Malware Analysis Report

2025-04-14 00:32

Sample ID 240601-w3461sba5v
Target 8b5c459398b7228158a478c81d47b8bd_JaffaCakes118
SHA256 60e611985e9e257e9683b04ab724a8b150d94ccf18aa29d38a74e3dac8e94d47
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

60e611985e9e257e9683b04ab724a8b150d94ccf18aa29d38a74e3dac8e94d47

Threat Level: No (potentially) malicious behavior was detected

The file 8b5c459398b7228158a478c81d47b8bd_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 18:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 18:27

Reported

2024-06-01 18:30

Platform

win7-20240215-en

Max time kernel

140s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b5c459398b7228158a478c81d47b8bd_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423428332" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e04c036b51b4da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A365CEF1-2044-11EF-9DE9-520ACD40185F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3bf8a50e62a0c40b99644e005acc15900000000020000000000106600000001000020000000f8a4b2e456874a02e212984e7922bfe473484211ae3b131b2ee6b197cad888ff000000000e8000000002000020000000d52c3dcd2f640e1d6d3fa679b72b2cdc3d8feb55d6d39b0040ceda92989c4992900000008d728511766fd31353d8f91b153214156257482c015ecfb742019eac27e9732af01d7425d8c8aa26a9eb9246a581cceff118220ddc7848f976bc12bd8b81fa7a9968014ff278c5046c91b3687776bbc3cdb1d80010203dda60e059ecf9697782e9b6d04721fa5bb67381b18d91eab424a227a4a29997baf28605406555ed6aeff1794552e9beb97f7a1575923f0a10684000000011c438345798d8c6a4510ec27f20fbeb882f4580050c3bbed225bf184227d67e185781fdc686535777cc0d2e49bc02a17da67afdf8158547a8af1ba034b64e88 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3bf8a50e62a0c40b99644e005acc15900000000020000000000106600000001000020000000919bd16861cd53cd99282c562da6293d98b9a881afb477f65054395325ced85a000000000e8000000002000020000000abba82fa5a07c7ff723808df4f4d5d180f063e4b8f6843edd5023321c3c98c8e20000000e8cd1b803c0c1810bf745eadaa8fab765d85a125729442742509c1da2a03b6de40000000fa2327e4a7c77b54eb38cc32d476bf5603da75c995f6f7fc637ed3a09b899a10518d5d6c887dd7a69e26a90c768e7d89c7a97cafa8784201e91f684b86f3499e C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b5c459398b7228158a478c81d47b8bd_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2952 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 gladmotion.com udp
US 34.205.242.146:80 gladmotion.com tcp
US 34.205.242.146:80 gladmotion.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 172.67.70.191:443 www.hugedomains.com tcp
US 172.67.70.191:443 www.hugedomains.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 static.hugedomains.com udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
GB 142.250.187.196:443 www.google.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
GB 142.250.187.196:443 www.google.com tcp
US 104.26.7.37:443 static.hugedomains.com tcp
US 104.26.7.37:443 static.hugedomains.com tcp
US 104.26.7.37:443 static.hugedomains.com tcp
US 104.26.7.37:443 static.hugedomains.com tcp
US 104.26.7.37:443 static.hugedomains.com tcp
US 104.26.7.37:443 static.hugedomains.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 use.typekit.net udp
SE 184.31.15.74:443 use.typekit.net tcp
SE 184.31.15.74:443 use.typekit.net tcp
SE 184.31.15.74:443 use.typekit.net tcp
US 8.8.8.8:53 secure.statcounter.com udp
US 104.20.94.138:443 secure.statcounter.com tcp
US 104.20.94.138:443 secure.statcounter.com tcp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.71.156:443 stats.g.doubleclick.net tcp
BE 74.125.71.156:443 stats.g.doubleclick.net tcp
US 216.239.38.181:443 analytics.google.com tcp
US 216.239.38.181:443 analytics.google.com tcp
US 104.20.94.138:443 secure.statcounter.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1BBD.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar1BC0.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3f5ad3bc6e36b0c3e874fbd39558749
SHA1 1750ed4bc359cf43fd546065dcca4b6641f11175
SHA256 ae88a2bfb1fb5d678f9abd7111610a39400894dcb8ed56e3a9e636191083c899
SHA512 2730c4bd2201bb13aecbc03b6055ac92849f8dbeeed6fb1621be4fa3a417d4e174dcb7c2b16c5888ea730a8669bca762179982d29ffe89e6c367c7168ea5e4db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1CB0.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5a3e29b4618236f888d762f5cc8c073
SHA1 e2639b5010a29f5b82d23fc898e445a9e75f1fe8
SHA256 6516311a925c607b2d23148d7def9635bb8612dbd882838389f88204f7d6b308
SHA512 83d8613d2af1d45fa630112548c3512b4993c13f007017c0f21d15aa93abad023157a0ca1ca549c8f32f88c09c0b2b70ca0a3b187e7518a2a4b18b1333f743ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c7c8564bad79678e86a13ee32e42a6d
SHA1 3f6c50a6c0a71d0cd9f3b4eb3be4c54eed5f6bc3
SHA256 f0d813e86bb9dd8e34de03dbe17d7d0611e920d76f58380fecb3657574c9e7b9
SHA512 facb79ae5dc59bca4602e72be028f62803c9370b6cea071589e29775c3eb59ce7de6ddac34865b692d66452a9d20b572703325b029e23f2cb1c91538c344ffa6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3deec53a5616272ebee47d602be9aa4d
SHA1 dea0b37b64e4107e5c44dd3b0516a4a47dc1e358
SHA256 531bd53d5cb5cb86859122bd3d30001e0010c85c7a4a10097074ba3ace2e45c5
SHA512 44463d838917e36258bb68ba67f2accbfb48bd4025952afc3fa208ac9ad6b9ce63cbea2a45cd18ee216c6d9ab9da9bf49a600e690e4f84002e5d55f0be85cca0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e837adb4c5dee2a845a4383d040dcde
SHA1 dba2b56ebbd6e48e99f4caf0ea199f8bf432d878
SHA256 00351626c6cb1efaf8797bcde48432757197b997e00401526a734d55b8244e90
SHA512 03fa8f53ec14b229c0516a31d6becad1ce1e5fdd3a0742ae19adb2b25eeda1bc3e07493f7e54dcab58aecfac4bb5d79a9a803391c8b5de80d4d8c87c92a7fc47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad4ed7f913800fb58c32561c3421ade7
SHA1 351d3b18e42a283627f40f4cbfc95af6680d23c7
SHA256 f617506044478ada9cf46866de4d01ddd1fc81979d425cfff8073dae73d58948
SHA512 4bec86bc26b7cd14fa1597569d057edebc453719a1d146d921bd850149fc0b25ba0c8b608a964732bbdfc07dcdcb6f795bed97c8fcfb9aea2fe73141ee258b92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 bc02246a1e85fc05a2fcd40e81783641
SHA1 9754c4528946ba00d2029eaaad8fd04b0a1d07e7
SHA256 c8075c789ad57902c09eb321f447f20ab19df219dfff4e6d8b1429d5e04feb6b
SHA512 4a6695c5e08a7b072423d6fb3133b0a08c0ae046e9894166b3ae8f334c23bebd9063480dd5e9284cdd92dbbf01bb3de1000a1f2e985fd995624d7af8b48f515a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d642d132662dc7432e071439e4ae4f0a
SHA1 bf6f316bae7ba3848d4f9e53f29b4402279f1155
SHA256 28eecbeb85945bc8d8f203def27ba55be09b5ca5a9d329304abc30821acce75d
SHA512 2c979888a1daebd6bcaf086534751716c2f8cc070ae7ebde4f47088d5831a52e050a9e497ab6081cfff19e3b79c7e64294621bdcad917a76c2447623dc2cb648

