Malware Analysis Report

2025-04-13 11:36

Sample ID 241231-hjhl1szjdl
Target JaffaCakes118_0949baeadee0d11a2d03e0b16405d35a
SHA256 ce6a6f28dbd5d02ccc162fa843a67d4429293345994ee0ec367abbd3f1e44b06
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ce6a6f28dbd5d02ccc162fa843a67d4429293345994ee0ec367abbd3f1e44b06

Threat Level: Known bad

The file JaffaCakes118_0949baeadee0d11a2d03e0b16405d35a was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

Legitimate hosting services abused for malware hosting/C2

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-31 06:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-31 06:45

Reported

2024-12-31 06:48

Platform

win7-20240903-en

Max time kernel

120s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0949baeadee0d11a2d03e0b16405d35a.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441789424" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E2754D51-C742-11EF-AA3C-F2BBDB1F0DCB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0949baeadee0d11a2d03e0b16405d35a.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 admaster.heyos.com udp
US 8.8.8.8:53 px.smowtion.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 tools.net-parade.it udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 labs.ebuzzing.it udp
US 8.8.8.8:53 player.ebuzzing.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 adserver.pubblicitaonline.it udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 www.yourpage.it udp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 images.ilbloggatore.com udp
FR 216.58.214.169:443 www.blogger.com tcp
US 8.8.8.8:53 zazoom.it udp
US 8.8.8.8:53 i.creativecommons.org udp
US 8.8.8.8:53 www.segnalafeed.it udp
US 8.8.8.8:53 www.we-news.com udp
FR 142.250.179.98:80 pagead2.googlesyndication.com tcp
FR 142.250.179.98:80 pagead2.googlesyndication.com tcp
FR 216.58.214.78:443 sites.google.com tcp
FR 216.58.214.78:443 sites.google.com tcp
US 8.8.8.8:53 www.doveconviene.it udp
US 8.8.8.8:53 widgets.5z5.com udp
US 8.8.8.8:53 img413.imageshack.us udp
US 8.8.8.8:53 controls.scambiobannergratis.com udp
US 69.16.230.226:80 px.smowtion.com tcp
US 69.16.230.226:80 px.smowtion.com tcp
US 151.101.131.1:443 www.paypalobjects.com tcp
US 151.101.131.1:443 www.paypalobjects.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.97:443 lh4.googleusercontent.com tcp
FR 142.250.179.97:443 lh4.googleusercontent.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 142.250.179.97:443 lh4.googleusercontent.com tcp
FR 142.250.179.97:443 lh4.googleusercontent.com tcp
US 38.99.77.16:80 img413.imageshack.us tcp
US 38.99.77.16:80 img413.imageshack.us tcp
US 104.20.6.134:80 i.creativecommons.org tcp
US 104.20.6.134:80 i.creativecommons.org tcp
US 172.67.141.15:80 zazoom.it tcp
US 172.67.141.15:80 zazoom.it tcp
DE 18.66.112.62:80 www.doveconviene.it tcp
DE 18.66.112.62:80 www.doveconviene.it tcp
IT 31.11.35.212:80 tools.net-parade.it tcp
IT 31.11.35.212:80 tools.net-parade.it tcp
US 199.59.243.227:80 www.yourpage.it tcp
US 199.59.243.227:80 www.yourpage.it tcp
IT 46.252.158.159:80 images.ilbloggatore.com tcp
IT 46.252.158.159:80 images.ilbloggatore.com tcp
FR 78.40.11.88:80 www.we-news.com tcp
FR 78.40.11.88:80 www.we-news.com tcp
CH 185.101.159.238:80 adserver.pubblicitaonline.it tcp
CH 185.101.159.238:80 adserver.pubblicitaonline.it tcp
IT 217.64.195.242:80 www.segnalafeed.it tcp
IT 217.64.195.242:80 www.segnalafeed.it tcp
US 172.67.141.15:443 zazoom.it tcp
DE 18.66.112.62:443 www.doveconviene.it tcp
US 8.8.8.8:53 licensebuttons.net udp
CH 185.101.159.238:443 adserver.pubblicitaonline.it tcp
IT 31.11.35.212:443 tools.net-parade.it tcp
IT 31.11.35.212:443 tools.net-parade.it tcp
US 104.22.10.121:443 licensebuttons.net tcp
US 104.22.10.121:443 licensebuttons.net tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 ww12.smowtion.com udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 r11.o.lencr.org udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 76.223.26.96:80 ww12.smowtion.com tcp
US 76.223.26.96:80 ww12.smowtion.com tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
GB 2.18.190.203:80 r11.o.lencr.org tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 www.zazoom.it udp
FR 142.250.179.67:80 o.pki.goog tcp
US 172.67.141.15:80 www.zazoom.it tcp
US 172.67.141.15:80 www.zazoom.it tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 172.67.141.15:443 www.zazoom.it tcp
FR 142.250.179.110:80 www.google-analytics.com tcp
FR 142.250.179.110:80 www.google-analytics.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 blogblog.com udp
US 8.8.8.8:53 optimized-by.simply.com udp
FR 142.250.75.233:80 blogblog.com tcp
FR 142.250.75.233:80 blogblog.com tcp
US 8.8.8.8:53 www.blogblog.com udp
FR 216.58.214.169:80 www.blogblog.com tcp
FR 216.58.214.169:80 www.blogblog.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
US 8.8.8.8:53 we-news.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 widgets.amung.us udp
FR 78.40.11.88:80 we-news.com tcp
FR 78.40.11.88:80 we-news.com tcp
US 8.8.8.8:53 www.scambiobannergratis.com udp
US 172.67.8.141:80 widgets.amung.us tcp
US 172.67.8.141:80 widgets.amung.us tcp
US 172.67.184.45:80 www.scambiobannergratis.com tcp
US 172.67.184.45:80 www.scambiobannergratis.com tcp
US 172.67.184.45:443 www.scambiobannergratis.com tcp
US 8.8.8.8:53 developers.google.com udp
FR 142.250.178.142:80 developers.google.com tcp
FR 142.250.178.142:80 developers.google.com tcp
FR 142.250.178.142:443 developers.google.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.73:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 23.192.22.93:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabEBE7.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2c6a716322b1217cff8ad50238ddeb43
SHA1 6930e2b29b24f81ec2918d96957fd61b9ff019b7
SHA256 48d7a039e88ef29e87ee97cf866f3daa3f06f5bfc5f033defe2eb42bdf56b136
SHA512 3fb1fad7421452e8a7049ef69118f656f39e30d86807ad5d499c2d49e0916c3de8cca237cb2575cfe1c5a9b2507748e5311eb94a7e205341dd62ff2428cb97b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 8d82cc7a2d8ac3bd006835a5d304bab5
SHA1 1f7c64b1fbd4ac001f57f662b5b348b66bbda0e6
SHA256 570109f98b49b0047cfc2b330d05c7b0176764a09f1b8fc08eb0e4d58f49d555
SHA512 86111e27eec84769af58cd1ac85ab3ff87f5151fbfb16d8529103907547f132638fa3983380032bf16daf81064e0c9f4e706504a8b36f2c5af1181bfd4ab0382

