Malware Analysis Report

2025-04-14 03:26

Sample ID 240612-sjq89szbmb
Target a11a4ac2075cfff6ebf10da0a5f24c59_JaffaCakes118
SHA256 bf95683cca52ccfad22859d9abdb059f1f78e33d2b0a9d30aef846352f35c66c
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

bf95683cca52ccfad22859d9abdb059f1f78e33d2b0a9d30aef846352f35c66c

Threat Level: No (potentially) malicious behavior was detected

The file a11a4ac2075cfff6ebf10da0a5f24c59_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 15:09

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 15:09

Reported

2024-06-12 15:12

Platform

win7-20240220-en

Max time kernel

141s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a11a4ac2075cfff6ebf10da0a5f24c59_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C824D331-28CD-11EF-8A04-E6AC171B5DA5} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ebef047fbe7b284ab77e7a02d9a9f161000000000200000000001066000000010000200000001fa851268c99fdeccc123091941cd00728d38a6f6710dc3c9d4764cfeb9fe66e000000000e8000000002000020000000b43f4d4adee19fe398af75a21568b2702c2dee20e0fdbdab7a7d03bbe96bd88b200000007d27612440d62ce805c2d20b061e21ac1faddd9484a1781e39be5b1a1005cbed400000001b68aeabe100ede3060120c71da53a347ad126ec22860e52c50db820e4d1e20684de692272d3569ed739f9cb26b3ff53fd6e82af7eee73b5320e7738947a09f0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ebef047fbe7b284ab77e7a02d9a9f16100000000020000000000106600000001000020000000757f9a41284e0e866e24668830ff1587f2c0dd42d51ae04db2be405789b86a5c000000000e800000000200002000000082555bb9319865bbec0a86b0df41e50c9afdc5661a4d298f2e8b751b3e43b31b90000000d16c0e3af5ba4a44e556e8fab29bb0628213874f82572c9b8f7dc28bca97e111480c6114763aa83cfb235557e49ffab14515bea1a17d4db0d873dae3967f287947e58906e71392f7621b59f82362b1354e2773e9e339fdca3ce3899c52e55b7876416d38596727ab8eff18d16b7503abf6c1a21933d6a8fc161e6630232f42d47f5d65ac2744bbbd72d86aad612bbe8b4000000096dc6c012cb37caccc42bbdbc99868c4ebeda01887c12ff25142dda87cf0dd8622f36e5c93dcee9ef08d3c401c910808067bf8f185f3cc8bb71fe4b45e50d873 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424366844" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8035e19fdabcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a11a4ac2075cfff6ebf10da0a5f24c59_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 yophim.googlecode.com udp
US 8.8.8.8:53 opi.yahoo.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 nguyenhuytap.googlecode.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 helloximo-com.googlecode.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
NL 142.250.102.82:80 helloximo-com.googlecode.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
NL 142.250.102.82:80 helloximo-com.googlecode.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
NL 142.250.102.82:443 helloximo-com.googlecode.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
NL 142.250.102.82:443 helloximo-com.googlecode.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
NL 142.250.102.82:80 helloximo-com.googlecode.com tcp
NL 142.250.102.82:80 helloximo-com.googlecode.com tcp
US 8.8.8.8:53 www.megastar.vn udp
US 8.8.8.8:53 traidatmuidotcom.appspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 cdn1.iconfinder.com udp
GB 142.250.200.52:80 traidatmuidotcom.appspot.com tcp
GB 142.250.200.52:80 traidatmuidotcom.appspot.com tcp
US 172.66.42.211:80 cdn1.iconfinder.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 172.66.42.211:80 cdn1.iconfinder.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 172.66.42.211:443 cdn1.iconfinder.com tcp
US 8.8.8.8:53 apps.identrust.com udp
IE 2.18.24.9:80 apps.identrust.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 104.90.25.32:80 x2.c.lencr.org tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 17334bdf95a36a06e3cd5c4bf4f428fc
SHA1 885e0a37176fee38b4d6ec09c38d1d5a0d9f1961
SHA256 c768aa03561655913d97fc95d03c6c74ea398886635bc7423c04623007fe326a
SHA512 4642228a4bc9b3e383ef226536569b0a1527c9d70e51c2d61113d354c6fc1029bd83205694c5fbce360f397c60a4fe86f18742e711b78d4beb0394b2ac68ad67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 962debf6fda6f65f06a5df811f4a7407
SHA1 f6257069f9287554248fb2e067271b77ac9a7136
SHA256 d57f0a30d35d94a2697ba14ea6bb57f2ad52b4b612a8fa5f37ec31cf08e40e6a
SHA512 8bd8b1e5d0a3995ec7bbd1a69b01c0c97d9cb436d803ebc91f691d0a91cb3ba429edc588de9d33bf2d2dc5dc2a1ce27f572989f24cf378d58480bad856af0074

