Malware Analysis Report

2025-04-03 14:26

Sample ID 241219-ezl3laxqat
Target fe6b30b502163697e92aabf74cb73395_JaffaCakes118
SHA256 803a3f7d4783a4e061c839786ec88be7203c8e62b8891f4e6a811a762f808303
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

803a3f7d4783a4e061c839786ec88be7203c8e62b8891f4e6a811a762f808303

Threat Level: Known bad

The file fe6b30b502163697e92aabf74cb73395_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-19 04:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-19 04:22

Reported

2024-12-19 04:25

Platform

win7-20240903-en

Max time kernel

140s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fe6b30b502163697e92aabf74cb73395_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cf084a78ebaee74cbf1f3823cf39704d00000000020000000000106600000001000020000000a81313353cd93c244da9217305a462085ae34daa6e342039b205341169fbff06000000000e8000000002000020000000a7e18a43b51c5d362d89f24df0144af2f283b6e80d57bea388bb32681e6bc0cb200000008cdcfb6ff2c3a9d5586482d74d8ed2ee74a43ecc6849b0342eebb4b9c122d9f740000000210a041008250c810a4037cb91772c0af9bd214842ed2a67419226a0dce7053ce4140ddbcfe86adc30960730e96064165da7362a5d8910023cf0100a9e9db9e9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440744034" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80f001ebcd51db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cf084a78ebaee74cbf1f3823cf39704d0000000002000000000010660000000100002000000067d0ee08187b9c3aa8045f2003cf0dec4d34b484f67c73995c3ea011a10ec78d000000000e80000000020000200000004d68923e7149fdbed319274a2ff06c18af596cedbe3c55392be3d8a6080d5c9d9000000050659673f8473322021b430c96f33b73d0ff3afb92769d125cc1ede4640f0725edff7ce63fb0bbcd9e8a85d7fe954f811d013d02d2831c194181b303ed0ca3d6c4dd9844f4d21a77e4ba74479fa27720d9e86bfe9565e27a0fc2a2293130929dea615440d99c321ca4166cdc102bcd8e976506d3c18b8b86a1e3112006fcc085cf272227dbda54cdeec0e1615b1f637940000000ae5954e6f107aa44792aa70e60f41a87bd6d513a42acf51ee2595376046d2b9d612c977aaf074ee1e0396e89e9fb66114e252b3c51373d21238d58944c096ee0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E6115201-BDC0-11EF-9BF0-D60C98DC526F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fe6b30b502163697e92aabf74cb73395_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.bethjbates.com udp
US 8.8.8.8:53 wstr221.gearhost.us.com udp
US 8.8.8.8:53 widgets.twimg.com udp
US 8.8.8.8:53 social-media.alltop.com udp
US 8.8.8.8:53 static.ak.connect.facebook.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 192.124.249.13:80 www.bethjbates.com tcp
US 192.124.249.13:80 www.bethjbates.com tcp
US 192.124.249.13:80 www.bethjbates.com tcp
US 192.124.249.13:80 www.bethjbates.com tcp
US 192.124.249.13:80 www.bethjbates.com tcp
US 192.124.249.13:80 www.bethjbates.com tcp
US 172.67.182.227:80 social-media.alltop.com tcp
US 172.67.182.227:80 social-media.alltop.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 172.67.182.227:443 social-media.alltop.com tcp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 8.8.8.8:53 www.alltop.com udp
US 104.21.75.225:80 www.alltop.com tcp
US 104.21.75.225:80 www.alltop.com tcp
US 104.21.75.225:443 www.alltop.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 8.8.8.8:53 alltop.com udp
US 104.21.75.225:80 alltop.com tcp
US 104.21.75.225:80 alltop.com tcp
US 104.21.75.225:443 alltop.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 8.8.8.8:53 wstr221.gearhost.us.com udp
US 8.8.8.8:53 wstr221.gearhost.us.com udp
US 8.8.8.8:53 wstr221.gearhost.us.com udp
US 8.8.8.8:53 wstr221.gearhost.us.com udp
US 8.8.8.8:53 wstr221.gearhost.us.com udp
US 8.8.8.8:53 wstr221.gearhost.us.com udp
US 8.8.8.8:53 wstr221.gearhost.us.com udp
US 8.8.8.8:53 crl.microsoft.com udp
GB 104.77.118.67:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 2.16.233.202:80 www.microsoft.com tcp
US 8.8.8.8:53 wstr221.gearhost.us.com udp
US 8.8.8.8:53 wstr221.gearhost.us.com udp
US 8.8.8.8:53 wstr221.gearhost.us.com udp
US 8.8.8.8:53 wstr221.gearhost.us.com udp
US 8.8.8.8:53 wstr221.gearhost.us.com udp
US 8.8.8.8:53 wstr221.gearhost.us.com udp
US 8.8.8.8:53 wstr221.gearhost.us.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 wstr221.gearhost.us.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 wstr221.gearhost.us.com udp
FR 142.250.179.110:80 www.google-analytics.com tcp
FR 142.250.179.110:80 www.google-analytics.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 zirycatum.com udp
US 8.8.8.8:53 cubyfonizi.com udp
US 8.8.8.8:53 wstr221.gearhost.us.com udp
US 8.8.8.8:53 wstr221.gearhost.us.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\linkedin_32[1].htm

