Malware Analysis Report

2025-06-16 07:32

Sample ID 240601-yyk9fsdf8t
Target 8ba290fadcb88ff82a0cbbcd07e633c6_JaffaCakes118
SHA256 988ad09b79e71861c7b80f1f4ed8c11d83569c3629c1dfdaab11f0ca87dc3ceb
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

988ad09b79e71861c7b80f1f4ed8c11d83569c3629c1dfdaab11f0ca87dc3ceb

Threat Level: No (potentially) malicious behavior was detected

The file 8ba290fadcb88ff82a0cbbcd07e633c6_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 20:11

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 20:11

Reported

2024-06-01 20:14

Platform

win7-20240508-en

Max time kernel

142s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8ba290fadcb88ff82a0cbbcd07e633c6_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000096d44e218791689ba15740e8cf2160f31077138c68c16c126f84e222f008103000000000e8000000002000020000000a4bf210cf829d5a0edc82f3ab0488f576628214d6bcb5218658db2fe29173bf72000000044b7a358cbe439c18ec542db6e778fe3d08a1098b45efd753579e9ac7343cc3b40000000f7622d8f231f2a9d1d4bdfe76ae14daded37261df78474b8666427f675d5c51afc4627f3b7b4032b0b02e2d57447fd6f27e9e25a68652b57b6b057c3d6288a77 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423434567" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000002dbb1588bfe3c1d5cf95c609eb4b36056eb59f3d66a9fa9b310b76f3e28259d6000000000e800000000200002000000076dc2fcab27d8638a0fdd4c670e812f695b9e547128bd055e93e0458bf9469b690000000ac3dfb0005d74d0ae923582cf7c8ab5ed43509888448861fa6d393ebc937071c8aa9ad3722e272b8ae48d55db602764f1c33aec4eba26fe3b47f40ad9e17881328ad84604b78187625798d713f7f4b8e171d37be46997fe3171436436834c250426f1a5c28c66c331242679aa24633d1055f650b78ef653e14cf722cdc4f7b2fb5d79f2e8dd1d7b113221ce9c97cc8684000000061c296e3855c61f801fb26a9513b85dacc12671f418afd41796844609324d1d087c2416226729daa9603299c372309ff63a338d598989aaa9f43a0d246386732 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{285E5561-2053-11EF-9449-6200E4292AD7} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 807bb91860b4da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8ba290fadcb88ff82a0cbbcd07e633c6_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1520 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.footytube.com udp
US 8.8.8.8:53 indexsa.com.ar udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 edge.quantserve.com udp
US 8.8.8.8:53 s.footytube.com udp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 216.58.204.66:443 www.googletagservices.com tcp
GB 216.58.204.66:443 www.googletagservices.com tcp
GB 172.217.169.42:80 ajax.googleapis.com tcp
GB 172.217.169.42:80 ajax.googleapis.com tcp
DE 91.228.74.244:80 edge.quantserve.com tcp
DE 91.228.74.244:80 edge.quantserve.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:443 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 198.185.159.144:443 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
NL 23.63.101.153:80 apps.identrust.com tcp
US 198.185.159.144:443 www.footytube.com tcp
US 198.185.159.144:443 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
AR 190.105.228.129:80 indexsa.com.ar tcp
AR 190.105.228.129:80 indexsa.com.ar tcp
AR 190.105.228.129:80 indexsa.com.ar tcp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 24b31dcb612ecc13247a0aa61ee81d79.safeframe.googlesyndication.com udp
US 8.8.8.8:53 ec2-23-22-102-201.compute-1.amazonaws.com udp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
GB 172.217.169.65:443 24b31dcb612ecc13247a0aa61ee81d79.safeframe.googlesyndication.com tcp
GB 172.217.169.65:443 24b31dcb612ecc13247a0aa61ee81d79.safeframe.googlesyndication.com tcp
US 23.22.102.201:80 ec2-23-22-102-201.compute-1.amazonaws.com tcp
US 23.22.102.201:80 ec2-23-22-102-201.compute-1.amazonaws.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 d39mo2c4ydi49l.cloudfront.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 142.250.179.226:80 pagead2.googlesyndication.com tcp
GB 142.250.179.226:80 pagead2.googlesyndication.com tcp
GB 18.245.158.97:443 d39mo2c4ydi49l.cloudfront.net tcp
GB 18.245.158.97:443 d39mo2c4ydi49l.cloudfront.net tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 198.185.159.144:80 www.footytube.com tcp
US 198.185.159.144:80 www.footytube.com tcp
US 23.22.102.201:80 ec2-23-22-102-201.compute-1.amazonaws.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1D62.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar1D84.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 920581f95a2585a677d93a10a2ef8e7d
SHA1 39a696ef24bca7a671f68891f1e1dfdf4c369397
SHA256 0d054fb16dfcef2709ea59d92de6ebb2dbe13a65131d83b05390ee4c3af31106
SHA512 4b13f3931dd186f6d3285d8fbd88b11165825e0c3a5bd9dbea49d28576e44e0bef9cb73488d8ee2b78087159fd5ea20b912cda1c89b2ac773307884c3d08ede3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA512 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1E09.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe95cd88ecf1964f427485b5f7c6876a
SHA1 52f5827ca9165c432b98536a543814ea9c420550
SHA256 053a967524778366c5b07f8dddca0e29e25326c89e5539cd487097dfd17937fd
SHA512 022432fedab0729f3de814fa898b2ea673d87288d279fbe6e659999b13c511f9c3f04d149eb284d0434ee4fb1b3237c2e973f2fbbbd9702e1eed22e324db1d32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1d2b6bac9492b5e627a3da718b8b249
SHA1 d0bc7df51c011258e12aa46b4e3e61929fa75161
SHA256 fc28775df8261ce5f16ab67f0ec263d84f44e62b1156e9f83372844916188808
SHA512 9452ca0c26d893ff71dd70124a3eb9eaaf3f45fbea0e683b398c41cc3b247d0bccbc610fae9cc682d1fae19ad592b9c5e3fbf25f21e2b0fb34fb91ecc5140774

