Malware Analysis Report

2025-08-05 15:36

Sample ID 240527-pcr1facd53
Target 791bf94c163bef8538c23b91dee41c87_JaffaCakes118
SHA256 3216e8b51b47e047f2f33d770cc205b82a5e17892d9dc28f9136929d1c0bd63c
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

3216e8b51b47e047f2f33d770cc205b82a5e17892d9dc28f9136929d1c0bd63c

Threat Level: No (potentially) malicious behavior was detected

The file 791bf94c163bef8538c23b91dee41c87_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 12:11

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 12:11

Reported

2024-05-27 12:13

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\791bf94c163bef8538c23b91dee41c87_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3940 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 1528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\791bf94c163bef8538c23b91dee41c87_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5eb246f8,0x7ffd5eb24708,0x7ffd5eb24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2160 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3400866734224378820,8777291774425135691,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5648 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.73:443 www.blogger.com tcp
FR 142.250.179.73:443 www.blogger.com udp
US 8.8.8.8:53 keywebtracker.com udp
US 8.8.8.8:53 www.fishingfury.com udp
US 8.8.8.8:53 image.yaymicro.com udp
FR 142.250.178.142:443 apis.google.com udp
US 172.67.132.143:80 www.fishingfury.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 haightashburytattooandpiercing.files.wordpress.com udp
US 8.8.8.8:53 bunkertattoo.files.wordpress.com udp
US 8.8.8.8:53 riotcampus.files.wordpress.com udp
US 8.8.8.8:53 us.123rf.com udp
US 8.8.8.8:53 www.pieway.com udp
US 8.8.8.8:53 www.dovmedeseni.com udp
US 8.8.8.8:53 kojin.files.wordpress.com udp
FR 172.217.20.193:80 1.bp.blogspot.com tcp
CA 23.227.38.74:80 www.pieway.com tcp
FR 172.217.20.193:80 1.bp.blogspot.com tcp
US 18.239.208.89:80 us.123rf.com tcp
US 192.0.72.23:80 kojin.files.wordpress.com tcp
US 192.0.72.22:80 kojin.files.wordpress.com tcp
US 192.0.72.22:80 kojin.files.wordpress.com tcp
US 192.0.72.19:80 haightashburytattooandpiercing.files.wordpress.com tcp
US 69.162.80.61:80 keywebtracker.com tcp
US 8.8.8.8:53 th07.deviantart.net udp
US 8.8.8.8:53 cdn.webshopapp.com udp
US 8.8.8.8:53 www.wildathearttattoo.com udp
US 8.8.8.8:53 princesspeadesigns.net udp
US 69.162.80.61:80 keywebtracker.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 developers.google.com udp
US 34.149.87.45:80 www.wildathearttattoo.com tcp
FR 172.217.20.194:445 pagead2.googlesyndication.com tcp
US 44.224.192.63:80 th07.deviantart.net tcp
US 104.16.8.49:80 cdn.webshopapp.com tcp
FR 216.58.214.78:80 developers.google.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
US 192.0.72.23:443 kojin.files.wordpress.com tcp
US 18.239.208.89:443 us.123rf.com tcp
US 192.0.72.22:443 kojin.files.wordpress.com tcp
US 192.0.72.22:443 kojin.files.wordpress.com tcp
US 192.0.72.19:443 haightashburytattooandpiercing.files.wordpress.com tcp
US 8.8.8.8:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
US 104.16.8.49:443 cdn.webshopapp.com tcp
US 34.149.87.45:443 www.wildathearttattoo.com tcp
US 8.8.8.8:53 pieway.com udp
CA 23.227.38.65:443 pieway.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 73.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 143.132.67.172.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.38.227.23.in-addr.arpa udp
US 8.8.8.8:53 23.72.0.192.in-addr.arpa udp
US 8.8.8.8:53 193.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 89.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 22.72.0.192.in-addr.arpa udp
US 8.8.8.8:53 19.72.0.192.in-addr.arpa udp
US 8.8.8.8:53 49.8.16.104.in-addr.arpa udp
US 8.8.8.8:53 45.87.149.34.in-addr.arpa udp
US 8.8.8.8:53 61.80.162.69.in-addr.arpa udp
BE 74.125.206.84:443 accounts.google.com tcp
FR 216.58.214.78:443 developers.google.com tcp
US 8.8.8.8:53 pre15.deviantart.net udp
BE 74.125.206.84:443 accounts.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 ny-image0.etsy.com udp
US 54.188.235.161:80 pre15.deviantart.net tcp
US 8.8.8.8:53 www.truelovetattoos.co.uk udp
FR 216.58.214.163:443 ssl.gstatic.com tcp
US 35.190.25.237:80 ny-image0.etsy.com tcp
US 8.8.8.8:53 www.dragoart.com udp
GB 79.170.40.53:80 www.truelovetattoos.co.uk tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 79.170.40.53:80 www.truelovetattoos.co.uk tcp
US 8.8.8.8:53 img0.etsystatic.com udp
US 8.8.8.8:53 lh4.ggpht.com udp
US 151.101.1.224:80 img0.etsystatic.com tcp
FR 172.217.20.193:80 lh4.ggpht.com tcp
US 51.81.245.42:80 www.dragoart.com tcp
US 8.8.8.8:53 www.photofunblog.com udp
US 8.8.8.8:53 bunkertattoo.wordpress.com udp
US 8.8.8.8:53 haightashburytattooandpiercing.wordpress.com udp
US 151.101.1.224:443 img0.etsystatic.com tcp
GB 79.170.40.53:80 www.truelovetattoos.co.uk tcp
US 8.8.8.8:53 kojin.wordpress.com udp
US 192.0.78.12:443 kojin.wordpress.com tcp
US 192.0.78.13:443 kojin.wordpress.com tcp
US 192.0.78.13:443 kojin.wordpress.com tcp
US 8.8.8.8:53 riotcampus.wordpress.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 51.81.245.42:80 www.dragoart.com tcp
US 192.0.78.12:443 riotcampus.wordpress.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
CA 51.161.75.149:80 www.photofunblog.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 142.250.179.73:443 resources.blogblog.com udp
US 8.8.8.8:53 www.google.com udp
FR 216.58.215.36:443 www.google.com tcp
US 8.8.8.8:53 dragoart.com udp
US 51.81.245.42:443 dragoart.com tcp
US 8.8.8.8:53 78.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 63.192.224.44.in-addr.arpa udp
US 8.8.8.8:53 84.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 65.38.227.23.in-addr.arpa udp
US 8.8.8.8:53 65.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 237.25.190.35.in-addr.arpa udp
US 8.8.8.8:53 161.235.188.54.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 224.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 12.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 13.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 42.245.81.51.in-addr.arpa udp
US 8.8.8.8:53 149.75.161.51.in-addr.arpa udp
US 8.8.8.8:53 36.215.58.216.in-addr.arpa udp
FR 142.250.201.162:139 pagead2.googlesyndication.com tcp
NL 23.62.61.160:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 160.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.179.73:445 www.blogger.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
FR 142.250.179.73:443 www.blogger.com udp
BE 74.125.206.84:443 accounts.google.com udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
BE 74.125.206.84:443 accounts.google.com udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_3940_UTDRJOFJRMJOKEDV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e6a916f6d9372aa6ca4eb784da28810a
SHA1 b5354cd04e1c1a67e10afe80865a05e5cb8aa85f
SHA256 6cadbea1648bf6c40d38ace9721d6c9066faf916f6a9d998037a9c0fe2aa94f4
SHA512 5cd41817ecfb80effef54dab808e17dbd058c74f6891b86cdb8f80f988dba765b7e5459abe27d5f0a47820ece3e1ef772ccc72b78607889e89924f8df82f51b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 8b13133a62b8049ea1b14e7d7af4d81c
SHA1 3ec6927ff432a31614c6a985474d1a3a5289011b
SHA256 059c4e6fcc97a32b2068f98122889da49c8ba872412492b8e61c2274f01c24da
SHA512 6f10fedd179b5fec1d7a8091cf7530fc5c7313e6df12f8456a49b3f000207d9d6b0c8af1971db7aa91e9da08b0dc1b912f4c009e4c5b3a14683594ba8f63a363