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 6df7189c2f6ca8fd56b2b5af6c8030b2
SHA1 2f52a1771250c43c418b8d7d8620f21b926a9979
SHA256 0aebd00f4787103b3e0bf2eecd90f8c985d58cd96857729d780bd174a994a03f
SHA512 7b02ca1c654f8ac20b5b8c9232f5c1a70f60be2f3b18704ea941af9b94aad7c4411b26ee00a5c8f25470341891080c8796f6dd0b53beb92c4b5b4f029affdd86

C:\Users\Admin\AppData\Local\Temp\TarECA5.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d66e6df3d621b8785bf25e0ec26b94a0
SHA1 e79b8da17568475625f89115cb8612225efdf460
SHA256 df718108d5b2b73e5da27761783b4cedbf1eba181602e7bf3bcf4b2d932423fb
SHA512 d84bd356d15fa17c39d6257eb1f6316bf700a9af9e420c96f8c0365859fa2d5f16fa1755f7d68c5d4522c2f595f7d042b23cb287abb858e37cef56be83a61b46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 f81148354d262fdd0eefb171d027ee59
SHA1 6d8970b52f23b5bc43eda40aa63023dfe1e4a88c
SHA256 13a93e5a6d3b3de2544f815d28512ea2073af4fce812d0f2ba1b56afff026e13
SHA512 84a8b17bbd3820fb999fa4691f6e02af76b48bfccb119cf6fa0f248add45fd6811e68a22683c2f407aabd60bbb4ee7b31463b66aa3bf13afd2412cae81f2c742

