Malware Analysis Report

2025-03-14 21:54

Sample ID 250125-rea6tawkez
Target JaffaCakes118_2c661d5141302b467e0e71217cb66984
SHA256 1e765e39e09e367848643e9389c3b7f7c130e4745b75693fd4d2e0d0250e2974
Tags
discovery phishing google
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1e765e39e09e367848643e9389c3b7f7c130e4745b75693fd4d2e0d0250e2974

Threat Level: Known bad

The file JaffaCakes118_2c661d5141302b467e0e71217cb66984 was found to be: Known bad.

Malicious Activity Summary

discovery phishing google

Detected google phishing page

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

Legitimate hosting services abused for malware hosting/C2

Detected phishing page

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-25 14:05

Signatures

Detected phishing page

phishing

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-25 14:05

Reported

2025-01-25 14:08

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

154s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2c661d5141302b467e0e71217cb66984.html

Signatures

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4964 wrote to memory of 1748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 1748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 2448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 2448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4964 wrote to memory of 1972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2c661d5141302b467e0e71217cb66984.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa37246f8,0x7fffa3724708,0x7fffa3724718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,7351942811694553675,9975167790893420023,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,7351942811694553675,9975167790893420023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,7351942811694553675,9975167790893420023,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7351942811694553675,9975167790893420023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7351942811694553675,9975167790893420023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7351942811694553675,9975167790893420023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7351942811694553675,9975167790893420023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7351942811694553675,9975167790893420023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7351942811694553675,9975167790893420023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7351942811694553675,9975167790893420023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7351942811694553675,9975167790893420023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,7351942811694553675,9975167790893420023,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1916 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 bloggerstyles.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.212.233:445 www.blogger.com tcp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
GB 142.250.187.238:443 apis.google.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 8.8.8.8:53 190.130.33.3.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 7.98.51.23.in-addr.arpa udp
US 8.8.8.8:53 bloggertipspro.googlepages.com udp
GB 142.250.200.51:80 bloggertipspro.googlepages.com tcp
US 8.8.8.8:53 sites.google.com udp
GB 216.58.201.110:80 sites.google.com tcp
GB 216.58.201.110:443 sites.google.com tcp
US 8.8.8.8:53 connect.facebook.net udp
IE 31.13.73.22:80 connect.facebook.net tcp
IE 31.13.73.22:443 connect.facebook.net tcp
US 8.8.8.8:53 pipes.yahoo.com udp
US 8.8.8.8:53 51.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 22.73.13.31.in-addr.arpa udp
GB 142.250.187.194:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 widgets.amung.us udp
US 172.67.8.141:80 widgets.amung.us tcp
US 8.8.8.8:53 tcr.tynt.com udp
US 104.18.13.146:80 tcr.tynt.com tcp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 lh5.ggpht.com udp
GB 142.250.187.193:80 lh5.ggpht.com tcp
US 8.8.8.8:53 lh3.ggpht.com udp
GB 142.250.187.193:80 lh3.ggpht.com tcp
US 8.8.8.8:53 lh4.ggpht.com udp
GB 142.250.187.193:80 lh4.ggpht.com tcp
US 8.8.8.8:53 c4.ac-images.myspacecdn.com udp
NL 18.239.69.104:80 c4.ac-images.myspacecdn.com tcp
US 8.8.8.8:53 141.8.67.172.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 146.13.18.104.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 c3.ac-images.myspacecdn.com udp
NL 18.239.69.117:80 c3.ac-images.myspacecdn.com tcp
NL 18.239.69.117:80 c3.ac-images.myspacecdn.com tcp
US 8.8.8.8:53 c2.ac-images.myspacecdn.com udp
NL 18.239.69.104:80 c2.ac-images.myspacecdn.com tcp
NL 18.239.69.104:80 c2.ac-images.myspacecdn.com tcp
NL 18.239.69.117:80 c2.ac-images.myspacecdn.com tcp
US 8.8.8.8:53 c1.ac-images.myspacecdn.com udp
NL 18.239.69.104:80 c1.ac-images.myspacecdn.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 img1.blogblog.com udp
GB 216.58.212.233:80 img1.blogblog.com tcp
GB 216.58.212.233:80 img1.blogblog.com tcp
US 8.8.8.8:53 i298.photobucket.com udp
IE 3.165.232.45:80 i298.photobucket.com tcp
IE 3.165.232.45:443 i298.photobucket.com tcp
US 8.8.8.8:53 104.69.239.18.in-addr.arpa udp