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 febc0c801f20b51eb0c1bbd9be7a567e
SHA1 b015f5e3491a3c0abb9865b0bba3e143f7c308af
SHA256 27e9b929cfc7c630cdb05cedc1ee2e24e82a08cec0d143b8c4d65cf454a5b4c0
SHA512 5ad76da58fb53db888785cf68b1506bcc5b3697752dea8c9122cb84f5175354f1604e50c3fce8adcbaba568cf67c69d25fef4bc08effa6f89f33f26c880bb187

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bbaadede4bb6114f18d0a4a6a1a32260
SHA1 c2ca7b7eb7a84406002e80d8644c1aa1db96bf35
SHA256 16256b51b4112e2ae80ddebdc8554f9970359b1c7ac01397ae18f92e2ea9a5ff
SHA512 17bd4ea88c2896050b58bc2334acc253a75c9e2fe1d809babc5d55d1c4cfe593373a545b411a856e48c6a57a2a15478842ee33e685fb4db2b06ea86b70d2c3fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7938e0c59022126f64a322bf7ee498f
SHA1 1da83c89767cd9ec158eba8b816aa89f006709f7
SHA256 063eb324530a95f11470f5e00dd51f119c6ada4313afd8e256461321594e7dce
SHA512 7e1e936589c42de6b926f7b15e6b8aefabc83baf06b8b21a00c0306349bb8c80f2eadb25c8bee3b0d47d16125c1bf736ea6d15a1c0e95b499853120b6e5e9f74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05e6900a8ad44b7e5ec0296d6c0b46b6
SHA1 71210e302802606e94801875c1fd262103714579
SHA256 44c8aef787516f124f1ff4b956a00178a3620c43a6910b8d8b027f2048abb521
SHA512 31a3d3621b6909e1caf6c4bcc56533f27fc1a6d66f3209ad2ad111d28ae0f9d35107ab5b6e06250f38406bd88161cf7c1a655cd1c9504c5ed72845fa2a7209c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43e7ff06f6bf82788c00055dc078d1f4
SHA1 dcbf79bf739e72d69b92a1ec6447fe66f29a0d77
SHA256 da681c6bb429ecfe54b1cfe9281b231875f5eeaee93e038971d22fa54470b5b6
SHA512 ada351d3664c6abec3caadc9b574244b70d90c601e6a1de6389e66f09f103087173129c9e9232e30020d035a3d79099a3d6ec757190124048826d03239ac4ad3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 960531fedde4d399e7f5b42e76ee5a49
SHA1 769ae5e5002cbca3236fd165371d918b8e5b30c7
SHA256 fa324e426e36f192bb0c2bc6b53c343b174916d780d3b3e4e56107cf71ad7a00
SHA512 bf6e7fa06a74113c1b082f248937bbcd3a7342f3df014669fa9cb5b33450fd7172e7587deaab2ce9e214f6fefa711a0c6fd3a9942a3467d0d5d3e726a0cd2734