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 5f771120741745338ef8656c3e4543f1
SHA1 43ead237f4532a412a6d0c2b263b4e6fbeeb0f5b
SHA256 2562c670fcd918fea3662a0e29dbc09a71369166e064d2948ab7e2c1d2a04a82
SHA512 c0916cdf645abeb4f49f7abc4622bef6cbb61a96e33adb01baa40650b4c8e1fe16ced8f69f020f5c20ce79187685499f6f36c87e34e80cac9e3d49f7aa06562c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 b6c8122025aff891940d1d5e1ab95fce
SHA1 a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4
SHA256 9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e
SHA512 e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e187b2d3eab0fb79a54457a6305db092
SHA1 022643f7025823cda726f579cc706cb8a632692e
SHA256 f708b79cd674afb2c802a733457edd26339a836723cfb93fc7d6a528e8709c20
SHA512 ab5f4ddd804d5cd91793bcafc91c202986a5411852a3baf0f6dbf2e155604cf8cb02908760944764d8d9c4a8f806bce2ca5036a94a9f6061460d76ee6229b3bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b67e5948d42cfb9f1389d8812d4e1de9
SHA1 e0ef88a5fe0b17a2ea57c8e10a77c3d4d31b722b
SHA256 881390378c1f118ac70eb4023e9ed3d833eac55314df63edf23b83181fcb6ffc
SHA512 e1109826a3d0e743f370dbf41c2994f377d0142a6f7c06038ffbc98594194f531a41b354f673d94717e486c3ca875c2259ca2f13f74154619bd986475aa23a00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e5ac63d2173af42b2c7d2537eeaf9792
SHA1 ac32921941a984ea78af3bd8b8656962cd713149
SHA256 452558234b4139ed16f4a3b8ef6dc998b5b0190aa227483ecbbe94380c679e30
SHA512 2d4f993604a1665266c217e279b6ba2cea823e575423cf837b0ea29aea4b2252295ef0840490d255acea4f057535b6e91fae50bd95d7e0446ed6062d8bd52f6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 5e74c6d871232d6fe5d88711ece1408b
SHA1 1a5d3ac31e833df4c091f14c94a2ecd1c6294875
SHA256 bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105
SHA512 9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6a6c1bea2f1dd44b2e15cb68f6f1c4ce
SHA1 c1926625a1fb8fc7bc04809c9067dc5f140f5612
SHA256 101ff46818d825a8816c786632750dee11383e4aae5af496b7247de1df9901d1
SHA512 92c523a7fdd0511e67817507b23f80a70c8f5364b006c256490df4b9e4c1ca22181ee081f57cbebce93d2faa82bd0dea897911b359c5101a7b72bb092d79a350

