Malware Analysis Report

2025-08-10 22:47

Sample ID 250127-sbr6latnct
Target JaffaCakes118_40be2a9ca30beb08f5c1f6ad89e6cf4c
SHA256 0e020d6f5e75fffe845137171a6a965b212f1d24ab515f821acf4073769c2930
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

0e020d6f5e75fffe845137171a6a965b212f1d24ab515f821acf4073769c2930

Threat Level: Likely benign

The file JaffaCakes118_40be2a9ca30beb08f5c1f6ad89e6cf4c was found to be: Likely benign.

Malicious Activity Summary

discovery

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-27 14:57

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-27 14:57

Reported

2025-01-27 14:59

Platform

win7-20240903-en

Max time kernel

140s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_40be2a9ca30beb08f5c1f6ad89e6cf4c.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444151712" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{050A7B61-DCBF-11EF-B17F-465533733A50} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b054c8dccb70db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000077b194add3391c49bfb3f801efb3700900000000020000000000106600000001000020000000c6bf8a8f0c1d879a91227b7c04cb8aaa11ad53412015c5a4d28b12dda5fff537000000000e800000000200002000000021325cf6809fdbc63d9c75a40e04a09f4591a08db9c4d970bccabe6b1179733a90000000332659c655c6ecd3c9de8706915fede05a01e32a1c6dd73be3d94b647556e6b378bd47bcb67acb399ba83b6b8a95bb0beafe70de6dd0d345c0a47b2fe334c9cf21b8f5fd57801b7ac5870d8e81b33b361bcbe280de1dd4b8343ee9a32e05ebe9de746354368f1b791b0d6b626848958d3e0298bcb23201d9f760d422c6442b807ec30eb57a0a9a99e82853ec2d9da7f440000000124b425dc68be8a07a98257405b25cf66dfc6e55e9fc1c4dcf87c5c8ffffef8fe3045505ab3a7e2687f972fb5cffc405a7f5bbe2950843580a3ac50e1ce62481 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000077b194add3391c49bfb3f801efb3700900000000020000000000106600000001000020000000be7110a1700b1a4855b6efa42ef9d78840b8a93dc16a7218538f63f87e3eb68b000000000e8000000002000020000000d0b4f64ac2410172062a82c8f72e2a742a184a7688b0df07ae8d688e2d835e8e200000006829f1b147f901840db66d0e51d506c0aa1b9e3d894c7f0eed9b5e4ea0e98378400000009c740d8dd72c36e149ba705f732c328e54b057ff2ec8ac4424661c1a475a0f60c4407380e500ee5b4285955e7ddb7e73b1fb33b2e3624fa5a1c0ad35af79b772 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_40be2a9ca30beb08f5c1f6ad89e6cf4c.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.freestats.net udp
US 8.8.8.8:53 sharegods.com udp
US 34.205.242.146:80 sharegods.com tcp
DE 45.10.154.57:80 www.freestats.net tcp
DE 45.10.154.57:80 www.freestats.net tcp
US 34.205.242.146:80 sharegods.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 172.67.70.191:443 www.hugedomains.com tcp
US 172.67.70.191:443 www.hugedomains.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.213.67:80 c.pki.goog tcp
FR 216.58.213.67:80 c.pki.goog tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 static.hugedomains.com udp
US 8.8.8.8:53 www.google.com udp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
FR 216.58.213.67:80 c.pki.goog tcp
FR 216.58.213.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.213.67:80 o.pki.goog tcp
FR 216.58.213.67:80 o.pki.goog tcp
FR 216.58.213.67:80 o.pki.goog tcp
FR 216.58.213.67:80 o.pki.goog tcp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 use.typekit.net udp
GB 2.19.252.211:443 use.typekit.net tcp
GB 2.19.252.211:443 use.typekit.net tcp
GB 2.19.252.211:443 use.typekit.net tcp
US 8.8.8.8:53 secure.statcounter.com udp
US 172.67.34.118:443 secure.statcounter.com tcp
US 172.67.34.118:443 secure.statcounter.com tcp
US 172.67.34.118:443 secure.statcounter.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.117.22:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 2.17.5.133:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab6328.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar632B.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c42bd94fe5eaaf1c3e9e28d64fd8854