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b587729e9f090ad68885a8a7ef5ea04
SHA1 90948693b75cbf693f9552f05c7c8b18794bfde0
SHA256 af8352531cb06fabff78e9c8684e008172570d6031fce5dc2d1d473a9daa2398
SHA512 9c59573371f0fef237f7ef6797cedf9a444ad2544cd72ca0008eff345c9203f5eb83a93303d1316bbe3298976c98daeb75323a19fcc6bbbf947c05792243d35c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 788349a6690fd9b95e51e907264c3767
SHA1 e8d00e2597dff79d0616ea01a4ec1274dca4a5f7
SHA256 14d1e1ee973ae2ae128040646f473666377f11fc47cb1aac3b18a9978c91b64a
SHA512 7b35022ffe33ac3533a288e6f900d64bea01924d24c5c6906a6b4ebfeb53043a35b77b892fac2a7754276575f4361b5cb6cd5fcb9fae5c75e581b51da1b1bce9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43305dd2354eead80726a46e18b27b38
SHA1 b1c7dc5407b68c69c98d96cfe521b70eb329a5ef
SHA256 3b2427ab53831d433f0b7f2bf297ed9b884f0fd4138122a1e415dea1614143ee
SHA512 3a0f1aa2fb1ef06e59d97170eba899d9466fd9e986fcf4fad1a50a1abac09a97cfd2dfa1f221d8bb806bc5b3042f4577437ede74b6f74c4913decba1e423677e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70a492ac83277f4275f6ef522b56d588
SHA1 4fffd3fdf9054a94f5d996dc3954307f10d220af
SHA256 6f955f0ce28674d602a2653ac72df66acc50c32534a83e136ba925e3e0c11c27
SHA512 6b6de763c756ef9a7f9b9e4643aaa7a5de7dd78bac5e173ab9be5dfb1b676e3108bc7f239b02ba437801b023b267da008ae87db2c7131a050f75e5729b35a556

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_1FA458B79FBC47B1C202EDEEAB58B8A1

MD5 cf3b2c0646273b69d87f19105b43a9bf
SHA1 2211ec8b9616a3488846b8d677ed10767b52188f
SHA256 66347c7d4e16eb3c62bf7b96b10d12e66324084bda5e9d4d12292aa11f4c92a8
SHA512 03b108ce23ab12df96533c9e5a628a90ca5fabcff405e0c3b8cbfa2c2fc84083a112147b0e9056ed9cadc474bb121be52a01b7f81f7cf716051d42bfc1bd56b1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\f[1].txt

MD5 08042986e41b6758a5fce670ee36a9c7
SHA1 3f1c3cb39b52222f715a9a58e2d9e454cde655fd
SHA256 dfa4feb05444c78b51aa2b2153442bb838538e6915695f60e1a46f2b48abb1b0
SHA512 21816d8be80b057876e5a0374f5a77085ed5672d855e9bfe489754ccfb2e63d9f406998c40c748f2480b70cd0e34573f7529dd48c906c6f0948ad82888cb6670