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 616065bc4d387ae676ef2041cea3ab3a
SHA1 eed4ea2070f8c7f77a3037bb01fed928345124b5
SHA256 bd86038b2c9ffd3a6ad3b845c658da1962565a61c2d5ac3eda3a6390a0413460
SHA512 30a8001d874115d38fe3a34e7fadaffdb94220328e1bea6ab4a73345ca785eff5eab8e8bb8d51e437894c9183f1fcd7f4f038a1c8326979254ed4251ada20c14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 bc3661577a14ea7c724a30bef778d803
SHA1 551d3af916771c486803880ef0c281fbc49a0762
SHA256 0bd78fe6bebfb8a3b733fd8ba1209869ea24f45216bfeeebee1f0eadd94f4a27
SHA512 efba4d35e5b3bb0fdff4294bc10baebbbf85c90a79c3ca1d3db8a0e4e9d53e339a6b86ecfed4887b650001b001bcfa36aac5d944376f94442d857152ed08839d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 97334bbabfd066b59d2c4496e5299ec0
SHA1 4c1d1fc733ae6cff2c2f643c49fcf9299a602c52
SHA256 d8a6fd4ad0227e16b52509b95d3672dcf22640d1dbd6a18d7ea1771e1419045d
SHA512 5de55ece50544c6afaba53c57503a5551ebea6fa6e8081f0ed1d4fd4cffa9a6176949a5153ef4f74480f72131932700d5cce7c6a96fc7348019a928f1ad08540

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5881f102e74759d3449236b631924956
SHA1 53a92ec44fac49cb6dba1883f012f7ad1d4b4788
SHA256 49f01482e9daa4b7eefbf12b11135a58f65e700e06e649d0878087e97754db69
SHA512 2943527b3e08bea67b49f3a7c30569ee8de2a165f6908251660c48e216601012d9815316b797664d89dfee86397ea5fcc8e1276dc92c2b3692e7c63cb73b0f28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 2ec0d59fcb1c77ea28c28c0dbce82ef3
SHA1 93075de87a5dad96f2e89aba2d2161e330427d82
SHA256 e71cd0203e40666af04794c79e8b24c0b1c71b4a673f5ced500489ebd84394b1
SHA512 d6c9f32cb0ee34408e401621875b1c1f818f828e476b316032ba795c71e1ac4efd43249259778a89e4ef895bda2d5cccd7a1163564b9a77af0e7a30c746d6052

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be69d81cf22328108f3be859f7e69f56
SHA1 6d859c76f570c8e851ee5703d052fe9c6aefa718
SHA256 c927fbb9fd124d7edb04e0781151d637c330ccda507a3f252d63d282a6f6890a
SHA512 7d14ae8928c7ea9f7da22d082a52820f6efd2d3c57eef9f25f3efc9dc8ef2ef58c09d5493b8b5dc51aaadaacf873c43bd333dfd4d7a6b117655214920a8d1cd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_2AC354D163B9A95ED11B23DFC6FCD931

MD5 084c9a8b026ebe14a07f8eceb466d49b
SHA1 d75f9f55c559cc1eac91ec785686d6826dfcdda6
SHA256 5c03119b1a11567d0b82e0a555748c3f7bc55009e1b817b2497e05dee5043a9a
SHA512 06319191522d9dab238c3ba9e90871ea320d7bd84a677950811de63ed84b0cc12a00b1265ad531106122d214ee82c012836469d18c230aa609892a439656bebc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_2AC354D163B9A95ED11B23DFC6FCD931

MD5 a7bbcd82890fdf8700d42c4c1cd5548e
SHA1 f79633a1cef381ebae67014d54c4ab7df11bbee6
SHA256 0bcc3a076dbecf18e60c634dbfec9b057ee258eae4449a7fd430b19012167ad7
SHA512 acf2a928770c3676413375b3b96122288a19b5a27ac32dfbe101783727d75ba1b4720c85cd3e7c75ec96196c972e883c39001804ddb992e25ffc60746dc9083b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ef4b1cdd110e2b72a0e817ee670e65e
SHA1 20183012da1dca7feb9e738412c723c22d452568
SHA256 e20aee4e162590aa8315d2ff1bcd55054883a57cb8d88892c672455a6f51c8f5
SHA512 e7c22694c560411f447735c2fc19e596411b5bd24b61688cc0b5839ba790478669d12368106e395e4c4647e2c888be26105b913c47c64d9212cca6133a2579a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_DFB78462C65FAC2750B89E1A8A1F9A53

