Malware Analysis Report

2025-01-17 21:56

Sample ID 240603-qe3qdsfe6s
Target 91e77a4b7b7c862a9db64ccea9da32f0_JaffaCakes118
SHA256 ec1e4b96c2d1e27e906b027d8c81218412881b401f9ae704b591c98e342c5621
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

ec1e4b96c2d1e27e906b027d8c81218412881b401f9ae704b591c98e342c5621

Threat Level: No (potentially) malicious behavior was detected

The file 91e77a4b7b7c862a9db64ccea9da32f0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:11

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:11

Reported

2024-06-03 13:13

Platform

win7-20240221-en

Max time kernel

144s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e77a4b7b7c862a9db64ccea9da32f0_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582153" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C7221FD1-21AA-11EF-AFF6-E61A8C993A67} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005a75f9a8f0c6474a86b53171adc38a49000000000200000000001066000000010000200000005ca46f74541eabfd673ce79e317a4e8f70e84e882ad7fcfa07ebe0a4cdc11ad7000000000e8000000002000020000000f34c3998148715c16a9591f792d328af0d94ff0ef71edba24076f78c2336433c20000000a4e7d5f1541f9c817927287edd4b7cf0e0a9a43ac94e41d05530a29db516ff04400000003ace70d15b1c5b1a90a1fcb79276d01af5ba227a1f9d74bfe5b4341d8a024fb4789cb002cd980b2a2b58e31c605f3ac44785ddf655307301c402f9ac4e7817a3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005a75f9a8f0c6474a86b53171adc38a4900000000020000000000106600000001000020000000f04918ba6c8a69127db7419e890c1cf70ac26781c2faf01841d9ec334d294681000000000e8000000002000020000000ac7cee22c7819a253134336365bf3fa2a3d24d234434481a4ce388b7b4d5d91a90000000d7f3d1827ef2b17ce69b93d6a2e5b4efd7b755ebf9f512bdc97879d27ed6f5ec75865e27e1350db2be5d2c6b3653ba6e86d2d57083484b7ea10503c8cfa14d3b5f387d6e69a2bc19ab0dbb578885a110fde79a0f2f545104a50e459acc99fed75fc131efb96b1280cf941b7f9e4e91a1d86b76afb8625002bdb628a482642bf723e2397affbabcc7280f454dd1ec0e8c400000006d03edac855ee82224086e0444459a327a319400c5756c3472ee7ef9791980290234dc5f8c0fde0b56835c1cf07ec8edf7ad585c7ca4f7fa14b1cb699b2370de C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 500ab5a1b7b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e77a4b7b7c862a9db64ccea9da32f0_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 i25.tinypic.com udp
US 8.8.8.8:53 calgot.net udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 dl5.glitter-graphics.net udp
US 8.8.8.8:53 badge.facebook.com udp
US 8.8.8.8:53 dl10.glitter-graphics.net udp
US 8.8.8.8:53 counter3.statcounterfree.com udp
US 8.8.8.8:53 dl2.glitter-graphics.net udp
US 8.8.8.8:53 dl3.glitter-graphics.net udp
US 8.8.8.8:53 dl6.glitter-graphics.net udp
US 8.8.8.8:53 dl.glitter-graphics.net udp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
JP 120.136.10.16:80 calgot.net tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
JP 120.136.10.16:80 calgot.net tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 163.70.151.23:80 badge.facebook.com tcp
DE 46.4.70.136:80 dl.glitter-graphics.net tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 163.70.151.23:80 badge.facebook.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
DE 46.4.70.136:80 dl.glitter-graphics.net tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
FR 37.187.129.45:80 counter3.statcounterfree.com tcp
FR 37.187.129.45:80 counter3.statcounterfree.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
DE 46.4.70.136:80 dl.glitter-graphics.net tcp
DE 46.4.70.136:80 dl.glitter-graphics.net tcp
DE 46.4.70.136:80 dl.glitter-graphics.net tcp
DE 46.4.70.136:80 dl.glitter-graphics.net tcp
DE 46.4.70.136:80 dl.glitter-graphics.net tcp
DE 46.4.70.136:80 dl.glitter-graphics.net tcp
DE 46.4.70.136:80 dl.glitter-graphics.net tcp
DE 46.4.70.136:80 dl.glitter-graphics.net tcp
DE 46.4.70.136:80 dl.glitter-graphics.net tcp
DE 46.4.70.136:80 dl.glitter-graphics.net tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 163.70.151.23:443 badge.facebook.com tcp
GB 163.70.151.23:443 badge.facebook.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.151.35:443 m.facebook.com tcp
GB 163.70.151.35:443 m.facebook.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 counter3.webcontadores.com udp
FR 37.187.129.45:8080 counter3.webcontadores.com tcp
FR 37.187.129.45:80 counter3.webcontadores.com tcp
FR 37.187.129.45:80 counter3.webcontadores.com tcp
US 8.8.8.8:53 www.jornaldotempo.com.br udp
US 172.67.140.23:80 www.jornaldotempo.com.br tcp
US 172.67.140.23:80 www.jornaldotempo.com.br tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.receitasdecomidas.com.br udp
US 188.114.97.2:443 www.receitasdecomidas.com.br tcp
US 188.114.97.2:443 www.receitasdecomidas.com.br tcp
US 8.8.8.8:53 receitoca.com.br udp
US 104.21.64.59:443 receitoca.com.br tcp
US 104.21.64.59:443 receitoca.com.br tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
NL 23.63.101.153:80 apps.identrust.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 104.21.64.59:443 receitoca.com.br tcp
US 104.21.64.59:443 receitoca.com.br tcp
US 104.21.64.59:443 receitoca.com.br tcp
US 104.21.64.59:443 receitoca.com.br tcp
US 8.8.8.8:53 code.jquery.com udp
GB 142.250.178.10:443 ajax.googleapis.com tcp
GB 142.250.178.10:443 ajax.googleapis.com tcp
US 151.101.2.137:443 code.jquery.com tcp
US 151.101.2.137:443 code.jquery.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab86AF.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 13ed5e0369cedc64c8437eb9a493a981
SHA1 880053c91809fef7b2a3d688143f554d5a05c0bd
SHA256 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454
SHA512 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5ae9d6a4fd8399c5327e1c323ac64259
SHA1 66e8132feda74227a3b6af4c215d882ec8ded51b
SHA256 96f2b4eed2ae401aa77fb2136b82416a6acf0c6ba2ea3a88fe6ee896cd8472b3
SHA512 99bc4e7c7212888a3cb57a8061ee93f3d487d51a2745772d07e244744b019ab2c6fcd910fc8a1b0023204db73460173b7e94951e3b0337161801e96c06547569