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\f[3].txt

MD5 0e29e11137c1b1d3809f86daa018ca83
SHA1 a525be6d27bbddbd1678eea0e6caae8deee912e4
SHA256 0b608b88a8ac18849a5e5a6d5e3590956cae4c28ff7e2760791d681197b90ef3
SHA512 25d6808f0c39b1492126de2db9365fee7e4a56e9596559cbcc9d3538a637c1d440a17c28518d2e6d03c6c4bbcdd60f23cfb04749d5c9098d8edac9b0ceba09a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0d9428e1ad751916d0a3e8152fb25fb
SHA1 8db77dfa0164e6020935b27bb6733efc28df630c
SHA256 dfd3fe1adf7e9c957ff745abb92ebcc73b76c59c2bc4976537392ebf43ad116a
SHA512 bd6feafa625cce7ca5c4c21a4c41f6146ed732a9aa753199cfc0fbadbbd3148c43e1cebfca4329008320dc83e07feffb99e0d90b993ea64da0c5287c53f86ba4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7495cdc0cb8cc5ee5576db6d2cae4970
SHA1 e00aa4ae22a21e09696e8a7ef6452657ac9e62ec
SHA256 d7ba2ee40d7d3d872b6161d2ed935af008f98842431897b0a12090f4b36bc242
SHA512 36b7e940e4da1c08b1113434588eedd1aa6134d4be495f55cf2a1857ab514a3b7b0702ef33a8f1859f7f4c8396fc655abb0eb10d942948fc2f9a56ec183662bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6973e2662da5b131c129637c192cb41a
SHA1 ce3d27a9c771d9749c6c2dbc668476b550e5b16b
SHA256 a0d9f23c5916d7a50736754e5af9d38730fb47f31e78eb9eeb96d4630292b774
SHA512 5b53b985f25707ea3e85ebc0a4b9aa1a79639d34fdc7dee4818f1dd9c9de3a810ceb90f82d072e05526a4edbebbb1d4af1f46861dbe1ab39cb68e39f3aa64c83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4210e6b45561493d04ef476c574c9d0d
SHA1 e6b049f0f02f6c5376118da97c517deae59696c9
SHA256 c63cb342f311c9f749da2d8e9d9c66f57233d32c10bea4112c4da7807234bf2c
SHA512 fa21859385022e0b8e39377c21b929af53e445c3c06d581530599812e4f122d8d9ba7661a7576f379567c17f1791d520e43113ab56b5378a506943eba85406fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80c1b282b9da9480961b6f80dabb97cd
SHA1 e6da0dec7b7aa0ce5843dad06625aafec5580bc3
SHA256 ff86193660e4e8939ce84d1f517b43a83f1364ab2339a861cfa1762818ef99c4
SHA512 d79728bbbc03ff8e279c6b099d86001305cacba020521ea6744df188cee00c8e7244afbf203632393776805c6062e8d3699068860cb023fbe71b46d676c1fc02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 192d206a08046f94f31bb233741fad15
SHA1 1ad6177a9a7a8134da324bab18a3c13ed87e1731
SHA256 59146b1c13ce5a107c3612bd4663aafa97bc34e1323be6fd416f283f7564660e
SHA512 f0736c2635570e8812043f70616f531f8cfa65af880e82ba4120d89011f801e431e79f58377d841fa98289c432bb9082c8811e83e1f07abec34f2f2b69a43ac0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d15ed8af6846cbf07694837101f53d09
SHA1 9c5d1d377152bb45034cbea0d6d2322f08d2e007
SHA256 fcf28cfcfe4dd3997a1ad988216340c8a7e662e2580e81789a7bd76e13e4a4d5
SHA512 1ed6f3430f3e8d1ebdc4801b9f8e0f41f53cdc5922bb2a54f7f83194abb193aaa9145036da94df82b713270b52e7e014694bc03dcf9491e4bf09a99df83845f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae3685e5f4125da8ed356866eae769cd
SHA1 aa893a6768dbb468c7a658b8ae009215cc6f8378
SHA256 48a6e342a418a7c1e54ddb3695b53c30e08a37c6b011a00e8dd4ba48c6c1f622
SHA512 6d3175a31797c352886f07b9ead431ada6ab8845cadc16aa1ed58ecbfc8dcae8989f0c66c9fd25c1e180dfd5ca20b2b0e99899474795de254b132506a2754294

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d5f0bf94c5c343e317ca78c66649f2d
SHA1 d9307fb796f25d847e3fe34b2266c76a81a1ecaa
SHA256 a331b01a17896f84d86595072649ee1c6d7bdcb64e699cf0ebfa23238d554afc
SHA512 5d458764ba099cea884339958097dcaa6ed242e699d847c37e4a6a0862ce90d931592e88e64fb11a93343c3b409a0cf81f9b6210ffe6ee3f868b0cccc8593d99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c85513046ef148952842426b7877ab9f
SHA1 1449bc08406a5e7356ffa4fb29203b067c537961
SHA256 874917da1811ac5800952a2839cf6c2599dc7834d191a7de5f3e2b7aefec8c23
SHA512 0f905514390df9adc1a1af62d321eeba737ba446c3dd37925d8a12098885515d76ba04d20759f3860f2790b5efd917ca25eb148bcbc0563fb962e480c86256a6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DXNVH2XS\www.google[1].xml

MD5 4ec0b637a1ea113ab425e6ad87f8204e
SHA1 35cef2d903fd6a7095181c3b58ba88231dac3854
SHA256 8cffaf5947dd85cdf6b5e9ffaad9005b7c1dfecbaab2291ac09f1079a334a0d8
SHA512 7f8895f069c91d35f627b3db68fa0b65c24ec247c6c4cc76022943186e4097f92d42774bc5da880cc12b7c29c4d38fd82930d8cb667bb6fb82f85a50c9ebf193

