Analysis Overview
SHA256
f3ef6f454c6ecdbffa143dd9872ee931535fb50c3aacacc513b56bf141231abd
Threat Level: Known bad
The file ec441dbb7eca8194506a856ed32ecb87_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-13 15:54
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-13 15:54
Reported
2024-12-13 15:57
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
148s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\ec441dbb7eca8194506a856ed32ecb87_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb77bc46f8,0x7ffb77bc4708,0x7ffb77bc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14199926131637833758,11988367653821109443,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14199926131637833758,11988367653821109443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,14199926131637833758,11988367653821109443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14199926131637833758,11988367653821109443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14199926131637833758,11988367653821109443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14199926131637833758,11988367653821109443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14199926131637833758,11988367653821109443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14199926131637833758,11988367653821109443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14199926131637833758,11988367653821109443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14199926131637833758,11988367653821109443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14199926131637833758,11988367653821109443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14199926131637833758,11988367653821109443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14199926131637833758,11988367653821109443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14199926131637833758,11988367653821109443,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.zlcdn.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | static.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | easypeasyrecipeasy.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 146.75.72.157:443 | platform.twitter.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| GB | 2.19.252.143:443 | platform.linkedin.com | tcp |
| GB | 157.240.214.11:443 | connect.facebook.net | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.72.75.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.214.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.8.174.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | widgetsplus.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 205.178.189.129:80 | widgetsplus.com | tcp |
| US | 205.178.189.129:80 | widgetsplus.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.189.178.205.in-addr.arpa | udp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | lm.logicalmedia.com | udp |
| US | 8.8.8.8:53 | www.burstnet.com | udp |
| FR | 193.70.16.208:80 | www.burstnet.com | tcp |
| NL | 94.103.95.230:80 | lm.logicalmedia.com | tcp |
| NL | 94.103.95.230:80 | lm.logicalmedia.com | tcp |
| NL | 94.103.95.230:80 | lm.logicalmedia.com | tcp |
| FR | 193.70.16.208:443 | www.burstnet.com | tcp |
| US | 8.8.8.8:53 | www.pornanswer.com | udp |
| US | 8.8.8.8:53 | www.stonealleyhosting.com | udp |
| US | 104.21.48.1:443 | www.pornanswer.com | tcp |
| US | 104.21.48.1:443 | www.pornanswer.com | tcp |
| US | 104.21.48.1:443 | www.pornanswer.com | tcp |
| US | 8.8.8.8:53 | burstnet.com | udp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 8.8.8.8:53 | 208.16.70.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.95.103.94.in-addr.arpa | udp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 8.8.8.8:53 | 1.48.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| GB | 157.240.214.11:445 | connect.facebook.net | tcp |
