Malware Analysis Report

2025-01-18 12:51

Sample ID 240613-1t1jpa1hma
Target a6c37c79a981821b11432d6c6a113bfd_JaffaCakes118
SHA256 d246e78b5ae9ca2b644da7de152e23f20b531e6d688d19af9d7c3cda3eb64b83
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

d246e78b5ae9ca2b644da7de152e23f20b531e6d688d19af9d7c3cda3eb64b83

Threat Level: No (potentially) malicious behavior was detected

The file a6c37c79a981821b11432d6c6a113bfd_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 21:57

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 21:57

Reported

2024-06-13 21:59

Platform

win7-20240221-en

Max time kernel

144s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6c37c79a981821b11432d6c6a113bfd_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 301ae4d2dcbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a8eff738b31cd743922e1bd6a7c1974000000000020000000000106600000001000020000000d0820c1634ef25fff74fe3dd11caa360912f9392490a6a205ac0527f942b2387000000000e800000000200002000000027fadf947acc94dc165428083c67fe265fdecc02fc9e7e2c0488497307a12586200000001f23154e4a9d6b3c713f75921671c466d9552ea9bd70759e6b6038b167abd05c400000001780a6a8266f9857926df813c128aa625fed3529febcd90a88cbd5a362a710ae9a842f6bd4237af932f3b527a422d4a134a92c45d639915d11d9a856de538359 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a8eff738b31cd743922e1bd6a7c1974000000000020000000000106600000001000020000000108741df82ddb57c5cc98caca460e7b010fa9dcd057b537b59c992ca006f9942000000000e8000000002000020000000a1733990f014c63c316a161e0b7a5b10939eca0dea7738eeaa18975c0cd41c7c90000000546d24930220a8f028d9f7fad8f7639d5ae7f2a04a86806e0a8068c0a663c49281339aa559a29c842a19bbfac82d62b542a6ec66365f131ed29a7f7fa646e6db434540519a8bffc293bc21345e771a54a5c3bb03aa28f3f8c0b473346ffca0a72980ddacfd568ff631fa22b69b0dfad4f120f89574f9a248f35365db254b258e87eb3182017a17461784c9be289e2e3440000000bf71d6fc84bdffd055ba09f733b52d8c0259fea8d79d68a835d09a6feba92d0a6c10b1e3e15a34bebe685728c077cc5b6404294d96a877a0e6c9f5498ccd99d9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424477703" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E549C991-29CF-11EF-825B-FA5112F1BCBF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6c37c79a981821b11432d6c6a113bfd_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1928 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 adpic.asiatech.ir udp
US 8.8.8.8:53 funha.com udp
US 8.8.8.8:53 rozblog.com udp
US 8.8.8.8:53 s9.picofile.com udp
US 8.8.8.8:53 winphone.ir udp
US 8.8.8.8:53 ganjbazar.ir udp
US 8.8.8.8:53 s8.picofile.com udp
US 8.8.8.8:53 dibamoviez.eu udp
US 8.8.8.8:53 www.jenabmusic.com udp
US 8.8.8.8:53 up.rozbano.com udp
US 8.8.8.8:53 shahrefile.fileina.com udp
US 8.8.8.8:53 rozup.ir udp
IR 79.127.127.68:80 rozblog.com tcp
IR 79.127.127.68:80 rozblog.com tcp
TR 185.143.234.120:80 up.rozbano.com tcp
IR 79.127.127.68:80 rozblog.com tcp
IR 79.127.127.68:80 rozblog.com tcp
IR 185.49.84.172:80 s8.picofile.com tcp
IR 185.49.84.172:80 s8.picofile.com tcp
IR 79.127.127.67:80 rozup.ir tcp
IR 79.127.127.67:80 rozup.ir tcp
IR 79.127.127.68:80 rozblog.com tcp
TR 185.143.234.120:80 up.rozbano.com tcp
DE 185.53.177.31:80 dibamoviez.eu tcp
DE 185.53.177.31:80 dibamoviez.eu tcp
US 3.130.253.23:80 funha.com tcp
US 3.130.253.23:80 funha.com tcp
US 8.8.8.8:53 ads.rozblog.com udp
IR 79.127.127.91:80 www.jenabmusic.com tcp
IR 79.127.127.91:80 www.jenabmusic.com tcp
IR 185.49.84.173:80 s9.picofile.com tcp
IR 185.49.84.173:80 s9.picofile.com tcp
IR 185.98.113.137:80 adpic.asiatech.ir tcp
IR 185.98.113.137:80 adpic.asiatech.ir tcp
IR 79.127.127.68:80 ads.rozblog.com tcp
IR 79.127.127.68:80 ads.rozblog.com tcp
IR 79.127.127.68:80 ads.rozblog.com tcp
IR 185.255.88.81:80 shahrefile.fileina.com tcp
IR 185.255.88.81:80 shahrefile.fileina.com tcp
TR 185.143.234.120:443 up.rozbano.com tcp
IR 5.34.195.138:80 ganjbazar.ir tcp
IR 5.34.195.138:80 ganjbazar.ir tcp
IR 185.49.84.172:443 s8.picofile.com tcp
IR 185.49.84.173:443 s9.picofile.com tcp
IR 79.127.127.68:80 ads.rozblog.com tcp
IR 79.127.127.68:80 ads.rozblog.com tcp
US 8.8.8.8:53 up.rightheme.ir udp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
IR 79.127.127.68:80 ads.rozblog.com tcp
IR 79.127.127.68:443 ads.rozblog.com tcp
IR 79.127.127.68:443 ads.rozblog.com tcp
IR 79.127.127.68:443 ads.rozblog.com tcp
US 8.8.8.8:53 s29.picofile.com udp
US 8.8.8.8:53 s28.picofile.com udp
IR 79.127.127.68:443 ads.rozblog.com tcp
IR 79.127.127.68:443 ads.rozblog.com tcp
US 8.8.8.8:53 www.instagram.com udp
IR 79.127.127.67:443 up.rightheme.ir tcp
US 8.8.8.8:53 cartoone.ir udp
US 8.8.8.8:53 backority.ir udp
US 8.8.8.8:53 www.webgozar.ir udp
US 8.8.8.8:53 www.stats.5link.ir udp
IR 79.127.127.67:80 up.rightheme.ir tcp
IR 79.127.127.67:80 up.rightheme.ir tcp
IR 79.127.127.67:80 up.rightheme.ir tcp
IR 79.127.127.67:80 up.rightheme.ir tcp
IR 79.127.127.67:80 up.rightheme.ir tcp
IR 79.127.127.67:80 up.rightheme.ir tcp
IR 185.141.213.228:443 s28.picofile.com tcp
IR 185.141.213.228:443 s28.picofile.com tcp
US 104.18.11.207:80 netdna.bootstrapcdn.com tcp
US 104.18.11.207:80 netdna.bootstrapcdn.com tcp
IR 185.141.213.228:443 s28.picofile.com tcp
US 209.160.40.232:80 www.webgozar.ir tcp
IR 185.141.213.228:443 s28.picofile.com tcp
IR 185.141.213.228:443 s28.picofile.com tcp
US 209.160.40.232:80 www.webgozar.ir tcp
IR 185.141.213.228:443 s28.picofile.com tcp
GB 163.70.151.174:443 www.instagram.com tcp
GB 163.70.151.174:443 www.instagram.com tcp
DE 116.202.114.170:443 www.stats.5link.ir tcp
DE 116.202.114.170:443 www.stats.5link.ir tcp
DE 116.202.114.170:80 www.stats.5link.ir tcp
DE 116.202.114.170:80 www.stats.5link.ir tcp
DE 116.202.114.170:80 www.stats.5link.ir tcp
US 8.8.8.8:53 apis.google.com udp
IR 185.141.213.228:443 s28.picofile.com tcp
IR 185.141.213.228:443 s28.picofile.com tcp
IR 185.141.213.228:443 s28.picofile.com tcp
IR 185.141.213.228:443 s28.picofile.com tcp
IR 185.141.213.228:443 s28.picofile.com tcp
IR 185.141.213.228:443 s28.picofile.com tcp
GB 142.250.200.14:80 apis.google.com tcp
GB 142.250.200.14:80 apis.google.com tcp
IR 45.135.241.49:443 backority.ir tcp
IR 45.135.241.49:443 backority.ir tcp
DE 116.202.114.170:443 www.stats.5link.ir tcp
DE 116.202.114.170:443 www.stats.5link.ir tcp
DE 116.202.114.170:443 www.stats.5link.ir tcp
DE 116.202.114.170:443 www.stats.5link.ir tcp
DE 116.202.114.170:443 www.stats.5link.ir tcp
DE 116.202.114.170:443 www.stats.5link.ir tcp
US 8.8.8.8:53 up.hypertemp.ir udp
IR 79.127.127.67:80 up.hypertemp.ir tcp
IR 79.127.127.67:80 up.hypertemp.ir tcp
US 8.8.8.8:53 engine.webgozar.ir udp
DE 116.202.114.170:80 www.stats.5link.ir tcp
US 209.160.40.232:80 engine.webgozar.ir tcp
US 209.160.40.232:80 engine.webgozar.ir tcp
US 209.160.40.232:80 engine.webgozar.ir tcp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 beta.kaprila.com udp
IR 185.18.212.82:443 beta.kaprila.com tcp
IR 185.18.212.82:443 beta.kaprila.com tcp
US 8.8.8.8:53 winphone.ir udp
IR 185.98.113.137:80 adpic.asiatech.ir tcp
IR 185.98.113.137:80 adpic.asiatech.ir tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2EFE.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar2F01.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\site[1].js