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2baccfdf3e75dd896dfd9571769efb2b
SHA1 57ed5d57f40ed81a9dd842df64bc1898a112298a
SHA256 68b96dea8fb470f9ebf38cc1b37163a6bb70b1bcf386e798c4dae96762d4dff2
SHA512 e994eec3d4c03223c6562ec7eea27da4918c3ea0c65312c13d80ff751cca5b20fd77fc98c126db5b5509d6d24628667d7097c587ac71323e9bf49406066a8bfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8b03b3e6ff2d353587453ccb0356b1b
SHA1 039a70acbf36aff6d74bda228c3f248c60cba113
SHA256 7db69f3612dfc8ce0dbd174f477756cb500677c5de3f3d8ec65705d4fefefc1d
SHA512 b9baa58df1f0525e18c185d7dd08339aa9fec9147033067e3c2034224ef83be5734ba43af7fb8ab19869bb84e8944098f88cf5eea6da93d4c711901cdb7ba13f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d858de3923331c3ce2384e263898695
SHA1 3b919ab6349d716140f5b1645115fa0da5aa24df
SHA256 b5911e8a2c3fde98dd9e164494283e3d2444da6bf62626389e5258e65b53b44e
SHA512 da6dcce04452d3c177176f4a4b0da24147512178656db2a03a8f51e741491ee761eb6449336f3cc89943aa51c7dbe591308887592525dd31f4282dda462f631b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3adddd698bc680cbca9c795eac993beb
SHA1 ed7f5bb506b152b41c083b58b419cad7be87bc48
SHA256 6eb383cc92d01429354ab83a9040d2fbb61708b729d4f20af665398da1a21e48
SHA512 bc6de9087e64e4d560c230a7476e490341fd0012b4a0176f671b266095edd188984e395e7f9bb71dee8917bf44f318d7b345cc041598f65acaf52b4e4aedc5cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b4f764c6c7ad77f421cb4a965f9f886
SHA1 ade13a3c39fc531135b1516ebefca26190c56953
SHA256 73732001a5642f3118cd567083b27478ac652b4f499b2fcd52fa864568776e43
SHA512 418aa258cee15d3625dd6e10b3a659d4e0944b5a026e43303b1472d3d183e660e30e8ae39f7a6bede86ee53976256941e5233c60fc8b28275def8b1e0eacbd04