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2ee331a3a91f1c14cc74ca5f2ca9964c
SHA1 e9f925abaa769e2d9f26f40a2ea409bf3c2fddc0
SHA256 742cf2c3910769206574fab91c66d20179d3c6b29729b0f5f8b6d1c7ab5fbced
SHA512 0cb1414d898c51610f8acc95c990c519b2545d6f9492601b487ff0a86b398912234b58cea2113bcf7e18e47c82605526c438f9ecd6a4291f09f633fbc203315c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 54b70ffdabf55520df08ea02e04e3da5
SHA1 c4f419451f385a3ac09c4a8ba9150c8a9d75ee69
SHA256 c533b2bc750f8c3fa634f1ce27a764cbfe281ea2e523e2056550e65f7a36fb13
SHA512 5b3ec12f151275cc07ac3f3795d97e799a17b2d27f0907819d38d245516bcfb46374a7400449cad42b47f7da6c4637b068ecdb3e2e5c00cb26738af25b7bbf7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 504fc628105a8228e71f43e17d9d4fd1
SHA1 077f6f3cf39115330c0a05f326def8f003bec10f
SHA256 57680b33eb33d670d8d0cbc43b0dcdc37d593606f12b6c4bbdccf93c3add65be
SHA512 24bc5afe055ea02137cdb75359250052c05a595ca0c152a49b16d05dd88ff15598e7f76c4dbd3452b3a55fd672bd4a6ce9bc3af4c4b682257fa72dc573ccacca

