Malware Analysis Report

2025-04-13 11:37

Sample ID 250101-frd8fswjcs
Target JaffaCakes118_4832dddaac75cfc4054fa0b47034c330
SHA256 b41c2a0a8a08630b3f028bf888180377ab6f2e2eea8806b989ecf3f77c162c2e
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b41c2a0a8a08630b3f028bf888180377ab6f2e2eea8806b989ecf3f77c162c2e

Threat Level: Known bad

The file JaffaCakes118_4832dddaac75cfc4054fa0b47034c330 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-01 05:06

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-01 05:06

Reported

2025-01-01 05:08

Platform

win7-20240903-en

Max time kernel

143s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4832dddaac75cfc4054fa0b47034c330.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d06e41f00a5cdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1A90E211-C7FE-11EF-969B-D60C98DC526F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003a2fd8b30780c646a42601bc331d51ab0000000002000000000010660000000100002000000023860948d07c03a7fad2139658ce6098ca6564d29b3004414454266646f72f07000000000e8000000002000020000000f9651dcffd8fefe0ed0e975bf944b82ea6cf8771a7f8c0c31ea5e15e0bece84220000000b7289627e37edadee911ff010777b4720b854db8e6b2f616eae104be751a5faf4000000025426aa085e65404288eb2e01d2e60490c9eaa2dc6f2eba1a8810d1f4203abb0e8d3dbe00d9e3188396ce3440949c8c98ba424ab559d75c836d0827879544caf C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003a2fd8b30780c646a42601bc331d51ab00000000020000000000106600000001000020000000a2a90a48823722fe7e7509508dbfe33a4eb37454f93666051b358e27c412ed53000000000e80000000020000200000005a00971ac140beb9d4c5ade66484ad10484da7f18106f821d7ed60558d289d5a90000000eba38fdebe91708e1b347d5a7436574e7039e24a781ce3374860e755b9b7a1dd9d8ee959ea459eed4b0653eacc54841e8e96f09d929d545834a3d782f2bb2e928b7e44a5eae958af52b247b1aa04bff5176d63a97c0994231b822f84d6cf4f982bd1b8ee7d8429ac3cc64026b5bf392d38cf387b181adcd8cd79ed0a86cf20e1ca8baf26bbbf6c12649a5f8627c5eb1340000000c80018124fa11604d9273709f28649173d7f408193fca8e134e4df48490c24a66cdac37c0e7fca0b86e36b00936796e00fb9c0b40ab474a63c7d83d6979fc40b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441869833" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4832dddaac75cfc4054fa0b47034c330.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 w.sharethis.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 scr.kliksaya.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 76.223.54.146:80 yourjavascript.com tcp
US 76.223.54.146:80 yourjavascript.com tcp
FR 18.164.52.90:80 w.sharethis.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 18.164.52.90:80 w.sharethis.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.214.169:80 img1.blogblog.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.214.169:80 img1.blogblog.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 142.250.179.110:80 www.google-analytics.com tcp
FR 142.250.179.110:80 www.google-analytics.com tcp
FR 134.119.176.26:80 scr.kliksaya.com tcp
FR 134.119.176.26:80 scr.kliksaya.com tcp
FR 134.119.176.26:80 scr.kliksaya.com tcp
FR 134.119.176.26:80 scr.kliksaya.com tcp
FR 134.119.176.26:80 scr.kliksaya.com tcp
FR 134.119.176.26:80 scr.kliksaya.com tcp
FR 18.164.52.90:443 w.sharethis.com tcp
FR 18.164.52.90:443 w.sharethis.com tcp
FR 18.164.52.90:443 w.sharethis.com tcp
FR 18.164.52.90:443 w.sharethis.com tcp
US 8.8.8.8:53 ww1.kliksaya.com udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
DE 64.190.63.136:80 ww1.kliksaya.com tcp
DE 64.190.63.136:80 ww1.kliksaya.com tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 s10.histats.com udp
US 104.20.2.69:80 s10.histats.com tcp
US 104.20.2.69:80 s10.histats.com tcp
US 8.8.8.8:53 s4.histats.com udp
CA 149.56.240.127:443 s4.histats.com tcp
CA 149.56.240.127:443 s4.histats.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.134.89:80 r11.o.lencr.org tcp
GB 88.221.135.105:80 r11.o.lencr.org tcp
US 104.20.2.69:443 s10.histats.com tcp
US 8.8.8.8:53 www.iniloh.net udp
US 8.8.8.8:53 1.bp.blogspot.com udp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.80:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
CA 149.56.240.127:443 s4.histats.com tcp
CA 149.56.240.127:443 s4.histats.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCATT3E5\plusone[1].js