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\sodar2[1].js

MD5 2cc87e9764aebcbbf36ff2061e6a2793
SHA1 b4f2ffdf4c695aa79f0e63651c18a88729c2407b
SHA256 61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
SHA512 4ed31bf4f54eb0666539d6426c851503e15079601a2b7ec7410ebf0f3d1eec6a09f9d79f5cf40106249a710037a36de58105a72d8a909e0cfce872c736cb5e48

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\Y3HubG91w0oOOPANmf10BzExwHhzwFaEJ6t8s38bQ_c[1].js

MD5 4e525fcdaee8223aaab2d3339578d388
SHA1 23978ff3b6ad6b63bc154667c1f54118ee324a8e
SHA256 6371ee6c6f75c34a0e38f00d99fd74073131c07873c0568427ab7cb37f1b43f7
SHA512 424660f9af4d12b2a66a2b6a77581634d7f9d1fc329b6067cafb18497964da970a16bdd536bf52d5db443aebb6177d773d09a7544bbe7c046888f539480f6d5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6003c3fc7a6d6c14ff6f7901e0d5d8d9
SHA1 53044e2fea81af3ac1749496228e13fd3abd99a1
SHA256 f2ab5d6f9cc371ce1788238de8c220059526a48c8bfd643d773b3139c9064156
SHA512 2c8a21a0e7ae9da0bce921d0d78ff9148a5b6dfeda8bc8333c9d77b519630b590b31f67ae612a9461a032561519c8d399a8617ae35631daade8eecf09f83960b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8421947478baa694401a94b58d9b07cb
SHA1 571a7543eddd805f910033908264ca0ecc33f600
SHA256 04273bf808707c0aec795c76628323401710ee04221da4b0791b6831cfe36fb2
SHA512 654d081f1081678775d9604c2e97b1f05f85429e20f5f61e1505397902f583397881dae329fb25d435805b2206a44bc933c736056843b4d9c99cce6be50a2690

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b83af0cdcc407ca1f7e283d70bc5ce57
SHA1 cbcaed48108dd96030a15708f45fe10af6125dd4
SHA256 a626bbfd16decf53ec3b70f8bd4cb1d1be06e64cbac3ec41f27d954bdefc8edc
SHA512 e525d9e5b4b591dab456870014c378c90e83f80eca1effdfe3ae23ed0bd3cefc2f4428db27aba75759593dd280ac0e45ba8ccf67482ba2629f56ad44b4af5771

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cdbc89f8a73742fe6324255443bc9029
SHA1 121f6c30badf7241b1c11551215628c6251f7d8e
SHA256 43b9eb40ac3e725c65ff2c89f2a4778d4d2a3c7c9d3f3e87738f3db36fa791d0
SHA512 2edd9af37f6c1655e8645e5da59dd125e1ac32d227309b3e84e20e8e6789bd885b599d276334f55154749c8a99b10572613f8be8f1d81e6cbdadca10491e403e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4a89dec8cbed7af08a122f2fb9e721e
SHA1 0f62fe33af45ea87acd12db3f2a61fcd85ba569a
SHA256 78b9ce40eae543189b971a5db225a27d9602939f53a47f65aeb30b1793f0e0c0
SHA512 99a1794a1b19abb6a264589769cc0414f8c73cc4859170857e250963b56c31fe4f7aa848cc04faf2054fe57d75e88915866dcac960b083feccc50a1a80c49ce6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b44cf64eaf8a6af0b2b7bf10087d260c
SHA1 ba3d4d178a55a648c532fd1a5c07090aa94bc32b
SHA256 779e2d89fa7fdec74239364746b99d3193122f166fb8307190eb1fd6ef1754fd
SHA512 ec938d29e6cbe59a5655f18016d23d3b4eb100d11a9d7295b46615a0a09a80a04f127dacda53ecee8b62398389832f718dcf5d6f6e2a658684ec0d7f83ee8667