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 f428f13e23394c97ecf38bd66755f19a
SHA1 09544f8cdf480201b7fd4c6af97b2fe3662d0c7a
SHA256 57ad0806345ccaf3910258d23ef5e7a0750fecb9daa8dda44c45739b35d04b13
SHA512 bfd129396a421d93d5e3415d859f6067f51a2f708b914bd2fc656971945162def800d528c5cef39c9b67011065ffddbc80bc47cf93710a41b38257f9273bed97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ea9e3ef60737670e7c238af4ebf43823
SHA1 a128efbaa093e3de4b8d6bbdbb383c1209d271da
SHA256 250a6f76dc68c794cb78498648c9d8a951e48a61f46b3d0c45b76ba5dc06fb8b
SHA512 f7340992636fc53cfccd920f25c062b99e4ee9379860cd79aa8d10cb9c52b6532dda77e5d7c1a17b342b39d33b66aabad23a640561b4edc11cc194a7088052e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 e41d2aa2ea9273328de6231b41ff037c
SHA1 7efbe3882d0af84260c48b5ab08399eae31f211f
SHA256 a788b4d2c346430a00a3d2e8a518141954f2e429a401573091a789bafcb8d36a
SHA512 32080c6cd34bd95dc69e93f0fb3de30d688dbcdfb479582436b26b290a726bb872f00b33e167601a3997489ad5353a3ff98d96d8f50b2e56221fec2b64960ecf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 a4c3e4b3f212ccf9719236eaa8f728be
SHA1 e017a18974a9969ca60ca2499ac54b464d91a2ef
SHA256 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a
SHA512 c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\plusone[1].js

MD5 53e032294d7b74dc7c3e47b03a045d1a
SHA1 f462da8a8f40b78d570a665668ba8d1a834960c2
SHA256 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2
SHA512 fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\cb=gapi[1].js

MD5 f9255a0dec7524a9a3e867a9f878a68b
SHA1 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b
SHA256 d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d
SHA512 d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e