SHA1 ae0ecbc74fa534d21c07f68a9d6a006cea9b2729
SHA256 3204040affbd54d01dcc960ddaeff1bc312cfc96c6cd111775df876b34a1526d
SHA512 74bea153d0be652431fd1977fd89f09251f70ba6192d83f6a7f405aa36d49d37609729da7223dacd1ad67c7efdcbaa9846decb0ceb5a4e68be31f1fa8474e06b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd21b56220b991790e4640f540ea49c6
SHA1 ef17ff9b73407348e2e01d14b964a40ef2b6f2fa
SHA256 b7e33c39f6c234ae1edd58e86e212487c4416f55fe1404a968357dc925a4b6bf
SHA512 06ededacb2cdf0cb5cf405c98a2bfe6cd0d6ef9ec4910f9b595df45ff682874b0cdc13eced53adc947dfc8d3b4be3ab7a41eee4285e3c5c02147429adf434d0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46036da62136516757a0a5a6ff8cccf3
SHA1 9b96f3a45be8f50f2bc01ac8b82602300e8da14f
SHA256 1151df620afd81a0b08955bbb6d4391ca2ba7f02db4b57d9726d1fae1568ba73
SHA512 d102ab8f768f50de3d3d3a1b75458efd8d94eef548d9ee5456c8ba65e787ec9abe19159b56971b28e297944a81e07f263d1384306dac79a28023c3cd8685118a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 226fe78be0df30e30144cc36660cc58c
SHA1 0e4a466ec804d362bcf23b07f53e9fbf46aac53c
SHA256 b2ea21b53f73d20f060ebe42d59491958c1b2664bf54e19f33de2056e1da7fff
SHA512 6c4c48dfcdcbdb3e86d5b139f32c77633f213b6d2dabed7beea4317227fea98296d9f0f3ffda15551255b123c79b87d640ca629347056c3f15dd283acc4a7f86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aedfc0228d61a2e4b5c794dbf1bd0f39
SHA1 20ccf514566966a671ca5418f5fefb541d7b3f33
SHA256 7fc87041fcd533c0108c3abc9b5bb8f686f8e43e5d7a878da8707b81efb30d8a
SHA512 ad23892382a8bffc04d40b5cd7385d235631e65e7f6e0ddd560114a568de69dfb4eeb28d55ae6d5272b024910927a58bd9b725cc20a9c3048fe09f63f59bbdba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d4cfb310d1cdbb0d063a92b90070421
SHA1 82b117029bf027591d3720242037679387338181
SHA256 c0aa3010d940badbc04c60f6c698316d8e95f71b6468453b70743d16f7e98b7b
SHA512 72d1304efd2d4191e7f11dc7489ce0327d3db6c3f9376bbd968ea95eabe81ca6885168f34458eb1eb0f886df971de47c0a1b6f45bf85b38e2509c50ceae9530b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 f3a83da2585d15318450afcd39346e79
SHA1 c655476517fba1c8f79dcb761ad1eb666ac4c3a4
SHA256 d3d5f57ccb556edb4eb42bfc9d1e2bc2180c256c132b56c2a13a5e30b6b9f13b
SHA512 64a39fd2438db0f8e4e8a95a0f9a26b1d6268a5bcd08de1e7e1200e42767b18b66b3a87bba1ad2976fec61b437f9250d203739c344706a21ec7a80603835f4ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a036a91adb531ad2c3e1e50403884e90
SHA1 162332e7c60731ad443d6b0914ebe59f27a004d1
SHA256 1d8875361927fa4cfc553da1297605a416e0e29e49bd1a8fb1fe656691cf13eb
SHA512 91165a8bd8e910ec871a078738f57af0a3a71d74f11f91cf063cd41cc8e7ff1060b72c9ac9b6df04df1eebf8b5d5f13d0ad746d904767c9cafb17223bd3105f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96aee1fd35aa0058442c8ca05ce0c6dd
SHA1 73bc143a6c4152661ade7f1a592c24588abe024d
SHA256 97028210ca7f68732bae12730e7bba3c5669a33cd79acf0299552c68c6ff7716
SHA512 e6bc4053c298d35af6486d732aa20f70ea410a7cc0825583a6251ccc63b96b1c0be5b2b5a5d9b3762fde7ee42bedc6fec15ffa8f2a6d701a451ff0d21e691a6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90b29b294874dce9f317a5a1df2c82ca
SHA1 9a97e76fddbece6803ee6dfdefb526c5e1ca0c23
SHA256 c12d9847bd2b4cba2e438b3a04b82c6b5da008bd100f31ce246ab19f22967186
SHA512 ee0c4c0ee2e703d18280279519c38bee05f640ca866597ac58da676be8712f1cf17c9cc8da0281ded20dbcf8d3ff049bcaccd01cfcb28e306c827fe5a8568d83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 686eebc0a6f8d8bd61d6e98cecb8876d
SHA1 219a6d34fd314afd8b5230ba8a2a337146428d76
SHA256 973d22aff0894a45a80d84dee9a94422d8d6dd4be360ea202e9f88fdce0b4178
SHA512 799e3bdef12c844a1d634e37e1c21129101975cf3dadb8e007bb039ba18941a0c5e426f9682f53636425fc0157324cf05c9640fe70a9bc4be57c41fffa7c5049