| FR | 142.250.179.110:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| GB | 157.240.214.11:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| GB | 173.222.8.231:80 | assets.pinterest.com | tcp |
| GB | 173.222.8.231:443 | assets.pinterest.com | tcp |
| US | 8.8.8.8:53 | 231.8.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | log.pinterest.com | udp |
| US | 151.101.64.84:443 | log.pinterest.com | tcp |
| US | 8.8.8.8:53 | 84.64.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 37f660dd4b6ddf23bc37f5c823d1c33a |
| SHA1 | 1c35538aa307a3e09d15519df6ace99674ae428b |
| SHA256 | 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8 |
| SHA512 | 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d |
\??\pipe\LOCAL\crashpad_3532_UPSPZXHNXHTUWYSR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d7cb450b1315c63b1d5d89d98ba22da5 |
| SHA1 | 694005cd9e1a4c54e0b83d0598a8a0c089df1556 |
| SHA256 | 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031 |
| SHA512 | df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9da15a697332283b749b5b8c6381d758 |
| SHA1 | 95391ffe5201a07d85300a7a818371b24482c14c |
| SHA256 | 7c45ddaee61c016551ecf64b74118646cfa2561785b191c676aaf5184ba452b5 |
| SHA512 | 2efbd1fde7ff35c8cf022bc802880f0034f2d2b94d39dd2e8d703f31efee06d88155f68067a1c06d60a85fd81dea5dde334f0791f9b835fbfa5d577f66ad3238 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 646dc2cd4ba3787bfad992a13776040c |
| SHA1 | b894254a84d450e2e3c76b5be3a8b7ecc4cebcfe |
| SHA256 | ceda0c9d74cea68951318aa464104a1d30f77ac2bfaadaaa80dbeb8caf5976fa |
| SHA512 | c0456fae55f02e998e61ff1d266e9a86691e7d3191924348ef5270226c2ac359a959b26e8c8fde3901dcf5e2e93dd682cf7bf36524382bede633a76bd19314d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9ba5f8227032d2e9f30cf610c60f3b6b |
| SHA1 | 3050e2d57c2b0c9b682b69c8237b63ea16b3b5d0 |
| SHA256 | fb38970f1e53e0a731640c8f58a45e3094ec9651abc28ee5a1e63594b878268e |
| SHA512 | dc65182e13aada69391a7590473dcdcde17071172d5580feda08b8cfbf5579b3af785e5d6c7f3196d81e6ac3204aea9a0e585c6fe80389662c4427efd834375e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 76240106dfbb953bf20fd8399da46193 |
| SHA1 | 5ca19004c20b1c6634115adc733010ab83593d66 |
| SHA256 | 85812eb74110e93dd116a3a09b038d5c4ab964d80d5edff2be6141a43d1ee56e |
| SHA512 | dd4e4b7423fa261dd3e2a2bcda546dba8078c88c78362cef73d1d5af517d964d4c583c19362242f839b69fed73147ea3d2381bb4aa38adf299ce01b3f4aefceb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 682abf43a6a1153a18492fa7304f489a |
| SHA1 | 8d0107f704fb1ce02e7a01f1d79ab03ab274ee88 |
| SHA256 | 086983922ee0a23203ce39f175154deb466b160cf8b6269024d6ec8193a050b2 |
| SHA512 | 8482066be22dbed6eafef83ebca00469c64869aa9f25377bdf1b2de059d5a6389260b92547a2e15bc9fc5af3ab8acde5ff136f72c3d08b987d3a247054b36c3a |
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-13 15:54
Reported
2024-12-13 15:57
Platform
win7-20241010-en
Max time kernel
144s
Max time network
149s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{98A327A1-B96A-11EF-AA78-72B5DC1A84E6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440267171" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000fb6bf45b201618059ea231b135ee1d49faa266e8ac8573f4e6a223dd798a05fe000000000e800000000200002000000030d43d2ff35ca7b903e3dc111275e5e00180f71fa4a40c8f06bcfbebceb2954f20000000987d627de2541e4f529b821fb9f309b1876ba24edaa530517a848eea44daa027400000001fbfb4eb166613813d175d416dce2b69bca2fa4624210b98db705f661e72ac3585dde36d0a8a0368ad52c326fb853e425de550cfdb61450b429425ec6ec16f87 