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 89c6e1619ca47f9915b26e0b6aa480e7
SHA1 36e23f43fe0797436150670f79bc784e949263eb
SHA256 2574129228261b92e2de73cfd51c9c4cd4f8830971c53af5f2ff209c4977d3cd
SHA512 404724fbb4024ac8f6350eef38a038db78d43f5eda0f37fa1600e7d5f4dc8c428924241ba354e456f2d1f65b0fa71c68c21a9152ed387c5366edfb9c0f5afcaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2109364fa65fa37955ff82a5cd7c911c
SHA1 d0ef36ad98440797cf110a1f5b61ce1bb6952031
SHA256 1ae338da2f86102e3df4a2a7658439d2c10eb272bddc8ff5e0d4e4c89967a1a7
SHA512 1b3dab1aed96997b8e8126f0e9308f5d7dd19eb571cf7c3d8649df63f892c4815dd694f994360518af3100def420672f74dc56332576044f1cf69a4fe8ececc5

C:\Users\Admin\AppData\Local\Temp\Cab89EC.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar8A3F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 910eabb42290fe8a3a1cdde3491ccc3b
SHA1 5b29ac46f23c469da3b42422f025ae38a9852731
SHA256 c3a0e99525d154e3cf4915049edaca8e5e857abe0eab9967976deb576c3dde29
SHA512 eb924093c7a2a4be1504073ce68c956002179f858fd59e8c5fd7ac9183fe4c29580689e84c578cab55a6f6186958e409737e99297d2354a1eb4e26b80eaaa1f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 95ba1ec01b0a2c7a97f359e4b99dae05
SHA1 81ad464944effaef003537b8930ccf52e6175006
SHA256 7878675b2e135e45e287e39c720f0daabda32d24ab6d8bcca79e9e8ec726eabe
SHA512 43e65d9ce1b7326b917045cc40f46362af79f6ae0a8573213452999adf464c1aa8a9e457e05d9ea174944c0a1b271c6a5d9fb5eb982ad7b02e1a3d7dde3c9902