US 8.8.8.8:53 117.69.239.18.in-addr.arpa udp
US 8.8.8.8:53 233.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 i149.photobucket.com udp
IE 3.165.232.87:80 i149.photobucket.com tcp
US 8.8.8.8:53 45.232.165.3.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 www.pustamiska.pl udp
PL 195.242.117.217:80 www.pustamiska.pl tcp
N/A 224.0.0.251:5353 udp
PL 195.242.117.217:443 www.pustamiska.pl tcp
US 8.8.8.8:53 pustamiska.pl udp
US 8.8.8.8:53 www.pajacyk.pl udp
PL 195.149.198.194:80 www.pajacyk.pl tcp
US 8.8.8.8:53 img357.imageshack.us udp
US 38.99.77.16:80 img357.imageshack.us tcp
US 8.8.8.8:53 87.232.165.3.in-addr.arpa udp
US 8.8.8.8:53 217.117.242.195.in-addr.arpa udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 pics7.inxhost.com udp
RU 45.130.41.107:80 pics7.inxhost.com tcp
US 8.8.8.8:53 nethcdn.com udp
US 104.21.64.1:443 nethcdn.com tcp
US 8.8.8.8:53 korfo.org udp
US 8.8.8.8:53 16.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 107.41.130.45.in-addr.arpa udp
US 8.8.8.8:53 1.64.21.104.in-addr.arpa udp
US 8.8.8.8:53 194.198.149.195.in-addr.arpa udp
DE 142.132.202.70:443 korfo.org tcp
US 8.8.8.8:53 www.hotels.com udp
GB 184.26.45.124:443 www.hotels.com tcp
US 8.8.8.8:53 70.202.132.142.in-addr.arpa udp
US 8.8.8.8:53 124.45.26.184.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:445 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
GB 142.250.187.238:443 apis.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www6.cbox.ws udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 163.70.147.35:80 www.facebook.com tcp
NL 18.239.69.104:80 c1.ac-images.myspacecdn.com tcp
GB 142.250.179.228:80 www.google.com tcp
IE 3.165.232.45:80 i149.photobucket.com tcp
IE 3.165.232.45:80 i149.photobucket.com tcp
IE 3.165.232.45:80 i149.photobucket.com tcp
IE 3.165.232.45:80 i149.photobucket.com tcp
IE 3.165.232.45:80 i149.photobucket.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 fbcdn-sphotos-a.akamaihd.net udp
US 108.181.41.161:80 www6.cbox.ws tcp
GB 216.58.204.66:445 pagead2.googlesyndication.com tcp
US 108.181.41.161:80 www6.cbox.ws tcp
GB 172.217.16.225:443 lh4.googleusercontent.com udp
US 8.8.8.8:53 calendar.google.com udp
US 108.181.41.161:80 www6.cbox.ws tcp
GB 142.250.187.238:80 calendar.google.com tcp
NL 18.239.69.104:80 c1.ac-images.myspacecdn.com tcp
US 8.8.8.8:53 img103.imageshack.us udp
US 8.8.8.8:53 www.kulturinsel.com udp
US 38.99.77.17:80 img103.imageshack.us tcp
FI 95.216.245.87:80 www.kulturinsel.com tcp
GB 142.250.187.238:443 calendar.google.com tcp
US 8.8.8.8:53 profile.ak.fbcdn.net udp
US 8.8.8.8:53 static.cbox.ws udp
US 8.8.8.8:53 www.turisede.com udp
US 104.21.32.1:80 static.cbox.ws tcp
US 104.21.32.1:80 static.cbox.ws tcp
GB 216.58.201.110:443 sites.google.com udp
FI 95.216.245.87:443 www.turisede.com tcp
US 8.8.8.8:53 www.myspace.com udp
US 8.8.8.8:53 grzegorz.namielski.pl udp
US 8.8.8.8:53 www.cbox.ws udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 161.41.181.108.in-addr.arpa udp
US 8.8.8.8:53 87.245.216.95.in-addr.arpa udp
US 8.8.8.8:53 17.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 1.32.21.104.in-addr.arpa udp
GB 142.250.187.238:443 calendar.google.com udp
US 8.8.8.8:53 clients6.google.com udp
US 8.8.8.8:53 maps.google.com udp
GB 142.250.180.14:443 clients6.google.com tcp
GB 142.250.200.14:80 maps.google.com tcp
GB 142.250.200.14:443 maps.google.com tcp
GB 142.250.187.194:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 t.dtscout.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
US 172.67.70.180:443 t.dtscout.com tcp
US 8.8.8.8:53 sc.tynt.com udp
US 8.8.8.8:53 developers.google.com udp
GB 142.250.200.46:80 developers.google.com tcp
US 104.18.13.146:443 sc.tynt.com tcp
US 8.8.8.8:53 maps.googleapis.com udp
GB 142.250.200.46:443 developers.google.com tcp
GB 142.250.200.10:443 maps.googleapis.com tcp
GB 142.250.180.14:443 clients6.google.com tcp
GB 142.250.180.14:443 clients6.google.com tcp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 180.70.67.172.in-addr.arpa udp
GB 142.250.180.14:443 clients6.google.com udp
GB 142.250.200.10:443 maps.googleapis.com udp
GB 142.250.200.10:443 maps.googleapis.com udp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 mt.googleapis.com udp
GB 172.217.16.238:443 mt.googleapis.com tcp
GB 172.217.16.238:443 mt.googleapis.com tcp
GB 172.217.16.238:443 mt.googleapis.com tcp
GB 172.217.16.238:443 mt.googleapis.com tcp
GB 172.217.16.238:443 mt.googleapis.com tcp
GB 172.217.16.238:443 mt.googleapis.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
GB 172.217.16.238:443 mt.googleapis.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.178.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com tcp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.74.171:445 whos.amung.us tcp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 104.22.75.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1 010da169e15457c25bd80ef02d76a940c1210301
SHA256 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512 e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