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 12:11

Reported

2024-05-27 12:14

Platform

win7-20240221-en

Max time kernel

149s

Max time network

155s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\791bf94c163bef8538c23b91dee41c87_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422973757" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006a4102cb35ee4a4193cde930b1c7159000000000020000000000106600000001000020000000b4a74db9d75f81718d43e33656ea6334577c98150cb9ecb332dba0be504a8d44000000000e8000000002000020000000668ff3eae1e9ce87dd2d095a6ee8d1770573c23d79947261a55192a45d7d2fe82000000049d0220bce71e49eab33e22671a22954db5955d9f77966b9b45456d56a806299400000001a62900404abae77b62eec80c51ea34b6d4ae9e472e296994c6324b32bfe66e53044ac7e879e13f114b5a2169a56cc54a40c2ecb3c7a73e2bbfbe1b4aabd1837 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006a4102cb35ee4a4193cde930b1c715900000000002000000000010660000000100002000000035088be86010df57ea84fcf5d5f139ed831d90986940a4dd5f9d68e08737e08f000000000e800000000200002000000007a416533897e0a398243d97b3107f66fae75d8c84f7398154e1d05c8b1ee98290000000e21f85e7e30f0ceddc90386561c8db98703ee65d04951c8a5850a4f930eb69386d10a2938475d480dd7e5c04dbe64d0993b38e318437fd68176b080e5bb05f5c0d017f2d36bb9f0ad3acb5c21a2fb6bb28b50666c896018bb831b4119b980822cfdf733766fc5e0e9118909860964f9246db237749e9eae930309e271cca5aa8cab65652562b9906329274b238a257874000000070991a87819ef00a119a36a4ee356d2a5174a947eddad01132fd7eb4e9c19410134245590ccf839203d1c93174c0823f1fcd11c45b1cb087dadec70ae4e7286a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c00ca32e2fb0da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3EECA281-1C22-11EF-9511-66DD11CD6629} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\791bf94c163bef8538c23b91dee41c87_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 haightashburytattooandpiercing.files.wordpress.com udp
US 8.8.8.8:53 us.123rf.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.fishingfury.com udp
US 8.8.8.8:53 bunkertattoo.files.wordpress.com udp
US 8.8.8.8:53 riotcampus.files.wordpress.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 image.yaymicro.com udp
US 8.8.8.8:53 www.pieway.com udp
US 8.8.8.8:53 www.dovmedeseni.com udp
US 8.8.8.8:53 kojin.files.wordpress.com udp
US 8.8.8.8:53 th07.deviantart.net udp
US 8.8.8.8:53 cdn.webshopapp.com udp
US 8.8.8.8:53 www.wildathearttattoo.com udp
US 192.0.72.22:80 kojin.files.wordpress.com tcp
US 18.239.208.3:80 us.123rf.com tcp
FR 172.217.20.193:80 1.bp.blogspot.com tcp
US 192.0.72.18:80 haightashburytattooandpiercing.files.wordpress.com tcp
FR 172.217.20.193:80 1.bp.blogspot.com tcp
FR 172.217.20.193:80 1.bp.blogspot.com tcp
US 192.0.72.18:80 haightashburytattooandpiercing.files.wordpress.com tcp
FR 172.217.20.193:80 1.bp.blogspot.com tcp
FR 142.250.179.73:443 www.blogger.com tcp
FR 142.250.179.73:443 www.blogger.com tcp
US 18.239.208.3:80 us.123rf.com tcp
US 192.0.72.22:80 kojin.files.wordpress.com tcp
FR 142.250.179.73:443 www.blogger.com tcp
FR 142.250.178.142:443 apis.google.com tcp
US 192.0.72.22:80 kojin.files.wordpress.com tcp
CA 23.227.38.74:80 www.pieway.com tcp
US 192.0.72.22:80 kojin.files.wordpress.com tcp
US 172.67.132.143:80 www.fishingfury.com tcp
FR 142.250.179.73:443 www.blogger.com tcp
FR 142.250.178.142:443 apis.google.com tcp
US 172.67.132.143:80 www.fishingfury.com tcp
CA 23.227.38.74:80 www.pieway.com tcp
US 192.0.72.23:80 kojin.files.wordpress.com tcp
US 104.16.8.49:80 cdn.webshopapp.com tcp
US 192.0.72.23:80 kojin.files.wordpress.com tcp
US 35.161.18.182:80 th07.deviantart.net tcp
US 104.16.8.49:80 cdn.webshopapp.com tcp
US 35.161.18.182:80 th07.deviantart.net tcp
US 34.149.87.45:80 www.wildathearttattoo.com tcp
US 34.149.87.45:80 www.wildathearttattoo.com tcp
US 8.8.8.8:53 princesspeadesigns.net udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 ny-image0.etsy.com udp
US 8.8.8.8:53 www.dragoart.com udp
US 8.8.8.8:53 www.truelovetattoos.co.uk udp
US 8.8.8.8:53 lh4.ggpht.com udp
US 8.8.8.8:53 www.photofunblog.com udp
