Malware Analysis Report

2025-03-14 21:57

Sample ID 250108-gamnyawney
Target JaffaCakes118_8e565eadc7a0818ae9ea4255e658bdf7
SHA256 9846cbd49e420a2781253f8a9836961310908370ab04c8b9eea6d37abce2dfaf
Tags
google discovery phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9846cbd49e420a2781253f8a9836961310908370ab04c8b9eea6d37abce2dfaf

Threat Level: Known bad

The file JaffaCakes118_8e565eadc7a0818ae9ea4255e658bdf7 was found to be: Known bad.

Malicious Activity Summary

google discovery phishing

Detected google phishing page

Legitimate hosting services abused for malware hosting/C2

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-08 05:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-08 05:36

Reported

2025-01-08 05:38

Platform

win7-20240903-en

Max time kernel

142s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8e565eadc7a0818ae9ea4255e658bdf7.html

Signatures

Detected google phishing page

phishing google

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{77EA8721-CD82-11EF-B36A-E62D5E492327} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000ec2da2748ccf349a50fe697440906e300000000020000000000106600000001000020000000a82e7cf30c07830828b34da49ecb583a0de875a977b4340b074f9c667d47ab32000000000e8000000002000020000000c8e7fbb0f70a3f92c1d83c1d02cf23415ab3b96bb185f639cb1645025563ab10200000009c05e6c2695470b525b68f15a38d3bd7476463aa4fb76af377d50efc87e108b54000000050b3b3acaad0b494164f150c3be27b8e98f169c70d82bb030f38b3d1f431c54385211fdf674fd9cc43c0872209a7235e5c81eeb277700f522a29469c0e10916b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000ec2da2748ccf349a50fe697440906e300000000020000000000106600000001000020000000a381080faf690cd8d4580ea9b869113d720cb66abcc6723f251e481ab94eae9a000000000e8000000002000020000000f1bf4634e8a05593240632b0857accada3f052055306aa00549fabf218b4247590000000095e9bc1bc9827f37635ff11f243f387a99c3227f81b4029ab779e5ce8eb7d5aa2d84714c466d32995ddcfd1ddbb366315d2f80ea9db79eac509526d7ad400d1cb19626a4ef58415cddab05b5e74582d99b31006996aa93a5ad50530316fd0767db285d8ac88cb3231049009bff14e1479d4991c1050323727b494090c2754bd8d982c411c1f697e79f8f4808646da65400000009b1e2071e9d210f6ba6f55f355522a15d62ca354a3e5964f679eaef68f6194e26053dffcb302de254f5266bebae8d8b578740cad8f0073ef0fc07bbd38b8d931 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e097f64f8f61db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442476440" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8e565eadc7a0818ae9ea4255e658bdf7.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 scmplayer.net udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
US 104.21.234.156:80 scmplayer.net tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
US 104.21.234.156:80 scmplayer.net tcp
GB 142.250.180.9:443 img2.blogblog.com tcp
GB 142.250.180.9:443 img2.blogblog.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 142.250.180.9:443 img2.blogblog.com tcp
GB 142.250.180.9:443 img2.blogblog.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.180.9:80 img2.blogblog.com tcp
GB 142.250.180.9:80 img2.blogblog.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.146:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 ba0b1a00e1dc69bb6ee9d9a541c428c9
SHA1 95f6aae63d3dd44b16473ba22457c4e285b1aefc
SHA256 52630f94e63a66c6b60beca4570739a877bb1166e1670b2a7a7ef8f0c97a817e
SHA512 5a8257dc27e62248b9b4d7768322d937bf44d7f352fec1e7939d09623f164cce5f2f0f3d74df23588e91c910306a4ffb869b5b198cdfd33386ca242a289716b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5912719e4c4ee8e046f18af2eea821aa
SHA1 19b60f3c014ee4d5d45a3433418d5043b7f18676
SHA256 342079e4f961851bac5dc462154be26c6ce766bd233ee2a7cb5c2d68802fd910
SHA512 8ccd14fb44d57b3a6c789aed2e76ba343346d006cf3cf5e5610bc78225468288879af3a6fc3e3ce7c93a4c5c8f4296a40954566bf73c6eb3c7f668af9d081ff1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 ebf1642f52dd03b1829a0b4be3ac3d2a
SHA1 7d0f15c1753ec668035d7407ccce480694eb6184
SHA256 f45e366bb991f95f78df8f98ee5f6225acd874b8591a3e8685ecaff55cabc6a6
SHA512 baa05aa7538dd37555fc95c43b6662be10996d2d431784958b3b7e19b4fadb96d982fb109161681e250e30e2d93eb5feac4518745c6dcdd22f406879ab8e4261