C:\Users\Admin\AppData\Local\Temp\Cab1151.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar1164.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6eb7658fc3d7cb84af49acefd7063f16
SHA1 fc6ff17b9f104cc3144cf5313cf15d0e3dc7261f
SHA256 ae605e7d22bd2d1db4924e3c635d9382cbfa11ec8285960a47bee8ade90e86e2
SHA512 29d1c61409a04529525022df722c7f31ef7cb5544ea6aa368b5183707d7578f385669e8ec9ea9baa6c68caa9a2c11876bf3b2a04aed0745aa6f935c5fad9bee6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1283.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ced143da568f37af4e00e766e68e498a
SHA1 3ba25ac0446000fc63a61a5ff0442dd3d3f7b658
SHA256 6186ad1b89ac426353f602ce1c22fec47cebc0145b2416abd4ed7bdedd8e0468
SHA512 901d36322b18a2ea26bc2d2ee96c9200ef8eb755b1d9bb88367631288172d6da408ae15ef5fae4f704ee787a109201769bca880fa5dc43d637643437dfda4c47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65b8a84efdea13bf1e78acc2820dbac9
SHA1 48643206a588f7fb05746590a5d72acf90c0cc77
SHA256 4f9f9980d851a8fa1a08f282a95e496c98fc5b8a0288955072b84f292aeea846
SHA512 7b82a21b04da620ad665aeeefa01b9c48023a7f40aaa2f8d625ff04c0ad671264484884bda7dff5e58c49ee29ea3eb809770ed55a0f8e37cab9450f74674533c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae87ded88857daa7a93d854481554095
SHA1 7b8c9ceb6efc64e93d216f41eb33fdac9b0c9fd8
SHA256 e2309770a927b6957cb57d0e2f39fe4aebafd4c9d9826b5e6bc6207318245b13
SHA512 7d08b749c30202c132eef0cbc8d1e55ff8ba5f0b2d6a85c3e9946b3d8665d4b48ac77b3aa36019aaaaa40becf0cc6201c74dcf7ac0501d498f142a0831ce911f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b2039391e09c7939f362e281659eb07
SHA1 71981c4527d43ee3fe4321ad9977e0fefd7be710
SHA256 ab9d74127b2737e71cb6e4a20ea2e940c63ffa83fc3a308b7235be246acb2bf2
SHA512 b1af96a9fd16684f926d0171d508f7130ef29eb10e6d91310d1bace1024856606dfc1245424fdd84b7d2a0f515acfb3f63a27478960a5dada09ff27c96375b2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da7a495abf8f2397bd716c7c12341c05
SHA1 2819aa047d80d2e5968db7c280946c4128593c09
SHA256 46ad393076f2066ea96d54d864185d6823387f72b2e3fbbd8a7aff58b4bdf642
SHA512 c1f00eb06db9e674d3e4386416e44d9cee87f50ca7c1fc7952766c24663724e9b69863a2ef622f13a8393fad989ed143fe727468b9243e5cfcb567c964f9fc0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94a8c479ee70c5a60efe7da18943eab9
SHA1 3c29c23e79b3e214a4e379c5b0049e08c1b63309
SHA256 8fab08bd980f08fe227992afc3f822245d83b4bc1e580657732fa12aa30e68f0
SHA512 64b6d03fc643ab1a033c501483ec36d9eaed689174dbb901ec26645c0f86f1fd3bfcbd086cbd46ef137cc19b3f0fa5db484371d217b36c7338ed1cde67d4c06a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5970767005e19f3163555e4e5cfe9001
SHA1 a390333252849d4196ad49960f49052b0cdfc767
SHA256 e15ee653ac66e4dfb5c86b892c8075ccfd076e38505a2317cc744a2650303238
SHA512 4c36e8bac467975b71f08f535a9473d79f3912f579644875bba8b657f18f1d3ac9a502600890bafc71b494424c3841e8f62eff55e580e82775fcf802e7562e71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c119e6a7b2ce267f30a66759279b3f9
SHA1 ff1057d3b8a01dbd26dedcc85884fc59e9ae5c4b
SHA256 55e4015cb4b1b90a13cf1f9d9526caba50540afbd4de439504041705fae1f7a4
SHA512 730fe765d71e39606ec0cfcaa7b4d0901908da84a4ec0c9f8ad7f7c96434b306a6cc7ba88f56ef844909da55fa7a695683972b6aa7a2d7db9665d96c64e13a59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa1beb7cdb12f91bdb177d263c2288e6
SHA1 8c770c7a7335ef426c306ce6da49d7e4c01f9428
SHA256 ca52ff8ea0381371b820fc1b2081da815dbb207bf7bc9ca39ebf2d67d8b40ec8
SHA512 655fd8b1428d2fd2c7f20748aec118bc08f8f2e443175852ee752bb795e6a442d1ffefaeb8649fe19296b4d21cd79b2fc0bdebaf625562b996e0892843ec6bd0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b072524b8a2ae1b975ac8fd8d65e4b0c
SHA1 23015800b8b0c5a01d7ec12e2d653eb0c81412a3
SHA256 c70eda6f88901181bf83313690e8657a77078248e2fa6abae644bf17b872dab8
SHA512 d704ee51f2ec76d062377d939b1a09471c164614883ec5274714e2b37e6f0f225807a9ce0193fe0ff5228c80f7e8d23eeac4e358b02858028a7ff2e02c1999aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e12e14569d47e374f23eb79ba9c7013a
SHA1 07a3d0e9c3dc2add6125720642ee5bb1b6245bf8
SHA256 0cd576f1a9fb18d7d8ccc139edd557238e57bb73fed95fd375c7c0130f03f095
SHA512 e97c261d397e76bd0a4bcb6dfeae34aee676b476e315d3982d910e00c1dfe0fc30057b14b831d26a43daf7cdd5f824278fed6b0e027c076c71a179020c5879b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7ae9dfa977534c1b3a117a16ea38dff
SHA1 76df697dbca7661ebae6ce930c31a8e42d1a1ccc
SHA256 6c4fb35ff36bf3c84819227e245c900025cdbe4b3e8d303506454f9e53fabda0
SHA512 85f97bba1fade1427a450503cd07703f7f0213727d57121ef7d81972c2ff555f6558b75d92d3ae1f3435b6ab2000f207f3e148ccf9518b9426d51e042c5349b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f19df1b643af389d621900d50fdb49dd
SHA1 8bcb5abafcb6773daae3ef690e5507975a4660e3
SHA256 9b28d6c4c898e07bacefa242d5c82767247ed70085587957ccabe28e5dcb7acc
SHA512 a0292ba84164d9fb71e18c9c4bdd1e2278522fb17206ac2be3655546427e73b3316bd448b6024d44559df8db5b7b8ea8d59920a17ac8e0ea78f17f3b20371bf8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1a284382b078e276c909d520eec7ed3
SHA1 2198bd35a0f6338d4bbbe50053e3ebd473a307d4
SHA256 3d41c956f82604a89182eb98847e21bea8a4ec9df2b25e265332c25968025098
SHA512 92419e81df53c587560814f61b0da3374dbf0c75bf40ea04147428c25dcde527e9d620d28ee6c22e36c10e2d229c64f72610da1c373a04762d203ea583cc3096