MD5 a9f05d0b9f0a8f0aca43ca77b466276b
SHA1 4f83403f695e42021f010610b72f83795d1cc7cc
SHA256 13c01711660561b5132e8ece325567cbafd2e39243c77d6b9fb9b9e904c83ab6
SHA512 db5c4d177acecac3ae51a3e0e6a0c4bfedeb4694233b567b268e2d572647ae17a072dfcea83ddf0b581de880b823d2969068bd3c481f15732de052484fdaadf1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_2AC354D163B9A95ED11B23DFC6FCD931

MD5 54bbceb8a9d54ad11ad9a8056d01b19a
SHA1 c6c9c91c8ee581e70182e56403ea90854efe81f5
SHA256 b05d73f5199eddd196a9532788ed9b4ab5d488d6665ef440d864ae402fe372a5
SHA512 c37e35290d402c1f0bd96d466f7f0ad41df41aefc0221eff98aad8a71d14781427e206652a6779837b4dcf487eed4850a101b72a40f88d53b51a773b73b93dd8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86d017ad418aa7b046e29cee0b9dde2b
SHA1 49c99738a1dc140d43d0fa1c1b09942f47bb9de4
SHA256 680a0676a95816f41b5b9befea21496efcca01af4fa5a52e9b832ff0b5f8f756
SHA512 c6cc91ca5de00283254d2955a4f18d498b1d49e9250fbb0b7b1d3de96c5b19ff2029c3cdb0410291e5d886464dad406ccee9215bfc4df00ccadc4a3451d45eb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0af70a416d2a2ee5bd228406513485ce
SHA1 c1e89ce255a485cba1bf03fdfb63edbc7425576e
SHA256 3664ea40753adcf80956bce2344e51c73bb0c53eb60f6ae5b21332d284ce49be
SHA512 5791f090d41866494d28c52d66b868f7c8ce790eaf221203e3e4a61c18205cdc916c532eafe384a1dbe8cfb4b8ca56440727b69dd0ba5e271f714e91b9232984

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f1f9a229db04c5c949a4e30b3ee9534
SHA1 2b2af96e9105a53bc478610bcafe0a5fe90db54e
SHA256 142aac5fdb85084cd6e72b02a0246fba31c7677c7e6978ac38bae84b77b44a96
SHA512 831fa3138b58fca0b90cd060752cb3d9c164aa94810215e56ef9bb73952a0cb56bb624e2f22922da77caa8cb67b56ff9a2c195629f669f40f2c22a75d811fccb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d71f35225f7db0f48855df345c866db8
SHA1 6c5a15e6da29204eb53745cab102b9356d2babad
SHA256 95cf2e97deae04907dc2c6f848ca939672146f2ede898bbd5334ceffc0d7b926
SHA512 ce22a7d170039b247e923efc6b5fd70dc9d19ee215e45fd4a67081a04f2764130e3d1cfa760490acd4c6daed29655423da723a64b947e94a325c13bbbaabb123

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 416fb6faf1a3a2b7f4e846ce0fd26c73
SHA1 810f2919b835adc41aaf896cda338910353dd255
SHA256 8cfe6ced9ca2094889f83341588f8376b11b76e17def04c1a471efdad305ce58
SHA512 e3a606c6786ab89ce2946053dd3a21edf81e9047047f42a74b4c34c85dd63f5f4698612492d4a081e6e42b39cf6c68db819d3284a8059f13ef3c6ccaaa790c40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1ef2384239e3c052f93ebad4dd5ce34
SHA1 5c34e1669d0c7b8e1bbf10446d5c1354781039f3
SHA256 5088ea7456d7ed1b05749d5e697a81686f460486c97f67f4665638760f2bf08e
SHA512 fa30228f1750119bc9803ff7f9801e7c94c4c5457f738001c617b55bdb692aea3d874c8603f073a4d80c1be88d649afa32af4be05fc4e3f9ddba2fa16633fbab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c9e4bc8a8414799cadb8c0b95f3bbe6
SHA1 bcd0f6d0c2e8a6f005a38c2f6eb651e39f1a0fea
SHA256 9978a1b105829c4b42ca4e8b4d76001de9d96adc29196ab8bb0dd6dcc880e167
SHA512 fcb7c23cef8d216a6fd7513d2c1fe9a1494f224e9798e72f9e1b8e30fcaba53e7bf9c7b850a5d9f5a250d8323ded009edee7722d63dd21bab9cb7cecc640b0bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17a7aa40df39c643cabcabc64f3fdb02
SHA1 07453b0fd5d8a9fd8e8f30b986d70eed358f5e71
SHA256 fc90ee298e37af4ccfb754833437a2236f70dc2514ab9e90d186752b4f0d14a8
SHA512 83eda202151e15dc557b790327b6f622ac323005a059c5a881d28b9b5fd4ce7cb6f6d2c728c41ce48f1e25b24a7368bff6218fdc92a84cbd4f86bcb1855a207a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93f05ae01bd508e13ceb731ac4542543
SHA1 d3dfb68419357574e2f9bbc366ad181237db80b6
SHA256 2eebba7b48d33eeda6862af4e9b58ed5e6f9bef6b8eeafe2b752747bf8ef0660
SHA512 0769cdc8ff15341fd945cdf92273c4938af2b1c8579091a93854cd2bf3a03e7a91f5ae57f4804b50636adc0c21bd74b6fef941842776cf402c2354c0baaca356