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 9caf5d69c3a9ca5cc114286c92e03b35
SHA1 a180736d15dcb748e4445a162f6e820c114773d7
SHA256 cb2250d77ed1d0779504e93c7231ef6bb0624ffbbf83bd4850da0c03bc0e1286
SHA512 60451b2a158d5bf3d2055ef0296c8775e2ef56f52ca292008a8f797a63db783ad60eb89911d79f5f4935d1a6991710d71cee4c260a88714f94bd1b7878ba7db7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 ce1fdc2dd893b61ece89ca957ed25e9d
SHA1 261afbe2e0b7293e450ec9c73e6bb55e0fcc2296
SHA256 d1cb2d9480877de8bdc36037386dff7389dc05c3871283b10897b32988a63772
SHA512 421ffad36c04ab663f2435eff727a0aff0e3590fe062f2de18131bbe410ded24e2439d87fcddd423f201d1e3032e6668bd6665127182b9e59fd5ab04e3a3d02f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 cd0b7dfea2ca5c67d26d7f78478265cb
SHA1 b41a46cc3cd5419cbfdc359ea4a36cfa1b137ddd
SHA256 db934de6fbaf603a53b3edd5dd1b9f3737cbc7f4781d5cfd473813d7ad24c202
SHA512 62d28140ea6613a99f43639ce1115c538813acafd818774d5e13d0bd40588a42d592548bf469e31cfc03803d2549ec2b857314169bbd88b21f6dd2ecadff05bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 b47a8b581986d07d30787a64c45c841a
SHA1 d7f200d7e70df44f25536e11358496ed552570b0
SHA256 dbd10d7a10f6d63291d8ec889d0313d156d876b1031b31e80deeced3014733f9
SHA512 a288d7329fcf43dded5674882762a107e0e651f44d2ee8e22ac7df8e657096c12ea25460b20f91131b295d221a21d2ad92be5b634dabfe59e5888677ef6ddd25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 ee2d40bec44e45d6e529fda7c7927caf
SHA1 e71b87d9f47a3c1e167260235b9bf90f51e8a607
SHA256 9a4b4040f7ec5e1464446046d0c4edda99fcad421e79b1514d6b150c639d933d
SHA512 383fae3f1f197641fe3eeb85c4f07cf3f568e43e8fb19889ce0e71f5d76b2cc46a8a40a46df865764be5a9e1a80b88ac2ec6af9247a6643565ad58bc0566522a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_191023D640896A0CAAB6B353590277DC

MD5 2302be509ca7783994b7db7bbed6eafe
SHA1 c7f8af106a133df0dae5196cef02fc5005aca40f
SHA256 112bf6cdd34c3ca2aabbe4127ab40f89e5cdda939d39bc1e2a22f30994a4eafe
SHA512 4f080624a28d993e3a9de85b8d95a5b8e6f22563780f6455099de40f3acf7a70d6cf87be69b634e0ada785bacf6ab95e33c1522cae617f75548f59a1a08c2f9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_191023D640896A0CAAB6B353590277DC

MD5 4864f7b77d06abc05f9501ec1c9ed34d
SHA1 7deb6f40a1487020c3c9bba1030f600e651f6f14
SHA256 73861b35be2742d64498c19f225c20e7158b9640593e72961096a815845daf7e
SHA512 3836b22344446c780c5abd693362bfa04f390defdca2ca9f0bfd081602093e7621062f37a231ae3e757467375cac46a265cccccc1a1131db3c9b2fffd215b9d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_191023D640896A0CAAB6B353590277DC

MD5 426ec9a5e5a2b501be74e72dd7ea9865
SHA1 12a7909c1be21f303c0dcfc8e66b5c7e8282e38d
SHA256 3d051edf811c67f9c60f33884d6d85cb1baf5d03e1bfb8878f0659eebc453d42
SHA512 92a30127240bd719ee1bd5a9c57514771a35d7a7886fd3a3477940935736be0bf23bfb86f009dd42d6f1a6d70c8c5772c67670b9172d32d8982ddc7b0f380e8c