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 926b5c8944fc31a7994b0b79ee6796a2
SHA1 f125e6bc5aa54aa9fac54b05166079abd4c830a3
SHA256 abce52841a1dab727f171d2ad6a7000ebd6c78882b949d6b85e79d72dc80e3e5
SHA512 ddc87c282598fabdd92a7739ed9ba108c563ba9810f556891b3e164f62a5059cf3da350f72f881ef084f622b05ffbcca7cb11bf87e1925b6e390788c84e57ae4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52e8faf7760e9c36607cab7c15e21f0d
SHA1 1f1d02e1bf84da2ae1074269959531f53ab785fe
SHA256 bfc85ed008058e60086cce91df54c19e5f6de9926dcf93d12afe6305ef1385eb
SHA512 842f7a99e0485b00c6a3d5835b6e48529ad6c8fd0b54c46f068bc95a79b5eb5cf241a9cea18576e63a70cacf45100047b84f7d17f4501625ea0250c0dc04abf2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa136048eac8ff78602e63619bb5f944
SHA1 eb38c29a9ee797d0207495994ea41e856b4fc413
SHA256 0e1483d918f0cd89e033e7d14344b9d5b03bcf3c4d4c5d691562244baaf550e7
SHA512 7799daed6c19aacb83e8f347afabfd90a1c732d9bb1640f765ca642976246c87f689f8afb0970107e0de4cc6ac0d635c88a5ed520a3800d6fa7f070480b8ac18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e97387b05d1c65f424fbdf3a5d9156b6
SHA1 9171056328bafcae8440ddbc7fd4693704ae5dd7
SHA256 b609df37fc60ec1c7a68a87ec42645c8b49b92b281fc2a1873d00a34cbad29cb
SHA512 0d4e3da8e2a7d4820627f33cc40ee02df1f3e153f9ad390edcd7555748195a51e2382d73a432c02a8980b02b37797ef172241445f3966c2c4eb5ddcd585fc0fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9b3704f4bc1ed656af1f78c716c60ef
SHA1 2ccd0eaa17dcc86a948dcd0ab36b10b89a1f77bb
SHA256 6351c5782ae14114a3978a249643b1c48ae6a06feacd7d50847729fb96a689f2
SHA512 ce81abcc2e717e776e203820ae28911f80a1dc66eaf9df04de5ce4fcb434a520253c88d0bc079035d1d4d4aa717dc7d15d6b56f6f8933a08b347c1d4d906ad03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39eeea49cf7eb17a46cea97bc04b8dcc
SHA1 57a1c7a769d44accd4f60c58504202a13431505e
SHA256 6b76fffb23b961c0fdbed0205fd8fa57b0b46a7b4b79ee45408d54e483675b1e
SHA512 9904789f4f5d43b590b5d7c904e6be497aeb7b0eec3345d730b11230f8ce040d28132b11b96e211056454e6a725ca3dee87c385f5f47fcd94c5eb0b161f961ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a48aedae22ca8d042a4d20514b5dfed
SHA1 9486daecd45d392e17eb9ef89ceb3bc46ec8995f
SHA256 a009a13997882f0fb36c79c6e37a66183507a74e9eca91f8a9f273f1f091e2cf
SHA512 82ad9fffa7fc47144576719f3801a4fd6678ba57893dc295666443cf272aedef26791063351e80021b504ea75b14c073ac78e3c0d112b300cee10b3d6eb3ca13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd14fde938e308fb4df87d787b00fa7f
SHA1 acffc90f5162a5b9fe5288156cd16d3b2591e0e5
SHA256 6d0180b7da422bea78b4d49ce3f8a79458f1a0b59d2e9de38cda806286259718
SHA512 42057fe4a6446e818e3c8ca66ec2f344874b00ed07af8de4bc4915b90ce1baf6ae36ca7808d0fe5257ec3447afeaa5c0daec741d7f38c68c1e248e7636622ee8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ac98ec168a038c9dbaabfb8d184594d
SHA1 b7292173de7e84670d9bd89ccd210d1f66c832a5
SHA256 1eda6b67c6157d17661a4f8b7035a0f1ed42849b35f8a3430ac27e73bc8b7c9b
SHA512 bf06ee34b8127b13f18ab00cd99a0054fe9d16d8ef9647522719e7eb1fc8308344d3ace7191ec6359ebecf96d42454ec55eedb544ee599a560e2d5713fa7cc6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cbdb3c5318561482b3a40c105b1457b1
SHA1 285a4786d9405b941f13a4e125ca45a98bca07c6
SHA256 e51a4de7958ebb962ba34e5468b252ad7ed5fe1f0642d74998a46bef188404ce
SHA512 1141ed090e10e0fc61af7f6ca9dd8aa4579a88c66f99b6e3fa3863f24b4e337904b49aa3ee854cd897d15ffcf3f80321ab1b6a9eaf872642aa420e52ade5ca08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2af1f3e3c543f1e8aae83b72e0ac8b7f
SHA1 85b1238bb4cbc0c8f306e2ab8f9509a651894432
SHA256 4cdcb74defabb3b9397c4633082dbfa6f6e01e6f3b512330605046c41d88ad78
SHA512 b4ef97b2c8ddb170b3841f1552fd526b8eb1e6687dea37d8c7f7705af19606ad4b4c3265ec70778fcac0a8cbbb7cb55969b9f18d0dd5b654e5025f254d9dcf62