MD5 4f8e702cc244ec5d4de32740c0ecbd97
SHA1 3adb1f02d5b6054de0046e367c1d687b6cdf7aff
SHA256 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
SHA512 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

C:\Users\Admin\AppData\Local\Temp\Cab5C45.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar5C58.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8d1d14ced488754b8bf2911b050b690
SHA1 119a9b9ae4d1a5406c83183ce5f4e735e4fdcfd1
SHA256 26cf5652c13170240e2294343477d44adb79ba3dc0ec9e76a6f5dc2d279d1bb6
SHA512 3c88ad78315338ddda132487e1aae7b65755433c8e5be39acba9184ea488e023b3177c7a167f2a44a137e6156df045e3c0a8b9bb5d97028a6ad35ed9fa902560

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6748efc78938cd4bbaba9aadeb1a3cad
SHA1 82db2e02d08deab75b981f9ab79f5861a8b86bd5
SHA256 782615ab33ae0ae0256331f380463cf542133489db211077a1b72cd59d6011aa
SHA512 7eeb75c69425b14c063b497de84a2785cf0aa3d5a7e0e805b1716196332d1c71639eef967e66f2f3e3f687d48f388c1444bf253b3c79d9e8786ca938cb0e7fc4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51f9db1aded1e1dabbd0b35f14269b0f
SHA1 76cf9949c7903f472b9ec7edf83ad6fb31a212de
SHA256 c203107f579c768a1ced34afa447f7e0f0fcf237846c83d41f4964f5ccd0aad1
SHA512 779c15036fe0ebfdc8b2aee1860f1ca3496a57274e660a455e053f155ab2224126d3a5a69ef6dfe741293edeb35815a7300e02f4316355a7b45682305fcdb7c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c62c713d6c0aadd11c3dc318477412c
SHA1 21d6a260b1c415763ad5bfe07b3f920b1ccbd7c0
SHA256 4c8fad7800b07c17f1ef7a4f8509913bd600bad2ae241840f353f57bae594daa
SHA512 f230f439e7326ec59e312af2b689462ee7c8a5176034ba520af6c6fec3b8838efed42be60fb82a5d17adeda10bb115a97461cee43fb82a6f437b92ee40d566dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a081ab67ace2d658dfd72c1bb49f7bb
SHA1 b0e8c14dfb7f2094d2d1c8fc7dd174f5a8b6c6ae
SHA256 64b91c56efd118d80786a11f8cd0925ba1e0515e2ceb66468d3a0d0b6f5b6deb
SHA512 e933b8df340dc1b82eafc7dda00ee165ff78031670cafd10e774a06dca85f5480fc8419afabb651e4925cef7f937a1a5aed68f29847584f63f090c11c21f5c60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81184fb9441e67ea4a92f6a4020c67a0
SHA1 2f62ebe95f3409f0aeccefbe768533e380a29012
SHA256 f7cb6819af1e4ced01a39fcf6737983ab7cd8aaa2605b7866c4ba313a1f09550
SHA512 6dc48577819292939fe91c36ec2b536113b5f0b4fe625a3b35169ee9ff7bd8ce70ee0987269ce87b7ee1d01932bedcfbe8195e3b415ebaf3385899881f40e20b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4aabc3908ef7f872bdb1c56ef01633b5
SHA1 f0308923a052a08c81f369659b373a5522e4882e
SHA256 96654f9f8ca3ce5b36ac3711d87cbffb713330ec9cf718bc1941126f6779e3ac
SHA512 735cdb8fc2e039d3a4ba956e0a222f52dd68f5e38f63fbcc7edefeef0af3a36a93e98d28e41e7a2e842ed5d5952fd1762894183dfd2e75667d721affb698d7fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af5ea6047a7cadafe15c23cdc8990785
SHA1 13132cfcd05db920a63edb865a3da39187610bc3
SHA256 265d26296a42a8d3b65da75116206b03b3893aaec715dc5b1fa6b5602a90b63f