C:\Users\Admin\AppData\Local\Temp\CabCDF9.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarCE10.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e884204aac9d1239c57a335675729479
SHA1 fca21607d323245063b57309027ed82ac5907f14
SHA256 049797193251c087f2a6eb433f195061d83ac019b2290804ed346ad6c070f25a
SHA512 91e60ffc987dc0658f84d586527a3c015d8ea11eb77e20df96576c6e20b4da4e28239a94472ed70b5c1449196422f7f330fc3865362596de1501d562b50d8d34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b71d9c74806b710900f97ab1ca8622b
SHA1 4a5a1e9760809c41adc6061b3001f2ba568c34e1
SHA256 418ef98d3fbd7ea57aebfde98aa0f7acab92768aee545ac3a667af4167da9ec9
SHA512 ad10c6438738a56402dfb0bbdda26885caa329b92c585ab80cea93c3284d9716cd3ce18f22e98edca08066a2443a3e31251a26046b75065c218d4aae0cf69967

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOGPI1N2\recaptcha__en[1].js

MD5 19ddac3be88eda2c8263c5d52fa7f6bd
SHA1 c81720778f57c56244c72ce6ef402bb4de5f9619
SHA256 b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6
SHA512 393015b8c7f14d5d4bdb9cceed7cd1477a7db07bc7c40bae7d0a48a2adfa7d56f9d1c3e4ec05c92fde152e72ffa6b75d8bf724e1f63f9bc21421125667afb05c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca3464a764565f9497118fbffe3028e7
SHA1 6a44db45988a5cb7a4ce0887a9f39413207c7ed5
SHA256 5ad7da1017235477a97ff4b93fbf1ed8d78de337244948e9b337f808620703b5
SHA512 6f3320af526b04afcaf46a67c3f7878bf7d683677301da8026e5b164a54c88eb9fbb68c0281d6a5cfbc9aaae86b3a7f9338689bdb9639078b390a83f87db9cda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e20dbba0378891c048f072d4cceda656
SHA1 7761532166e28355f396ee531f2bd5d48bc49112
SHA256 9e6ee94807810b9c24e8ae13b4ba543e6e46006a133e08e6d2efe77f18264df0
SHA512 6ffbf7251a11ed7ed8efa00c306ac16930d98b284770a402bef5af7dafe77de56a6ce0210ed5af776fe4c04f80f00d684eb232a2af105ef02d1fb4667e83c862

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be209216ef3afef2b61dfd6c7e991974
SHA1 c97f7471fb370c909981a250474e7cb5a2b5315f
SHA256 e6d1477e597f6eda3d28fe006c002836c8a38912e4a6589cf5b0c3abd92135c7
SHA512 bdf3f7c05ee63ba783af005251ca50f221ebab0e98adb9c91bb6a6110a53cb8230cc416644f4389bea46035d3c5c5d261d28332731692cf93a56c3d66de9bb2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 041a4e81c679b1913f90962ed680dbc0
SHA1 50a342821769f46647de7f48a8f71e68144bd213
SHA256 7ab5f47029ebd872d084018f02cbd72ade6ae57a421056f436a0df6ccff94a47
SHA512 ed637ad03fa32c55e33f71ad65584594aa6bb7146a912416d36d1058f1c89a57d43774b4b96d0d66a8233e62837ea6895ecb505114448c52fc690cc7535ab6de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e13ed1b47344856bb32d95c0033f59c5
SHA1 5cfbc6aa542236cd17edebe397c5bcd55922f0dd
SHA256 f22473d7363964195f75a2ac796c808818fa2679b8db586f342abe3bc0bfa4fa
SHA512 1e4a6506fb4696d10680bf74afdee0ec3d3aa79aae09fd00665f3b85df4bebb09207c140e9012ed64d523816fb9a195a4ce708b8039386d17b4872b134b41a50