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2daad9ebb19f2ac1427490b9ba709dc7
SHA1 2a0a3a39e702df600829a23b7136a567b050a3e6
SHA256 f68b0e1a87bae09246f9c0f32ebf0e1ec32903f34589ae2107db851d10cddb23
SHA512 10b810f135a94f3832f3765de2c09326971bde282d6bc58a27da00f0001397799879b1cdd10b9ae46b85b4693f5ba071db6c52866e8f212b4c8a8b6c2f60f672

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf7fd582348eb6feece279e59f691711
SHA1 82bbe80dbc7be18557e28d0f91453a5b209b5566
SHA256 b4d4960f7052c12c88b0cfae00eac5b95c476fc73ea6f607ab14b05260e6819a
SHA512 e9f8ff3417e4bf0f7e9f4a77a220b6d1f7e4b2c6ca53030763414254105ae7404fa226a1cc882f4d4e95ec75a5ed42f0f47544815d1617eb6a295784507a6001

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88430cf3afd015d189d26d8e9ece8a96
SHA1 287b0a1281e627c310599b22d5d2b684e9ec540a
SHA256 64dea6c3816671b8e84b25f093d66d04a29fc19c577d610e560497e8cea5c81c
SHA512 c2c7fa4490ec57dce7622aa4ccf724ad8f0ca58f67ef832878039644fa595ae68f7dd94670d20947e3f711210d0f14a138d30ee664d2dd922d98385e67de6552

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d406d9d8057e4a66ee7d9a827d9f38d
SHA1 2be83cc9bfec2620c1a8ca04d72b802f7b1d37b3
SHA256 be3f7056d2a1f0a7b203e045b6d1c944aad63ec76293d1a45902978eac6da2cf
SHA512 b9fe1f6775942016b461ee834adf2b73124b1b9bd475ca0b3f32d1a4c795fc05d9cb95b1a705c703a1f700ff0f796f4a193bd93247b8c76273ada3e01d9a813b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bdfcddea7630fd7b362d1f1faed07773
SHA1 517adbc315add3c2e226f67d510e57a113a6e36d
SHA256 0e384099c26a58348f3613d5bf711692220db6228ef395219976d9f15c5fbc56
SHA512 649b36236627bb9025508a686142faef722167e63389981b51125a05652208b3a86b49ff0525af8f60708914b0bacac31bb8bacef4c2d91777a73d59a56bf715