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ace8db9b0b8713dfcf517f676b94d7b
SHA1 e76c0d1715ed5be597e84602f471f44d3d503c24
SHA256 bc2c00e08707e6edc0a588b7c54566c3053f928eb73982fa5e2d28dbbdd95c30
SHA512 1a1da6ceece81c4712dd64e489d35108c9b180838c232dae70c39db6b9d0c355fd7e3720188b1f8216bd5a576a1aa32fbda1449ddd6339fe63b10b6d05c7f23a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30e449866deaf507eed3f76636b4300e
SHA1 5cbce7380ae22b81dd5a2ba4174069b464b78039
SHA256 e85f10443950935bee40e40a976cbda4d7194da5a5f6219b0e52da7ea5b7d108
SHA512 a7777945eabb29ecf818084542eaf2298aefe94e36455a72227cc3b37d99b34536ba45525f0fed1dc603b843e1fb5b1397e34d59a400140f8efa82b180021890

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35ae70c8ccbe3ca8a1f5d18a562eeb57
SHA1 7d776971efc18e1a4220b2bd4aa0de631c70807a
SHA256 08c6715ac3b44a4e1892fa96dec7996bdbde9ef663cc99485c468aa392929ee7
SHA512 5e2a167c9e4de069d0bae7690e32f153ccebdedee8ddb0d1bce188257599b2c5dd38ea65ff3d7c52435a4450f983e4d4cdcd0231bf0ddf5eef34bd61ae8227f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4cd822463f014157844d9cce7986d34a
SHA1 47e06cfa6aae54cb8430e468e5b24b898f2d29cb
SHA256 ff3cc1c5e7a78051e7388490de094b09d0bc47071aaab773d46b57cb18e111e3
SHA512 03a99984321c71ab86de450e5b1be6ea66c75c5056eeea4eab51213c6ad56afa0aa1771da27667030809288ca20d56d064c79eac6ecfa1584b62a67bf693fcc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71d6fb01bade40a77fd04a83cd59984d
SHA1 1ffe4f886f2cec4ba968257000b2978b1539224a
SHA256 99fb1140834229c380331ba6ebb1991ab901182d663525b23c86eb2aec4ffdd4
SHA512 ed8e07276423aff4cfc3597dd81484d0d0898be011eeee8a2837711ffc52908f43dd55ea1bef9be9f242d0506093e8ea9c85d31dcbf88831aa52a8eb05615468

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30d517557946003f6b70f8f9d0684fa3
SHA1 277c861402b5109c05f3bdf2c6029a73a3e56574
SHA256 714d95d044b1bd1f22b64f5e7f1971d16ac479eeb7e4c62a3a2c8f0176866bd3
SHA512 96f9ffa9aa07ba76084c17eaceb4c46143f2ab782f3e719d55ab220b916c227691471f4306d362c386512e77ef8b5d9dd5bb5db3e879c0b76582366ca7e5d4df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 834468221fdc6e79c77509a3b4461ccb
SHA1 c40990bf2a6a805862feebb53d6ced0044cc9d65
SHA256 6d15e6b2401c80e94cc45d768264391219ee80d8d62d71e99e625fb966139505
SHA512 17110e3bb14c7f2a1f8c5cb2e15c778ba1efeac73cdd1dcfcf8808210f48443b8d4716934930df3be259155d74ea79e6f4ed32c60c88d13f21457f94be2dc2cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59ee01a32b8182526b65c7fe11858c61
SHA1 253225f6acc56098d7a3e81a750a51fbd23fb3a8
SHA256 0b3b8512a270c6cb968ce647a57657ddc4527e7d8648300d8b77790c8ccc2bc6
SHA512 fb1a1f4d8127dda8fc35f898db5061c4fff3519f203680f2cf06280f1ef860ff17625ffcf6229b5dec9c70e5f7061d25aeb5957cc49b1b27696ebfe5f2cfa11e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65e9f4522bcf9541cc8f88d94529a010
SHA1 851415ef8e35dff1c24b95adea4d7ca41e3039ea
SHA256 83ae0e9c5ab940474de2c637ec3c2fe5a9f4173e846486752dc29a07fbd6681c
SHA512 3450298eeea060dcc8357f793d963d2b79db949a044e455b458cf1021d2617aab4f084c101865af8969813a8b0b87cc59190fa1484a2e73e33567877bbbc7f2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a16c898696c79c6d6f8710aad252e40e
SHA1 fa2523c0e89127c5689b8d278b8f6f754ecbfa02
SHA256 32c02151c960de44d044ae0345e1183d5a79bd2646a9a3f7d4b8df32ce340c70
SHA512 6a87a7580b937057daddd22410be268f055be3b555fa0eea74ad9c963527014276c15048008f485107eabd492a35097b41da9cebfd2f0feca5989bca0ef46113