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 348df8a8203ac6c79478d70c0bb1d3a8
SHA1 a63ae76087a15a2544b1b45b51a26e8eb90dcf42
SHA256 50a5880425e8dea4128a2dc8ef68e4db67dffd24ca72c31bdcbf1d58ae5d73e1
SHA512 a986146986b9fe277bcffffeb1979dcd96b3b83b92f3c2c76efd83cb9f4a2a88550d18ecaa4f2b4083dcece42a4ea52e7abcae2e7bf139f6c1a0cd9203b28b25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_1DE53A40D87952CFC53E36A93B17FF42

MD5 75070e391925b8a2be525812426acea7
SHA1 e98dfdac899aff028d08c1315829fcfb0e1f156f
SHA256 56fd079dd3f8d3f6779a06c11777460d5bc54d22dfadd3129f995247fb8182f9
SHA512 7d54e38ac2d83fba1cae1b306ee67dfd1cb12479b99b1ae9e165b7f506f29b17957d4c69fcc075b939e8fd0780c27237c9a92dce815effe60045600be191d24e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47dc72d31560c9fb48829bd41dcb0ad5
SHA1 aad4c910f7f49f0651a6c7e087e018c4fdbbf1bb
SHA256 fb5d7d81dd874e6554888b28f370081de160f5e08366ea15dca20687e5b8b9b5
SHA512 fe8133cbeaf5b3ca1189e2095b41f25b00bf9e2dcece082c05bd8012912c554ee26668aa8492f3ca455226cf8b104f96dfe0c143ef91dfe47c98a2a2f3588c26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_1DE53A40D87952CFC53E36A93B17FF42

MD5 7492d35ad49dfbe46f01dc01c7af70a3
SHA1 cb20561751b1b306c8cd3d8fb9ddb66efba6c8d6
SHA256 68e1f6d45ebac9608a34dd41a0c53fc731905d21fe953608cf858d0f6c5897e6
SHA512 b7b271a54867b0a1133bce09e7166cc19287877f8180759057c220f6a462a3e79a7a239ea1e727006f184a696c476b79dd9589f1a610f4d63418c7b88ce3be8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1

MD5 3cbd995f8bc61a3669d6dccec2391d8a
SHA1 39e5903bb99f1d045f6b0c2429b43ea8e2d551da
SHA256 d302d7266945490d5d06e91e1c2557830688004c572f39343357dfd57ada50e5
SHA512 6335e0e9db04d46564a47818a02c3ed714ee705dbc70ecadf252f2813ef62ed14bf739ea545d69e3214d21600a2d9257013545ab3bd7eeba17fe1fb07b2a22ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_1DE53A40D87952CFC53E36A93B17FF42

MD5 f7f047e7312c0658e478378da738703e
SHA1 7fdd5559b4e9633a3b3017152c1801e68c3ae382
SHA256 2e99fa224eb6b1ee373ec90581865470f1cfc5bab34bfd526e6223c8d3976f1d
SHA512 fc61b8b88c5c083ed1d4713518e3889804bfa3b19a2ee458c5549768e7edd0e88f0a7069ed727ade907bceded3baa77d02507cd70ce9931a7a5ce71925c859b3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\plusone[1].js

MD5 53e032294d7b74dc7c3e47b03a045d1a
SHA1 f462da8a8f40b78d570a665668ba8d1a834960c2
SHA256 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2
SHA512 fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 f5191bc6d686eb7b93a8f28b68bf691f
SHA1 77ba74f3be7636781faeaed60b2fc86c8f007a20
SHA256 10fa1f6c3f2234be48273348e75ca9ae086c6510f1dc700a9f7527ab37a8caa5
SHA512 5cd08c1b88b8b5939219b34563719d77570be733ef996af5496cab1ada59ed5f8dd8cc141c666e17c46c92c8cca55df2b04ee51b2d5a7f94837942c30121897f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\cb=gapi[1].js