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e413645b3d9f85e030ca1d07047653f
SHA1 ee5c63f1e00a67f9499a9e516b1f8b84cd2c13a9
SHA256 1df35da94312ef7584ddbf39f4f40cb81c0de6677d5a696a53a5b8cba3a37e23
SHA512 a9dfe9e4530529cf6dc9140ccfc9511a6161f7f8f6dfed2aeaa84236d03937a9d101231ce2b4e888aefbfc83a1b401782801c988d946eb3236c629565f14930a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b92d40c85cc012fc867c7faad83891ec
SHA1 cf713f7bf8c89f37ef4712d6c1e10e81989eb4c5
SHA256 4727712bc950d50928118863b4e399c349a7884a3f136423960261042f2a0b45
SHA512 220bf94200f667b34daa69ff0376cc874ff0d298ffd0aece66f8bad4557a96347cf2cad181e35c02ec5f3a314b866d52e96651a4363a360ff394a740806f8a86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32a34cb0d15512ea571c6ab0e7cd0d06
SHA1 937fc09b44b9fce4eaba759c7926104e7edad5fe
SHA256 bb2a73de1135368f5dd04062bacbdc7df88d43211eed364b37e7fe6e72ca3c9c
SHA512 e862b0f8f0afa97eeb2caff159e3d62128ac85c270bd033afe7acd8c2f38abedfaba17333d0ddd2f5d661c4017f54924a93b3cd093c8da5be8e13eaa545f6c41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 898b4d3da7b04e43c14ec5ad53ac759d
SHA1 5f9734d08ca6d862af8ce9a64c4e0212026e5dc8
SHA256 945161f05e1d8fbe2dc0f89c0a3253118e425858d4e2f6c8caa0dfe19aad5fcc
SHA512 9c16e449424e3a9199490461bd866f3c19639758da6f6cb474df372d4e8d14cfea90e9b73354b998954f740c2c2e86794bf8a92355e00f896ad3f3c73a40970e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f2e2c9075a32a246ced3a2feebc31e1
SHA1 c2e7f0113f88a30d585547a75224a6336f520cb6
SHA256 4f36899828ed4433cbaa7b651a90d0d367360eb83e3d355b7f745b9a9eb9117e
SHA512 2db4b88de7b148d5d96d8ad7731ad699fa522f7abd4326ec2cd5d2485ea102250c27aa1980b4197a7479a9ff95933c78168b6bd407426dca5b5afa7568dbf551