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ed9218f54dad7dc33920705a2895ea7
SHA1 99de6c7b1de3b89cabacdb24ceead97a6703bd59
SHA256 1db9b7868ebd9f29e3ce3499fe453895351ad3438e38d95fe5940ab41eb22f69
SHA512 c3f9732101d5565ebe3e8bc76a617980cf909dae044310e5aadf84aed8ce5de98717ad1338a88fb6a20510ff3271b6efd75e31b7c68a285f76d3ed82b73a6c20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2b93ae42dc93bab05c39171200ab2c3
SHA1 76d492fc0bcaed245ad9a81f0fa8b2fc1697a382
SHA256 bc56bdf885ea536e5590d43d28452fe10d178155c210968c8515069973d3ce69
SHA512 3ed1329eab8537bc6f53c3c8748ce6b75d28c38daefd3cc3cf3af9b9808a9cff96eb29f249e0c5a50fc175b722bc732b14d4005dbd4687c282cd3f16a443a034

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0190a353c63ca7a83c40ff39d5cca4b7
SHA1 aa54ee11028e714636e5c643be00f32325d87f60
SHA256 ec5f5c2766f72fb5941e09c9ce58cfbd8515b2f2dc3fb1f6502253fdb47f5810
SHA512 36ab30392e2c5c65bb9fbffbb22e167c1a5e04f073f09e91a4ae78b7d27c65717bda8350268ac79ebefed7968597a6f84196b0f7c83331c20b19f4bf9cd9b0ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8766811b0bd565bfa97c4577c5e9c44d
SHA1 7160fa3a1c7228e6ee1ea3658d968f09351f4baa
SHA256 3a639df2f261981c84d60b24ae83bab1c2858ac8ed69d4727ea3efb604b62b9d
SHA512 8bf4bdbcfe3151b71f00d9b25f9f17acad7e2059c87ef631020430bd3a493102cbb1f2f8d617cdcb5a62b488cd74de169795aca55fbf4e29e6d4e8bdf391eb3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67721ef972742e9797d6339cafe5d769
SHA1 0159c3cc6e3d3b5d6970246e4f9e438a11f892a1
SHA256 ae7ecbce6f2a79de38ca42a199ca010fe7f2e853d6c42c108de5cc113e1a52fd
SHA512 f399cb0afa63051baa1292db27189153005ff1e8d7426930cf3f6e3ea41b5b525843d476e22620124ceec645d4fd87043d109852d351593978cf2aa6cbf47245