FR 172.217.20.193:80 lh4.ggpht.com tcp
FR 172.217.20.193:80 lh4.ggpht.com tcp
US 51.81.245.42:80 www.dragoart.com tcp
US 51.81.245.42:80 www.dragoart.com tcp
FR 172.217.20.193:80 lh4.ggpht.com tcp
FR 172.217.20.193:80 lh4.ggpht.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
US 35.190.25.237:80 ny-image0.etsy.com tcp
US 35.190.25.237:80 ny-image0.etsy.com tcp
GB 79.170.40.53:80 www.truelovetattoos.co.uk tcp
GB 79.170.40.53:80 www.truelovetattoos.co.uk tcp
CA 51.161.75.149:80 www.photofunblog.com tcp
CA 51.161.75.149:80 www.photofunblog.com tcp
US 18.239.208.3:443 us.123rf.com tcp
US 192.0.72.18:443 haightashburytattooandpiercing.files.wordpress.com tcp
US 8.8.8.8:53 pieway.com udp
US 192.0.72.23:443 kojin.files.wordpress.com tcp
US 192.0.72.22:443 kojin.files.wordpress.com tcp
US 192.0.72.22:443 kojin.files.wordpress.com tcp
US 104.16.8.49:443 cdn.webshopapp.com tcp
US 34.149.87.45:443 www.wildathearttattoo.com tcp
CA 23.227.38.65:443 pieway.com tcp
CA 23.227.38.65:443 pieway.com tcp
US 18.239.208.3:443 us.123rf.com tcp
US 8.8.8.8:53 img0.etsystatic.com udp
US 18.239.208.3:443 us.123rf.com tcp
IE 2.18.24.9:80 img0.etsystatic.com tcp
US 8.8.8.8:53 pre15.deviantart.net udp
IE 2.18.24.9:80 img0.etsystatic.com tcp
US 54.188.235.161:80 pre15.deviantart.net tcp
US 54.188.235.161:80 pre15.deviantart.net tcp
US 8.8.8.8:53 dragoart.com udp
US 51.81.245.42:443 dragoart.com tcp
US 51.81.245.42:443 dragoart.com tcp
US 18.239.208.3:443 us.123rf.com tcp
IE 2.18.24.9:443 img0.etsystatic.com tcp
IE 2.18.24.9:443 img0.etsystatic.com tcp
IE 2.18.24.9:443 img0.etsystatic.com tcp
IE 2.18.24.9:443 img0.etsystatic.com tcp
US 51.81.245.42:443 dragoart.com tcp
US 51.81.245.42:443 dragoart.com tcp
US 51.81.245.42:443 dragoart.com tcp
US 51.81.245.42:443 dragoart.com tcp
US 51.81.245.42:443 dragoart.com tcp
US 8.8.8.8:53 keywebtracker.com udp
US 51.81.245.42:443 dragoart.com tcp
US 69.162.80.61:80 keywebtracker.com tcp
US 69.162.80.61:80 keywebtracker.com tcp
US 8.8.8.8:53 riotcampus.wordpress.com udp
US 8.8.8.8:53 bunkertattoo.wordpress.com udp
US 8.8.8.8:53 kojin.wordpress.com udp
US 8.8.8.8:53 haightashburytattooandpiercing.wordpress.com udp
US 192.0.78.12:443 haightashburytattooandpiercing.wordpress.com tcp
US 192.0.78.12:443 haightashburytattooandpiercing.wordpress.com tcp
US 192.0.78.12:443 haightashburytattooandpiercing.wordpress.com tcp
US 192.0.78.12:443 haightashburytattooandpiercing.wordpress.com tcp
US 192.0.78.13:443 haightashburytattooandpiercing.wordpress.com tcp
US 192.0.78.13:443 haightashburytattooandpiercing.wordpress.com tcp
US 192.0.78.12:443 haightashburytattooandpiercing.wordpress.com tcp
US 192.0.78.12:443 haightashburytattooandpiercing.wordpress.com tcp
US 8.8.8.8:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
BE 74.125.206.84:443 accounts.google.com tcp
US 8.8.8.8:53 developers.google.com udp
FR 216.58.214.78:80 developers.google.com tcp
FR 216.58.214.78:80 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 216.58.214.78:443 developers.google.com tcp
US 8.8.8.8:53 www.google.com udp
FR 216.58.215.36:443 www.google.com tcp
FR 216.58.215.36:443 www.google.com tcp
FR 216.58.214.78:443 developers.google.com tcp
FR 216.58.214.78:443 developers.google.com tcp
FR 216.58.214.78:443 developers.google.com tcp
FR 216.58.214.78:443 developers.google.com tcp
FR 216.58.214.78:443 developers.google.com tcp
FR 216.58.214.78:443 developers.google.com tcp
GB 79.170.40.53:80 www.truelovetattoos.co.uk tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
BE 74.125.206.84:443 accounts.google.com tcp
BE 74.125.206.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabB731.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\TarB743.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2b79576931f7278028f9fcc700d932d2
SHA1 84f199382ad7efa564324e559dd9d0586d518fd7
SHA256 990697f2eed9d44971a4eaeec7c0ddd2822c683683bec33dff51ac1fcc07b059
SHA512 1aaef7b8a3e8e5e9dbcca8daadef4951b1467d76c4a3cfb39328c5dc21431bf68bfb1660ba403a755504e2611f864a27847a08a5d3dd6b63c7489d230f99ec24