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da6db5108841afec62817cd4ebc58a39
SHA1 88e2f66004c3f285242579455cd87139dd158d43
SHA256 3bfbf3121bfccde80c35020df8181a55e5170f6fc7e05c584279fbc6be041a8e
SHA512 6a7a2b85f1e3e2fab35733a8a9da0f53db77dc51dc89ded66dbc320993e012033d9845536f5c0800891f43dab9dd764915daecf587749f7dfebd95fe81789e94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8442e1325721e9b8f6f22db834457726
SHA1 cffe525bec239efd27ddb736b6d37231552c2bc9
SHA256 e042f75d7852136c886f1692b202b971579fe4ff139c52708313ae6f0f8ba582
SHA512 81c04231e4e996e8732a06af0a92d81bebca8b60aa42786d7d148249f18631ff085196ec5b0f1297e57a0b287b021a1c6dbc1b7671d622abd166b6a732952e5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be6d72c5d61aa80db85b7b02d95affda
SHA1 f059a69762fc3033e954507146a57a7a21977f65
SHA256 205972ecd448b0560072d79ea2c3137dccc54c813ca7789e991bd8d0555afc98
SHA512 27fe0fba1b10ab4ff02045ed3360c20b9cf87285c8714df00de2a95ad07affd3e882e44dd7df4f11dc264a9c0ca51e657b338e1792e82eec0e78461f623b0d92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a01f0e2fd16e50bb9d193711eeb4cc4
SHA1 28a29de12c01b12d9b835bb8f7b5608a86a1c367
SHA256 a8f09b480670d924b8638532aeea67819b46c64dbe120fe9dbf7bc880b5fe729
SHA512 06aca2efee24bedfcb8e1c35950c9efa54b34665a3e3811d559ba05e909295a6350c26dac81e7e3120b50b8ac6f54786eb8b848c15e72aab1f9dd74bb55e3c91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9befcc5f295210157741202a54396bc6
SHA1 d902b37f35bde1deb8591cdf336abc2e7e6c1186
SHA256 2c4bbf51f15eb41a10a06eac1df46a96622e1bbee422b0cac5850cc1e03d2b8d
SHA512 16239ae36c86c5caa58dc57e2b24a9bc48468fb17bcc8f8a564618b49122a00300f5af18d50d7c80fab391997b70ec4d5c94df1666a747a32b6063f0857e4375

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b143828b7f39114411b52830bf90d70
SHA1 08854fc44973710fea914c52c9b6dbd185a93d9b
SHA256 05b5e9ebfe9242128b62192de36802e7c77a6d5fa44eef560babe4fa0883b85d
SHA512 e7327332b2860d62426913a412503d57d7a938b9bc73a8a73d1176a3da276b6b960c9dfe1b5918b4ca422479c2641194a73e11b2fbba6a7dff98520ec4d12e66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ad292e59cfe33098039ea319d9e156e
SHA1 8c52c1b783c9153f00177d49db7462475149acc5
SHA256 9ec2e17d5fbcb5aa5f7d825bd12ff3e4aee04d553158962136e64260c18aa010
SHA512 8c3611aa713a00b23a37c6ab5a99826c662f00acf1b67c472b3cf48d661d6dcc94383a79ed3829a0e9455657647e86b5930ad6c9a828c010cfc9b1c6e5287400

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c05d0b35d314e1fbca4e85a499ea8593
SHA1 907d3813709549898ddd2229b330746ff7b15a75
SHA256 4ef16c74b785d93ca83f46efe2eb1f916c8af077cf7df1bbf0a446cdee2e252c
SHA512 a27ac57ed8addf47787ebc3caea2653c4ce3fc34c7614635c4bb91934ebe03ab74e354c086a3c1ac1521807ff7b02a6c0e8c7542eb7984b59f0413914ff27b42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ee40868e829697c0427e2f0a06fb26f
SHA1 b5597bb9accfb2c5ea889f2f3b76030a63303e7e
SHA256 b82837eb67de63f518158239a164ecb0d7330472930909222186da3003f573b0
SHA512 c55b8b26b27ae040933b858745db5fcb71a6f71e4948f5450687eb42db9843f2011355c069b6e3640052311335d6cc79666b5f3ff3918d3e9380b2fa414e7d9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09e659f6e882b47983c7fc268cca4543
SHA1 e30a28ceb7e7dac87a0c74d047599ad44e8f7b7c
SHA256 2db0a3694ef03bd73251c72a0428a998ce5290706c6a73f50fb6a05798e8e81d
SHA512 a2f86bac12c909082587f457e20a8c43bc03b0dea21207eab2beeaaba580dbbd50c6a322660fd6c7b6ac976fe65e2313358caf092fca09c5ddbd62114e0f50b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e74b91b05156e43bac2fa1d1315108c
SHA1 a996d268bca3688371d06cb4b632b63e1cd6af99
SHA256 5ac44a699ea0db6a89f77f542b29a10c9bf8b8e596dc7c2755fa89c22f74f810
SHA512 076c9df4d2ffb8090d6fefa35c335ee00976ab7f28c24ac6b7f9d65097ee84c29874b67b9ece7670dfdaf820442d01139f7ce1831b6c2f7966f167499deceb4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a7fc1b9015980297b39ba995ef82dc3
SHA1 66ed9fd32cdde89bedd909e83c225b7dd50db0ba
SHA256 69cc2167702247f2b33a5b1e0d19bdcf17ab8576896f461c84966101faf060f8
SHA512 ee8ad8f8f4f73c2de241989ed30e59997c39c5c9acda83944cdea71f5be2fbe9a81c78b6bb40b41c8717368157a2295ff478b8fe0d04615031d82cbcc6e2d372