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 474fefd787e31b664a1315bb4ae64502
SHA1 b74997e5ac31662caee87086c903414f07b846ed
SHA256 59316abc04e7d066888357d2b03bec603d999bd63c0bafc006746ed61a06df9a
SHA512 6c21c3e7de7cf0769fc475500873bedee63b9b4ae1c355be067a12f4a125788ea62bd959e51937d55bffb91f7516939133cadd36ebb903ca63ed62e55100abac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70018cb7be1c69bcbe8a46502893fd1f
SHA1 250c1f69857eeaf4646f95da326f40dc71230df2
SHA256 ff33a12d376fa0bbf89e745e825887223ef4d5b4817e26a4229ee5257b44be49
SHA512 9866dcf0b1e24564e808a1184b5e99158df4c4c682669c5c69d84432e341c85e7c037db7aa1a78c78552d80df4bc5423fd7e7efc83ec0e212b00cfe7b63d7e0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d684f66752044fb2fc5c1e0a0aab0992
SHA1 9ea2efb95560df8d8501e17796b808c4c4104066
SHA256 34bbe662ddc861dfec3e57645199c6a27daaac8b1338ffc0e9da68399d57fa36
SHA512 f80de24e0470b2ca1830ee13ac398325c29ac63196293a46c0dcdc3c871f221ba48744900acd0ddf5f155aa98e135f5a9aff34279994c8fe5fb9f2521d5b3df8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf4f58d3193d2041c5205a9caabfaefa
SHA1 c62c812610108100f6251b60a15843e096b9b606
SHA256 07eddb46ca039711dcff4924194e94e05ecbb1183e1f2c0cb55281b1ff9f3422
SHA512 0abddc114e2001960e05e91f1bab848c2b18c6a5a0ab85ba6e950651b9f0002031023ba7cf2a21901d922ca5ee7269f0ac03bdda621c53e4d11ef4cf65f7d33a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d6fd7df8ef64aa94b658d422009b821
SHA1 b289ab526459f81b77de529655893477bc738db1
SHA256 61886e716b674934ea5fec42164a1016f3039e4f1409f4d17e3c1e737b09c7eb
SHA512 d9e7a75b49a751648e6f9312939d6e4bcce0bc6001bd33ba776f0f04adf5e1fd8f00e7b06b74ebcb505e316befbe455259f62168d58b4d636ae8ff1f786e2dbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 506fbffca1d27466752014d976d36eb7
SHA1 d3ed8320f575c3f384b0f027f211c843fc156032
SHA256 f58fa1436a7f22acef9bd7ca5ea519b6a694ea70681781782a67afc48e804a47
SHA512 564e87e48ec09ca12e7c67b5a0a5bd0ef0c2b237d8c486e372158e9902812ea844923c3a0e7086101d9968d6a845d32bfe59b1feeaa8f0bbd59e915efecf4c27

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UR26M8S\recaptcha__en[1].js

MD5 03cfc2d35b181e857916036c8441a366
SHA1 f50d0881ef6fd5c8da9ae7a71b9840a043f2c0e4
SHA256 6bc705db2917a3493f0fdf86a7a39bb5e1ecddec0d1fb0d290d259a2011373de
SHA512 3beb620843ffa29432bc3f69b64b3719f05569fc38476daa02856704db5a05ed19de3e3a5819393a9dadb544f3058a06a595323ccfd575f85ef1a3f0310db073

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1fc4d1cccbe587fb871c9eada6a01db
SHA1 f3acfe966918546354fe50fcc91729ac0600aded
SHA256 972e12689ec8d88dd547a5dd72236542c81dc526983514687130794838c7c52e
SHA512 1173349532c069e0a658a653603611f1f6f04fdd20997d19bb59d6eca503aba57849870b08bee29008a5d4526b85cf01bdf32e6f43547696229cccd0094b9240

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 231aa9308fecb4f390fc2f3972ea65a6
SHA1 25509bb7c8a2971299d110535df9e03f618f10cc
SHA256 dd11d5fd5603ffe847c763a7b49718e339d3c8ed73172dab203323079be95ae0
SHA512 f71c1fe392da37f33c3fe3ff731a9d8877d1a004e7ff574561309669f9e25dcacd688a31b4f71e2652b952f0c89ce6c1e2d7f920a7817dc67ce161943e514abb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c8bc6cda4e62f1448a57670d45d8c84
SHA1 ef131caa589b7ebf388e36b64ff7b91f09b0bda2
SHA256 10629caa05ee3c8fd3192da1fc5dfb4fc293a5e32117f8ab7d4f6ad247d6f82e
SHA512 7f2b619feeb470778f46a70bd33e0efadbae5bf5413cbe7902912f3f684bbef7620b796378719b7b7e198452e722895d0b486bf07c1b6161e574073af4d87595

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca1692197f0925cc396b4fca914a4f77
SHA1 185ed473671759cfb9ac4a9d607b45943b78780b
SHA256 cd55fe212d102c4649d482d710b30b37782c45fe24399e1426a397129a54a800
SHA512 12db1a12ef08716ee3cce82e10dfe17a03fa17ef0fe41db95f6801087711266b11e9d3840aac2e92f007e7775045cb5fa65ea9b1b1d2cb3dfc2fa4ae20b46f21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e64d5306504e4c44b469e925f3ec0256
SHA1 bd04652ec823edb9704c1f0d1926ce4c9f0383f4
SHA256 d47b44a7254b1d55a457027bf000f757aaef13dbce68918a709fac655a6335fa
SHA512 95ca3813f303a04726f01e6bc5abafc891b2890e5b689a9e1a7debd00f8e679e7c25ac3f99d91137d0811b848beabcf2dd16b7064c58821cd7977377c90a1b37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c78226a1959d8751540a20587d170758
SHA1 03d14c1ec0954a66cbfc8dafc4952844981dbd9c
SHA256 899b2630777e92722fa430326f6c21209b6fe3268431ab84c2a8c761f366469b
SHA512 b52c9ec15bd880ca037222290cd16c9d68056f7dc4885d495e99e65b01648219149693bf62a04765310a80038e9497d1ad2ba3943ed2d9713631ffc949ecbac8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKZ95V4R\styles__ltr[1].css