C:\Users\Admin\AppData\Local\Temp\CabB8E0.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9deef5cd84a7705e3b0489b87de62ed7
SHA1 fd5006193786f08bb15ea95a5ed1dfaa7561c67c
SHA256 d5e45ed1cc1d376e91001be1404672414b747c0d970e0010ee02d4f16598459f
SHA512 680af390837cf834fa82fad11ea9cb6206b96a36dd4598db04b2b4ccd1b4b977b01161656e69cb83eded6591427870aa8f7f3a8d827def3a93dec02f18eba982

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8659e32443d588db64b908ff952078a3
SHA1 23892ad7eef54ab382ea9e4362d24f999aac2e8e
SHA256 529c08e7254f92fb9e424fd05a03fb12c0aedaa167b6388ee28c2a9ab9a175e2
SHA512 7757bed2f3abc51db341389b5213d4b74b4f88953a61093b718daf332273a5886b7c1c0968e7f3f7c9118fe5524bb56ea03b2f5ff35b3f1db03339b2ec4a64c7

C:\Users\Admin\AppData\Local\Temp\TarB8F5.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ede88c023634ce7f096d382127b3cb12
SHA1 3b538014f04a2d43922018b361ca793f72b53f4e
SHA256 f14fbe1432884651c583fe30e54ed0d98577d8ff9752e1aab1b7b79397a17726
SHA512 fd884ebb18657b844ec87aa5ae89f43083b9a9faa23166054f208410422b5fa182fddc6c1daff15665a5716efead1ac15cd3617ab4451661799268fbaaa43234

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568

MD5 cac0a77f490ef634ee3f784965a27a27
SHA1 fc127f386353650f0eb678ed39454b1b11dba9f3
SHA256 0d7f888d84c207c669deaf195abe4237b9b1a5042dc46558938c4432e57dfd18
SHA512 21ca81f437d6f2e02f21f912dac76c9975df83af405b7e2ae6c805401e9089a0b58c8b5b4f07c4e5ace55b932e2cde1395b8dc2e43525ac5d2c796342f62d8c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568

MD5 a6152dde23b42ddf68fbf1aeb8659c4e
SHA1 c317544dbbf696c4934f75afe3aad70114d1f647
SHA256 776fad4289ff9275918e10870bb5c8b9428bc52edfa6c7618ada07a609f6339d
SHA512 d2b03d824e04502e54448b37ac4a6c0610060b5f8c6b0d15d2c7d686481bc5fe2c362a7d6cff9f37820933f3db1878f161e94f5486d914a93560c70328c4afff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02b13815d655f76c70bc04ce06505e02
SHA1 b73166b8c5f3f54ffc842ba7205c19cc75c2ae15
SHA256 7b122e22ffddcd4f217480b01a5f8e8f02f008c92b7147c6aed3a2618adfb8ee
SHA512 4e72730a557b3594b00667a6c0ed9a56b5153dfa7940a4d993bd4f7a97886e2ad5713a0712e16353bd9c616e88fb6bc2cbb7e7d79b1a076495f7221ee98e848e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 3c0c67434052e327946ebc7975f47eaf
SHA1 b25da33e6558b804b6bc5152ca095f640d2529d7
SHA256 04438e7dced4a87e0eb376e3eb79fc16e7bb46c5345d0a901cdecded3ebf3990
SHA512 a919b6a5c5489bc7e8723652b48786a892f5fae2b528cb5b52ae33d21e89450d62fdca079ef57a88d832e1df00353dca87a4888a6c72dbef53587881a3d497e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 4c3368aa5a50704501251b89fd57442a
SHA1 857f40d19a874a44d97c406390c32cf73adf73e3
SHA256 57088872c953ca1f663b1ce6b80c55f2d063f6ba431b2bc5219d73b9ef012c73
SHA512 79ef1826647dd1a1762f24187ed58ec23622fc65185500a3e9b85606e353a114aab2b4c9a97deab5acb9868b2830a6a4f0818ca06ff07920a3ad0a20f1900e88

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\plusone[1].js

MD5 fb86282646c76d835cd2e6c49b8625f7
SHA1 d1b33142b0ce10c3e883e4799dcb0a2f9ddaa3d0
SHA256 638374c6c6251af66fe3f5018eb3ff62b47df830a0137afb51e36ac3279d8109
SHA512 07dff3229f08df2d213f24f62a4610f2736b3d1092599b8fc27602330aafbb5bd1cd9039ffee7f76958f4b75796bb75dd7cd483eaa278c9902e712c256a9b7b9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\cb=gapi[1].js