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b13190000000002000000000010660000000100002000000031f6be09a48f858ae1f204c484d6a244eb92fa01a87e45a19bdee7283c831ee0000000000e80000000020000200000004ec93553ab94a9b2acc5be28be6e4782cbbaf180d34cbe37a95a54f238950966900000001e2086aec0def031e29414d3e4ead822cab4694fef2e93e3992e7b00587f5b24e3b43d96a69e4f1a56d13f3d52b24fe18e1247798d3a455cd9b18d0620e2c9a731fc31347a172501dd46f907e67139d5234d09d10a6e72938c159f07e3840107ac5f11f8fb142f9abbea45769258d00d8d8da69cdb5e159a233beded045e4c81e34b87ba1ef5c2352e2f1fd82e240f4840000000c8f97a83242ee522d6896859b9c4bfa9540a196fdce1d31638eb4e5dd8ec7bef331067465db8cc348e4019b85c47ddc0c7967200a96470e1a41785a85791cc86 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 207e2473774ddb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2236 wrote to memory of 2568 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 2568 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 2568 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 2568 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ec441dbb7eca8194506a856ed32ecb87_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | easypeasyrecipeasy.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | static.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
| US | 8.8.8.8:53 | www.zlcdn.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | lm.logicalmedia.com | udp |
| US | 8.8.8.8:53 | widgetsplus.com | udp |
| US | 8.8.8.8:53 | www.stonealleyhosting.com | udp |
| GB | 157.240.214.11:443 | connect.facebook.net | tcp |
| GB | 157.240.214.11:443 | connect.facebook.net | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 146.75.72.157:443 | platform.twitter.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| GB | 146.75.72.157:443 | platform.twitter.com | tcp |
| US | 205.178.189.129:80 | widgetsplus.com | tcp |
| GB | 2.19.252.133:443 | platform.linkedin.com | tcp |
| GB | 2.19.252.133:443 | platform.linkedin.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 205.178.189.129:80 | widgetsplus.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| NL | 94.103.95.230:80 | lm.logicalmedia.com | tcp |
| NL | 94.103.95.230:80 | lm.logicalmedia.com | tcp |
| NL | 94.103.95.230:80 | lm.logicalmedia.com | tcp |
| US | 8.8.8.8:53 | www.pornanswer.com | udp |
| US | 104.21.112.1:443 | www.pornanswer.com | tcp |
| US | 104.21.112.1:443 | www.pornanswer.com | tcp |
| US | 104.21.112.1:443 | www.pornanswer.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| US | 34.174.8.45:80 | easypeasyrecipeasy.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | www.zlcdn.com | udp |
| GB | 146.75.72.157:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | www.zlcdn.com | udp |
| US | 8.8.8.8:53 | www.burstnet.com | udp |
| FR | 193.70.16.208:80 | www.burstnet.com | tcp |
| FR | 193.70.16.208:80 | www.burstnet.com | tcp |
| FR | 193.70.16.208:443 | www.burstnet.com | tcp |
| FR | 193.70.16.208:443 | www.burstnet.com | tcp |
| FR | 193.70.16.208:443 | www.burstnet.com | tcp |
| FR | 193.70.16.208:443 | www.burstnet.com | tcp |
| FR | 193.70.16.208:443 | www.burstnet.com | tcp |
| FR | 193.70.16.208:443 | www.burstnet.com | tcp |
| FR | 193.70.16.208:443 | www.burstnet.com | tcp |
| FR | 193.70.16.208:443 | www.burstnet.com | tcp |
| FR | 142.250.179.110:80 | www.google-analytics.com | tcp |
| FR | 142.250.179.110:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 157.240.214.11:443 | static.xx.fbcdn.net | tcp |
| GB | 157.240.214.11:443 | static.xx.fbcdn.net | tcp |
| GB | 157.240.214.11:443 | static.xx.fbcdn.net | tcp |
| GB | 157.240.214.11:443 | static.xx.fbcdn.net | tcp |