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6196bffa5787f2249952ad90942194c
SHA1 ef8418ba3c4e5d4c3d1e41c8950bfe5a1f43cf61
SHA256 74100a51c233c146ea453839e10c84926f036adec66c9479b7dcb94e4ea9c7fa
SHA512 39114fef3a6b6dbc6eb076d0ecf0ff681265ba59bad49698af1afa15b2b67535f0bd5bda244d124e55820d88ede8ca90dcf615bf29a7e4b6ad961f18908f5a00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd58a12c9e2249f9e30937a72c870e3d
SHA1 4a40b6fdd6ec3c9059a638fc866a30e105dd98b8
SHA256 36bbb8f72d824b0c9bc8840019b02081eddd5abb2da39ba9f4cbe09547c6b5d8
SHA512 4f38dccf6c0e60bec6780b9b9f16bf7e80f7f15bbfdf4be65be0fbe64add240c710d863e782b1ed985e701e47760bd8cba7c3ad291d95035d1b305f5a5ced869

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0974ce757ae87e783eaca9e8b6bc9ea4
SHA1 32140748ebf7ba3516bcaef9fb2bf1d372f15fb6
SHA256 9ef4ea4fbe850e109245aa37ff0ff5ed5a8add7d994b3dba5a044535fdfc1b10
SHA512 0a42d653ff827bd29461f35406420ee58d2e9bd8965be14da41453bb045ac9686ab543fe5f2af11d19d39ecbb18c3b950675abb165574a6ec5aa918e63a3489e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72b83987e118470ec6c3443546cba975
SHA1 acceb753cf421935c68a8c63d9d0ed7789b841d3
SHA256 1df9e2ec1f2627eccd04010be671e676b713bfcc1b26ecdac734aec49ab9b65c
SHA512 e3508983f7e36e869bb3a91f88e04ad1a426f35c77100da3c630729675c6f02fb701d4f6b63ed5adf40303e401a57605dea37bc4340e3c649a094b4a9f2a78e1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 20:11