SHA512 69372ba8c303810b5f2e653cf66b4242f83f64f697f50ba2e68aa2a3e134c045471d37c522247d45f7aa4a13e942e481319fef03c79bed0136528cf81f7f9a2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b57e3ee164e0a6afeb430dfb8d3442d0
SHA1 75cf5c690743a019a8ba50a908675ea435ed53b3
SHA256 fa62ec2d17eb1c03d9af09f34213cf0a5786b71254a868b1f0464e4dd2fa1fc4
SHA512 af033fd7350edca7e58e16d0502c6b6ad90c54be911d3a61a11da821de6c5fc55d9960a22b72768ce6914bf689029b5ade8aeca02c1385e7acc036e4dfbaad47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5c170e869b58c9192ab918a8ec8ac3d
SHA1 fab53dc1fc2ad9e87c8a7005d881b5c2f18ad3af
SHA256 3b87cbce01f7d9cd834a11bcfefc7d829722ba9aae05a8c18c35d89bb6e7a507
SHA512 6102de1bac34862ab4558bd620e8e0c5e72402931799c06498fa8e5f1255d792c5be5ed36d53d0d27458490dc3b5a06eb6e9a8169510f3e2fd93ba23b286d2b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef1c4aca39a7b77b158efef692ee5ee8
SHA1 89acb5bc358088a2fd76a3d130e38f5ced0d7a4b
SHA256 4d3a3031b22c2d33be02832bf731fe3dd0f4aceae8ed9096c16cc8d914ea8264
SHA512 9765ee55cdd64bfb8d0651c618779d12956745a8a1c8f97cd28d5504ed4db170ee5546b4e3907eb002060b1e2b31559ea7f4a9df2e1b7c8c548bbe7b69bcdc80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8da73860b18c7f3e270e511dac895062
SHA1 b69d1c034d4bcc8c9e5cc1e4608503efe6f389ed
SHA256 45a2c0a8df5b6d5e283f926879a8712df08d06bc405b59d164f0f725b21d2b6e
SHA512 1e5626a4c120ecf258f9adf72c286610bcd27df36db2032ed38f49e633f33efa113fb48b134e6e94f0dc2ed0e9f51a8f4920b182d3ed7ab569613cc0d9be157b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3e865a7cfa4bf81c4e8bda54caddbcc
SHA1 f991cc4c2ae75d182248234118d49a078826cf0f
SHA256 f6fa76f209bf2cfea27f4b4d11c3e6bd16b99d13f58c1d78509717b9f064af4e
SHA512 3e327e5acfeb5262ad4d1bbefc9ffc9b0efc210b60cdeb335f121cbf6412328309484521b58ca892152aa996353cff74bf745eb38396ef1096aaef1e8e8f767b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a30acd73ab7a26aa0a99a20fa0e2128
SHA1 8fdcf50a9f4951117f7fd5254abd817602e10956
SHA256 6bfde7f71d35b562051ce7392695451c980c806b8170ed21c2440c729c8f8e52
SHA512 45cecb07b3874314bf441cd448f43edc7f52f4a24dfa0bd4399fdf35a47842af819e287aa08875dba6ad750c9377f3f6ae9472388e16bd76eae6ac2c29b1f27c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 522ce39f998796e7d337d6c1d997f788
SHA1 eb4da326f87cd2ee14dd73a7a55c5119e323bc54
SHA256 97df9403e8daaa66546c1a9b5f5cd900faf9e3125edfcb22b0f6d2c4a7d8253d
SHA512 7be05745b1b0a6dfddd39d3492ff8c06a16782cc519d5836cb51631bf36d539e56f24c5c3b214dc4e1aa2471d1c320a77162b441848157ebe631d8232fd5afd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9369b19acdd6897e9a1b9f48ac8846a
SHA1 1f6dc49b4f802194ce6e43c66e7690edb8522bdd
SHA256 410024dc4233b3c8924879d00f86b67c16b72f4890fca0fb822f499c5df19c78
SHA512 03479f4856c34845535f2e10f35a37f79c07277809cbade1b5f0fb90af04dcb9908729673d0dd33a6dbfe6a88e5c7c80e820e615ed50cefd7d0d02d05b036836