MD5 f9255a0dec7524a9a3e867a9f878a68b
SHA1 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b
SHA256 d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d
SHA512 d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_6B69C29B30EAF4FCF9E240B3D6A77FC9

MD5 d15af181df28a93d3dd0ec8748e1fd4a
SHA1 a3f4ca80c6c94c21fba95801b8171186374fe808
SHA256 897c589d175c21601455adee18069f1ff0b0701b57d11a3f3fc1b13c2f9bea6a
SHA512 5dd966491348ba2d0095e208233340e0638421f0314363534e8e97dc1688dfef943c6185b47e52133d83ef7f23a4a624c0cffb89d6ecee6d57fcd4400e708bb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a49422201a15c6586f3201a6b3aa3f42
SHA1 0559c4371c3f1e21e32fef45a35f49fc2c7e8408
SHA256 bf7bf9e785a01a439329e399744e9e0b9bb861f277f22e6c6f99b57f7570a7fd
SHA512 43e7e5439bbbc30ff09f1007637dc1e23f90e4cbb408085cccdc92a68b5db7833d662490499a49ab260bf3c84ad988c621e0d80266443d4217b168b8b5827560

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 442a1c26aec1753573fe9a412ee05052
SHA1 c11b4afdaf52c278064e82e863820f39ca099bd6
SHA256 3c2521577014d05d442bf41a2e664bf0137a57f05a97b75e5ede10a447aca691
SHA512 9b02f582f0fd5405b5bb74bb724f2cb4dc91997d4a8f2d43363222b2ce979a5ac0dc49208c5d3b741080219e62f5adec6387cde26125658ce28225c2ef2aed5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59808ea17fb8e60ceeec8739418ca6d9
SHA1 fa8803eb896c08aa6d1219ddf08dbe3493745f8e
SHA256 c8c86b0910b808b99d3b28410d5fd32fc894ae1541780c1460cece8b2bfcdc92
SHA512 af248a337479c7784049c4ec14a26ae7ae79bacf9d6c3427886908f88f6558ec8e90e358da04eb05f82adfff0131b8d6e1ca7c5154d62984fb50e7d3e5318642

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc850b253f26cf23512a084746c73309
SHA1 8677d405df2773b6956a786fa250a08990ae966f
SHA256 c486a95ce7f18ab6bcfb948ee3c1e8bb530a490ec3dd4ee481a0ba2c3fb77394
SHA512 7170bc7e8de635ab5c4a4ccd8b951aef9d75a0bc660efc251e4b10dedb25f24ae9cac4e5833dd97c79a5f9df8bb56b9296f6e67f6c4647546ab25db8d1dff913

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0770e74697090197fb0a93288ceb203c
SHA1 48eefe95a01edcac77101ec0b0673d8ea831ba8c
SHA256 dfc4c08557a45f490d8303dcf6a95e322ba4fa4bc8f14ae2deafdeb56a0a7cff
SHA512 aaa331e75064caa0b713b9f46e7e2dbb901fae7868f70121603b26e0b4d01f40cf564d4f8e2f511d06e295dbc77e61de09565a9d5c973dbc4d48b82c251a3eaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 00ff2699f64deb6b44fa1cc89b440d72
SHA1 03746f5f44151bdeddfff70054400bcc24216c5e
SHA256 32285d5a08d90be2a36df64dfc42de039d7c6cc5f1f6939f1736bc98c3b39e14
SHA512 23c7aa170398ef52a458aef5a078c95e5d2a26397a1ed28b61abf6eea784d7ea88dac4bc65a031bfb30919bf82bc4793ac2337b914763b4f5d38f0bdbd24a1a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9fe6009e4c3404cdfe7695f76707d52
SHA1 afa85331794850d95044bc2b35033ee7e38f343c
SHA256 c3c8b023d61214fd1a3e7353a507417d02727d38e23bc2c7250bd6d4faa2cc3b
SHA512 b90d8eb5edd5113edd89cb2e75ea39fab232bd5d5cf364ece8536f1fe11bd5252ffe2f972fb6668f4d05613ec84554357bcd7f07047e6db063952136bc013393