MD5 3c91ec4a05ec32f698b60dc011298dd8
SHA1 f10f0516a67aaf4590d49159cf9d36312653a55e
SHA256 96b335b41362fd966c7e5e547db375ef0be7dcb2aec66bf3646782eeaed4b2cf
SHA512 05345e754b39e9f83514bc3e14b52f3cbf321738fd7d973da55db99035b11b4152fedce2c203eb34376cc9e18571db514ff9fbcb4174a2dd7cca7e439cd25944

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 033c6a8b59152898920c37c4422f3350
SHA1 72abf91d4f0faca1f3d88373b62f338f8a626124
SHA256 e47756f7654ccaaf1745300c65374c9825fc17b455c14633e5d52e12c6e5f84d
SHA512 a8c258d35e087a64ed56faa49f937c1e3d4556b71160465db9f3aca1d3efe3e206e918a94edd6e144fbadf2830d57444d9185d07e725ee6f6142e1cedd14505d

C:\Users\Admin\AppData\Local\Temp\TarC73.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\CabC71.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f146a505f26af7ca801db5f15e0124de
SHA1 93f244c1b575ce569909143798cbb19237a3ff22
SHA256 c485fb7cfa7d0727319ad3323a9cbf7c018d8c38cb69280d5a0cfc4a2a93f306
SHA512 fa2b4e7035df9a4072e73695418b6e5e7f9d61d2902ecd562df1e5505564b5a1181ab6bca01d14ee3a6239bfb75838adcf16c46064333217b4c3bc5a39c13b05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f3be4b6521d340c01185bc963aa3db5
SHA1 49d7754a69e131ed65ae6f54e5aa9a59280215e5
SHA256 a87e20c5c85532cd25671f44321c0b0659d24962e710f705e5b45de7e97f9dbf
SHA512 c786cc362b0a5f3d98504e6148ecaaa969ac86782fd2bf848cd77a0bd875d5ed26065c16f9f372a218e200b523ce72ab103c6f6a5d4edae75f8874374437c6e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c86382be38028cdc14bee02128af851
SHA1 98b3e39ba99cc7b854524c4b84e58e6418d12cdb
SHA256 bc0e6c2926267196281ce665cf849d08ac0778137dc74e0555cbb45134e19da6
SHA512 73e7cc8dbf426a124f1252ab7f3a57b4352a32d5070ba2f106f531c34fa4d7685b9ca6301d7ab3c89e8f8ac325d3d8e49d2b286d58cfd5acc00a0cc95cd1bffb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6fd16fb2db7a172afdad8bbadd29e39
SHA1 f48ce8e9810bdbbbc9d06f05a26993276fa02b59
SHA256 f9f913e8cc273e6f5771def6d93b2c6288c8cd3d52726376e263db2956f020c8
SHA512 95d75778ee9bba2a01aacede431f98e5832bd479a8548eded1df840bb15167063d19b105dea615d82e503d0586da90dd3061a860c4e899c3745ab6a121c94df1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba0b40e9019f260dccc90d0b7a77c36f
SHA1 98be668a3989623cec51db52f077b5d62fc5389f
SHA256 7611dd848b83adbb19d1286638f6410f7d07e4de384c2e22bae121846830a1d0
SHA512 194d58424e80067c26e655a6af1a4468f2932a38690a0454f25aaea45b29deefb87195b3a9fa4957f66e72276886906262765ab3d349a79341ae03ee9cf43e94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c448f24d5acb99ac93361f22f3e6295a
SHA1 9d48da73078a6631174dd74f10374dbda8bc88f0
SHA256 d675f97c2e906b204d8ed459efbdcf72fa235dc471bdc792067221efa78820d8