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f15e9b4efd2e1adb87eb5de7115bff1f
SHA1 5203f6dc6b835426bcd75690209dca272983d293
SHA256 81673823af971767e77f0b8b46127d8653eed02adb7b4fc9f9c90fb30704676c
SHA512 2fb71179278f9a18ec67ea08b8663e927ef00312618e7fd13aec492833ff75a12d1098d38193216e318ae029efb7a255b4a18b7b765396054ab562502cdcd043

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd6f56495d4a57393dd8cb72c80cd1fa
SHA1 8711e668b2452d2b6b1ca67bd3051200acf5e3ec
SHA256 7d8ac5d237ba4f636095676d44e6d80d067da6815a614db6f81a2bded4cc814e
SHA512 82165a5f8aeaf6ee5b58bbb2cb0fb3fe4fa01952e24b86db63f60221ccf6a83284e30e2054877e2d4c98a997bbb289f10179ff12c81473afecc08853e5f9d674

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 251d82fa5477ab41ac50293a18dbb47f
SHA1 92ccd6e758f354245b22ea7a6f66b9c1e563f24e
SHA256 b78df8edd16ee80d7afd98b31f36d2ad25d68f4178bafb230afc457dd6282a5a
SHA512 27a4d26644995dbcb0684a62230551743bc43c410f464330ca7aa1de0ed0f7ad83c82d2717f177286b0fdf65dfdece727fd0e6309ee69a293370292518c73f3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4eb46d19025c475a2353fc93a5815969
SHA1 8e3a63e032e5c42e19a8beebcda0080bbe0a826c
SHA256 179b169ebc4c4f64fad562316134f0efba7f7d22750ec99b7cbe99114af429cc
SHA512 2fe93daf251214ee97878a2916a453ac5f5013397a589b3773fd185ecb01a94726fa664cafd947b5d9a19207ced71e0c7ff35f8fc17459362c431260e9916579

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc222add4c8b0be26f86c9fe0e8893d5
SHA1 93b336ea6374ab372faae39861adef9635404685
SHA256 53100313be3aeb87ee02542ba5ea9bc4793a2fdb54f64fb076f17473376e16c0
SHA512 10acd91a204adb0373ba9e7fe710cca4a28ab035157c445b531dd519e3372e3c7106c32ab78dfda14566f09dacf66a8c89977d1501ad78bd6be863c4fd46b5c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d522c6561366da124a7e174ecbad6db
SHA1 09c504ac30a24cdde2c8db226ff2504d70de7495
SHA256 b51726b601a1d181f27d89ee231c24beb2f02ee32b1b89c4b5d8f48f2e08598b
SHA512 c993fea065baa1a1770a3aa1b5e20462f6745e7b874da7b812e4feb9d85c55435c6c6fa72566fb06b55f03ef21b569a7c129a40c513e9a1b4a5bc72da325a0aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c341226d432fcffb72596b8e611ac32
SHA1 f53b4d1205be69c5da021e3b7113bc610c9fd95f
SHA256 f7e2b183593c3bee4590cd8d0b0a77e201316a0c42f15236bee291f671fa388c
SHA512 5f5af000352b7757a405464dcd7b40ce380a1d7a0770ebeb98e83f5e2f44a408a25b5365e2746258341d9e18c27d94dfec3206cdfe7ec86fe69b6848586f9f7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b5e5154a32daed947fafb62c8c7a8dd
SHA1 aa54feea526f760a99ec2eeb4ccd6fcafeaaddbf
SHA256 d86a02a395772c0574d87a9b2d114a6cb812b28212d469cd044d8c5a2b271008
SHA512 fb3d030179a106f665de40b811b6a00be7d4ad36c8abb6680354509f58eb5fe17e04a2f82b7381c787a38acbc54deec0dff96e659414b96f47264ce75f622220