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00a2ca66f8223a0ad10e49468a58fa3e
SHA1 3e4da79344a26087aae013abccffc09e79570828
SHA256 a6b25aef289564ced4d01fa1c01ce603e72b9d9ab447f0e46f5089f671cf3243
SHA512 c442b46520b4559cf1da7fb053e900de8d635153ac24d276c243a21485ce90494dace577dc90839ea3fc4219f83c8f179847ba8b945f2bcff61ef206240e8f18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d0198afb88b8748704c4d1da7963bfa
SHA1 d6c4b7ebeee43cacceb39e7e0d08aa1a1bc1cdee
SHA256 309590333f853c68828a3fb0b8e6e658f0c79a76d49cc77cbf536681edb9083e
SHA512 3d73d014530828cdab86e318ffd67fe5b73fd3eed1662cb615da6c750b2417e2f594899ed4eada3b90333e006769a1e3f152b80834445faea1d351e987a18e2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4cdbceb55051daafead9bb0897ea0519
SHA1 37a150b649afdcc00158dd37fc762a654573b382
SHA256 b86b64d91895c3a73731db06df41c3aa8a3f959dd9cf0fe58221f6cab97875b0
SHA512 76ea1596ef832f6ea2fde4e7a073d47787ccb6abd040e8796ba81fc3349c03d0dee0f9b22617e164ba488cb695ffee8b26e6d3450ebba095d2bc8b33ee0e2e39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f547891f0bf44a22f5f5a694257cb370
SHA1 1c222d306d0386e235eca8390a747cde54d0ff99
SHA256 4d1c61342324ad88820ea97e26a2e3e68844b7d4572f44cb3523d459ed0f6732
SHA512 df122b88292ad394e88a8bf372f1de6ae1add7ff1abafd438470077ddc61e14c7ee83fdda7353a5e17cf4c62bbc8b28183fa2b4863ab38ca7c7ba97ec9d6fde4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10d5d065709fb03bf7a5bd80b554d8da
SHA1 f71cb3b7ff17785581367670b170364dab1b9d2b
SHA256 a4ff228f5b2944b722e02e16bb95de53af7c9aae9d0037680bec50c6141717d4
SHA512 cdc9781a00a0c1c93269295c6d971cbb078dd37ff5eb1cd5ca5826d7125c45ff2c9b75d58b3d05e12bd55164fd17f3f931e9b3deb0624aec06375de6db9ae91a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 703eca64e9010fb76cac71a64099d95d
SHA1 30a83859c593b3d0efb3449b5761498301b5efdd
SHA256 08004080abbde256a72f7f498260ed2f407ca1f7266598f501fa3293c1290732
SHA512 2c8aa314766d9e6e5e93ef6732feb0cfb67340db6000909f87e5e44f028077d86b91e7e0afa8c0a51b84e1c634ad6ba717308708a29b0004fb83bdca9657f66f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07aee88e0b9eed1e9b4ce93a67b529a6
SHA1 4aaf9444be121b500c50376c57db155d61be5580
SHA256 078a6620e40fe39b414e793f45ad1175a18b12a70220115d475e5a1d83765a1c
SHA512 d0a465b4af893019cdff83aa542301cb21551aec85b11c2aa54973a6ff03d8ff8f0b9215a2792d2c8f57a365879b488d911ffaafcb1e89d244bff6c14f78b28e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 daecfcb63631690ed0a46a9922ed8716
SHA1 9eb8e1314491d8ba7da617668c4140db7b253244
SHA256 c1531731ef9d1078818be228cad2dbcaeaae7f4f5c033a3038699436cbafd084
SHA512 48cdc09a4dca686118ae62f41918dd6792de4698387821d1102aa4a512234d13965295535ee1fb5ffbbbf79e322efbd8ca5f6934e4a60e3a45aea7bbc14fc53a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21d48be75ff1c095d95035e79d3acfbc
SHA1 7e2e4f37a9075a82260b21dc8f50583b2ae0da69
SHA256 e9a7fc544d12a6a08f36ffbed8f8f19d3b1acaea1752d3d2edc3592e31fa5506
SHA512 b043f625bacc7f1e4a0fd94d6a0db1c5b8f5d568486a52560e5462bcaac7352cc773d1aa68af081d3e5e25b38d88094d816546b1368835160bf0fc4ec1703bed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01e86bd99b43ec7557067ab30789629d
SHA1 5487c061b769821c4348b3c187a66942a0e09fdd
SHA256 7189741206c639c21501b77b17cd2f7d4a21340738caa21517ad62e48db40b75
SHA512 551dc0f8b01a3c47ec4fa992f54f5f5e06de27756b069f66751e0af241d94eb01538af82530b58af185ef1c00b25c16adcb8ca952492eecd2fd40df085fc7009