| GB | 157.240.214.11:443 | static.xx.fbcdn.net | tcp |
| GB | 157.240.214.11:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 157.240.214.11:443 | scontent.xx.fbcdn.net | tcp |
| GB | 157.240.214.11:443 | scontent.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| GB | 173.222.8.231:80 | assets.pinterest.com | tcp |
| GB | 173.222.8.231:80 | assets.pinterest.com | tcp |
| GB | 173.222.8.231:443 | assets.pinterest.com | tcp |
| GB | 173.222.8.231:443 | assets.pinterest.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\TarC48C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\CabC479.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7708d219d1de4869b37c31b1aeb5f8cb |
| SHA1 | 7488a4ee3ba52432056ce83f18616a66cf7c9a3f |
| SHA256 | 79b6574af9bdcaccacbbea543a97e726bc97a565fea2880efac9e870e0de4483 |
| SHA512 | 0d6570ff2225c4fecd5927a384d519087738ed6954cd7fba5e1e1dfa1cc99d94660626645f9189e3d271dcf8ea1359000142c87201ef4a0e302569fdde0d4f3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 9c53e66fb6e98acf1586e9b74ad1b1e1 |
| SHA1 | f2ac6913a37f21845896f84fa03c38153b31cb84 |
| SHA256 | 0e053577cf62635305cac5e4642b0ea27edaeefb7d0d209b9c143349b269f294 |
| SHA512 | 0b1f02dd40fec48b4fb74fbfd12ad28eebedafc27c5dad9e181cdbc9abeb93d01942f1c26279c50cedee9079259772eef29838a2c70c9acddea66809ae2ca39d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1db51ec37a045f002da37d3b9fbb72b5 |
| SHA1 | 42a87addefb7c13eafb508e5964db9acac0d70ab |
| SHA256 | 2548a13ba299d0af726188880595d1c621ede99da93324f922ef0d0c8f40d5e4 |
| SHA512 | 6ce60dc5808280efe5863de2e7d01ebb8a979c7942f4aac92ae0883ee5a6dba2860ec1c03717d568a1a138ab486ec9c5520b171e1e3827d428956652ef9cc60f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25a5bb644d89d23352f3a033e17e8b63 |
| SHA1 | 93fb9b06ecbb649b6db0923e17a640a7b5b6bc71 |
| SHA256 | 5f351349f1a545fab68b5b67cd678527b379abe97f101c2058a0d89e5dffaf5f |
| SHA512 | 6452ad325cee4bb76938742cf6f4c40d0bed1c84e64cf009771924ef5b6308707f23d9c9e04487f192fc26d6046207a8f71335359c703d878d55cd124523a65e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c9491c20df0944f0e2f583255961ab0 |
| SHA1 | fb37e26e76519fc1f32274684e1e06ce37428d14 |
| SHA256 | 8b39cb148d6e1ab02c2b11693534f4fda1756e04d1fcc73c54caa1369c33c1f6 |
| SHA512 | dcee82603848490d78fc5b243b69827129be9a3d50cd5bdba74f7b1e28b893842bdca4d74113a5296ce1275c0527fb8ccf69483b74220fe819b0a94d0a1402cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86da112cf222c828b6a97996ab182f3c |
| SHA1 | 7e339e9b6376599570be0209b6186535490802eb |
| SHA256 | 29e541b91c318d339a9fc043df683aea09a3f140cc27d860479040ab9f1b7fd4 |
| SHA512 | 36b94e300b0f552b9a308aa14155725b3d2fb7511c768d56abf3428c884cf6ac7f6f1f9a87368c0337dae59496cb1d5d367c62bb5037b73fd1d061ba56c1bd90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b8043bfe5942a308051aee70e5ce76f |
| SHA1 | 36ee1d60ccb17af4abbb4c0d1c8052f2b91244fd |
| SHA256 | 7b56c26c2a2e3e464dac9c32249a15a2e585859ee6864f8de2dc3db7a5956421 |
| SHA512 | c765f0b1520780a17df74312597f96894698e3af7066411d106ef851eca0c2968fb847cf25fdfcaf0d558137ccdebb0c964602b33610be76c5e1f756f359912b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d896f370802314ac44feadae3a9e6c83 |
| SHA1 | 85cb976fdcea597015e36215b3bde4c770043c7d |
| SHA256 | 2b788bd1a843a4322d467a8d014185d7d53316ac7155cacac7251eed2c2a6094 |
| SHA512 | 98d4c8aaf9d4e17a1c664cc9d603523e4c02aa32e2c8b81d16e34039de5c7b0568effe2ddb0d24096623fdb2ddb551ee213c239696210226b163b8cc7f974c0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40d3c6f59c5efc8471ae9265a30fc9a2 |
| SHA1 | 62333a144a337bc6ffdafe0eda2781695a9cea25 |
| SHA256 | 04820a08e45788b657fac1111829de68b2131fa0707dc97c72eb877a22f7358b |