\??\pipe\LOCAL\crashpad_4964_GICFSDMJLTWSZZZD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 85ba073d7015b6ce7da19235a275f6da
SHA1 a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA256 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512 eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ab375c1e33e6d2c332379a86d59a04fc
SHA1 149734c97683f22bc62544b90ff3e423e7cf0800
SHA256 d03e43c0377181623076e20506e2a20466059c85ea76f811ad660339f3d10c51
SHA512 a85b992a4abc5c631e998791a2cfaa93e31247253efea3e21f30f579e1936792d836ea77738aae7f6d1b67ab27f3b4ca613b513c7b48c5dbb83bcfd84708756b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3634ef0751c5bae20f3c50ee813c11a9
SHA1 26ee422c835c9c7cd9f509a028260c352224f3ea
SHA256 f2d3ecde5b26e3325f8cdf526390f201da92c7ebbfc2775bcc239546d81ee0d6
SHA512 ed7d5ad95f5fe99b34d6cc472b3a9e971e86ca8f338ab32bf409eaa53f87bb798e8537966828afd41a1d30aee8c5c97790f6ebedb09499979059739ee5522769

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 29d84125f84abfdccec91e398cd61058
SHA1 ad192dacadf0b4beb501e1e4d92320c6eeb6971b
SHA256 de64414488186512a550a2e7d30a2ff31732c8424a56b8ee97363485f9fee386
SHA512 22d66b4429ed681a749b1a51422048f775851ba579331390888e7c1b7851a16e5930fb2f3fa5ea9a69daa27292babafc3dd590924ca0af59910d2346578d1301

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8b556ca2d99ac2d86c49666efb465a5e
SHA1 0aaf17823ceed1bc40f5989a6f5b791ad2554d36
SHA256 40fa6f7429e6f236851fa26bb16258bc51a99131df3cb9d547eca1065936fac6
SHA512 28f115f8c0a0312a3bf47c8a810a8577ce16bb69bd1b5c4f980211f1e4e1f10b3b4be1554df7e70a00c5d88ae6ec8010fca13a48914b6a9d16ca26ea72291a2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5f943f0be174683b090e5c2df39234ac
SHA1 2a29889ff26475173fe9e523d90aacb65fc1930b
SHA256 4ff92bc71e641094b857ee901d8320d67969617c09818ef037c4d66d9d4d97a2
SHA512 932a3574a9b22303d04254e7d79395ee159450cfb6d447b0e9d06536410e74462827ce518708fa99bc9ee4203fc5509a55f450d919641686e18adbafff02c131

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58775e.TMP

MD5 129b4de88e5cda7f84fb98c46935a697
SHA1 cb97e3a1703cda752e66392275654b5738b1f8f7
SHA256 3883f7d89b686c7478c6deaee8d44093945aae3f362b4554b562da071f1e7542
SHA512 fc8f886429f51c0e869dd530f1c9efc56259f03e5ff65bc3f2ffe23da2fde445f2690499ac1f74fd645f5abc922adea66f6edaca39a2463a33cff22b65e86571

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f59d8f0d9622731f3dadce851b32cc8b
SHA1 66c583a04d52bf17f937419ece745d4504a6696a
SHA256 a6bc949cc8abb4f07553528b04952cb7301fbd8ea337b3b7451436a82b921faa
SHA512 69b0fdf0e4403e40e54235cbdc7f1cd4557d4f554401ae44d363250f5f0410804f99dda0cdd7a96c2b7e6bb7593fb38c099ab3390547f88cf03aaf5192a80da6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2f0ee76741ddc8442c2b1b9a6a37128d
SHA1 1736519f1d072a51f2c04627b586f74dcdd9d2ad
SHA256 172051399c5800ed77f13a4c97d53ec4668952b439915ee45cca6fb833f8a40e
SHA512 be0fa863a5fa6fc1a82988fabbea9cc74820518e7a60965bcaff2e55f916de787fc21d61e052b5b7f20eca55ff3dc99ae4b9eefe8e6d7f35def6628003ba70e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ee495fad3d701ab51d789956e417eb64
SHA1 5a10bfc1abec286f316de39dfe8789ef590fd0f9
SHA256 fe390297f7851fb1ac3f6cb7906d2b4a6e1b90e590dc289effad46b0ae0ee69e
SHA512 c73e40276049e05fafc829e851d524d41848082423d8fc48b956151f51586ed299ec4ffb5fa8bfa7054534367c293b805e37dd11ba4b395a299a8c967157ea6b

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-25 14:05

Reported

2025-01-25 14:08

Platform

win7-20240903-en

Max time kernel

118s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2c661d5141302b467e0e71217cb66984.html

Signatures

Detected google phishing page

phishing google
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

A potential corporate email address has been identified in the URL: [email protected]