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4cfb77a8260fa950cf51a7cb4f7d17fb
SHA1 9f5ec6b5ed6027f642fe67b9cb372a9ec8a70494
SHA256 e8b045aeb7dc172cdc355a535556d01dccb674109bce6fe8a081dab311d668cf
SHA512 87f0bf0c163227815c3801404871754c9b9ad3ad6580d8bf0aa495faab75c7b15159ccc1ce0139e11eff6519c24a532133044e0632d34164cba2a0adee66194a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d5dfac32c3072b5ca8e25bbec12d219
SHA1 54ee64902b294b9e43291d8121af606c501c82ec
SHA256 d14803f21a47af620e1fb54effbff2c1d82f94bb36aff13c806211e9a3e0161e
SHA512 a2034384b69e62907f67cf577e0e6c1d6c8114281e900a99d71f56aee8880c151d2d070ab8f69b84cac5351a4d4104b0ed05be5d46f60496d2745c1b417f67cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0464a1ec5e6ad325fb086538ab90983a
SHA1 dcc2150c25bac68749c8b025f50a9adefe1b4498
SHA256 0704c81eb3107679b6d78347337161383c204e3e7782420d1e46b4ce60caccde
SHA512 a63c0f0439236359ded872898fad374d64e6399cdd8c5dbe740f3442d97a103da51d30872778ae95dbac354e882f1eb3a896cf53810398cc4ea7dff473245bd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc34faa336bd06b26df95cdbac523fe2
SHA1 3d37777e3b8510844d05ab95244c161e11fce924
SHA256 1c3002d582978c1ca4455e427e72a427cef71a196a96acbbfbe487c8dd162540
SHA512 130f1390160bc27952ae99df2245e78d4d1e81766ea6dc9b0837eb76fc78135d65e7c4f084af3d578c048da13d7a5b96c8c6111d60b3a5777ed6d2b687a77b01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f6516adc73149673c0a67feb66a8177
SHA1 0c7b3a203c003530f1c4e0d1b218f4864de159a5
SHA256 59d8996a93c6dd0fe5476a0ad4017f6661f45029ee4c0f35f9a42fadd3ea6f12
SHA512 a1e6612a13c826e28f78ebf3f1abe838ce26ad8c1e5c41f1c7cb96229264d850a6f2ce7c88d6a49ab2bec63954b2af2ea57ec1aea15e90afc4601481ca06d8b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72100903774c1b8e5ad38887eb5ed552
SHA1 f045731e8ced5ad5d7ce86484ce207d50a609f8a
SHA256 a9473df9725ed9f848ee065f13a07e756501e1510a0dab191c29e5d527971158
SHA512 1839a68cb230486d69640c445f4948988075d5436d5e011f90a22bfd7b58531a6bff067e32f9634ed2f54785c411809714974a4d0e812abdb19f1b9953c13eb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c34dc36e75add849c84e941f83baf80c
SHA1 436ccee2205181bffd01d0d578d1476ba0cb7ea2
SHA256 264cb2e6ef4e5ad593b5d8cb1e12b44994885273aec6d0f0a46ec85e7c17138a
SHA512 4c7e7873e05cecb717d999344b73626baa1419e5ddabc7ce03423ac28b28f3a0f94c4725450649332a71a35389446c52b0175148a02e7e233d530a52c1f642a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 90e9e90a9b85238999fbc16e1dd72f9a
SHA1 400d3332ed2f4fa1675ee73bb23f5d7edf97f6c4
SHA256 e819666d2286fe24929b459f737aec478f789b848619257d0ceb24ab17ad6d58
SHA512 c473023266cee51516d12e13d79fdfb3fa99562f581a187c416b3182e5f5a8def968c0a2deacbc16a27398396b8897b5e3eec57f54d5c6631da5727d63cf28ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb2326920a54fbd9efd8594862ca06c8
SHA1 a0d68af9ee51dc0761321e831c3e65b9d76839de
SHA256 01ead1b02d3e2b556c91c1d16463131146dc23d5529c813bc9a6292e4fb82a36