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0d7322bd4c5135cfb3a11af38ba2812
SHA1 988ecbdc7dd7347e50f31441e1585caedbb885e5
SHA256 b9e21532fd8f9966f1162d6dde2b2f685e180a16f04cde786913752a3471b778
SHA512 1d21bd8a0741e2e9099a2a9b92fe5fd90c46932cd9579c2c2e727220f08fcb29994592ab43cbced9ffd8bcfc110d9021552574faf2bff3c5db12b29d71ecaf4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 912d06ba92097f5bc3bac7a640e82ffa
SHA1 d3c58b9086c55e6295e49d25ff53bc6c45722f53
SHA256 a3cc6f0ca6ffbddc53ad2ee1bea6b3ae607e1c77d4268462f6e4c66a89982b5e
SHA512 ef2ac4f55d87bc920d339c85b6157892b5a5948b3a8408e964c5cb5baa30ae0cddd8cb091b7d092fa66f2fc2b200fc245c4e18a0ecb26d9bb98fed9d1245d8a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25582cbc0bd13a81a3939737132c6f03
SHA1 c712dd63a1040784d8a3d02041fe7ac8fcdd918c
SHA256 fbb09b18d61e224e5c5f1880dd795ad22b8deee6587253f50606b099d4844446
SHA512 ad2045d951d1f1001356da997e747408917d4a449085df2f9daa3839b6d0b54f02f18670e3ad0f83f1ca562c1124d0948c9965efe747d73082c175db6fd3cb08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 188bfddce50dbbaceb076aedf5477777
SHA1 324c971db826741b4121d32d3161c169417b7f82
SHA256 2bf7120932efbd0af2a0b83ad6ec7f5c2e87f6ece86669b9e5ab979cb7485c4b
SHA512 04ee22ec16f29546644a9e04517dcdc16b6c4ac666695f6a7b2195428e5fb0778f1f8b357fa7aee4ec1e40cb7cb9c4bf76b1706ed19140ddcb372a4ca7992884