phishing

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443975827" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8034EDC1-DB25-11EF-BEB7-46BBF83CD43C} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2c661d5141302b467e0e71217cb66984.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1076 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 bloggerstyles.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh5.ggpht.com udp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 lh4.ggpht.com udp
US 8.8.8.8:53 c3.ac-images.myspacecdn.com udp
US 8.8.8.8:53 c4.ac-images.myspacecdn.com udp
US 8.8.8.8:53 c2.ac-images.myspacecdn.com udp
US 8.8.8.8:53 c1.ac-images.myspacecdn.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 i298.photobucket.com udp
US 8.8.8.8:53 bloggertipspro.googlepages.com udp
US 8.8.8.8:53 pipes.yahoo.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 i149.photobucket.com udp
US 8.8.8.8:53 www.pustamiska.pl udp
US 8.8.8.8:53 www.pajacyk.pl udp
US 8.8.8.8:53 img357.imageshack.us udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 tcr.tynt.com udp
US 8.8.8.8:53 pics7.inxhost.com udp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
GB 216.58.212.233:80 www.blogger.com tcp
GB 216.58.212.233:80 www.blogger.com tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
NL 18.239.69.117:80 c1.ac-images.myspacecdn.com tcp
NL 18.239.69.117:80 c1.ac-images.myspacecdn.com tcp
US 38.99.77.17:80 img357.imageshack.us tcp
US 38.99.77.17:80 img357.imageshack.us tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
IE 31.13.73.22:80 connect.facebook.net tcp
IE 3.165.232.11:80 i149.photobucket.com tcp
IE 3.165.232.11:80 i149.photobucket.com tcp
IE 31.13.73.22:80 connect.facebook.net tcp
GB 142.250.187.238:443 apis.google.com tcp
GB 142.250.187.238:443 apis.google.com tcp
IE 3.165.232.11:80 i149.photobucket.com tcp
US 172.67.8.141:80 widgets.amung.us tcp
US 172.67.8.141:80 widgets.amung.us tcp
GB 216.58.212.233:80 www.blogger.com tcp
GB 216.58.212.233:80 www.blogger.com tcp
GB 142.250.200.51:80 bloggertipspro.googlepages.com tcp
GB 142.250.200.51:80 bloggertipspro.googlepages.com tcp
GB 142.250.179.226:80 pagead2.googlesyndication.com tcp
GB 142.250.179.226:80 pagead2.googlesyndication.com tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
GB 142.250.187.193:80 1.bp.blogspot.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
US 3.33.130.190:80 bloggerstyles.com tcp
NL 18.239.69.104:80 c1.ac-images.myspacecdn.com tcp
NL 18.239.69.104:80 c1.ac-images.myspacecdn.com tcp
NL 18.239.69.104:80 c1.ac-images.myspacecdn.com tcp
NL 18.239.69.104:80 c1.ac-images.myspacecdn.com tcp
NL 18.239.69.104:80 c1.ac-images.myspacecdn.com tcp
IE 3.165.232.110:80 i149.photobucket.com tcp
IE 3.165.232.110:80 i149.photobucket.com tcp
US 104.18.12.146:80 tcr.tynt.com tcp
US 104.18.12.146:80 tcr.tynt.com tcp
NL 18.239.69.68:80 c1.ac-images.myspacecdn.com tcp
NL 18.239.69.68:80 c1.ac-images.myspacecdn.com tcp
PL 195.78.67.53:80 www.pustamiska.pl tcp
PL 195.78.67.53:80 www.pustamiska.pl tcp
PL 195.149.198.194:80 www.pajacyk.pl tcp
PL 195.149.198.194:80 www.pajacyk.pl tcp
RU 45.130.41.107:80 pics7.inxhost.com tcp
RU 45.130.41.107:80 pics7.inxhost.com tcp
US 8.8.8.8:53 sites.google.com udp
IE 31.13.73.22:443 connect.facebook.net tcp
IE 3.165.232.11:443 i149.photobucket.com tcp
IE 3.165.232.11:443 i149.photobucket.com tcp
IE 3.165.232.11:443 i149.photobucket.com tcp
IE 3.165.232.110:443 i149.photobucket.com tcp
GB 216.58.201.110:80 sites.google.com tcp
GB 216.58.201.110:80 sites.google.com tcp
PL 195.78.67.53:443 www.pustamiska.pl tcp
GB 216.58.201.110:443 sites.google.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.227:80 c.pki.goog tcp
GB 142.250.187.227:80 c.pki.goog tcp
GB 142.250.187.227:80 c.pki.goog tcp
GB 142.250.187.227:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
US 8.8.8.8:53 pustamiska.pl udp
US 8.8.8.8:53 nethcdn.com udp
US 104.21.16.1:443 nethcdn.com tcp
US 104.21.16.1:443 nethcdn.com tcp
PL 195.78.67.53:443 pustamiska.pl tcp
PL 195.78.67.53:443 pustamiska.pl tcp
US 8.8.8.8:53 accounts.google.com udp
US 142.251.173.84:443 accounts.google.com tcp
US 142.251.173.84:443 accounts.google.com tcp
US 8.8.8.8:53 korfo.org udp
DE 142.132.202.70:443 korfo.org tcp
DE 142.132.202.70:443 korfo.org tcp
DE 142.132.202.70:443 korfo.org tcp
DE 142.132.202.70:443 korfo.org tcp
DE 142.132.202.70:443 korfo.org tcp
DE 142.132.202.70:443 korfo.org tcp
DE 142.132.202.70:443 korfo.org tcp
DE 142.132.202.70:443 korfo.org tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
NL 18.238.246.206:80 ocsp.r2m02.amazontrust.com tcp
NL 18.238.246.206:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 fbcdn-sphotos-a.akamaihd.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www6.cbox.ws udp
US 8.8.8.8:53 img103.imageshack.us udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.kulturinsel.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 lads.myspacecdn.com udp
US 38.99.77.16:80 img103.imageshack.us tcp
US 38.99.77.16:80 img103.imageshack.us tcp
IE 31.13.73.35:80 www.facebook.com tcp
IE 31.13.73.35:80 www.facebook.com tcp
US 108.181.41.161:80 www6.cbox.ws tcp
GB 142.250.179.228:80 www.google.com tcp
US 108.181.41.161:80 www6.cbox.ws tcp
GB 142.250.179.228:80 www.google.com tcp
US 8.8.8.8:53 ic.tynt.com udp
US 8.8.8.8:53 sc.tynt.com udp
US 8.8.8.8:53 maps.google.com udp
GB 142.250.187.238:443 apis.google.com tcp
FI 95.216.245.87:80 www.kulturinsel.com tcp
FI 95.216.245.87:80 www.kulturinsel.com tcp
NL 18.239.36.57:80 lads.myspacecdn.com tcp
NL 18.239.36.57:80 lads.myspacecdn.com tcp
US 67.202.105.31:443 ic.tynt.com tcp
US 67.202.105.31:443 ic.tynt.com tcp
GB 142.250.200.14:80 maps.google.com tcp
GB 142.250.200.14:80 maps.google.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
IE 3.165.232.11:80 i149.photobucket.com tcp
US 104.18.12.146:443 sc.tynt.com tcp
US 104.18.12.146:443 sc.tynt.com tcp
IE 31.13.73.35:443 www.facebook.com tcp
GB 172.217.16.225:443 lh4.googleusercontent.com tcp
GB 172.217.16.225:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 calendar.google.com udp
GB 142.250.200.14:443 maps.google.com tcp
GB 142.250.187.238:80 calendar.google.com tcp
GB 142.250.187.238:80 calendar.google.com tcp
US 8.8.8.8:53 www.turisede.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
IE 3.165.232.11:443 i149.photobucket.com tcp
IE 3.165.232.11:443 i149.photobucket.com tcp
IE 3.165.232.11:443 i149.photobucket.com tcp
IE 3.165.232.11:443 i149.photobucket.com tcp
GB 142.250.178.3:443 ssl.gstatic.com tcp
GB 142.250.178.3:443 ssl.gstatic.com tcp
GB 142.250.187.238:443 calendar.google.com tcp
FI 95.216.245.87:443 www.turisede.com tcp
FI 95.216.245.87:443 www.turisede.com tcp
US 8.8.8.8:53 de.tynt.com udp
US 67.202.105.33:443 de.tynt.com tcp
US 67.202.105.33:443 de.tynt.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 support.google.com udp
GB 216.58.201.110:443 support.google.com tcp
GB 216.58.201.110:443 support.google.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.252.143:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 184.25.193.234:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROLMKJ86\slide[1].htm