MD5 4d1bd282f5a3799d4e2880cf69af9269
SHA1 2ede61be138a7beaa7d6214aa278479dce258adb
SHA256 5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693
SHA512 615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50abda9548adfc983f248ef8824a6957
SHA1 65801890e24def264e2cf1500fc180bb5b933744
SHA256 a47e41ebd0b28413c60f4ab6d4bfd2518a85308cacc643782e577e9a3b1607fe
SHA512 f0cb1fdc6eecce4ab5e721e61bb19a4051946da9abb5282924b88357ba19232c0010920c387d76fdc9a634acd847cf7750cab3090651027e15a6966ec9dd176d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 8df2000a3e7c867fdcafe49dee575513
SHA1 38a5d893b4b94ffd753ac231858d4ef5acc710b3
SHA256 ef4d0a6bc83a3325eddf4c5c2ad62f8beaaea9d8c00aba75761fa73656c77a5e
SHA512 189cc8e64c3f0e52ef8bdad1455db50b2fb42d001f8657f3533cbe26e2d9cef8ae2462de2b65d9a13459d85a72df7120fb105b03fd4ad7d3015427c6810f53d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcfbfa9ce288f579aad54e8405e496da
SHA1 98cacbaf787d73951875928fd00ddc73ac4ba4e3
SHA256 f33d8e02eb8ebe7eca250de07b63123ae40de8829ccd9e972e0cb425750c6fe1
SHA512 ed92f3486ca1913f49467191a90f90af130aab8ab5b6eed0916d3bcd46c4bcf15039b07a907e5e55813c927a899f33f3011b623a43286c91e5a4d1820897cda9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e05fce0de17242446187772e4b9ea067
SHA1 092421d5ece9472cb3e0a25d6ab813b64ac365a0
SHA256 02a814e9eaed7402c1c40f697152d922acae88d211cef7f240d6d0f9084c4535
SHA512 ddaa875f10ba65133df755887395b5bbadb1107006f6d2374a25c894c3485d5e1f7010471bb6330d1baec8413d432e62e7d9a14c34bb3e76add10f682e9fff37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acacacebece993d4bd0ea37fd5810d45
SHA1 dc48c6e837eb9e33e8b00f66a7e84f7f0873583e
SHA256 4636b06bdec3ebbbc5dfd71ed96937ebf762c2ee0c9ec16adf59035a4ea6c816
SHA512 0a3721689b60c420043120ebb3460cc805b8b504af90afa9a20fbaa760e95b2ab0617e0d46511bb063b54614f837c173dc7b85e47d26e9d695bd5626e35b0573

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb7a626914389d2d0497a7ec7a37943a
SHA1 2baee28c693f94cde02493a28179b66e7c9a2bf8
SHA256 92b80dff7d67177deb724e807258381747bc44608adb23e2015a87d470973078
SHA512 48ba2310dab777fd088c403e14497fc48b8dd9d21de47d78d8355b925011444e9bc4809e14f64ed43e1fe071ddf396106a6533a61987e87d4ed99715ff4bfa3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4f71c4c4a7280dfbed95c08057274d5
SHA1 24fb48d5073f9eb8e4e89131f62979ee60d148c6
SHA256 2e3bea65b9ae806c5ae7fc9c75b5a1118030ff4b2a997ba2e820789275ac3ad2
SHA512 48ed6812221e123b4e6fc92bfbfc4139bf5cd80c257fb3c7a12b8b8ab6d801712564b8bdbdcb4c735fd118b465a5e76882091ca59a4fce25c19985d0799fe2d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 bf5511359a61044c1e49a0c2c00bdb16
SHA1 49ee4ab4b71c25a365fedfe27ac9e4cc6f400b7b
SHA256 7ab46b9d914760f38ad16704599a8fa1ed3c8bdaa77db1b28d67bca2dfe62cf3
SHA512 6e321ea95e2b25890ac3dbc5846e360fad949f74b3b59603448e701f4f76cbfc0d25db80525aa625e50fad58fd3d395506743d426546a7ff9dbc8302fbc075e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a94f1d3f9f97ed85dc9b7e916c911cf
SHA1 e554333d490769d98b7d3c269ca417ebdba93340
SHA256 7d8a471f22cb9e74b2de7924156a3ce554734ff9c0cfe405e2b65cbbdcfd88ea
SHA512 79ee2bad108beefc487f87bedbf8698aa58cf723ffc0461a16235fc16a8b0f83cfe64953a8c14abb7f68696e7f1ef92de5b55da75c2ef8fdd9f3d2971b862b61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10554f396a2ca4110030523b5d4c650d
SHA1 a5017c28e00a383bca82eac905c9ee15ca556f7d
SHA256 2593dd0e87a7c19b13ec7e6a07c61a2adc8efa0ad787f1dd212700f2d6c8b23b
SHA512 31420af37335a09765843fa64f0b594271b63567fbaa2b5edb61a32f194b4a61c65cf88c1f24ff9d0556dc988c77c5c62072070d609970ba48955918619d63d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02e48a2a35cb6800f6f6e73db079a44b
SHA1 8582601461e400df23f2c95182aaa2d9061f8de5
SHA256 be732ee5eb5a1eed3e8bbae5d40cf2862f743b49f628373aa385cbb238d1b02f
SHA512 400a212bb2d4335bb107ee9cd6f8f17d52311951bf3a18dd962e34f2093afd28adf699669c641f286ff6c2b87677baf70aeebaed74d4bd8a6f44f9ae57416667