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b4b6ff707d000813aa5e9401d26757b7
SHA1 574604cd5744109b6e4bf8550fcf2ae4988a760d
SHA256 4f5a4ae8aabff9d26daaac5848af5627e78cbecff60b3f66dd8eca6a9c265e3d
SHA512 30cf5d35c2f42024a5e281cd28796deb1a059296fe81cae93a95ba327c9b5c8ba2e9631fbbe62009877acc9a5816271d075fb184f371da974cd107c85494286f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca68061980f9953bb6fed295939cbdf5
SHA1 58fe16b46cdbebda3802c42b7004967e2ff9b0c2
SHA256 aa15fa6623d37a4e8bd279cbaa7d88d528bb66bfde3996dd33559c18ff224b08
SHA512 6b96e62f77f776fdfac2cc7550355c52eae3374155a1dca789d5680ccc8f6f9d78c976027b4fc1cf58bbc7a3a4bb6daf6f0bf58253e079c1d17c7e4d438b1ceb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb8ac59f7c624703010965da7e2f4bb1
SHA1 4fa2aea68e7fdfad3445bafa468786b6b726a10c
SHA256 8fdefa9bd666d31554abc555553218e462b2a1e9c2856868716f52030ba39c9e
SHA512 861b516a46b54bcec0d78578bec4dab9ebdc7dd9a96ead771c31f60858eaff61e9b6d40c2a3e3699f899daff623f95eae159fdcfd8587f7a9fe3b4e0e294aeff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec33c6ba16295e6ef83f97e954491c64
SHA1 3d1275fc12087b2ab29f88434a709607165afd06
SHA256 095042db1953f32fe3e1f3a42eb820b336506c92e879f43af893d586e6657b93
SHA512 7bad7ac4f397770add289fc4721c936a2941c609c504bb6b33140fcafe317c8c07e6c7b3ac559bbc3e522749f45170ff2050681040284b7e41d5be41cf7401bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6fb23741d66193f980b5d34f40c2484
SHA1 aa34f9b42ff3c50640b215e2f70b1a776c7545a4
SHA256 369860df665725910582cdfbcd2d6fb792cd78ae40365bfb9187781beece256d
SHA512 025f4250bf618ce3cbdabba771baf09adeb4297212987a30dd803cb6030bae43b1ffba0403c59e7e673a792a693b70b4c5a2a5423bce3377eeb5768c8a5dd14b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94471358adc7fd990cf1f9bfd31cb7e0
SHA1 513a06a0ac0ebf119a01ce4deaf9ae759ad0afe5
SHA256 a104798e8220908d2841710b9947f4596c243758387f9f721ea718e184601dbf
SHA512 4f1a55b42b4f6dab183c60a1846271f2da2a0459e4312317b161d59adfbf3899968bb486670268686147cfa960f01a8e0f747bf579e14b061c3b3da2c8d5bdd9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 ddbd9503fc75b99587a4a253c2b91c4b
SHA1 3279a4b5e783244c1cd793f06571ec8a3cfd2d86
SHA256 472bb20bf92e1a818e64482d3c40f6a13628ae5b23871b926d6bec99007bb216
SHA512 309b7c0789cb1c4d42e40e0d63427ee0d4ff955e5eab4659b8cee0b4d4c5aa0b690902ca87a57fcb922201804c071b6f8aad222a53f4b8ff0316a6fa119b7b2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bba30128bb5896477e054617ee89280
SHA1 d3ecc0e08b951c357105939815ca2861e0ff6803
SHA256 1b8aa1c3c09c86902ad04a04b845197e22ca52c23a90b2159cdec548a05acdb3
SHA512 9bd03e2bd02ebc1b6017db0fbad2e503191a366f205b0945414ce50df3a0ea3840764fa8f17c99106e585588e3f65a6b471fafe770b29c4319cce9c5800ca7db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ac1710afb0fc2a41a089dbbe905686f
SHA1 207d2409fab74f204f5b8397fdcc19e95c25d4a2
SHA256 5f037fd66838efd64ec03b6d6b954000c915418a0009c9d6f45b21c5e13e02e8
SHA512 fe24ebeefe1da4aee20ef0085eef30001d2218da8d897a8fc397eb8ef785ca404343874fb7fdfe0eed2a1da6491af79c297b75f08f7731521178d4ab1b975259

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11cc27f49a3f59a4288a304b6599ce1f
SHA1 c0cafa2482167d72b2d7824d411cfe8c5214416c
SHA256 b91e1ded8685d6a3152b1409cdbfe3812457a80d42dec8990426e58af58a6a9c
SHA512 102f4476bf4750c0f73893727fc8d6347af4b5b92c995f976c53583bf5e4a8a6dbd2055d5c65f2fca8658961d8571bddab6074c03058e4800eee49ebcf0db127