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cf615832d188d5308e05805ff811729
SHA1 cfbfd345cca6ca76f2cdfd6b515734ac1294afe6
SHA256 494f24d9e8956c68dd04019ff233fd351ddd6b5d286aae4bf9a33141567e09da
SHA512 3e462f2742b8a77aa5e920997c2f6a32c7a5cb912b1beece6ce8c7e212c85f13e00059ef73ff67efba84899050320f2d513b8e6f5c61d7fee659767cedb99a1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6020231d2ceb36aef14a53ace869113
SHA1 3545a5e150a5c62e1d9db826e05ce7e3f78936b9
SHA256 44e43a6620d83af5fbf9ee53a00fb10e4115954534a9ee828fd4bf52cfdfe6d5
SHA512 276141d400b10b0e3efac45039eefba67bcc465d26cfff6dc569f51b59000e5c90a273906328829d9742ccadd118c9dfe39e6579135ef9a62e9b803761ca4b1a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52ff08f7863b005ebc22307af44a984c
SHA1 0cebfca133d6048b1957e9e4aedd41903b3db165
SHA256 8fad77ee75b100f9498c620e0461bfe43969da0b7c3439cd10180c01c2f684c2
SHA512 8fe332f5c16081ef04bc113af3caa8b67649b995ea5d15273ac1cdff3443db741cd66a753d5f0e6bc0504ac42e75cd5cfc576fd338becec100b7838b3caa9c4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01e4e7f602b15957333e9ff571779d46
SHA1 10da77cd166cd9f6150c0bb17f9ce1afd01a06ff
SHA256 f37e2e47af19e09165214ae2f08b1d924edf20f95a4ca16b165518312e20583f
SHA512 8f659eeb0101b2228787a8a5dc7611f0e326a8eec85fca94278a70ade558d301b97c779587ba182babca9a540978dda7f919a044dd3a11c14f6e21de19ce4500

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 daca78487e9698bb3da085c36000f49e
SHA1 ef000b32c60c8de9534c22a6ad1b2550779bd8fc
SHA256 f82301c95db0fea04f6f2f477924d91a792fe855840b64c759570de8a3cf712e
SHA512 64371bf1fa4789217d6b269eadd61434443d426be47532d347d5950a82195a8efd1b235d1fec1076052287cde7fc4f5d0ec755daf661a9ee8c1cd715bce5e262

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29629cdbfaf3cf158161cfdf74b06216
SHA1 8eaa30df337203ad629d9be08b4e4f5bd0565297
SHA256 c9c11076962648b18454b0759708bc707e7183018bbd388df2caeb06d4d8e352
SHA512 199bed3b6239e9abdb90604b08b8e69f94177ba1d56527a4e6622ecc4efa5d3a03bf60461b9415fa6876f40864f0a487a3eed20859dfb7c856c69eefda57fe74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ecd781289ad8b6c38b9acdc4f6f0d404
SHA1 cea3c4cb52211ae3a2c023e93c86abfedb4299d0
SHA256 1a592eba7163b819b1d4d897f5ed1100b27fbfbc3b122772ab2a0b8de3d615fd
SHA512 95525ff83b96087be5b6fa80d7520adfe22ab227cdab62ad290bfae771eada0efea670799657a6497c22ccd7a3453818e778a91bdeb22e08c2023fb9dde7294e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22399ed02852846b8ea8cdd8ac5151bb
SHA1 c88a62febf9e91c0201d8c685206fc2a59d2b263
SHA256 c0f989cd1efcd090137dab986bf6d8e0c5aa1df5a4de777bc5f771c542e8cbe8
SHA512 b298f119f67cb6821430f7719b5eef281fd83b17a7eab4850da468f589ec34059b8807a56c6bf97a5ca1616c18630d376ee5a004540035a74950d82b3adc2c63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7be30db286fa9c39bb915ccb7f6731ff
SHA1 f6f99c10a21a07efd9ff3603edcc43a7c1c3161a
SHA256 9b21d83c3dd2c6d309ac7a543e45601d9a107233a303b05f7653985879aab541
SHA512 52d334b996c2a7f1149800e453b5908b90dec0561e1a80f20e7a72acb451fbd192a4af35c73901649461edbe517a71c98f78c62eec60e2086058575ef1b21752