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbe541a708b8f9d00437643406a492b7
SHA1 5d6df28059a2395efbe331be5b147286e3ced963
SHA256 d001a2cf495f2df573f951da285940b123d0c03d2c585a978f0c1d6a42aa71f6
SHA512 9f6f8c20225d712b86c4dd81e1960b1291609b4919c487b1b8837b451934b838615bfe0898b57c2a66907f8244a3ee6780ad5772af752e3c7f60466fa0731f6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0ce0e3e00469c913b74a47a291bd4da
SHA1 6c2646fd67e285f6d4379f398aa25a23c0ab6249
SHA256 0700a304672afe26aedb14c2e9effae802330ec523908289cd3677c58bc71b44
SHA512 4f827c2104210a8bcdf3112b6826667074d880931df0cf21cc2101d0d37a6b6a6f6b39f0370b50ebf8514a70e5aa8e0fcca8423553173543536c8093059bd4fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 c6216968176660cc4c0a80f56b441c98
SHA1 d9942cf25952af87de281cb02adcce1c294df7eb
SHA256 aa2823646b04434f02f648c227f19b71f51f9cff8ecf3a4b06d7731ef7245430
SHA512 e214b3f6953fa7d19cb82ac36bc91205f4f50874f3b5f1e9087d0cde308e4ad4934ce0ddf9724930a006f19481ea817cc031247b5ec21b0fde6cb550f48a9e37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2ea06ca8f4361a6b30e7b1dc6eb1d63
SHA1 6709685597a6bcb1dd57a3d1c5cd4ffad8d4e497
SHA256 f22d8ceec7553b3e73ba6eea7dd02b0cf5eaf0acb511fe57885aa24dac59bd41
SHA512 3132de52ae44425f2a2127a826d5ca4266f1d87d63a9c79aaa60a3c1e611740580cc2cb43ce465ac8cfd0bade3df7eb743b720d9616e7c37b1f18a0a589febbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a660ac0eb27320f798dedcbf7ac5fb0
SHA1 35163a8b27486d435f4b798654e8f1ccd3fedc84
SHA256 75c6c0623047333f012cfd491d9448141655a6e1cef754f30678c6d15656269e
SHA512 20b42e68fbceb783e4b2f1d97b7abc55f602e91edf32f30737c00c5bc809b6d21573731cf3ab1e905e1db6c19acf321a39e6cae841f4484af4bf6f46d3133ef3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d22031ca339d8c9c686f4ab4bfb8549b
SHA1 192a9c54f5a57fbb3f6e1b5a1a7e9283e921678f
SHA256 f7a9a8b8048d95b9d4281b95fb9068799633c37fa213e3bf7f32468e1424351f
SHA512 a8bf6ae4bff134c85e9a9701bc0b26a79685b15b1f07ea4926a2024534fea4e8512f1b09979d3eb435b593764da3c7191e5618c3b50f3ce2c88eb001f0e0710b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4db8e815e90862e8a0548775d3b1626
SHA1 4e082ed61335b3135e48330a1af4060130880a89
SHA256 59c44da24511cacb72ace0836c497a0a351ca09cfb2ab49d2638a00dc9a1e28f
SHA512 139574c783dae7fc55106e326cc50fbda7509fe8c4e19331dd513a60d6a3d041d73188a37c873e5c1a3bda5defb1ca2c36f52740ba717b85e3a2ac1d036a2756

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a0e70c06a01cc9f02bd49ab7499def6
SHA1 28f6f8ca6534a90c537f7e632d23fdc8cabb7a6a
SHA256 978a71b06b77249c87c4bc9ded142f825d7806a21b4933ee9961999f79268c96
SHA512 39644853aa36e42ac20cdd0f18cf07944592dcf219996b6d79f1c204d23309afa6aa0d7dd97acde4a68201a8e810e0bcf13c75248fec5bd972189b550f5d4014

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8b33c1eb893e48a1445423fe8f80bf7
SHA1 6ba3edef2a4c97204dd337718d2258ba35fc1f2d
SHA256 bf2578234de3a30a658c1dfb329565646e89cf0aba00cdaa7cfa47fe5b6b2932
SHA512 aab31db3f75542916e17558b76b9781bb2fd0351b33d86b3d9f00a84d9b8b2e77efd5dc84ce1e45a7ec50ce647dce82821e451048566b2e9ad0591e54c3517ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 8bcdf7e7514c609828f041b04cef3acd
SHA1 78ebe46270397022d0c67ef6336cfbb0583a42e9
SHA256 915bfcf34fc1a5b9bb508792a1a4a63511ab200f59e3b6627988730475cfcf49
SHA512 e84f0897c2bd79a5ce80e2b560c21d612b371d55a20314ae981d4810576ab8ca6e521a7778d97abe5f3b7c6c26e2a12db7050cbbdf491fe0aad4de116860b11a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dff52621cb85cf7bb93e88bfd3a2033e
SHA1 31cebdd69551529c6b104d5a2633dc868646ce56
SHA256 3f63ccfd7855a61849e1087f65dc1ddfc602aaebe4145dfa2c7afef9f212d93e
SHA512 a1fac241d4f32ec08127ebf07027e1dc7d6fbfcdac55fec78c413f3a53036d54375b3023467eea94d03fcf64c2144592317aa83fc67b3e5c317d56ef97c95b14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8559e8d3a41fd8b719d8f1eaf179e379
SHA1 b7ed7fd9df7a665320bee1888c78158ff9a5bf99
SHA256 02ab1f14e787c58b4bbcb30d1ab880a19fe950ff8b1a288f67b2de7e2716ec2f
SHA512 0e3e53a1596d2abfd827e2679d7c5569aa3aad4c497ff726ed29eae5e01e42ebc1e24ea1ad9127930004bd340d5366720a94677c6d1e047a623ad9521c31087f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb012ec5a9036623d06b9031d49e224a
SHA1 7bbd0e120553d7c1916679ebc90b8f17aefa36c8
SHA256 2fd0df8a7103eb1083e737e76d3e5bbd70dea188fca7d78dc29afb5b6f03e6cd
SHA512 111312ed2efcfe24fb15c237b7100b2ee0454dbebd83d65d238960988735383b3253763248dc13a0557fcff43d95874c3b695fcac7c64e4eb0d7816c5b76846d

