883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9777736106593538074,5374539174747932883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9777736106593538074,5374539174747932883,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9777736106593538074,5374539174747932883,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9777736106593538074,5374539174747932883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9777736106593538074,5374539174747932883,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9777736106593538074,5374539174747932883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9777736106593538074,5374539174747932883,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9777736106593538074,5374539174747932883,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4888 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ir.ebaystatic.com udp
US 8.8.8.8:53 i.ebayimg.com udp
US 8.8.8.8:53 www.ebay.com udp
US 151.101.2.206:443 i.ebayimg.com tcp
US 151.101.2.206:443 i.ebayimg.com tcp
US 151.101.2.206:443 i.ebayimg.com tcp
US 151.101.2.206:443 i.ebayimg.com tcp
US 8.8.8.8:53 rover.ebay.com udp
US 151.101.2.206:443 i.ebayimg.com tcp
US 8.8.8.8:53 secureir.ebaystatic.com udp
BE 23.55.97.51:445 secureir.ebaystatic.com tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 206.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 66.211.162.160:443 rover.ebay.com tcp
US 8.8.8.8:53 svcs.ebay.com udp
US 209.140.129.15:443 svcs.ebay.com tcp
US 8.8.8.8:53 rover.ebay.it udp
US 66.211.162.160:80 rover.ebay.it tcp
US 66.211.162.160:80 rover.ebay.it tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 66.211.162.160:443 rover.ebay.it tcp
US 66.211.162.160:443 rover.ebay.it tcp
US 8.8.8.8:53 www.ebay.com udp
US 8.8.8.8:53 15.129.140.209.in-addr.arpa udp
US 8.8.8.8:53 160.162.211.66.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 pages.ebay.it udp
BE 23.55.97.144:443 pages.ebay.it tcp
BE 23.55.97.144:443 pages.ebay.it tcp
BE 23.55.97.144:443 pages.ebay.it tcp
BE 23.55.97.144:443 pages.ebay.it tcp
BE 23.55.97.144:443 pages.ebay.it tcp
BE 23.55.97.144:443 pages.ebay.it tcp
BE 23.55.97.51:443 www.ebay.com tcp
US 8.8.8.8:53 144.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 51.97.55.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 ir.ebaystatic.com udp
PL 93.184.223.214:445 ir.ebaystatic.com tcp
US 151.101.2.206:139 i.ebayimg.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 ocsrest.ebay.it udp
US 8.8.8.8:53 srv.it.ebayrtm.com udp
US 8.8.8.8:53 pages.ebay.com udp
US 8.8.8.8:53 gha.ebay.it udp
US 66.211.163.13:443 ocsrest.ebay.it tcp
US 66.211.166.8:443 srv.it.ebayrtm.com tcp
US 66.211.166.8:443 srv.it.ebayrtm.com tcp
BE 23.55.97.144:443 pages.ebay.com tcp
US 8.8.8.8:53 8.166.211.66.in-addr.arpa udp
US 8.8.8.8:53 13.163.211.66.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_4712_BAQRUEYVXEMRVITL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 045c28a759e9ccd440d4c9d9c51de72a
SHA1 12c615f975b3a255af2d17b36b0dafe8cd9f95c3
SHA256 912dfd982fe6cbf662044d2762ceb670e7b1a5b86a66b8e65e581a8e7be2b4f0
SHA512 29115e95e7038edf5d9ba04a9bbbc51aff9f5e406fe141993393a7f008f82e3f4a354e1c706798b93db5126ce6dc482874628ccb191dcdbab0fd8cbcf0b603ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1b5c0d75e2ed95f2b63fecc1c95bc897
SHA1 cf7528f317cca00efabaac8d485a5f7a0f54dfd5
SHA256 9c2b71678b808b4972600b517fa25eafa89329170a4892fdca0efbae1fde5466
SHA512 7e3750f2a7ce7aa009bfae87f2b6ba3e91e2469c3adfa61f059998e535ee706f6e66ff570acf5b10d3e5f9241c93624fed7c9b486c0777c412141929284087be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3eaef86548b57dd61fe1ed6989daca5a
SHA1 4a9392f43c12f836e9c748cdf433753c62ac7383
SHA256 eb10c4c7a1bf6992042b12a96a6aa74db5cb63183840176ee6bed201865f7b9d
SHA512 e562e83d015a8513aa5fe983b078db292117a90abfceb6d55ffb2af14534ab92dfd3651c62b86fa9e26d16b0ea942b029a339c0cca0115dae4d7b77bb893451e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f7a122585844c430e7fa295bb1f58c52
SHA1 e086c56eff852880b45fd2d2db23eaf774d46de4
SHA256 63011e190b2461b9f84dbf6cc7dd3c0a824bf7fa0a4ad1c7f60b1f2d589294d6
SHA512 ca3b7b05abf739d9327fae607850982dee68b87194ef4066cec74bbd00ad7feadda18aac38440137fbcc26775f912c6036e9aeaef5bfb64edd9240083d26effe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 07af1496f0eb4c4d37c2859911a6aebf
SHA1 576fe3082c44dee53106f374264a9313c5b1cdad
SHA256 73fa56514c922d89fcdfe8ed522d042510ffd88c381f112e9ed729accce5ca0a
SHA512 c87297225629f9b06cf1f51fab70cba42ae53897cc59f5f89e4d90c1e6e5468f5e7a0a4d1cff4885623974037f000c52599af20ff5c9490485a2e6a1b15dfc83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5815a6.TMP

MD5 a3448cb9e3a1ac9d67e8d30565a4d136
SHA1 80adff3dc52e3f444b7c20c29dc99b849c0124ea
SHA256 4def296c106029e281dc9e15a936668146cc250a2ad054021583f228e4f7d28f
SHA512 2c656588a6fc0320a4389c15d0494bd46b43f58aca9e48928c7c3db333cbf318f3b83fd50a630f04e398894ec5471cf09f942e1d7952c6316c345153fdcdfd19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a56945db3509f728cf23ef5da9fe64fd
SHA1 83675e030a48f1fbdbec98a8b9b29089ee1c5856
SHA256 12f8d8b06c1b00e308d542218e5e6ec7100e62a317175f2313a6552247766b80
SHA512 80fdc077d0841b4b8cbd605f39e56901d81b213db91820c108e2057d862d686d133503f6bffcfd16dbed46d298d4c38285ff518ed806de4684cf374d2ba03456