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be613b1119de5248d69b56712cb76bc0
SHA1 18379f50c104587b140ed3a5169354845ccf6d95
SHA256 7a6f13b273e69ca0790eeefd7d0fc5e508520cf267bffdc1d0e18ca68a4c5ddd
SHA512 d4b38f5f1d50ab58392df765242048a7d93f2271878a4b4c11311dd6d93b08d4625f54b8a3e0d30339c89881e1607673189cd19ac066097366dd1ad601c7734a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 344ba218ca9389370b76da2ad586d69f
SHA1 381e3114304a41f4089ac31d6462b252ab67b19b
SHA256 aaf711620c9e9abd4e7a5f33c326c44f9cc03be1c3ac160d962471aee890ba97
SHA512 528ed7d5c5a58d4f38eeb2ba1aab4e039b45743969f6ecf658c35104f5abde996de27e4d120c5d3630c01acab750750f7b51bd9026259f7a3af995f1532dbfe1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba40a8df7ad4448b279df13e907e6b73
SHA1 eb7f20b82486273cf09d77aab2d0fe8d48f1b3d0
SHA256 0f0146a412b6d72bfa15bc779be886406a3cae93d37353530ffb2591d561d8d8
SHA512 de3e0b03f93991092273fec014b4131e84c6f2a6c5755fea91ef540d7deeb4309271426fb9e84969a51e6313d2740f10929aaca0a1f30a10704331d46b25ff15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be43c719b4d51afe2e1b54942c9c25c6
SHA1 c12cf1ce69ec4654aab9f048fbb50e337ae59dca
SHA256 bc33c459dfe25de2893099744fe9f996a6742acb3d910cc9c8a77c4d476dcc5e
SHA512 680e33953c6950f58c7282e5d5d133b0dd96adf6157e6852acb17a8ad125d0542521de74330e01ecc979ad918a8267107e9ef4772c584cb0e69fa70e5963aea2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09f73a830d4cc53e4b00e0c7f144c585
SHA1 6c7c350dbae4241399c49f29ccf59214197c89ed
SHA256 4633138d9a22743d39d92d3ab47a45326be3aeaf8b7e690b249dee09d2fc30c3
SHA512 c1e0998e418a5160f8e50266f5101c463a8bd6d64b40cdc10f268aa19fcfd892e90fb08e29bb01c4784bbf961087eea5e3c1f61c0af988dc4df483c34e76b34d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6495d9481b0c8c1f1fdc8e74d6ec2950
SHA1 93e7cb3327bcf906e9605028b77402de7c905326
SHA256 b6c5c58266f35423df966798ed8432b563b392abd87aa973e84ab50d996332dc
SHA512 16699356ce6529ba3266009b3da3e84291a815154c3008e6c7316698a744317ac58c0674239de4c9650cb7cbd77031cd742657f5b3794e1c95c7e8feeced4426

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52ad976f3d5e1db59bf78cfea14f2e14
SHA1 1cf973a64efca5a82d9ec9da32e034dd72a8a204
SHA256 1c60f5402e805fe96bb5548030fae030a4be69e3c95ccfe26d263bc45f9e8e90
SHA512 c1d8833086e896a699d20181815d2f3ec6f32a9b471fe94e7c98e7ddb6439367c1d99783fa85cc8288d7afe0fe53d98d03f879abcf74eff41a409bbb208e38c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05abf75d5cad4d3a3cc2c5ffc707e01d
SHA1 279143d6b1159a8002c68a25df073f3f18eef6f1
SHA256 c61fea3db988111cc610372603f7c0ea84c31497b6469c6a90d701027c82b733
SHA512 d7db18480ac509eb160e5043fedd7356c8ef56a6b10e9f8dd5ab00b854501c20ae7408338f7fe6357e9f8c7b06c1029161872952cba0aaf4133db48b3d7863cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2faf447dca9a3a2a25fa32e90b7302f0
SHA1 d57d8fdaf0b2a4ffcbdbf99c4f6e6c02aca6b555
SHA256 3d46c4f1828a38eda3d7820f9f67969afe3abc3cb0bdb35e7faf472acef76b56
SHA512 6c03ed98e9a75198887febce02ee89a04dcd5b16afefc14759ad8480ad6bf658dc39369b690f44147f55d04b67a9ab521c658a34259b710a18ed3b84629cfe98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1682522d9bf2d7bdd5011bdb858af311
SHA1 b0a81671c95c4edc8f5016b24e992845f73326ec
SHA256 30ebc686df6758f6bc838dacb55e5c8092a52314a356d03e61254241085d21ef
SHA512 9968bde963e3cbcf011716c822acbaba700667337d739338ef955db013f34ad329296b09c2d8a6be9adb35bba4d3989cc641005a05f8030f16782450e610c454

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ddee328720c5445e7702ed39c0d15948
SHA1 7a94c815191ab300f6a8b379aa70a470c6185aa3
SHA256 d3bb5a7c8c0f02480d145732bf2bd47a62c28ecd5a14ca7267e5a57b0cfd666b
SHA512 9b3c129719c54aa48e511d28f30f4ad11dc97169b989fd5551f63ee49f4e6ace6c55f38e059dad823d036d4a86cdd79deac2ab968997ac5f7710c28b39665111