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-31 06:45

Reported

2024-12-31 06:48

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

146s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0949baeadee0d11a2d03e0b16405d35a.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4832 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 3596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4832 wrote to memory of 4536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0949baeadee0d11a2d03e0b16405d35a.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb504b46f8,0x7ffb504b4708,0x7ffb504b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,6629822639414272489,13008624254226110069,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,6629822639414272489,13008624254226110069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,6629822639414272489,13008624254226110069,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6629822639414272489,13008624254226110069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6629822639414272489,13008624254226110069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6629822639414272489,13008624254226110069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6629822639414272489,13008624254226110069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6629822639414272489,13008624254226110069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6629822639414272489,13008624254226110069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6629822639414272489,13008624254226110069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,6629822639414272489,13008624254226110069,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4660 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.214.78:443 sites.google.com tcp
FR 216.58.214.78:443 sites.google.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 142.250.179.78:445 apis.google.com tcp
FR 172.217.20.194:80 pagead2.googlesyndication.com tcp
FR 216.58.214.169:443 www.blogger.com udp
US 8.8.8.8:53 www.facebook.com udp
FR 142.250.179.78:443 apis.google.com udp
GB 157.240.221.35:80 www.facebook.com tcp
US 8.8.8.8:53 admaster.heyos.com udp
US 8.8.8.8:53 px.smowtion.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 player.ebuzzing.com udp
US 8.8.8.8:53 optimized-by.simply.com udp
US 8.8.8.8:53 controls.scambiobannergratis.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 8.8.8.8:53 blogblog.com udp
US 8.8.8.8:53 www.blogblog.com udp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 142.250.75.233:80 blogblog.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
US 69.16.230.226:80 px.smowtion.com tcp
FR 216.58.214.169:80 www.blogblog.com tcp
FR 216.58.214.169:80 www.blogblog.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 78.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 180.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 194.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 233.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 tools.net-parade.it udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 labs.ebuzzing.it udp
IT 31.11.35.212:80 tools.net-parade.it tcp
FR 216.58.214.169:443 www.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 ww12.smowtion.com udp
US 13.248.148.254:80 ww12.smowtion.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
IT 31.11.35.212:443 tools.net-parade.it tcp
FR 142.250.179.97:443 lh3.googleusercontent.com tcp
FR 142.250.179.97:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
FR 142.250.179.97:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 translate.google.com udp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 adserver.pubblicitaonline.it udp
US 8.8.8.8:53 www.yourpage.it udp
US 8.8.8.8:53 img413.imageshack.us udp
US 8.8.8.8:53 images.ilbloggatore.com udp
US 8.8.8.8:53 zazoom.it udp
US 38.99.77.16:80 img413.imageshack.us tcp
FR 142.250.179.78:139 translate.google.com tcp
US 8.8.8.8:53 widgets.5z5.com udp
CH 185.101.159.238:80 adserver.pubblicitaonline.it tcp
US 172.67.141.15:80 zazoom.it tcp
IT 46.252.158.159:80 images.ilbloggatore.com tcp
US 8.8.8.8:53 www.segnalafeed.it udp
US 199.59.243.227:80 www.yourpage.it tcp
US 172.67.141.15:443 zazoom.it tcp
IT 217.64.195.242:80 www.segnalafeed.it tcp
CH 185.101.159.238:443 adserver.pubblicitaonline.it tcp
US 8.8.8.8:53 i.creativecommons.org udp
US 8.8.8.8:53 www.we-news.com udp
US 8.8.8.8:53 www.doveconviene.it udp
US 104.20.6.134:80 i.creativecommons.org tcp
DE 18.66.112.52:80 www.doveconviene.it tcp
FR 78.40.11.88:80 www.we-news.com tcp
US 8.8.8.8:53 licensebuttons.net udp
US 104.22.10.121:443 licensebuttons.net tcp
US 8.8.8.8:53 www.zazoom.it udp
DE 18.66.112.52:443 www.doveconviene.it tcp
US 172.67.141.15:80 www.zazoom.it tcp
FR 142.250.179.110:80 www.google-analytics.com tcp
US 8.8.8.8:53 226.230.16.69.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 212.35.11.31.in-addr.arpa udp
US 8.8.8.8:53 254.148.248.13.in-addr.arpa udp
US 8.8.8.8:53 15.141.67.172.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.159.101.185.in-addr.arpa udp
US 8.8.8.8:53 159.158.252.46.in-addr.arpa udp
US 8.8.8.8:53 227.243.59.199.in-addr.arpa udp
US 8.8.8.8:53 16.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 242.195.64.217.in-addr.arpa udp
US 8.8.8.8:53 134.6.20.104.in-addr.arpa udp
US 8.8.8.8:53 52.112.66.18.in-addr.arpa udp
US 8.8.8.8:53 88.11.40.78.in-addr.arpa udp
US 8.8.8.8:53 121.10.22.104.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 we-news.com udp
FR 78.40.11.88:80 we-news.com tcp
US 8.8.8.8:53 119.82.161.3.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
US 8.8.8.8:53 optimized-by.simply.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.179.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 ww1.smowtion.com udp
DE 64.190.63.136:80 ww1.smowtion.com tcp
FR 172.217.20.162:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 98.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 136.63.190.64.in-addr.arpa udp
FR 172.217.20.194:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 182.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
US 57.144.120.128:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
US 57.144.120.128:139 connect.facebook.net tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
FR 172.217.20.163:445 fonts.gstatic.com tcp
FR 172.217.20.163:139 fonts.gstatic.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e443ee4336fcf13c698b8ab5f3c173d0
SHA1 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA256 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512 cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