MD5 09f35d51c1781f426c0e782cdc9c6f80
SHA1 d864c598b63ac0664e4d56bd5256db69c9012eaf
SHA256 521faf8670a6d36c45e524315019efad4139f34da522fcc7c9b869f95a1f3fe0
SHA512 e2e3037b6048a810d01a55fa71d38ee7e56b4cce2fa1440cbd31d3ae8d9af4c2861d97f1d37b4bccaa86df9287c3a786b99f7eaebb2519790745d5c7685a6aa1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3be0b6bd80a16a23536739cba71796d9
SHA1 a0c7b40c21c22fd3fe4856f312b6d14f11dcb063
SHA256 00afce1a55167f739a8bed48ae52903f9379da8de51909b2bcee03fc49222e68
SHA512 3f2eca14dfd8b2e4c980106d8c79192d202dd4465a92633b59985ce14a0e1fe869049e75bf4573d02c4b1e552870786cf2009bdec27c0a0b5fe7243263ac664a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 721127658a2c8e82b0efa193b82471f3
SHA1 b29e63b186d655307fdfef372cec4f7c9f2a119c
SHA256 37ab2850759ca78949fd1c1dc06a33c9d95396569cd2d74afc9e03353e1c6c8c
SHA512 6a3223775a454348c2ed16f5380e8b844966808111fc1c5867e7680f58a866e73d51c20a91c5d662994b35e573ed7966b0d593c098e300f47d11c3947d86be74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4219232d072000d3a80a1de58cd17bc3
SHA1 f011074325b064160355d248d863a8b76e8eb70a
SHA256 ddeccbd6743164733336e203364916373187552e1db919a1b818f16460e1c7a8
SHA512 6c1b4afb2225cfd46fd70e3ba01aa5b5be16ad8539a75b58876c2d3bc316aa30449a07fbbdfe043a62788c0a50a98cae9367b77108853add1cec1a066ceac417

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38da1ae61ce38ee1c17943c5e6345c62
SHA1 3b1176a0ec738dd88a0f9218e58bfdc970410ba4
SHA256 0e8858af04de67abfebb791a09ae532357bab13e69534f19f131b89757c43f13
SHA512 d0b91bfe48e2745f516999ed9093cc57b6407ebab8d59c945a481be9effd380e5d5c5a45746e46282cbccefc400f2f42cd284389854ac20933ac72e6aa8c6343