MD5 e89f75f918dbdcee28604d4e09dd71d7
SHA1 f9d9055e9878723a12063b47d4a1a5f58c3eb1e9
SHA256 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023
SHA512 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 267718ee6560362e8075b28fb0fca795
SHA1 e63b15af8aaaabf8995ed64207da07ea211fdcef
SHA256 b56fe63b2c811f58f01c45ab067ff85c850371270ddfba017c1e4e88297c35c0
SHA512 0d84ae56c9d4a4f3d22f0279a53991502b189ebd1465e6d061dfeb23e6520ce5da04e10a83738238b7f7de1fac6a2bfef563d84d70c6840be56f483f48dd46a8

C:\Users\Admin\AppData\Local\Temp\TarB927.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\CabB924.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9622e667c239fefcdf3c53e376e39cf9
SHA1 ffd83083e2841356183921b8aec479e5c9ae3487
SHA256 545d86e78a7ee497ff04e1c42095f70bda70bf1cdcc6a3eba539e5169ad347a0
SHA512 b7ca76c52a3b5bffec7fde53faa4b3c180096d0c3b9d4204e865156e275278f54639f1c047455d1d7e24164e7ebcf0301101bc5543c757850eafc2157834d8d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60e3bb729f17415d97f6f2619b7519e3
SHA1 84328ea0d890a4ee29ce9ee75807bd95d37f50a3
SHA256 879811cac23dcf18f70ee97239bc033fbc49d032a807878de7418c2ef8add548
SHA512 120f0785be580477f2cae5fb121e7bf8d8c22c53f5db3f04fd2ec66be988920236783cc8c34ef578ebf8d480d8c4ad73d562a507d4cda684f111dd66d3a8b367

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 7b196588d217775969918371973d85c9
SHA1 8d012a0039ba3cafe75bded988d272c9f1b18156
SHA256 d65b9d639e2b390d8e4fdd2cd7597e6ad2e6bfa417824987dd6affbc3a9837a9
SHA512 532b6fc120ece8a3b54d7d8f65e5b37552783c81d1ce343043f1d2a47cc6ee1faa28afd3889c78831a3c199c317c78fb600a87df5a990c2ac7757e2cce4bd2bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4599f2cd4ec0ae9070fc70a102af2199
SHA1 98dad93bdad3da3a58af8215ced823f30a385e9e
SHA256 a86fa022ac1697fe7f0b4d2f451b85b7e97b778181c53ad4d7543eb0b83da22f
SHA512 482e5d015f3bd4a9dddda31da22ced6481414f4a65aa357b69bda2bc8be607ebc940f3adb78084a953d996258c7a8f8be71229ce887d4e83ed454fb823652c43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56a987bdcf49f9f06de672f3f20ed64a
SHA1 38b206ccb46a0d5381f33c007c2bb682b9542d14
SHA256 440654cc248774c4f46be29b5e23db376538b226259b7385a128622ef1f0f6f5
SHA512 b3aa8d6ca1e3c08a8807dd67255462c162c4dad29d0975fb554cb81d2e70e4a4ee0bb5af9e216fcf43cb1d7e7d26b228ba4ba331750f07853d0bbd71c4928ab2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 622f06f1a41b9885e6d97466152c6fef
SHA1 6e6cf875e5f7b40b6ed2d8d9993c3302f16310b7
SHA256 49208fcf6556eb6013d5f646295cb91e27d7df4dffc8ab8613b46723f3fc67a1
SHA512 8b67034aa57da1974a74bd9070c17ca22dcbf079585bbad05e14240c376e85fa8969562adac262f9a9f05a7e4caa4b911980737498ef411d798ed8198eec42d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2bbb051e78958bb21e690220fbd2252
SHA1 d45b4d885b13fc857f30ca0a6613ad6bac990bc1
SHA256 b355f24ccbe0f1e37024ffa6df08d1d636d3f2e7792732a3ae945025c673d28d
SHA512 b42dfa533e1f50b2746e470908a397b3b6f7e4c9ca7dd4ed64195643158536d8a3e3aba7f612ac3888a5297ff2d1270d394cf1e7244cf87e53c6560f78dd572f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7bfd1813e2caec55a8580f202401c7c5
SHA1 c25965d7bdeabed5e4267c0792c858d99bbbb665
SHA256 dcd8c2ca676e697d29636499f7b17e58e1c6badda734115a51900a1c85a17c33
SHA512 b133fe6cd54b80e33472b410e9b2c9e2381378c3376b3a00770372c6115036b02cbdcab8ac73e6f25089eb8492f4c41b910af0b611bf9528fb3a28b3fb6e2365