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 bd4495bdab08fb7c6b5050a5763825c1
SHA1 099da9ae05aa376fb54bf449ccdb14c294497edd
SHA256 9495fd936efea85908bcfd04576eb258fde74088187a92f14e43dd6626538734
SHA512 9ee6d874da1db90a828a5f9f75d8cd3c4dbff9bb75b4fc4e06a50d050518d358c7aec2ed801b2d923fbb383c1a086662ea0e16903faf08d3c7f7ada9b153b6a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be0a244a3c7055103ff794cb80ddb2f1
SHA1 8212c2b774ddd5590f365fade36fb0cf959e6f0c
SHA256 f27dfca6839d4df3aa35498d2998149451a16c891d08b6bcb4e259bd5080e7e8
SHA512 dc04c660d93eaf4bcaacf5094b722b50bdcd22f31398f12d0892520f327324dc1b763d3fc9652d986cc8c03b6774becfbb8c7aafdca78537733e9de3c83ae5a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96f7372b6178260b8df458d14148314f
SHA1 3b705bfdae0e6f2fdee51b9e6809cbd2dc9a239f
SHA256 46d44d93cdd1d5bc52f74faaec005bc771eb973c37bfd3e729239ce16dc3e1bb
SHA512 c09fa71e53a073648f86886a758755e474a478ec4f0c74f9cdaeb190111f6adf9c4c87931bdd85254a8a3a50a3ab2cac42790f4008d2e56d92f8c8fb74b81385

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5e86886ef727078860def404917b298
SHA1 d9f90e358fa047f2d0925327a94dbeef86b21322
SHA256 b9681ecdd0314d532840d2e2667e49833ca542369d7ef2b9c4262502e76a3225
SHA512 161556009f43ff83687d015cd0adab417e8e5f2079a9d8182ba605b8b4ccb7911c761a5c23a3566d808598835766c473830d81dd7504d032a35180961b74919a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0eba821f9b13ec01b442319ac31f66fc
SHA1 b7c395d63fa363ec4c988dd0319afb30fc031bfd
SHA256 280cd9828c0a2235a4396a68f6f414f2d5ff84cf1e4fe1a44d42f74397eefb67
SHA512 4fc4209e46fac474bd64c3a0ef51575d902be58204e0f9c53ef4767d3b86bbbddfdb3c7426456d725bd0d52114ad65f7c26b04b43b85e1b754adc62b1baefe5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22f6e64a00b5ed414cac4532abfd3da1
SHA1 ff0654b2f44093f69476de7da4216020fbcf3a2c
SHA256 c974a73a67421a95296d32d5e9ac9c799d0be125309370a23562535423c57787
SHA512 d952ef85c059585b8ed52b4535406cab8f0af808cca48a75a371a826499e79e613c75d17b4ecc1ef8109d0c3e621c0d4a50acf0514f38f669e3f532e42051341

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3919ceaf0989009c4dd992084d4854ba
SHA1 46532d13c8918e16e1cdf259d6270d39a353d539
SHA256 2a723ff437263ac7f8099aa570032375f2cf74581f4480fded2e2ad73fb05054
SHA512 d7bb30bad85535b75ab6a826a2f3f81c02da50d41259d82d8badbed2fb2cab8d227678001382cc546a59f1dd376d96de4b1713038a74312d592e5feedf0bf386