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b53b65b3aa4225456b8d679077666d28
SHA1 0a965f5cf0dcf48ce3495aac48dd2f4e51df80c3
SHA256 e8d9701312af01ae5416abda7190cf4d3218a1d6bb6b13740706a56c36b815c9
SHA512 22ec5c91d0526efe2cfd8b66e705ffb79c6967b9e50411eeeba6744dcaf5a554ae3e4a223fa11d215480802b50f22d0826d8243d671faa7ce85a2618847172b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f713e05aafddfe91edab28a2bd547315
SHA1 1bf4e349816d23c77528e05f0fa5e961a8799663
SHA256 3f07b91a4444ad8fc33f14431ad7b93ca894da210853851a9c38ad181c528a4d
SHA512 1b2e88783bc26fb1fa17a770f67b2de74897025c96c6d4f8f5e25e16ed67acc75bdeb83081da3582e3945d19fb489b0458c472dbeda34799d4efbadc2550edf5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6bef02283f9182dbc3338b431a079986
SHA1 610eb089312ca949b8bf7b86df5800a6b6122304
SHA256 a85584c1ddd04bcdeae0bc2732f948ccab661bff9c8683abc8d759bce90b4c03
SHA512 da138a3125dc6893d0b3fcc3c9374e61d0d41587762eddc5f9390ec0521edfe8a2362c751fcc07957ade980c066494acc8d6a243b47ba40931aaa93fda28c7a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ce844d9762686b27eb08513d128b968
SHA1 089b00fc0f304831d0825af1161fe92aec554ba4
SHA256 fa8e0e71d9adbb28a9ac590271d0396b0dea7d1d67d8370ac60373ea20434a02
SHA512 538b7da3ce706b76a596c5081f4116714dbbcd5a5ff3038ea3398a2439012c14f626c104ca867d1d14250ec2d3d3e3a4d53fe53693806bbf8b68e9179482684a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4361df6547e4c89de702b3d41af0a213
SHA1 2fdbf3627df475763593bdeedec242943e94e90d
SHA256 1bcf64f58552c873717553418ccc508bd333b84a79dccf3e4a087e8f1495a9b1
SHA512 c15898d768b503c60e654025823f68a5cd5a5596760432546619c489cd56e4608330d200230374fd2988d989ad4aa968d5873d5f934220782247da919fd8fde7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 16135925394c9bcac89abc217d5e5ba6
SHA1 f329f5261e6a332b88b5fbe5963ab3c2adcbdf9d
SHA256 c250412229f4a10b7935b08249340379e99d33fa86f0c8286d40ca6b6aa23b9c
SHA512 f46eb6a5ad2d3def63c8d6456ae58fd7b3f31e7e42f768fa01cf1c7b1f711d60dd701bc56ba92fd6555456e685193bbcffa69e0f7ec6503203f51a4bac6ca89e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08609508cf4f49cf90a3dbbfdd405ff2
SHA1 737cf7d98d4074b5459640ee4076106c17c2c064
SHA256 72a81ed6eb258650663739bb8161e09c8566f8e25d8a9b70ff0151670a4de514
SHA512 0c93337829dacd806cc4e406e81534461e31fde8f841bbb04b3a5d5b5421004adabc90a0838f47d0c1c71c58b8db696afec80dd0d3df14ff9d98239f32bd6a6a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76d9cfccfddc53574c7291b47e024fef
SHA1 fa594e10194ea05ebc5cfb32caec208817c9f7d9
SHA256 e0bc5cf9acb47c1b838cbfc9947db2c999abc763c1e4b1cb6dedcf798e50b9d4
SHA512 183728da2337cbfd7e3d5d53063aaeb0712d123deb9d4c87c3aefeab2da7fb8410023c4812b381771a298133325a48e26dbf8c6e7eb84092a29c4dfcc4f1dba3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a7ee0a409a61d8fa77d3fb8b9d22343
SHA1 29b7e9718a289755cb11dc5a20c0db886db82475
SHA256 d0ac6b029d5b00eaad442b57ac47443c6960dc4d9c7935b2b42e7e8c6dddfb62
SHA512 5e9bddcaca543aaef3bca88b00aa7c02a438ea5aadbd1cbb0d77453f33b0c0938476df780d7cb706962deadf340a1fd090a5c8587e7b6d92fa3c7f228e8cd6db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b24824e547308c80bf8776fb930a3bfd
SHA1 84d78f7cf659c3daa18083d22d13a56aac5c49bc
SHA256 75aaf5773cbc58f5abda8fca39cfab04da4449a51d3aa5ea62fdce0ae4710212
SHA512 5683a40a1e1aec855c4c9bddcb0f90d0a4d8fa170d40a8b7d911fca06505ed53b597467b3fd422a7818282fc1679e308bfb7be0a42e46fdf514e944d93758a78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c644c5c5bc3ab6e4f8d5df75f785a5e
SHA1 9cab27f9164a4f3cf2ceaf30477d86a4f4ec27b1
SHA256 b9c88fa5c64773fa80981f14ed84bee334d46a956f5f45279b5acd99900f99c6
SHA512 5727b115cb09767e08671b5ad323796b8c4773295e459518d97d34b0b0747aac2d661efcfc4953935515fc3add097a2f550eadf5d855f09d5f4541906e2ef6f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4cf8126e44253f9c77c8aafe574fe77a
SHA1 5e18c2e8d73b7028fd0e187c332bcd0bf6f4f9f0
SHA256 a867e212c81f01c9ab877b5ca39280210d1fde5815a41f02b24f78bbeea2a626
SHA512 eaa849104805e33163796df2bba2fc666f477c04733842397e1d5636f3b61bc25a57504fd060229311bf153ad2f2ed098cbc3fde69995e7c069dc5e21f0f37d5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 15:09