SHA512 56d7592e28c9cabc59e4e46d49aa7e405217bbb56b9e3ee2ce9368eca096b63306f67ae4d5da12302bb3af6926b31806bb6143330919bfd8dde61e610179e4d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38a1cbaa3f416b0929cf29649ae681bb
SHA1 20b9b8bab540138dd91b27ddb4c3b6186e97ad17
SHA256 903d1ae30fe1912c22cd06ff96129d7afb4cfd63c62c713cac9b3d65fb5188b1
SHA512 cd2746da803b1083af6426ffd2d9647f4787dc9a07d95ef17750a35a218420e83dd93940770512b17932e86933dce91dacb076d1517a6439d9b44558d7ead3e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 553ff66701a3a5f48a38a0760192864d
SHA1 2cefa5006d5bd202e7a69616524fdde2505a335c
SHA256 1b2b21809ee3802f85cf109d1515db3fac926210a35f61e417bf77093014935a
SHA512 12a5d24f9b8225f1a3717e3494943af15a5b959c4599ad8f5d7ee97aecc6f5a11a5163d062d4ad72525c0f942534275cc9ed117a479bee010d40747af50aaaa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a6c62cdd249edf292b6765ec78fa65c
SHA1 a2b0a6fe580a3a6efd54dfc24fcd85ba5aeedb6c
SHA256 b7bf8e94749fec1a2273833c1300428cd63284864d4ee14efea0f57f17f3e043
SHA512 3ba6c2c58107a2577ca8e26c46ab5556e34700d8e4c1dfc794e5f25d5ae8a2aec762c397b7e7ab5293ca1bcb6bf33e3e6a42e90095de3cd35957c9c4dadced75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fad65ee9c67b5fb91ddf2b6a3b989e18
SHA1 ba97193b8fe66f2374cef1ec9724f9266cc714ca
SHA256 9e3ac43a84ec97e5ef8283badb7925283e0486e8697379f4c5610eefdf39f069
SHA512 cecdbcd805783b27e70faef27c0abea89e81052db5490b09e73ef71d056bd0087badff248e662d82d78be9a178e15f9b14239678a250fadf1236ea3f1b260bb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7d726da1920974ef2016d4e19630688
SHA1 e91200f9a2f4ec39a9243cb92cdb98c6fc750691
SHA256 410954abef0e849af30ad1cfa16f93b27fdbc253b3df6ff675e61be37a8e2cd7
SHA512 22910d3611e28469ca0a6c7b7f9c3e48d02564319aca6570e86358820559c6ff160763eaf50c93b23cd62d9235201f885d67dff822df02a41e37264a2e78d2b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 991a73d08b418f85e1f41c435ba61050
SHA1 ade57ec8852fce5ed0a2110fd338ad6076bb25ff
SHA256 dff98aee7c6ce5df9192d6edc4f6b11dcb6472a60e9f90ab6dd5a5c680681d64
SHA512 b703e9301197d9b9ae4c508c2e9b74eb738b3852ad09c471802879bec5d3dc2bd9a8218950fa714e15e37f5fa9591b7d48f14802822ab0c26a4a7c6db3e18b5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70b625de273e1bd431cce27158eacb68
SHA1 8bfbc5e3b7ab6eb17a2c0652520defc5d5ccd699
SHA256 5dfe1ad158a214817ef41a6ce5a00ee590609c266388423f568fa2797192a895
SHA512 2d904c620e85391015cdbb6edbe7ed87386eff86f81a1e52b894b5ace0507053ea29388685a9c21ea35a0cc9c07d74f13365bf24ff17fcb5568ce0b30b791de8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a95c4abba1fc4cad0b7240fd7fb5430
SHA1 cf7f4b28b4b17afeb02f83464796d9801dc8722c
SHA256 61d1f7a7a833986abd870dbd6bf37182ad611a3067e3099295fa1b36a81bcfea
SHA512 6eaf2f330ff6b7cd5b52688098c78d938434d6fe55e226cdb57b8d8c801ffdd8dd5460f9df60a484c2c0f2d042bd98bdd522b4e488a87bf9936140b1a8c3c234