| SHA512 | 814af658803df4c2ffea3aae964e0459a73d40187672cbfeef2aeaa95cc70a3db1aff64e3b319eded83897d7ce8eed8b0a756172f2d7914b0ab1dfdf301a0977 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e85dc367e0c2a9c4e432f46a4d343fd |
| SHA1 | 52899305e8e65f21f34ecc11d9246a5eed437136 |
| SHA256 | 2f0403101e3bc3aab7a1b42b30feeea57550536a54587a4f37f61dab846bdd12 |
| SHA512 | bcb6859fdae18db418f2879276e228c49da4a4002eb2e01b0302aa68e18cdc0511833f1213cbd3aee166ad4eb2bd785fb982ee170fec16724ccb4441053b4d66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1240c549b5bed08c4876d2f417c2ba37 |
| SHA1 | 6c5cbd78778865acff07da121f66d4511341add9 |
| SHA256 | e0f89c7ecf83cf35b3857089893cf35e689dcb468d3ad8f3905ab5a5b658bdfe |
| SHA512 | b6461a178cf06a79bc737d0b94c0d75aae811e1295b1705c5cff985531ed7b050f4872da007ea0999454787d584429092d28cdf375b826088e05440ae22a6e82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9f2245dfffcb3acaaa675fbf6d5f06a |
| SHA1 | 51c337165199eead3d2f3485484d57f43ee86927 |
| SHA256 | 272dfc8478a309d03c7d16593d0324b81d2ddd58b26607601fd061f2974c841f |
| SHA512 | 9abaf652093b8ef10be33fe28d75b451f9b5760291fa2c830c044975edd0e82be2003b6dda97ec0017bb1425d6b85fd947ccc80116b33c74ac3e6a4f6a28afb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a125183258e596bd3645d941317a984 |
| SHA1 | 19f5a2f0d8bf0edaec8e761f3381a2d7d42f0581 |
| SHA256 | 48e395210377c3f78577ad81d9ae32dea80df4d819f100886c3b93cabb0dbdb9 |
| SHA512 | b924e3e372ec9f77b1b205c4ed7603b52014b8c7f12255558447870cbee24bc42c8fe197047974f9d601f1941594217b101f757695863f039bc5f408188e5e26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 867a79be239627bdf56fb9ae618ee6a3 |
| SHA1 | 484623c87820cc87635067dc89c7517a827bc200 |
| SHA256 | 0544d846bf2d5fce544bec3a6cb62d16688356f3a68a6cbe545380cf713bb28f |
| SHA512 | 2381bb580d1c360085fe8d9444c93a788cb7c291afcd56b40b7cad42e4c088fe62390443ed04c3f0e04431b4cd2f88dc2c36381e26f7bd5b8b5a8a7d45e788cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f6e421bd54171fba7d319195019256c |
| SHA1 | 04211f4d8f93f7307c3c10197de435719cf2bb17 |
| SHA256 | c295565e8f6e602e32e74a851210c1343315e6324a33e7443477ce1c34663e9d |
| SHA512 | 2234918d904da4b8fe725f79d9fa62f67ff03f3ee9d020f9e9d21dc7b4703ed256e077a4d06af0388c413cbc398d91b7fe9649525bd45542c0845c4204da9c6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e956d2f3bdb11c99c9295d20522e947 |
| SHA1 | 394bf63654baa197ef8a13e218bb3f293a7b90d1 |
| SHA256 | c3b36aa358a979dcf3c79c7a229dd8a7fdccf9662c1ef46c839818087ba6c8b9 |
| SHA512 | d7f15535b18901b277be95a6f2b313abcf774a7b4b0b12da7721eeb27010ff4d676aea83d5882a57f91ca9c171b31164320fc9182f8558d77bf07a017f23699d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9e1633468be53b99610bf60104f4717 |
| SHA1 | 6a9910322c30145b95b16560bbef2211f6f1d137 |
| SHA256 | 17e218665c33f1b46697b74e68b59f0745fccb4660348c514c1d294422e4f5f9 |
| SHA512 | 5efb607976756221da5b05d7f5a3509d63fe8fe2ef238868db6bbe657faf55c0025933d3beb4a74f33958a23cc94964b36b1c2e4522bf409ca0c4178e8787bc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56843ee818ba9f6860d728999394b437 |
| SHA1 | 2dd4f63817a30c3935d76e40d7391a9a4584ffa7 |
| SHA256 | 4ac98c3a6b5d67da3f6ed60aeeedda7c309a5a114b4ca0e192cb3070a21e20eb |
| SHA512 | 79265ea7442540809a64b3d7c8920c20aa44120c50aaf6db4533836d13df10db519ae6d785d33db4b6dbc5ae42cf104a1dfbf44bb4b87ca4cf757853a1edf8ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff1b72fa0ba667e0be8c92b46f588442 |
| SHA1 | 313272e05a377e6e52fce52b75efc1325f0cdf84 |
| SHA256 | c07b0967c2564c069770eaa533fa53a920a8c5b3d86cf515484c00ffc49dd258 |