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d7ed3cea22991c257124cd0d12c65ab
SHA1 d69a8ce8f196cd76554ece3845a809cc5de95f0b
SHA256 47ff137009a6f8eae75b7f4ed23484a2b7cafc1307c0d9f7eeb6c8348cc59eab
SHA512 7635d2ac01c5f047ad3c889fd3ee7e05871e2ee0c981f71bd5d9ea69b42c02d62b17be66982304d613818a81cf4fb9052d1a996871defbc98bddc700749541f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8bd9b86e8ea980afd91680a0ea22440d
SHA1 f87a0927c0fb8f4d57e59d76234a131658c4e51a
SHA256 a0f82d40bf57e434ca8f928f66eade73de984a1fb9dd1a7a93da24e97ba6161e
SHA512 dcfc3f2b616b53b478e514d1b5dbc5c00ddcdce4b82d83d2f2db94e5604caacf0cc63d8b6091970d733ba22007965882b32af67b4009b9a771d594fd556e920b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a61771721ee7b724d3ea220d048e822
SHA1 5c57baeae242d37fceefc4cd6172110cfa1a6a88
SHA256 3e98aa41d30ddc098973a4bf5384529defe6662d2192a8d54d27854ea80fb6a5
SHA512 196598d643f901663c8dd9af643d4bd4435c9925786896df947667d9e2377078c2dbe5241ec27cfe7ea35ade1eee84a90a862c7abce909a3314ef40a820f97a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57db6595b00a576f3d55d10a6073ff47
SHA1 f57d1c190ccb3fe50a5ca4f5d5035e4197f034f7
SHA256 874306cbf6ee9c4ae9bd20ad3b39e4be05cae4b222cd1e0eaa5b1d9a5862b7b9
SHA512 0d73420be18577d186c3bdeb59c40b220885f4f9003fbaebdcb512e3e4bc95251a76e089195a1bfff37a2f54ef737efcd1f41c872bf34c53020d162231857d29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

MD5 c5011dd690c0c76f91a6ce206cdd035a
SHA1 d34c479cb7408536f6cc2833b3225bfed0a62c19
SHA256 fdccf9bfbbd8d6cfdf9249ffb5a965b9d945f4cae5e9ffaa6f00e683afb71ab4
SHA512 0dca0792960b8a3c3e7d05a261af07fee97592c0844ef417d5a06b6d59049ee5cfc6623b4c1d37a5e0de2849d7f5218e28bfee83e40af8d04d5dc0106bd35aa8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0817c94592a5b345f4f5c9aa07d09783
SHA1 31407dd23e8cd648e5c7c8374a17d4556d462afb
SHA256 014b7871112c964e20cd49ba2514bda6dbe402c217d5e7bfbf841b49b1f2197b
SHA512 00570cbfd031a061f42092936ccb5d9c14f08adc59028f556b017ed3c3ecd9cf30a1f9a1b58d3f40a9ec7fb25f31df69fdedfa35f272c350f2fd2ef432a75ca9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7a603f083edd145b47fbc6b9f6006cb
SHA1 e1e2c463c8e2ac141ee2bdb3cb69cf86c44a9889
SHA256 01ea313aadeabc1b6e6dab787cbf85f9e86916e7e5bd662c6f891a8c79731f15
SHA512 2c2fb9ac53b67a22040eaa43ac54bcae661ba82fb16ddb7777c3082ebb2563c1e7967764d9b66b10f4be60ef5994fbeaeb459541a5f9edcc98af26f82f1c9a77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f99d4487178e5e7442221fd18e31bba5
SHA1 776137562d63eaa0113e32e75c31e369b19d9c52
SHA256 d68a7ecd81af62c76bebab94448fe81fdc058d261b968a31092ef886d7a9edcf
SHA512 f9fe936a95d1adcdd2e6de48fe1c27f694add7029d7a0a21c4f104af5afa8c71a81ad9a330af9fd2027cc6bbf6c82782a2448e67b0d8bb409f160b0bcd8ffe60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a070475b80da2fc6e0be283414f9ae69
SHA1 39c37ac76e2823cbb7792b3cdc2a4f91459dac66
SHA256 575a2ff714c5c7d2badc3a9bc60e24dc184614db833ffafd80127d93c6025358
SHA512 78085ecfa7f87589a6095e72295993d1615e2fdfa1b96f6a3de4a022e62b45567bcc2a5cd7362ac2224f48b9bf465c7d99d67fe9378eccdc34ffca6953602131