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fe03d9c7d66d4835aefbda92ff22851
SHA1 d57465bc443446c46472a6970fda5ba7682a60d2
SHA256 e6f9b7a6ecdc49d272918b845436b4172323f3f7005a4f8e9f0f8aae20d7d7e1
SHA512 4a395670e1436d426133b504dda000a2007b354f1773b11abd973ccfa81163c584d53c9985fdaf66e047ee982917be383a79290018553892fd1fa85b694d7d90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16c52bfd0110f20ffe83bf40e40cb460
SHA1 6d32f6c923d4f23d0a8b52fc0eb68ac633238548
SHA256 d5b5a9b8b976d549602bca8c86055148460a68d43cf5507711c00e9109200068
SHA512 a98331a08e2f3f94cd4deff40eabc293dba801af262492259cdec77b25336a6f29692bf2d8fd9e49f9f8537ca8b5ef2bc25bcd3bb0b57c5671a9826803c319dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 602d9a3528ed1fa7039a7961a190f590
SHA1 fab9abbc39fb0039874df1a4865eaad68cabbc9e
SHA256 53afa1eec466e1f6846913bdefd5716813443099d413402d9cee114a2a9812e9
SHA512 87cbf67a23520b56b3a79a74bed76709b895ee159bc5a50d860c88c934ad669316cf3307c1016e9958aab3a7d7111d25256eb46efd0f640dc9ffa1a93f4bed27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4351ff21b1a6bf8584ec143b89b05fa9
SHA1 b584494f300e1d3fdeb52fc491327ca1392ff308
SHA256 4602d7f7cda5b0beb48f7e7c293acb96e3e4dc559efcc4236265f74ae0a3e462
SHA512 a719a58b9dc9aeee42975e4f51b118c75092adec9e3b1992153610065b12292d9e6e3b4b0439c81ccba88f98fe1fdb01292bd115ff48537a463b4747bd138546

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4433415ea0f7ddfcd000b0c1f1654d41
SHA1 da6fd2a7bb56ee96f995ec9e531df3d2a9c01213
SHA256 4709f236fe897a2304c0ff423f6bc9899f443ae6b28c678bad7f1b83cbd37197
SHA512 66901ad94db4bcc91d15fdccaf4e03aa1e3b2405218992482c277665fb6604ed1dbd8e3d99d22e7d5598fd1b0a371df8fd6b57da8b59583e6cb7066be05dd3af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54bf658f11472f2249bc34fa588065a8
SHA1 65d2ff9f2eacadfa2c0e002ace06ee2d35c13e29
SHA256 bd822e2e639b7371984ed268e5d6207a3d0d19b88e3799fe1f0b558511dc4447
SHA512 f8e25bd8cde864a9cc4448ab5f93a371d1db9b06e86ded8c30fbdfb0b8f503b94a10398ab8a26fef62ee6ee7fa5f7f5297d693bf070f85dd8eabc9c2c2254eee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6c9a395b90ee01c86293637f68c6344
SHA1 f8e7513837653123d9a33e24fb6bff3dd5e6f41b
SHA256 f29fa73f49ec4203335f3985cbb2ba5c38b322f7d86be30824efe06f316d9357
SHA512 548904c74fad7d7e846ca89255bbeea6aa8ace94aed8e66d7fa0df8beff0c138515334cb6b3f6b432fc7c1cef42fa9ec89ed1b398b5fbf0622effb165a433cc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f283fc2b787f57f8e3426672ef78a5cf
SHA1 aa2efac87c0b56c3ba33e442d13fe86d96ae691b
SHA256 aef300fda21eed1d8d1b7036151239a18c5f595a7123f7976f956167277fd6a4
SHA512 4dff33f7135afc5dc18fcca6bd869678fbb485a961213102eb4977cc254c3a5dcf9963666372104cce49230d18632b17f0c244425506ec3b00a5e3c8fbf23119

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\rpc_shindig_random[1].js

MD5 23a7ab8d8ba33d255e61be9fc36b1d16
SHA1 042d8431d552c81f4e504644ac88adce7bf2b76f
SHA256 127ffe5850ed564a98f7ac65c81f0d71c163ea45df74f130841f78d4ac5afad5
SHA512 e7c5314731e0b8a54ab1459d7199b36fc25cd0367bc146f5287d3850bd9fe67ba60017d79c97ea8d9a91cd639f2bc2253096ce826277e7088f8abfe6f0534b63