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 b4cc77fb037d125216f6cce58ce26e15
SHA1 9baa81c6b41f1014363f18e20166418e8bd503e8
SHA256 15ae362ff4e5b6e32f54d0421fbf975f8e40e5d5b038c9d44091b8d4fe7b64e1
SHA512 0715f778aba219704dae0b43cab979bea2c30171ab51b958c5d925d1d8627a8b830066252aaed8f80e482802862d63bc0505da94a69f3a58e9e5670287d610e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1993b8d9732af9dfd6ca78409c29d1b
SHA1 05f4ce119e7c5fbdc79c152bba641e7400465883
SHA256 cdad9f11ce89c3f603ce94c1e771e4a33db5b887c2e75964fd5b51f6b979b90b
SHA512 9046598e23d11da542d461c78c8b9eb029ae274fd3533e9cc12f8def9e17ef8885d37da8080a5431b7f36954ae3da9809d029419797e30f8f31d1f7e3d79a1eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebc6dc56ec1eb5fe3ebbfbe1f98820a0
SHA1 3a3ca8676af7807415196f45827b12a7e40aed1d
SHA256 14a06ccd4ff8360f4a812ac44a40a86572fcb91ceb75abfed06a0af6b450d59a
SHA512 a05b9c67c20c8db553cea4c40172f06e49dda9d857ac9c54d2efcb2ba82bf968275fbe861f57d05ffa735f7bbefcbc00716dbf94cd726b0feb6820d4d912ba6b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:11

Reported

2024-06-03 13:13

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

142s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e77a4b7b7c862a9db64ccea9da32f0_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 912 wrote to memory of 1080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 1080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 912 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e77a4b7b7c862a9db64ccea9da32f0_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff61f746f8,0x7fff61f74708,0x7fff61f74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4620 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
US 8.8.8.8:53 calgot.net udp
GB 142.250.178.9:443 www.blogger.com udp
US 8.8.8.8:53 counter3.statcounterfree.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.200.14:443 apis.google.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
FR 37.187.129.45:80 counter3.statcounterfree.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
JP 120.136.10.16:80 calgot.net tcp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 216.58.204.66:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
JP 120.136.10.16:80 calgot.net tcp
US 8.8.8.8:53 badge.facebook.com udp
JP 120.136.10.16:80 calgot.net tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 163.70.151.23:80 badge.facebook.com tcp
GB 163.70.151.23:443 badge.facebook.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 45.129.187.37.in-addr.arpa udp
US 8.8.8.8:53 23.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 142.250.180.1:443 3.bp.blogspot.com udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 142.250.180.1:443 3.bp.blogspot.com udp
GB 142.250.180.1:443 3.bp.blogspot.com udp
GB 142.250.178.9:443 resources.blogblog.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 i25.tinypic.com udp
US 8.8.8.8:53 www.jornaldotempo.com.br udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 104.21.87.32:80 www.jornaldotempo.com.br tcp
US 8.8.8.8:53 dl5.glitter-graphics.net udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 www.receitasdecomidas.com.br udp
US 8.8.8.8:53 accounts.google.com udp
DE 46.4.70.136:80 dl5.glitter-graphics.net tcp
US 104.21.63.61:443 www.receitasdecomidas.com.br tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 receitoca.com.br udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 16.10.136.120.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 32.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 61.63.21.104.in-addr.arpa udp
US 8.8.8.8:53 136.70.4.46.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.187.226:139 pagead2.googlesyndication.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 104.21.64.59:443 receitoca.com.br tcp
US 104.21.64.59:443 receitoca.com.br tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 dl10.glitter-graphics.net udp
US 8.8.8.8:53 dl2.glitter-graphics.net udp
US 8.8.8.8:53 dl3.glitter-graphics.net udp
NL 23.63.101.152:80 apps.identrust.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
DE 46.4.70.136:80 dl3.glitter-graphics.net tcp
DE 46.4.70.136:80 dl3.glitter-graphics.net tcp
DE 46.4.70.136:80 dl3.glitter-graphics.net tcp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 dl6.glitter-graphics.net udp
US 8.8.8.8:53 59.64.21.104.in-addr.arpa udp
US 8.8.8.8:53 152.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 dl.glitter-graphics.net udp
DE 46.4.70.136:80 dl.glitter-graphics.net tcp
FR 37.187.129.45:8080 counter3.statcounterfree.com tcp
DE 46.4.70.136:80 dl.glitter-graphics.net tcp
DE 46.4.70.136:80 dl.glitter-graphics.net tcp
DE 46.4.70.136:80 dl.glitter-graphics.net tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 code.jquery.com udp
GB 142.250.178.10:443 ajax.googleapis.com tcp
US 151.101.194.137:443 code.jquery.com tcp
US 8.8.8.8:53 counter3.webcontadores.com udp
FR 37.187.129.45:80 counter3.webcontadores.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 137.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 janeentrelinhas.blogspot.com udp
GB 142.250.200.1:80 janeentrelinhas.blogspot.com tcp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b2a1398f937474c51a48b347387ee36a
SHA1 922a8567f09e68a04233e84e5919043034635949
SHA256 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA512 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