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84eec1d148d395ea7a2a7bab996e1d5b
SHA1 0f3cf41acf74b63a9a6e4b26db3015694c5408d3
SHA256 9948649c8b41326a4d3daa9e2e1f63d0ee18d6557127ddf3831a053ae7d5c3ec
SHA512 0bbf6499969c2cc3a8dd262e92f9d31b87074e0202ea197b5fce35ffa95d0b618dfbca605e48b35d6edfc20835fd19cb141615f3e9dc2abb99927261fcff4b98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87a2e69e8c3cb5c6d272602604fdccf9
SHA1 971beffdad57024416192a528f789c6e47026db8
SHA256 cc49279ff42fc647ebf8e98e69b33efa26bb800273c60af3459b11a5a98536b0
SHA512 8097a876b670ba86c677a25109f8fddb9dab194de4865c2e8c27f02e3501bac53fe6f67ad731bf07519e8520db09287037a1267d151954cdb309fa5680a8d54f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8a8c9cc1e99b710f9796abb82c08158
SHA1 9cdf6c0c5a4a1943c043764ee31d8e73e82a20fb
SHA256 4c235a5a474a358b62926704feba136183b85ecb70eff234f7e259a0f80698f6
SHA512 8724cfb0b166174480533f88745e79811f77d1df9f3218ab0a7eb49ecee5277928febdd37d83006af2824bdf8c5bff5125555b7cc7de9915bd1e1078d80975d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d2a7c35eacd30ed567f5223fc40e145
SHA1 a66e91e0048f029791686b3844fafb5685fcc114
SHA256 9c2b7dce46ab2137c85f7c657e6256b2a5676d1a0f18a758176345d072239070
SHA512 0daed82e11a06c667a4aacc449f70312f7691cdbaf6d816c608b8c67dbeb98379954525264a7f172918e10cab97f789378f86fbffbbfa5ce6dd31f497bf34722

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b99c8b75a7bb6c0fce5e2df763211189
SHA1 24ceb0e7795e440b8b4eb1d884e93edcb36cbda3
SHA256 1507061d66431844fed47513d1fd61b3dd50cc1c01eea6066656ad8571edc085
SHA512 44d361dc2f3d6628a130398ace67ae8fb55cb8193eca1387f72ec9a835b0da3f7420e885edf6eb5e7cd040609a711efd80a9eef2d7579b94e912fcdb1388f966

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27f7ef565ca22be23579d6e8247cce96
SHA1 17423f5e7aee13c2f3a76dbad63dd42372523c2b
SHA256 ad813a859867f6c077b148a89db1c0e797ed8fd6f086c6e3ac83ad6e67159998
SHA512 5a931a4dc45a3e44eed04b2ccb57023d158a9adf82d4200c95f8d9fc5fca0c96cdf4d632bb9df9bf619da15ae0f40e5fa2354737be2038f879113a9dbe4a4c2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d028919a71508eb10f2a0f27bb30f44
SHA1 5faef6f3b7b6fc7d94cb12a572a88b30aae1e225
SHA256 819941a7c53f0bfe0132258a8d3ef8906645f77d103d37a81e5acbeeb96f3af0
SHA512 f096ab346775bee6b48a72b3659169fc874f6427a04ad9faf434bfba6d1a7077947c2e13166eb4d90ed69c21b035ff45d5ab844b335487b56957dd2e91db012e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c251cdff00baefbedec8b72e6071029
SHA1 827c852bad7dd576b41ba94eb296493d52834310
SHA256 fbbb2476ccb1ee5fe57ebb8ab0c8d467c9c2c89d33532e141a8783ff2cf40dd6
SHA512 a632682c4fb37f59371865f156de026a4ff6b8e8b1ffa00e68faa1fac574df23411b72027cfb7c4305b71fb86d45fb050a8f435f25520583a2ebef7d32404d16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a584778a64239a3d6eeb1958ff521aa
SHA1 da03905782d157bf2c1d178b80ec0196b081d0cb
SHA256 43be4809d05d76ddb4c5fb63cbde04c696012aaa46e8af100cfc32cb77bb840c
SHA512 c6f82596f26a3c7e8c85909c54e58de1389def4c4eb26a3f1600c49f7142d7b9051d2aa074bc97dc5f9f3a7bf0466f42a6c69ae44681fdfed731bad591227333

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e09d4f58aabdf522559db62eada31d1
SHA1 994c37bd2a137f9309685140f7163b01eef1c4d0
SHA256 49c96cbebe8418add90f0b9cd78e63dc0abfa3cb7bc7ec18a7294d6cb979b826
SHA512 911f307c7f9eed23d95ae6afccaa83f31fb59a71b5dcdd03c9437a9b9118aca8e1f05fb2945b4bea016d78001759dabe31bd9f704a88a058c1be225798fd2161

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59107506ebfe583fec93d5b6cf715032
SHA1 362641f75a9dd173ac1804716b406aecda3cbb43
SHA256 fab41daea05c24a888e025db69751a529b1d1d75129e2930c5c89d1619d62526
SHA512 35a6c600994cdcbf250d16c66c3dc16f38d141be731f587d44238fdbe446efdd77f39ed32473d08634a58209f31c7cadcdad1e928067a0097b5e254e8e8b3865