SHA512 a202a6d45b672368c8fc42c640d40525f58122acb32f77a2159a3da8a0856245fb632b0e241822e4cff7428fadafcde78cf05d2c55c1d8dd9c8db5d51bf7df30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c0d163165f9848076017583045e8f7f
SHA1 8a611ecfdc079fcca7d109a924421b185f4c25d7
SHA256 bb94087f58cf63be90f62a1ab97545aa99d7c464b22dcfe0ced88d3c2008c6ab
SHA512 28216bfb15158de50568bf330f09afc9c3a06199fa089a6b52919020e69fd6daccc7e8e885ac7b53e0941cefc47615398ad80fccf6a5c1a6e9a48be3191634d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a4aaee0ce42fba76e4b77369208b566
SHA1 5b82c6b15f1fe39acccc363fde70e50f2ec93b45
SHA256 322aeb51d75370df49b40c33b3fe48c96dbfce44fe08367c787c9754b1cb23c9
SHA512 b2d542531eaa3a342ed2e881af153632dbe28916ff7613eaa8a6fd4c7301c80dba42f00ab83b74480e3802b52c84b7092410be2d89c289d95bfa5f66f8e6198e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd9db6b1dba7c1d546b36f502bead1e4
SHA1 7b1001fa719d82412a1cb3717b79b36bc5c57113
SHA256 5f59d2117e679fd9277b211687001317e9c4425c3f828236382b72e68984e62d
SHA512 ed24e648b532c1b38db6cb667e383d263c5f109a9df16aa08f6600bdae2e8a77d16573e13860fb6e3da9a001af6b8cc0e37dd57534a3de13da5e7f0831cb2ddd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afc67a553d1cf071a33cf2b6a1d13a12
SHA1 64a673f6d99504b4d7abd812236adf543015fc36
SHA256 130355ccc696ed5af880e98a0c8aa88c7936d99310c90da6fad402aa2ec4f418
SHA512 2bf9496585ea22f306ca3b363bd2947124ee05e4e0f96c7d8de7fbb331cb1fbd51581f977a7d130817a86dfe547cc14c6e8b7c79e43f7a7dd7c0f0a4db144b97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bcedc58efa3f3ee0d7e4e7a14c13addc
SHA1 0a7d2cca9cedb959037c5c10c71a4d507c37baab
SHA256 4b9812711a5c440efbf95ef74d9b41e2014e95af65db7809ac78826cb3975f9c
SHA512 b1d545dca28cc8f78a0d540f6b36655601a160d34414c7d135c67bc607c79bf9331966a3cb13085b79d300c61eba7fbf388bd71694b99496da6e44bade77664d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 5bbd9c63551e5c4acf7054403e629042
SHA1 a9c05919dca2abc4838842aacc61d9f6c30ea3b4
SHA256 86557f91a54629a3bfa839f777bcaa8918800d424cbdf3f51ba1b2e002fcf9f2
SHA512 e8443ba0a01c6dd35afda1171905617b19fbc7f5cdd01aa486a39babeef47ba7e509de7ddd52ab439375984540840aa3b1a8e3cf0e8ce5ffd03417d6fdcbb0e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 845348bde3c4811a6b5dd4a4b5943b98
SHA1 749fd157d8d3d847768761cf76e1db5393dc69c1
SHA256 1df669637f7799dbe34fa9312c15159d1a5b881537f4ce1bfebe72fdbe46b1ee
SHA512 f7a9ffe60e53e10525b1077ad95b77b59280357ef46f178dc02d4ec6a8743b8e9f861bb5ff963f414988e7486144578a2adb5d98cbf88e04f5f55f763fe3841e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73215570438a16636a141ded5d05d763
SHA1 ffe8868692d9c01c4faf0c64b6871704639b79c8
SHA256 0ed76933102bffb73a3fed3b7fc28c06f168b8b3a9e2f8c4f2eff25c3e96ce8e
SHA512 3738b16debea495b2d2ef6015d4e54f6360ba03bea99a5ad54c73ac2b6f338d4081538bfd8eb27ceada51a24c09b6fc95331853d01c53d5c5137553790cb7ded