\??\pipe\LOCAL\crashpad_912_QGPQMGGQZUZPDBXR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1ac52e2503cc26baee4322f02f5b8d9c
SHA1 38e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256 f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA512 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8b19b6a83284f9cf430df0a84ef832ca
SHA1 9a1a261858bc96584d5958dce47b7e00f6069bac
SHA256 179cb51153d5e01be11aa20a80e264754b8cd55310553e1fdb8201ca431d9e42
SHA512 3ef5092208c03d543c804b4e8ef296c8a2c9dad146dc46544fdf8af08e40d29a06af145b8acc0fc194aa137c20a3e10f57528877b590da57f3947130daecc0dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

MD5 23536ccfe05b737ae639fe63ee4cc435
SHA1 6d2e9822835dc3e6117a4d2addfc8f241fbdbc82
SHA256 6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce
SHA512 f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ecd51dff41b7ad159fbb2de9bc4498bd
SHA1 2a43325b0c22e0a3a37efb829e9e0df8cb255ad7
SHA256 6846a36b1d8e97be64d55c4bdb522762d69d2f83cf2a451b5b7bece27bdb6337
SHA512 3dd98564d61254cecce27d91308e85d369b1c280f89f7d03b8ae794260598a4a46ea3e4a7f25493ea68caabcee2e659699021179f4ba578a5a29df604bfba7b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e6d871a595fcfa9271947f92598f0bf
SHA1 8c435fee8ea49fafb3118ccf664964f00e78290f
SHA256 1be7a8a2d09ec95b1a85505f1e0e1adfe3e856a81903af6a49c2bf0ccd41e82b
SHA512 abefb5eb64941df87c4f0eca9e956c29ffab3b7ab3471bb54cbc60ab73666873a90b688f48305926c6ed6013a175b37be0dd42e71960f7304026f0bc60c54eb5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8775061cfcfa9ac59f000e63d24a0a1a
SHA1 3ef443eead42c1e71bc5aa5f60906f6415e2be67
SHA256 e3d403676ca75005ccca50d03dbdf246388c358932b9eddd35ea4c8b84b84f43
SHA512 fd5da30ee98174c8003e053970b07e1df6b479a6026c9cd2682c3d0e48fe0f37ba20e049234fc88d055a6fe35ec1325b42c4e8164fa2425230d8a3996a1c251f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7ee0b4e4273df5ae01ff2e44c6f81428
SHA1 bc9522c6a658885d60a29eca3f11adf9029166af
SHA256 90fba407d66ef71c861c3ff895f59a8c99b69f2293e65e261db6ed51616f29fb
SHA512 c37821d1ffeb74ad2b72568d11a580c27f5e0bdd85e8e77a5fcbaddb998852ebd1dd2f6f86e677737304748014bd8eb2192001e268bbf0d6d1d8e088a65f8b10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1480086e2dc5fcb59b4357cc3f0cf7db
SHA1 5d9a390d31a4037069ed3654eb6803e37839585b
SHA256 4f918b1f030205592d8363944772e01b43fb087e2df82ca3a78cd53c74e27752
SHA512 4963c46a0495a5755b586e62342bfe56d6854ff60bdd9e6970b93df4d99a01ca25b8a2157460d7b72a8bc4a13e38197219b88899f8f059556755ae2e903dbeb5