Reported

2024-06-12 15:12

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

124s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a11a4ac2075cfff6ebf10da0a5f24c59_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 376 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 3356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 3356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 376 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a11a4ac2075cfff6ebf10da0a5f24c59_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbd8946f8,0x7ffdbd894708,0x7ffdbd894718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5360 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 nguyenhuytap.googlecode.com udp
US 8.8.8.8:53 yophim.googlecode.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 helloximo-com.googlecode.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 opi.yahoo.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.megastar.vn udp
US 8.8.8.8:53 traidatmuidotcom.appspot.com udp
US 8.8.8.8:53 cdn1.iconfinder.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_376_YRICFQHTYXKHUPON

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fb1f93572d45d21fb409ddda6901b28a
SHA1 f6b6706d6b620cc6ef091592c76f39147c893591
SHA256 efee6a380822ccb452f31544a0fe766a792eb96d6739164450b23b5dda229f95
SHA512 6fdbbdcd72b7cb05efd7161f8b06751be09732fad25f0e34f918c4b7e7f612ee3c507c630cd695e27ebd9449567843b6212c5e6342cc384b50ac75db37690ab1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8f3bb00f97bf8ee2ed0551e626c48ace
SHA1 79dba0ba9c55ab50b870240a7d08dea0c8e34b07
SHA256 5167e8ad77891b983d780a82be6919192369fc713f34ca2fc288b15dee5fdede
SHA512 a78d4529ec7d76e5151a9f8af976611919a10ad8de69e34ab467f1e5c7309f64af3966d2b7a76a10f93074e82639237b9def5c3d48034c34773a4cb6f4e6ccdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 00f17b59e1c4eaf2e27804788363792f
SHA1 9b668fd46e1c822a2957fe3dec846cacbe47e19c
SHA256 da4e2c995c6916abd609fea1753f9669d64d7cf3ea20fbdde9353a78d22003cf
SHA512 42fd43e716b2372423c8ec6dad11573fb30c87eec2eb26db23e480609de3b3f25d673406f426b6132e448065d24876fcdff7609f4c0dea03cb488c88cf976dfc