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be24e8e288ba32622be8037d73fe4b2d
SHA1 0f00eb8e604f202d9ef64bdbeadd7d6bf9900705
SHA256 c98da2fbec675d5912cb595d4657397b7036150afeb42405abc67f07608f43b1
SHA512 ac146162f6c708cd0840d65b598e24fe04dc9ebb48e6cf88e0025420ae8ef5ae4e024a726e3a5d8d196eab38072b591bf77118f428e61de77317e52fab129176

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5b28e108bd9f4f4eff7d159ae6df27b
SHA1 59090f07fdf91435fd9e605991755de2f70f0946
SHA256 fc5fa4ad989a4771f7fef55f19b7f1e621ac5c2c24384d20532778d4d75dde14
SHA512 535eb0582d5b451e9070dc065e828c6a12d531954da8c4bb92f2336100272ec72a8dc11cf108fa204467a4f06f62fba821e96e96e95aa834cacf70de16aa3203

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 0a48286d1a2fd876bac96bf281f29b05
SHA1 4eeaa962a31eb3ffdfa18c08989d36a0b9c2f9a2
SHA256 e392163dd9075d6bed52287370da7fa6e2d62d23a927ed2f1b98c536490dd951
SHA512 2cd17b90f350cb956299dbde4f00d9af3ec25e62f190a7a037c28b9e234884a7e6d0b8a61b033fa3685da46514bddc36d5ba5cbff9bc6d72d465ed5a8d630259

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae2ac91b8d27189b6b84a9c177a44852
SHA1 043ac1ffbae4f4df187a49aa20e0e662d0924c92
SHA256 cc00469c51290ef1aec7b0045d47a67268288673bf3d38f1eda4bdd8ce2c63c4
SHA512 fae6dc89088d8cd9d7d80b1b2afee8feaa21db87485851beeb8621982c37378df701f943f3e588107ae5dd67071362a96b1e40b7df8b0c8ab6d6a39c8bcabb03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f9775015b6b240b5f7aaee728297e8d
SHA1 22aef2b0a0adb9f862f8ec93749598bda38780da
SHA256 a6afbc5958a8832e7d81131d1f70c9b872c3f129e57468429db290ae57841e77
SHA512 d3c22f67464ea89dfd2ee4aa1f70e713502619f98a064cdd230dc67b2cdce4ea7f9c7d9dd412e8530a85543fc8bcb0cd9abbdfac328800fe03a69dc794da1ffd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 226336c9e42f422391e47115efb71480
SHA1 fef898b90cb1d64858427c9a874e031f9222d932
SHA256 8e29a78c1a1a75b50ae9d1a1073fecc89baee58c4bf380e2c692e634f3c6304d
SHA512 1506e8594c75526ec5bc0e845b5d75c61fd7fd22237689b3d7ea078181ae85ab2cd6b630c7f98dcff532bf3c70e1b198961f57dd9ae7fa7d34a1f958e16621f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c56da502c3e53377a60434f65987718a
SHA1 276f7b7bfc0b41cbd5cc310f3ebd357c267d9342
SHA256 c97c9dddc3fdd7e19497ecc97afc78b6e424a152aeaa3926d6f61df930ad7a4d
SHA512 4c57233fd550561f83e5912b243ef0b56d45bd8d8a697372bbfcfd91d2eacf52be92daf26918471fff39e74e3ae372d9dbbf900a87d76745deb50d23543764c0