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7bf627ee7f510f9d2dcfdfc01c85a8c
SHA1 d06a73eb740daa18fcc9ce8c74bd9e9931b57d10
SHA256 a5b9b9829f50d67b9531293d2ad16f79fdc60642a576af580ffc7e79fe5af1a5
SHA512 bc75daeffdab1afb9ebac02e0847566d35aa6c127789f7e7aa4eb006e423cc72d45644b33da443d8252c1176af9da084965520dc983e4800bdbdec6df5153c5b

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-08 05:36

Reported

2025-01-08 05:38

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8e565eadc7a0818ae9ea4255e658bdf7.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4468 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4468 wrote to memory of 1520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8e565eadc7a0818ae9ea4255e658bdf7.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce88c46f8,0x7ffce88c4708,0x7ffce88c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12214772118680943894,1187651253900075038,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,12214772118680943894,1187651253900075038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,12214772118680943894,1187651253900075038,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12214772118680943894,1187651253900075038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12214772118680943894,1187651253900075038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12214772118680943894,1187651253900075038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12214772118680943894,1187651253900075038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12214772118680943894,1187651253900075038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12214772118680943894,1187651253900075038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12214772118680943894,1187651253900075038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12214772118680943894,1187651253900075038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12214772118680943894,1187651253900075038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12214772118680943894,1187651253900075038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12214772118680943894,1187651253900075038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12214772118680943894,1187651253900075038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12214772118680943894,1187651253900075038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12214772118680943894,1187651253900075038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12214772118680943894,1187651253900075038,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3092 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 scmplayer.net udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 104.21.234.156:80 scmplayer.net tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.180.9:443 www.blogger.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
GB 172.217.169.14:443 sites.google.com udp
GB 142.250.180.9:443 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 scmplayer.net udp
GB 142.250.178.14:443 apis.google.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 9.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 156.234.21.104.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 104.21.234.156:445 scmplayer.net tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.178.14:443 apis.google.com udp
DE 157.240.27.35:80 www.facebook.com tcp
DE 157.240.27.35:443 www.facebook.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:443 2.bp.blogspot.com udp
GB 172.217.16.225:443 2.bp.blogspot.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.180.9:80 img2.blogblog.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.27.240.157.in-addr.arpa udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 27.27.240.157.in-addr.arpa udp
US 104.21.234.157:445 scmplayer.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1 010da169e15457c25bd80ef02d76a940c1210301
SHA256 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512 e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

\??\pipe\LOCAL\crashpad_4468_FKIPUHBIDZIUDURW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 85ba073d7015b6ce7da19235a275f6da
SHA1 a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA256 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512 eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cb69fbc03b56b08de7990e9e0cdae103
SHA1 fe276e062ad5bf45dc45f8f272ca67c37d8c69f6
SHA256 dc4c2b7e4d0a579d18bca76cf707283c7bef3d867493cd8040de9a485c9d437f
SHA512 5b82e01d6e676cbe6b405272ef12b6b912b007418bf704635c3067dfa1fc5787f5948b1819c61f8fe45d159a9b6c1125bcb965019c9c9b063d481f655c1a4b0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 d79b35ccf8e6af6714eb612714349097
SHA1 eb3ccc9ed29830df42f3fd129951cb8b791aaf98
SHA256 c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365
SHA512 f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 25cb06b678aa2a8a984076fb85addf7a
SHA1 90c8721ba28fa828f20438d95a2b440e9edd1013
SHA256 2b613806c3f35c97e34d15635ad145f16feb1698509f429908eae9d059eb3133
SHA512 9f12358531f7b7ff63bdeed7691509db36ebd23076425a94416e6c8684afa599dd76f89b16aa2647db7c3b9eaece2c5f1de2238684fde03b90b95369c65e2508

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7d8752f3e3632a92fa2657f8d92994ce
SHA1 798a3a9fb0ef2ec36a4fa532ef3e8a2a4312f9c0
SHA256 de6acb3fc199f0c6cc9920ac5bc1494825aee39c6098069acc95556921505b00
SHA512 75626e13e90207084ab23996b593ba6012f6f975d71c3dd1f0ad74cee580552f184fb715d8bf4c7d4ef8dfef5136268b002d5e4554b6df711e3a3cf81eb04602

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3b4c4a4e3a0ecdb7716f0347ec6db7c8
SHA1 baa887aa57ef9ac1e3f29f530d30c9cc30ab2d1e
SHA256 3a6df1d45641ec2e06f1f196adf54db0e0fa81c6f629587937f65341aee51fe9
SHA512 bfff2bbbded5fb5f41db41ec824459e610df2335b87158ae81caace553fefbbb482e8c8a92e55eb2324db806f396458a8bd9369830019d8cb7e80891c2ca22cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1d60fdea5d983a302a0dd9ceeef39925
SHA1 e862fad92f7836a18506f5398f94c90656a1cfd5
SHA256 39262d255a2286d6a3902c95e34c4de596a2127bee90e08575cfde3f25e5ce17
SHA512 c5a7fd36fd457186a29682f66fb80c168ab38402dfc808634fb5f82ef9688477d1d632b27f1592fd4b7d4aabe59579fc9603018f94173b77eae5cf7058f8fdc3