| SHA512 | c66535ffd38bf8e96af838ee9793d63abdf7756718f4fd3ed1de7da44465b4ea1d4896ae5bc4f0daa03db4f9df9dccc86b57e2245641ae8b1ecdb49b70f65bc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e2b9100f853069715d8ada89cebb871 |
| SHA1 | 0a95b8b8c1d2b1b424ec37d4602e3e3abb3dea40 |
| SHA256 | cbcaeb4f4ce344e1b54662c81a5feb412c01116f47ffecf0ef56ac03d2854d81 |
| SHA512 | b7c798ac9e394cafb9d6b574b417255499cea5cdf8bc7e6502a9a2db4de2408abd02472d3bef3090f5c9aced69e313cbb305be20d3ebe3ea61ddedba756f40ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 625f5eb8c9a6a3a34d8983f3d860ffd9 |
| SHA1 | cd2cef6de95c7e405d0ec078ee0a5e346a1932dc |
| SHA256 | e8ed5f7e2b5732efa8c2f1d97ed4743092f93caf404261a98a054663546ef593 |
| SHA512 | 7d0255d7d768e12729917ae697abc48909856baaac0177f0ff0c613439ac972a49b4605b12cabc3d2c034408a7d5e152dfcad2e9bf66c9a671bcf847e9696a69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 176966aeb902732a163b04619b86516f |
| SHA1 | b868474f60120344b0c7e876ac9af8cc95600a46 |
| SHA256 | b96892bc114e77243c573b44a3676c9650231f36de9edd5ee171b3a1fe1558e1 |
| SHA512 | e68eb1faea8025d689282675e93715a4da29d325532a6e13aeaaae6632938eb3f9db99c11f07d732b43179aa9f426ce21a22abef5f9ef03a509ed8ee999f1877 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f527c80a56f7499341469a1bb157429a |
| SHA1 | aa959969869512575c54850ca99d56c508098762 |
| SHA256 | 5b707ff9d8d779e4e32c5a39af9e36bf702ea716ce1b9c71a1c559a66eb4270d |
| SHA512 | 0bdd5a390f9c8fd4414ddaf95273be5c17ac1dc31669fb571dd8dfab128bffcb0db186c738c8132a0f8a68ead486656904f9aa6abb16fa722923d8e7ab03a74f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 5740bea731e67ba6f97d210c94f6af8a |
| SHA1 | db0e47ae34b2a0af443bc03d125532fd26b60a61 |
| SHA256 | 116fe901cbeeb652b80b6c2cc7f3266b3bb3952bcfe21c16cc5fabcea208883d |
| SHA512 | ceba83c2162545a13c08235b201aa528e8e5c77cfb3fa8b4baa55317fef711a2a7424796efe8c29b39bd9fb5630c5c9970c235b44bc597472a545878c9b2ab59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a63c3403f3e56d6938ca7b75deb71775 |
| SHA1 | 9cb9933dc2cba4d905b941d1d957cf0d11834654 |
| SHA256 | a8a94519c21de6a0fe9f834b4d8649b44906c300b9af07685add4857aa2c3867 |
| SHA512 | 7564b163f4390a357686274964ac7a8fe5ac185aac65eb39d4f19b6530eb1e75222dd255fa7d9e26197ba6510279c17461f7f93d3fbcf615a81cd47765c0ad5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 805558f517c687e045a25c297e02bc11 |
| SHA1 | c5c0492fc366bf26e37f5041d05979324f890ab8 |
| SHA256 | d4de03e7e397b05e2d2719208d2262a4bdc44dc46d858d0ac26874d5a1210609 |
| SHA512 | fee8afa1ed46f76177b5e0e2686b25347695a2500f28e73cbfa93048f6c49a1b9cdca69b9ad6bbe3d5393336c56aee2f18400b53d04996da718fcab821894e11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a69315e2016e9a07e414fd3c0ba37916 |
| SHA1 | c4214c64bcc58cc6507b8045dafdf768a3be7dbf |
| SHA256 | 5cb5b8ec65efded137d31a35234dbcd81b5d646db3afb23824d346399f465ba3 |
| SHA512 | 874473a7f3ff50239774b050f37ef5a50f22a12901048c399dd476a3acc393229a6613d315cf717e7267a80aeee6f0a6700dee1c9ae1769814416e4e0b533725 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f2099adca52040d138f7453972d19cc |
| SHA1 | 7998ed438aa59ba958d06dace64538d1bb812830 |
| SHA256 | 0f25e49c3ed69796352813666b670e6c1a70a7722eb66aa774c33a40102c6181 |
| SHA512 | f504d1b457b815f2ad24899dd9184ef11e014fa543652ad1c90d44626d7a3d88ebe4095f2505a26b390e7bac96c85e394cae59036e8b0516a2cfe6e7c1f97f9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | d68defaf1f8cf365f9f3a36ae0f28d35 |
| SHA1 | e45da862928c9a6509f198fa868f319e0bfffe12 |
| SHA256 | ca7a71984824a71d0143af473bf7e3432ce15af948617867517839bb55865314 |
| SHA512 | 3f4566e008d2051209422cd611c7d8e2bb49d3e7fbb57d0e52ed5c84c2803b5867100efba58ad7325417fe314966bb9a9fe67c8f5d9b6e57e8292698a117607e |