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9789f744111d871e60cec7ccf2ef97ae
SHA1 abb31ea7677562ed6e56e8231726c87beed9dc4d
SHA256 c4a75bb143a461b1b7bd734f3858a67a05a559248a942957eb9e7202c9298d04
SHA512 e60b5401d964b0798b5457a413ba911f44fa78c40e16b2772c6846dd92e36ea6bf9a054d6a50a4b86a12083067df0d4ab900289c1c36b694b6a36021c17ae078

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\recaptcha__en[1].js

MD5 4668e74b2b2a58381399e91a61b6d63d
SHA1 89ebf54e996e46f4b1e26f6dcda93bad74fc0a1c
SHA256 b0e3acc54460721385d2e472dda7288382f2766a06b38d2e732d034619f9b929
SHA512 b2ead3410dea89b658bfb0ce67842569641cd6c29889ecfb223a83637600b82b0d2e55cec26750593359663a22896f5da91d3df9f085c204803cd646a7cabc28

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\favicon[1].ico

MD5 0106d4fd24f36c561cf3e33bea3973e4
SHA1 84572f2157c0ac8bacc38b563069b223f93cb23c
SHA256 5a6c5f7923c7b5ba984f3c4b79b5c3005f3c2f1347a84a6a7b3c16ffbf11777d
SHA512 57b77c5d345eca415257e708a52a96e71d3ddf4a781c1f60e8ba175ea0c60b1d74749cd3fa2e33f56642ce42b7221f16491cf666dc4e795ecc6d1fbfdb54ab98

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\92bocja\imagestore.dat

MD5 4f30fbcc3b774e8f6919db7f01eafb7e
SHA1 cb096149a3a8c8a38c2d50186daec82d6a9845bf
SHA256 1fb7c5caf57f6fb99584b6bf3c059735399db3791a9eff6f209548bdd3eec6c3
SHA512 e69f5f4de5151b0ce4f55ef553b1fffe621a66ca250412810abdf9a7c44d223fecd55ed0a6367ad74f9b086d2b16fc98fd0dfad9a36afe8f3c79235d988e14d1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\styles__ltr[1].css

MD5 5208f5e6c617977a89cf80522b53a899
SHA1 6869036a2ed590aaeeeeab433be01967549a44d0
SHA256 487d9c5def62bc08f6c5d65273f9aaece71f070134169a6a6bc365055be5a92d
SHA512 bdd95d8b4c260959c1010a724f8251b88ed62f4eb4f435bde7f85923c67f20fe9c038257bb59a5bb6107abdf0d053f75761211870ca537e1a28d73093f07198b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a7e686e89ffb2852ec8a9c8940b10f6
SHA1 b3f05d4dc49cdc57a59c0ba08cfa9d850c304408
SHA256 aac68e6cb481a93fe7678957c41590c516c5d81a883e61779f1b923b113749eb
SHA512 b6e23d19907929cf6dc63adec41976335185747bc43362b509e04bd28a8557eefd5e6fe95d14eaca12dcaf4f2eef592e06eb57b597faa6081599d63d2d5f4c07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e827134d10fb347b424416a8cb792d3
SHA1 ed85f8d9146530d50b56988ee54f9a2fe5312cbe
SHA256 b3d152512092b3b1fc7361c97fbc1f64aaeb26b56cf5f731e7373350c71c3696
SHA512 1f0c67b107582c82fb5166f6ac6cc83eeab6c69bfc25225744f04030a42fcd428c3961a7f690735e8d90e1927a3be2a8ebee0a0a57ff7470858a17a1316591f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 d4e85a905e3c93b906e9e64ac0c086b7
SHA1 6d189af8354fb3b5b8aa93ff696aa58657da9ade
SHA256 2a1e4e1a1ce616da3019c161c6650ff1ac59c7f7267f2814f24edbe76c8aea66
SHA512 e555119c9580d74f8038b4da7db486035e74bf6928a830ddda64f1410d8644338d062c991e25c9afb7ac7ad2f40fa85c1882c1b5f9c0f46380a54780befb327a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5724e79d59e272f29bd6f8c58a4905d
SHA1 7e47db7b3534e4c6323bc97cb197db9c5d6a41a9
SHA256 96d7bb0d4218091cf162bc6f48d7bf7c5d8e61095c7ab34e85ee234b4cb2b5fa
SHA512 db92bc70e98718f5c47ce30fe35f9c734a0f4a1870645c7b9220a81d4e3a541546f99264749cb77c1c8c2db148d9949ff67a053a0d27cf4388e8ce0a1f385fb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 740bc3a4498e221e12b31b3980fa9f38
SHA1 ac47016f22992f1403d9103b502a1f4105e05759
SHA256 5141cd5b0ebb33ca5f56a49eeb96d4eb48cd968cb7fa9fde0b584820768a6374
SHA512 f5a899083d143a29c7bf41f9e387e91473f88e5f27e301c2295db25c372e67387f44dd444462619bbc70ac17eb1b634afe543f752f5e4d5090f5b3a94c66287f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9b4d446d12d0de7202ce5079b37e81d
SHA1 5d5db788d5c58254a64d83752ed4e411e5d70036
SHA256 c3c3c96383f61986fd385e881b447229af9be1404372d16f66ce7270807f9694
SHA512 1ff5aadaf839780dd3d2786e6bd6d075cd29f7183f53172f9eaac217f4975d4c972b675bdbb9d78546e586757caeafe9918e717c3ff8b0bd88c3a37ad660bccc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aead01611f5913d519f4e55b96c0ffcc
SHA1 67b943e8861465fb954e80a983e89f613fd7eabc
SHA256 fff3c9ef9287e596b10dc6458c3bd1259ec8f32ac202123e2ca28270ca7260f7
SHA512 264fc4480ca13767f7a8a6add1d88a32f9240c58dd9d19dc6ca299297e45923a24ae878c1143b2636ab947c1dd9b3b0f9c13c3c15fc58ac3e70fdc7bf329f3e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ff5dda0022ab2a40e61a149c409d334
SHA1 14c7b8cc13cdf00462df8258cdabd48cd3ad482d
SHA256 37cc016a166ef9a1a9111bd2bafd153936385eaf7e4551532bd8599f28f77847
SHA512 ad8796e06257bc0055ed5f7eea48e05387d71b9bc3fb21e71d965d3e200dabf41315b73e7ad8c4e1c5df50c3d7907b4e79ffe6bd3f70330c19963f0041c9b518