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b2dfbf75f875ace84900d936b66fb0b
SHA1 d89fada51027f2a159673b6bc5243b63f8509cba
SHA256 fe6c4d4d3d89ec3a923d4da6806a010902bb3429c3a3d6c9a815e11615403547
SHA512 1106a8c8952908313bc06f4e699e3251731d951497727459b2e44b0f82b437c9d9db13850888bc60385b63cf8a142d9e42a9b0fbf5345abcbb2bdfcb2c1678e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9803530a4a4bf1718fd38948402922d
SHA1 4960de25583ca37ceeb2e6f5a6e490201ba3e8ca
SHA256 bf5acf93d25dd94b22b393a83ddb5a1f4c916dd7fdc6b2f961ff4f071922227e
SHA512 24fb77853bf18c268b2307f64b30ea2537fea9eb4ddcfc90dc35cdc918b89aedb76fd1640f90dd40dfad34fa75f5d75fb8725e0391d2bd313533062bdb681e43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a2923f6362e3056a7234c23d5626388
SHA1 52615a37f0a7bfbde5c83d805b54a60c33d1abcb
SHA256 647743dd31ab0490aea0fd6d27ae9c4205e6b518eb7fcdccf9e60dfbe6f9a0cf
SHA512 99a0e54539ecabd1485cd079c5ea24cc60a705be17bf5c393db81412573af39e9d4edbee9871c4b9c843a37c7cb7d7d88e3622928082977eab999059f87e92d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 ea74f634195bfdc256ca3aec7b251f04
SHA1 4a95d89cd6ad1ae417e2aab0577960fca16df05d
SHA256 4b6d46708fb7194c0eb1112b01ea40ed5406769b5587197a12ff529be8432778
SHA512 cac654e529e185af14c64b0b0979d54b125fb7dcd5e572e6665e7152e3068a56c9081f7684602d4249f1a2c855caf42463bacf335034e61a3acdcc2ba6e09af2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 399293f82b866b1786435468a1339f72
SHA1 5e4009e00f8490b05edc43c4561a96347ba87f27
SHA256 7562f6a037e32a96d45805014f4b750571c71665309339f03adb7a0ea2116dec
SHA512 945ac55cc1b400277525f30bce4217a0c1a053e83f53a361144909ad17966b8801ed557e21dc616556d58c49a634e923982d222bd2c7700adc80621c67fa585f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c75cd512595fc6e33548c54abf15c580
SHA1 72cf2625d322df68c93664c5bb14840b0337abfc
SHA256 91bae98f51044710c9d22b806b73b7888c0f2c61ee4a36c8b3ece6316853620d
SHA512 f6ed2cca858d86ffcaab0eb2faa2cbc12317d9c83f32e791274ae0f1084d35f862a8e2c7ba84b81b0bdf6b5d349835ceff339a28a142c611702934b9b5597fb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9879e16332662c999487d85d55d3b94
SHA1 5ca8f9517383d762aeaa7f993ffa300c3fd31898
SHA256 aa55f0e2eb80793dd0a7fd78ac7e82066f4895e38969acc379fc3238b962f803
SHA512 ba9bb0e0140a39ad131b80e4cb705525d35ada480ef0b53da492f305ec6a289b85bf1df69e2778bb599899749bff7cee076ba291925584232b6b50560b5841a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f111b7dd9eda9c7910d673e5488673e5
SHA1 760c183f52b8c054cc3db3c72a8b20e716ff6f83
SHA256 c61af18f9e2007210ad5a1afdc76abe794982c756b10b449b85ee3c5b2a51996
SHA512 477840d3d5638bbfb906341d89945e6d0e9e63b4ac198e88c5701e91d0e5d40456c1dca9ad0b0abfbc8e14945c5a70ab452f2671924977da2ecaa5566d72980a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fc9f44615708449394706ad2e3c040a
SHA1 95d13a41869d46f5590e75cd1d2eb8e2f4a9e847
SHA256 8f5687bedb10e6fc7aa28557d7e39a9c24f7485e6beb97ad78352c281d87325a
SHA512 c272f1ae339aeb1fd2f37ee7fb99d3eef80c9dcca6196d9db113996470932e87dc08c2d8663f77caaa14bb57d0ab35adfcf9e615606935cf53024d478fc12daa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35032da0d5bcdbef1b4540ca6c92d761
SHA1 dadbbf62363759deba182143d789cf4406735a21
SHA256 182c1a669f53fd8c745a9253c86273e9de7a93601355125ca4cfdf8268af3c5f
SHA512 682d03ff672da85d9869a2de85d6d335a5e0b3c819923ecae863e90d277ef322a6dfdadd8afa7a4c8a138cb733fc20dc9a810b674d71e7f460e89d968e551550

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 74f7edbefa4976c684328abc5c160326
SHA1 6ff7b60f49226a2a937b1913b06650f6960e62bf
SHA256 7d3a5acc51e599569363b875e23a48c6fa369a9c9fcb7bda06d9c74335c6d1e0
SHA512 ec9cb5429dbeb44417161f3a03db06eb41615a07cc22e70875ae85d3eda72434d86e94ae03723752132816dd8aa1c320c6e3280349805e7b611f73366e332415

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b47d62929b0d9060ba0ee768eee1c570
SHA1 59c380a9bded086f7098c3603497f3b7cd263c63
SHA256 b7a946afc255196372c671ac56218447168528bbed029667530e777ebc226dc6
SHA512 8b56389b11e6fee49e7df12e79788f005839168cd27e4a1932e2082cffae107abb533b31babbce606a8e5071ca439369661b9042f6331b0ec1051abf38cb6f96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fbea507578fb3d94297a7adf02f695c
SHA1 ff771625efa65d5413e47fbc9cdc5bf1296bbdca
SHA256 e6923e1c48a36e8f7d4abca55d28605f857f611b51bb104d1bee4599f4df1ee3
SHA512 7eeb8d43af3876efd15028b9181b9240a29d807e47cade9b08fdcbdd9438c8a74be6e81d07acde4c3071b5634c9e8277f65674123635791e2be6c4fc030f51e3