Reported

2024-06-01 20:14

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ba290fadcb88ff82a0cbbcd07e633c6_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1396 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1396 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ba290fadcb88ff82a0cbbcd07e633c6_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb2aa46f8,0x7ffbb2aa4708,0x7ffbb2aa4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1710015578629128037,4903609602345843616,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 indexsa.com.ar udp
US 8.8.8.8:53 www.footytube.com udp
US 8.8.8.8:53 www.googletagservices.com udp
US 198.185.159.144:80 www.footytube.com tcp
GB 216.58.204.66:443 www.googletagservices.com tcp
US 198.185.159.144:443 www.footytube.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.152:80 apps.identrust.com tcp
AR 190.105.228.129:80 indexsa.com.ar tcp
AR 190.105.228.129:80 indexsa.com.ar tcp
AR 190.105.228.129:80 indexsa.com.ar tcp
AR 190.105.228.129:80 indexsa.com.ar tcp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 144.159.185.198.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 152.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 6c7a5fe3bb9a167698447036a3bcfd76.safeframe.googlesyndication.com udp
GB 172.217.169.65:443 6c7a5fe3bb9a167698447036a3bcfd76.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 s.footytube.com udp
US 8.8.8.8:53 edge.quantserve.com udp
GB 172.217.16.234:80 ajax.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
DE 91.228.74.244:80 edge.quantserve.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 129.228.105.190.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 244.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 stg.truvidplayer.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 18.245.143.60:80 stg.truvidplayer.com tcp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:443 platform.twitter.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 60.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 66.220.184.93.in-addr.arpa udp
GB 142.250.178.2:80 pagead2.googlesyndication.com tcp
GB 142.250.178.2:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 ec2-23-22-102-201.compute-1.amazonaws.com udp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.72:443 syndication.twitter.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 72.42.244.104.in-addr.arpa udp
US 23.22.102.201:80 ec2-23-22-102-201.compute-1.amazonaws.com tcp
GB 142.250.178.2:139 pagead2.googlesyndication.com tcp
US 23.22.102.201:80 ec2-23-22-102-201.compute-1.amazonaws.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 ftthumbs.s3.amazonaws.com udp
US 3.5.29.227:445 ftthumbs.s3.amazonaws.com tcp
US 52.216.112.211:445 ftthumbs.s3.amazonaws.com tcp
US 16.182.34.129:445 ftthumbs.s3.amazonaws.com tcp
US 52.217.11.108:445 ftthumbs.s3.amazonaws.com tcp
US 54.231.199.233:445 ftthumbs.s3.amazonaws.com tcp
US 54.231.136.97:445 ftthumbs.s3.amazonaws.com tcp
US 3.5.27.67:445 ftthumbs.s3.amazonaws.com tcp
US 52.217.88.44:445 ftthumbs.s3.amazonaws.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 ftthumbs.s3.amazonaws.com udp
US 52.217.160.1:139 ftthumbs.s3.amazonaws.com tcp
US 8.8.8.8:53 16.24.18.2.in-addr.arpa udp
GB 142.250.178.2:445 pagead2.googlesyndication.com tcp
GB 142.250.178.2:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.footytube.com udp
US 198.185.159.144:445 www.footytube.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 198.49.23.144:445 www.footytube.com tcp
US 198.49.23.145:445 www.footytube.com tcp
US 198.185.159.145:445 www.footytube.com tcp
US 198.185.159.144:139 www.footytube.com tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 thumbs.footytube.com udp
US 8.8.8.8:53 ftthumbs.s3.amazonaws.com udp
US 52.216.26.244:445 ftthumbs.s3.amazonaws.com tcp
US 3.5.28.33:445 ftthumbs.s3.amazonaws.com tcp
US 52.217.114.81:445 ftthumbs.s3.amazonaws.com tcp
US 3.5.29.21:445 ftthumbs.s3.amazonaws.com tcp
US 3.5.20.19:445 ftthumbs.s3.amazonaws.com tcp
US 3.5.9.142:445 ftthumbs.s3.amazonaws.com tcp
US 52.217.195.9:445 ftthumbs.s3.amazonaws.com tcp
US 16.182.64.137:445 ftthumbs.s3.amazonaws.com tcp
US 8.8.8.8:53 ftthumbs.s3.amazonaws.com udp
US 54.231.164.241:139 ftthumbs.s3.amazonaws.com tcp
US 8.8.8.8:53 94.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_1396_XGNWVVDHAMELKWWR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5e2ff2eb1adec851a207c06d140e0c4d
SHA1 0f51a7bd71e5774d1245f9a5a3228d8caa9602ed
SHA256 9f92913a904d7ab4270ec04bd2a44572476fa8944e8c92084707f830b2ec4b26
SHA512 8a7c9ac04dcf2aa11112dae432b7198a36657482a857dc5f6178d6c9d9e3cdf552299ab4b13664ea9311fba7724109f2dac6013821c87d2a54f15cd72722e843

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d38601fb6d9b6070d19f879dcc844a79
SHA1 31abe47f6caa1ba60a765484383973b2948210d9
SHA256 f92078ff9e64580b4658999ebfdbd1dccc94dd0c443618c9bd3032c5c8e73343
SHA512 56a2bbd4b5ad5438366b7144e818b74b9a75a6ee542eb0700b4ca83ed3b262b46a04a852c629239274859f170e74322f009c8658c918d1b27782dc49e79d3d9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b48e818aeac921559b26706778c37807
SHA1 a9247329d54aa7bcfb3066fe09609db3bcfd33ea
SHA256 ae1ac33bfa655938d3d31038057bc7bccd4bc605c983cc5dcce4942565602d4b
SHA512 4107f8fa2f53555e62ff7a28fa7528a812ada271d60bdf62b4b548092a870b104c88900e9737edf641430a32c606b943d9afcba78eb26c599aa8a75ec1392f9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a37836456d15eb10b9b35ea52ffc1ca3
SHA1 3bd9e0a592a6b54c6c302e02e60b4befcac98484
SHA256 b4d96d55c38c5069a74d6b20b885b7f71fc286d86872dabb1a6147de9b4a5d13
SHA512 95b7ae1d749abd63b5d60b6a2df06c08a66147cdca23852089eeb6b71cfa1c685f9fba75a27903ac926b09745fbe709c3ceddd07ef9ea4b89fb01e5a63c29213

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 48ebdb00f0f90a64c2e3f5695b1928a4
SHA1 54a02888bab96487091459ff2a5a1f73b8e97ff3
SHA256 751163ccd9f81c8f6629dc13a0bc5c9527505625d5fa848d8b59bd6b7f6a3c12
SHA512 95db06add0c08d49a4f50c169abf4a11534fc494e0b397c6e2eee8635159a995ae12d03c326ae16b9f524fdc75baeff51164ce56d35b45c4080162b3ad74b277