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 4f23f974a2aacdfb1e254cf2b538ee40
SHA1 9dd746927e0fe03473b543908af34d0c61b450e6
SHA256 e40993399bbc5c1f95f19715bfcfb186e6015f0ab5f05a869c78887caa5e8c98
SHA512 919c69b9cfd645c4574aad050146d2d9c9672d5444e05c59b2411c4d35ac5bd953af4cbcd6314afa5cffaa8041ecb09602969f32b710b7625fb6bcc2ec8df208

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bebd50d5931d98b6720fdaace1f7d7b5
SHA1 b6ad62b15c1c3e33e9d7fae398d41e5fb26866ca
SHA256 d831a994de2b271ff0aadbf8f8e668e22f85616e87fd7491d82f348a6ce9a3f6
SHA512 f1c2fc246d6bc2be0a6ae934b25f9c26a3fb33c6cb9e7acca7094d6e51f2aac4d4b86504127f242daea6810c275cedf49f352fcdef33f6cf14a66f23f59c842c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a0f97e87e1429f98440d692b5b40e99
SHA1 99766bd61eb07f67d65297fc074b0dfd17623f58
SHA256 e13e4eb731b992ede1a494a0a7ab07f6af68bbb948c28d52289ebd2bb3f367cc
SHA512 7a74936c69d3d63b8d87e67b6c8624647dc8ddf18bf22469d90dd30a0a73110f0fb269e898e327503c3d6911ae066da592680e78bf891ddf8dc1faf8bb85c86d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d2a01e71e6a3a9f209818fbdb14d2c3
SHA1 b7137b2a1c1ea613f0590b0edc52dadd496ef804
SHA256 e4f2e3afdeddd7a410865b72950aaed3c5ab7c28392f450eaa19400b40c8122b
SHA512 cd3d48f0c252c087a4d0706f0e60bb898be9d820943f07a50e52c7dac1686c19a62e0a0b903cf9e1c001b579abb4c5295dfed02b99e849624ed3d09bbd749868

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8876d998e88d760b4045bfef07ffd545
SHA1 88d99ac8e6bd309c1ee6e3c7d31d523ec60fe991
SHA256 0fe4d487170aaccf9f2095dd5ed7ebf084b318d01474246d0ee349089ee51ffa
SHA512 ad1910d1aa7b206b2135118388a44a48c2c5443f272360947be8e4bf0b2bb2c99bc602f31ee22cad6cce34371a066633def44b8a7194bd8c0a10b90994b1d6eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4093a13640778700d6927f82b4d1b9f
SHA1 b283279f988a6716e9c3f845b1b0966b159e37f0
SHA256 e196833cebd0287fd84d905be4514fb37e16b898b078fff0f7d3b635102ea7a3
SHA512 8e21fd6c56881c416d93bbe2626a25e4783a15b32d185b8b3fc4eecf1d2bf3f1f9c4b2ad4ec908480bc883027e3794f154edef7992f8cab04825793da5372af2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ced228214b9a9adb4061dac449b87537
SHA1 b71c0ff509590d8861190c4b036c84cbcfd36754
SHA256 c4b8f4fc8376955875840f578eb0545ceb1fe233a86a0a3192d3a1c1a893c05f
SHA512 daf65ba215b12ebd67811ab79f572919bdea8d9c6922e7bce73dfc5a00abb451d1cc0fad478fb05351453ee5ae1ed530c16a34e525dda6125e3bf3d4418dec4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 afe51e7401afd3c85a3af2e0a4c0fe08
SHA1 ffa2f97c99d14a5d1963f36e24d248353116f64a
SHA256 ffcbf95f7802370a71d0217ddb725a1bde99574e9a56c0ae97c7e162a6ff06d7
SHA512 5348d84d528df8f2de22034be816fbb80c9d378edf64581320107725e52ee979aeb948514e5038527e6c6162b7a8d5fe80295e0839bb722c49f063be1e23411b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 152cebd184760318e81f08524f0ad965
SHA1 90a560b8d22a94138e8c6f35f83336be61ab483a
SHA256 802e12c22f8d8af50866f31d4064d4bec977e15f3be3f3b8f5621936a614e0ac
SHA512 5eb40f96031a97c7a25517f2def824ece4238466477e593f0bb83c363226dc9a066a745e07098e50772ab345db80a9f5055bbc1b855f19071a53176b0b349654

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c4e80ae91fc6dbb9644e5bd3c7d1437
SHA1 122fcc01fa5063889892c0b58f9a96568ff045d7
SHA256 845418e6b59b6fcfdfe9dca545c054d863e892de75ff2e9dc66a59f45196823d
SHA512 bd96fdf039fc91c85a0786efe7dbb8cb15e1d77b02c69d322f1be839ff1eda938ead5d9a325537f2b04950b84757b5d53733a8a6117502fbdd554f95b13985b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 522cbb68f9bc0814a5a5c2b163174e44
SHA1 8d8aba444fb8bd9a025f7cf3de9f2626d7387746
SHA256 a5d23d109ccdf4a69f6ba106616c6e937137335826e23481b523cb1d8300d89f
SHA512 4cb0e52561c1d68cec427dcd3c06016be2ecd9888ea2ccc41a3d02cd4df1c3428bbbba3ed52b1ac9daf0929aedb585034713c8b2c6d989344d583924de19ca6b