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-01 05:06

Reported

2025-01-01 05:08

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4832dddaac75cfc4054fa0b47034c330.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1216 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1216 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4832dddaac75cfc4054fa0b47034c330.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9189546f8,0x7ff918954708,0x7ff918954718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5048 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 w.sharethis.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 www.blogger.com udp
US 76.223.54.146:80 yourjavascript.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 18.164.52.115:80 w.sharethis.com tcp
FR 216.58.214.169:445 www.blogger.com tcp
FR 18.164.52.115:443 w.sharethis.com tcp
US 8.8.8.8:53 scr.kliksaya.com udp
FR 134.119.176.26:80 scr.kliksaya.com tcp
FR 134.119.176.26:80 scr.kliksaya.com tcp
FR 134.119.176.26:80 scr.kliksaya.com tcp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 115.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 146.54.223.76.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.176.119.134.in-addr.arpa udp
US 8.8.8.8:53 51.201.222.52.in-addr.arpa udp
FR 134.119.176.26:80 scr.kliksaya.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 134.119.176.26:80 scr.kliksaya.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 134.119.176.26:80 scr.kliksaya.com tcp
FR 134.119.176.26:80 scr.kliksaya.com tcp
US 8.8.8.8:53 134.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 2.bp.blogspot.com udp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 img1.blogblog.com udp
FR 216.58.214.169:80 img1.blogblog.com tcp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
FR 142.250.179.110:80 www.google-analytics.com tcp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:445 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
FR 142.250.179.78:443 apis.google.com udp
US 8.8.8.8:53 ws.sharethis.com udp
US 8.8.8.8:53 l.sharethis.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
IE 52.213.94.99:443 l.sharethis.com tcp
US 8.8.8.8:53 count-server.sharethis.com udp
FR 13.249.9.11:443 count-server.sharethis.com tcp
US 8.8.8.8:53 99.94.213.52.in-addr.arpa udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 3.164.163.87:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 s10.histats.com udp
FR 142.250.179.98:445 pagead2.googlesyndication.com tcp
US 104.20.3.69:80 s10.histats.com tcp
US 8.8.8.8:53 s4.histats.com udp
CA 149.56.240.31:443 s4.histats.com tcp
US 8.8.8.8:53 11.9.249.13.in-addr.arpa udp
US 8.8.8.8:53 87.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 69.3.20.104.in-addr.arpa udp
FR 142.250.201.162:139 pagead2.googlesyndication.com tcp
US 104.20.3.69:443 s10.histats.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
DE 185.60.217.28:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
DE 185.60.217.28:139 connect.facebook.net tcp
US 8.8.8.8:53 e.dtscout.com udp
US 141.101.120.10:445 e.dtscout.com tcp
US 141.101.120.11:445 e.dtscout.com tcp
US 8.8.8.8:53 e.dtscout.com udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.iniloh.net udp
US 8.8.8.8:53 1.bp.blogspot.com udp
FR 216.58.215.33:80 1.bp.blogspot.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d22073dea53e79d9b824f27ac5e9813e
SHA1 6d8a7281241248431a1571e6ddc55798b01fa961
SHA256 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA512 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