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7437ed4ec6f04738a570ce64bfbf9976
SHA1 35b8e08fd9207fdb3b4b5567755b149fd78c5822
SHA256 623691380fda4adf499bdd7eaa10b36dc0065a55f8bfa07b54b7a302b8141ec9
SHA512 c05810567b0317207a05cb5c96c6fb92d521dcf2a96664144f61c1778a28920880c899319b2792a45c3852170a7269ce635defdc3cc2ef5a0adde9973cfea987

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 fbdf6138ebdcabc57ecd0736a52bd04e
SHA1 78fce787f4b544591866bbbdb5b2b5eecc965ecc
SHA256 8356385f888c4ec1927c13bbceda33bcc804a6379d9d4d9ddc6b60f7d8395c35
SHA512 201c879f08af201a2194e28bf4499067fe428b47f09a792bc45466dfd60129a9aea7520f05ee1827a9b98f20fa2dce3286d116bf3085718b59e6c4c4dc0bca47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c113f0a9d8d7ced11b3cbf64c8bf7f51
SHA1 4e036367976e7fa9c7472317e2bb766d57c17910
SHA256 20b501b2f54ecd60c02095ee6c790355018d976cbff784496614d653f92887b6
SHA512 1ec105feb422584f93f968e8f71c448cccbae88a48bbc0fbd26877b9e74ad019bd693770308f8d0b0ebf45909868487de527999320ac63afcb3f45e5ea7b24ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b06ebd775e4f029eafe9df0c25ae7a9
SHA1 299e06c8830b4b402d603e40d528c6825cfaac18
SHA256 113656629f03b22ba42761408626ae6547b3388836acfe90b5f0b48747a63eab
SHA512 852b8a32c42682ccb6fb80fba0491538d6e427c309b49a603d3f01b2216934f3449eb5fa2f7aa103f403b6254c56035033b9ae2365f9e6552ffa05f5668286be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 142b0330b83790e9f7b06b9bfcdd0e24
SHA1 0ea71308b87d52e9da9ead8fa1a659eee0121b78
SHA256 ea55a0a5d0cd8ef879c79f93b8a6a9121d546d8b4d64da976f09add5841149b2
SHA512 623c52cc8a35a030a4007e5170b34389e28198e11bb69f645a9d76b10d3ec358b1bde3fda2cd7d3f80e0a219210999191fb6b7373af98851d52c05ba9d427065

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76688a339c7e8fa9599afc2cf34db179
SHA1 e1b1e8149c15a915b457b1f91b0c045ea124c480
SHA256 22aca903ac941d4919719dca51ad598d269bb2cb1b0fb5ecbcc2e6b763423601
SHA512 c553a8c47ad45e06812549107884a11c3542f65c1844020efb651d3c600a30b3a606502d1b6f81c32868b1b0fd0d0a76ba71b0fbce6eca7a493e9b3a6bf505ae