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-27 14:57

Reported

2025-01-27 14:59

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

142s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_40be2a9ca30beb08f5c1f6ad89e6cf4c.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4932 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 3952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4932 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_40be2a9ca30beb08f5c1f6ad89e6cf4c.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e4f646f8,0x7ff9e4f64708,0x7ff9e4f64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 sharegods.com udp
US 3.19.116.195:80 sharegods.com tcp
US 8.8.8.8:53 www.freestats.net udp
DE 45.10.154.57:80 www.freestats.net tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 104.26.7.37:443 www.hugedomains.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 195.116.19.3.in-addr.arpa udp
US 8.8.8.8:53 57.154.10.45.in-addr.arpa udp
US 8.8.8.8:53 37.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn-cookieyes.com udp
US 8.8.8.8:53 static.hugedomains.com udp
US 8.8.8.8:53 use.typekit.net udp
FR 172.217.20.164:443 www.google.com tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 104.22.59.91:443 cdn-cookieyes.com tcp
GB 2.19.252.211:443 use.typekit.net tcp
US 8.8.8.8:53 log.cookieyes.com udp
US 8.8.8.8:53 p.typekit.net udp
IE 54.75.160.87:443 log.cookieyes.com tcp
GB 2.19.252.218:443 p.typekit.net tcp
US 8.8.8.8:53 www.youtube.com udp
FR 142.250.179.110:443 www.youtube.com tcp
GB 2.19.252.211:443 use.typekit.net tcp
US 8.8.8.8:53 img.youtube.com udp
FR 142.250.201.174:443 img.youtube.com tcp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 195.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 91.59.22.104.in-addr.arpa udp
US 8.8.8.8:53 211.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 218.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 87.160.75.54.in-addr.arpa udp
US 8.8.8.8:53 6.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 136.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 174.201.250.142.in-addr.arpa udp
FR 172.217.20.164:443 www.google.com udp
US 104.22.59.91:443 cdn-cookieyes.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36988ca14952e1848e81a959880ea217
SHA1 a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256 d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512 d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

\??\pipe\LOCAL\crashpad_4932_VOMQAJUTFNWDJUXX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fab8d8d865e33fe195732aa7dcb91c30
SHA1 2637e832f38acc70af3e511f5eba80fbd7461f2c
SHA256 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA512 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0f8f34ae8074e601d1c5910f7611b73e
SHA1 c8573ba8e379a711cba7b4e6333766537272d692
SHA256 839313b50128e547edb14fe58d4b4a6eb005ecf7e3ec5c55e768c2c4c43d42af
SHA512 ef6f6c46bba63004507c6e786ddd4a2b332226bdc8bf31c2c771e2c83d70afb78b5130def7a59e6016fe411c42764859dee24d56ca350c4009719c96e6def6d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 7b49e7ed72d5c3ab75ea4aa12182314a
SHA1 1338fc8f099438e5465615ace45c245450f98c84
SHA256 747c584047f6a46912d5c5354b6186e04ea24cf61246a89c57077faf96679db6
SHA512 6edf4594e2b850f3ede5a68738e6482dd6e9a5312bffa61b053312aa383df787641f6747ac91fa71bb80c51ed52a0c23cc911f063cd6e322d9a1210aea64e985

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f459d68787ec8cd7a80f6cfb57deb3ff
SHA1 d79118d598214e26e3307318c5ce49a9b716a70e
SHA256 cb95227606c77e7db48290207cfc8351b9cad8aa1eb1f470e89bef614cd1005e
SHA512 074507a096e65988022df2823f22af909f6429a1ae1267da040183a050c24c8c0e3f3df89eaa4cc520acc555e36dff34fae004b1ecb32d34d70f6cddbd695e90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7f53000a8a487729f5ddea77eafb767d
SHA1 4d9ce5643383c4256e0bb0bfe0cfd7dbf02d43a1
SHA256 1436b3b94258ac4144a858103ec797abfc77c244775bb4eb2d9e76bd161b50a3
SHA512 edcc4172a509d1122a341693b50154676363f12a0b153be5dcdcc3bc6fd3179a58b1ffa55fb18c1472594679967328390df314ffb398f0535e1318798ba08590

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f096856633a43b06303f73450163fa1d
SHA1 fa8d5c620ad64b79d02a8e6cc15bb5cc030fea0e
SHA256 9fda2e4f73c39972c804f2957498a3bafb755b420fae885b7c79e09714d8322c
SHA512 0c4c9004ee56a05057f769d0884253fd698323c7126c438d8ec629e3910a43ae66f1d30c677af21173d783793b289890cb5bb1339df28f75da73552df50be058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b84ba968f8391540038ef2e4284c9fe3
SHA1 12203a1e17a5129fd36793b83ffe56507be12e36
SHA256 8f5e7582d1b4c16bfccc32a9ffaeffc725dce2081f15d5e8a65bbc4cf030aa2f
SHA512 b69c0d554febcea9853616aedc7f6f2551c9652d74d4ced6672feeea834d9a7d4872aa85c36af21097507e489906314f523aff2e464f0d516a6dbd20db9c009b