\??\pipe\LOCAL\crashpad_4832_LASLOKHRETUPXRGE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56a4f78e21616a6e19da57228569489b
SHA1 21bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256 d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512 c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c044295047f0c05839ff77daeca76917
SHA1 c2eb1d6a5c0c0a1481e8570b9bca4f1e5754ef77
SHA256 8e96b585bb5f9273c74b5502e211616af0d8cc6640db120d4575fafa99ecaa41
SHA512 552cb49f5e53a954e65a434f158b7edb90b296790eaa6029aa9d2830ff06719f68acd8fe31420fb2c6d3f94a0004ec6fdc64f93574287ce840cbd96f58396aac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 420c4e57c9421e1125589a1bb0d2a96e
SHA1 89d8b0212f43e68576e7180631e48b2ca534c58b
SHA256 f890a1fb377429f0bce60dfd78d15f172e51499d0844ff95bd975a969f476ede
SHA512 80914c10eb9e02e13c05fa773dd660d74a8fcdf192bf13559e9f7dc66c1b80a9fe40e0f15f3aabd169e26808e55185ad713dcb8bad91bf7600149a9e45c3cf9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3bd8a348-d4aa-46aa-83e5-296d42d44df5.tmp

MD5 a5510d7caf198cddb9ab101a235a5d61
SHA1 7761e78480be602c77b073b47349754ed27ec863
SHA256 aa85d361b3f0362e669e18b8f744eb5a61c86a0335c92cfcc3644dc3a97c7dc5
SHA512 a77e73f67333246463ea832c8f0a3bc963d46ba9033cd65dd4bf3a56d4b5c901cbbafd07ccdb73148297bb240ee7469a0b99a30efde651897b94af565667bc3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 673928ea91af3cfaff94ca770d9ed1ce
SHA1 2c9c648f4b163ae7e0939a29f2f585d007852bf3
SHA256 84c6b461e812dcae82ba9aa3ad16c94323b9c116e2f82ace7c71d7ebc81c24a7
SHA512 ba78d2c6b86db1efeadb95766c8ee3a18a30e7ca18361cb8ce66b00b08b25fdc707a4ad1717fcaf8e0740873c45f5359189086444f13c819efc1df85ad927531

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 843253cb8aed8f448ccfd8f98b430969
SHA1 7e940924eb9c2c92aef441027b32fa2df37178c3
SHA256 bdec165f3c482d808bd41ae17fae8bec8d55944bf97cb966198175b7a8e875d6
SHA512 16636ee80942fd542308164e415658f060d242389c43320f53d97102cb5dc004cfc59625062574a5719f0660d87a86150f07ae207a793d61108bdf95e0538357