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 18:27

Reported

2024-06-01 18:30

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b5c459398b7228158a478c81d47b8bd_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4900 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b5c459398b7228158a478c81d47b8bd_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa797e46f8,0x7ffa797e4708,0x7ffa797e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3944 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 gladmotion.com udp
US 34.205.242.146:80 gladmotion.com tcp
US 34.205.242.146:80 gladmotion.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 104.26.6.37:443 www.hugedomains.com tcp
US 8.8.8.8:53 static.hugedomains.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 use.typekit.net udp
SE 184.31.15.74:443 use.typekit.net tcp
US 8.8.8.8:53 p.typekit.net udp
US 8.8.8.8:53 146.242.205.34.in-addr.arpa udp
US 8.8.8.8:53 37.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 74.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
SE 184.31.15.48:443 p.typekit.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
SE 184.31.15.74:443 use.typekit.net tcp
US 8.8.8.8:53 secure.statcounter.com udp
US 104.20.95.138:443 secure.statcounter.com tcp
US 8.8.8.8:53 c.statcounter.com udp
US 8.8.8.8:53 analytics.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 142.250.187.206:443 analytics.google.com tcp
BE 74.125.71.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 48.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 138.95.20.104.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 156.71.125.74.in-addr.arpa udp
BE 74.125.71.156:443 stats.g.doubleclick.net udp
GB 142.250.187.196:443 www.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 analytics.google.com udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dc6fc5e708279a3310fe55d9c44743d
SHA1 a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256 a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA512 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

\??\pipe\LOCAL\crashpad_4900_GMFYYCXDSGPSXKZP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9c4c494f8fba32d95ba2125f00586a3
SHA1 8a600205528aef7953144f1cf6f7a5115e3611de
SHA256 a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA512 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9cb598a7c0bb8ae153334560cf8f833c
SHA1 3384f722f67bc74b3d291926c639332b09e89bac
SHA256 bc5db64ca1a26d419f402281262d0af0dd78ade4a94c272f5618c7cc400e26db
SHA512 72bbfe61429d74f15243d60fa3d5b8a053a45137fd455bee8da8035d5bbf30a93a9b9b879e9fbdfe7c72d0956983039ac4692d30b9f178b97ec39746c6c28597

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 f998b8f6765b4c57936ada0bb2eb4a5a
SHA1 13fb29dc0968838653b8414a125c124023c001df
SHA256 374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef
SHA512 d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 324fd934a5d13b22cd917775e57ede2b
SHA1 b436189f015aca27e178c08177e4c184a0fddac7
SHA256 5cd3f8effc25fceed2a1af1ab87cc9275d4e94798992d3bb52f6f93ae8c77d9c
SHA512 48bc61d62a249b213defbc69a8e75655ea390d975decb84b55b83441a04e2a0d5035db0f048e3f367a9b1da01ed1ab68b019d4b46fce8a016542dc3c06ff1b21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 79e58dfe921ad19ea8c9ccee497c5803
SHA1 46e4cfe4fe04f8300629394f9d3bda3b90d485aa
SHA256 962078cc46f6fc562ad131c3229ab91cb9f3c8ab427e56e044710077a6e3dd19
SHA512 2ad326a7697320405719e199444ebac3b288ef1d99de5905a4b5c980d67ad2eb7d04b6910a1902977234b52e181de684f62ef1ed2b3034ee176e7c2f5d823ff7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 27c41e978ab2a2d4c9f1d7fa8d9c0514
SHA1 1dfe2f781e2b5275a5b8200839d82d11496f2f9b
SHA256 33772ddcb1d34986381182a5dcf98ef16afdd7d698868040e7cb01a4bce40129
SHA512 0c476e507622da64ba705f4c0a5af39ca66a36dde8b6aa96d836e471d99bb84e46ca9fe67db4952a105428da06a0d0cbfdd960b2e26a85030de7108e58680b3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b517f0a9685badd7b5dbb5c68bb5913d
SHA1 571562515157d3ba0983382d4b5612e091aa6099
SHA256 8c8f3c1c2356bf943821802bd083f047af145e09ebfb06963ac3bd097c771b92
SHA512 1a127e7b32126b736c1dd07038a320796008ee93fe19e5e159aab2ba0e77211c5f85df1b0ef5d80188a42952a4fa45f41b53796d41e2ea1f6a0492dedb56902b