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-19 04:22

Reported

2024-12-19 04:25

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

147s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\fe6b30b502163697e92aabf74cb73395_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3908 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 3832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\fe6b30b502163697e92aabf74cb73395_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd22fd46f8,0x7ffd22fd4708,0x7ffd22fd4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15717659284696471220,7119861364212506290,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,15717659284696471220,7119861364212506290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,15717659284696471220,7119861364212506290,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15717659284696471220,7119861364212506290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15717659284696471220,7119861364212506290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15717659284696471220,7119861364212506290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15717659284696471220,7119861364212506290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15717659284696471220,7119861364212506290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15717659284696471220,7119861364212506290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15717659284696471220,7119861364212506290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15717659284696471220,7119861364212506290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15717659284696471220,7119861364212506290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15717659284696471220,7119861364212506290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15717659284696471220,7119861364212506290,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4936 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 wstr221.gearhost.us.com udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 social-media.alltop.com udp
US 172.67.182.227:80 social-media.alltop.com tcp
US 8.8.8.8:53 widgets.twimg.com udp
US 8.8.8.8:53 www.bethjbates.com udp
US 8.8.8.8:53 static.ak.connect.facebook.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 192.124.249.13:80 www.bethjbates.com tcp
US 192.124.249.13:80 www.bethjbates.com tcp
US 192.124.249.13:80 www.bethjbates.com tcp
US 192.124.249.13:80 www.bethjbates.com tcp
US 192.124.249.13:80 www.bethjbates.com tcp
US 192.124.249.13:80 www.bethjbates.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.110:80 www.google-analytics.com tcp
US 172.67.182.227:443 social-media.alltop.com tcp
US 8.8.8.8:53 13.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 227.182.67.172.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 192.124.249.13:443 www.bethjbates.com tcp
US 8.8.8.8:53 www.alltop.com udp
US 104.21.75.225:80 www.alltop.com tcp
US 8.8.8.8:53 alltop.com udp
US 172.67.182.227:80 alltop.com tcp
US 8.8.8.8:53 225.75.21.104.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 zirycatum.com udp
US 8.8.8.8:53 cubyfonizi.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 85.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 61cef8e38cd95bf003f5fdd1dc37dae1
SHA1 11f2f79ecb349344c143eea9a0fed41891a3467f
SHA256 ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA512 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

\??\pipe\LOCAL\crashpad_3908_UVHJUENUXVETOSFA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a9dc42e4013fc47438e96d24beb8eff
SHA1 806ab26d7eae031a58484188a7eb1adab06457fc
SHA256 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2e7798984f202ea1f4492c0f041ddc42
SHA1 116569248a63d6d36fb2f19325880afca7754db6
SHA256 55c5820883c4a30780335205f07f46db33e692ae7493326a8b81a131166f3219
SHA512 9c86b5628027e24219f1bdce49cb0895e2d526a97e55d77dbc8bfb7ccd013f1d620d24fc7af48cef9e2deb4724197cb69c620d158d2874f378113a8f98d62924

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 11ddfbc3d35a3216885f4d14171d7bad
SHA1 6e78751fb163609ffb3945404da2f5a079cd1496
SHA256 960195f61c2827a70b6b16780d0921ae89443fe66b9f1e14c2fca7841ca0633a
SHA512 c991ac66fb9d6a5a4c9835d19c4ea4498c13e30185f4d5590f1ba87901fcfc6ea6d9026fb1a11a476a4d4478e47aab4cd2efe403eca0da07e5a4de1b1fd98279

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 596fb8cd331464fa08f128be50514387
SHA1 5dd83194d291dfcd64b66a86184b2dcfc14d8443
SHA256 749e4811350df5ca6a53d7cf3c5009b06c31bd5d8ed880ca624564089ca64b18
SHA512 bd6b72a605908591da77cc935b940ea57264e11482d04d558ebd3144b6ffb390375a760b7a813324318e441d314942c843605ba24007f4975810e081d8d7734f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 53872973098fbb53cba66a04be1f8b8c
SHA1 79d05413f326cf51e86a9ff7bbef09adfb180f05
SHA256 0dbd78c121218944eec44dd15b382d57a003f22e684dff139cf20ebd99f5e226
SHA512 8e29c0ea7ddea1f600aea96d95d4b4e096050dbe736d8277c736840cbea4492a4d4f8746a76816dfdbaa8a3a0ad6cbe0f19cec15c39bb97051042b6e5fc965c0