\??\pipe\LOCAL\crashpad_1216_PGBQAUFAVYIVEASK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bffcefacce25cd03f3d5c9446ddb903d
SHA1 8923f84aa86db316d2f5c122fe3874bbe26f3bab
SHA256 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405
SHA512 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 67c653573c245437ce8b803c8baed7f3
SHA1 b74a5a878c03053ad7eb258ca8c70780df2912c0
SHA256 2a33bb9e55565ac24b848f39e4748a527847fa4c3d82f058ce6e1abc600b4f0f
SHA512 51a6cd9db8e8ffe686b83957ce34723d6a3c483012cc27df246926216f0d7e13dbbfceca42b04c3f7ffc7e5725352f188506fceed99b9d18d328d0135c433a69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a4bc2ab2821ef551c2511961ed35a11a
SHA1 510edbacb976decdf48646098916f1a7075bfc76
SHA256 65dd22b4479716c00e34b178f0f341e67950d980a16afa0c6c3ae33607df59e5
SHA512 69d336e9b76ea457ccc9238595e99fe546f121d59fb4774b293ec8a162999dc4edfaedff1bd0b42aba4ea0060674961351d8b0121fd1e87c5c4779aa826bced5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 be46ed93b692c611b2043bd674eabeae
SHA1 aa8c0b38c8760097d574a8ddc168b17a277f1735
SHA256 e6bfadfe85d17d35dd35ff29d7ac6b1a8399c1be537cb8c9605e66ae1fc8a749
SHA512 ae822b2a1ee50c95e2b6fcbbbde9bc49115e3c986941d98176ef14157378bc16883de0696fb062399b0b1991ca9cdf1dbd366b9ba80de50bc90f997de18c7a98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 af8855a20312bc2b3b1527a289276d8b
SHA1 4fe4ccf9ccc8ca02d6566570bbf070070a5b414e
SHA256 d107406ffa6017a78142bea7fe2bd045f23ace9f16d65ffbb2d76885ee9c4a24
SHA512 48aa44a642480200950c0a1c9dcd621db49b831240d293b152a144e144b6b865312ac36d31207a7308f3309b1cb38c7c36e81deaa4dc7fbfe159160f7a02c99f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8b6dca6f00d52584ada991d5d1592f07
SHA1 7e659716541698138777bda2b97cc55dce72ec4c
SHA256 c345f01d2b74535a3611020bfc53167136d0decf4542e5eacbaa19bc8b1dffbf
SHA512 b45ef3d3470e7b216a10796e3ef8352a332d0d05608f9ec2964cebeed4f6c7550d6ccecbbb5bb69934ec75161bf7d336181ba1b53b7f17dc59410a24e6d47dcb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587470.TMP

MD5 6f1d350098982d59754cfb810fa69da0
SHA1 ffd9dc35f2c450e2d3855e35a8b2ef9184be51dc
SHA256 7fe12dceaf84a61b6c25146e7669602792f38b6c852afeadb042123778561078
SHA512 d118c91c453910d39f5978fd6f84c4dde7cccf798fe1a15df10fcc3884110661390ab4510f0029f87124dd25ff8008e5c19faa459fcb41ddf7f7a86f38ee883f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c78bd66ac63baef42569c6dc3a71ea2a
SHA1 fb6a8c1fff998b1a3a50b6cf6d6a3edc9058211b
SHA256 59c43aa91b8aeaf106fd7b8e617d63c7045a44b1a88c977dcd4603739c074ef6
SHA512 51284ef0e7956d5cb9aacf006368600f1bc1437d851b15782001fa92c561974bb06446a9dcf0c8e45fd1aca29322cc69d78d833bf4a3fd6e37f9c210426cd8fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a19840548fcb35f6770b335bf29623c9
SHA1 1aa9fadaaa37a785669ed1e5793288cb0b74315e
SHA256 7861783244b7b3196cb1f2b398a06261a45829b78ab3e349320b34ee64bd1b38
SHA512 a279e75b96bf24bd1356befeae674167a341bb89550ad7de1d6265eebf36a44e8bb33a8b2f5823c12fb3925f1b406a9504bbb26e35730b646b0851623dac24df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 57cc6142f45dc786cf1d4a4ab02d0f1b
SHA1 6d0380bf3ccccb1fd8dc2486c0ee338ca523a9ab
SHA256 e0a79177753d34582cf555342e8bb0475279cc9af9dfc2fd3daea65d638a8cd1
SHA512 532b51f6820c4df08b51b257b7f2fdb4aff96af5f774ff01c8297612aab10c9a2b6874e1a7a8a55ab552c7956deac4635e31d0fe83bdc718221f9ab3b1183196