MD5 649f9a619e35c59c3ed2800c3e2f3669
SHA1 0556f74e248acd3482de4f30e97859587249f29c
SHA256 5d230d903b326e0c9dac0b66d5be68544a6202d36a92f86e134acbd702501077
SHA512 9f84473e202f1abd04568db33fb1919b851f5f77cdbfea63bc3434f4de699433bef6ffe85416412bfc921879f5d3562d8600878f28fe04d9ec802476e1decf5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56c6a816879cbb4cad43adc29ade8167
SHA1 b548afefdeda8236e2f235af8486f1534898bcf6
SHA256 da1ff723720a2dda0256c647908ad1fa19d250218749452ade0731d1cb9d1d6a
SHA512 da7e3ea93acb6a3b4eda8de846df9dd653e29c82abc20c29da0996ef70f0815bcf3b9c5c618eed134b6c28d2059e510bd9a7e553666a294fade56996d893aecc

C:\Users\Admin\AppData\Local\Temp\Cab2FDF.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2FF3.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\esdc[1].js

MD5 0b3cc45f7e18e1ab674b5301693e4602
SHA1 3ff49bc56aa00e61c27462594551630253757e41
SHA256 bf273574b5d7663d90383c88137cf8488d4d8f9738fe4e8f2532fbd190d015f4
SHA512 da423cdd8113a5904c987a6024339e2b166087eb46e6c35cede79143d99ec88666779b9002b388a85f99c91a9869df935843b565d4ae2a3e8bd2275f4440ad00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97848726557d103cc52b80bd58109321
SHA1 72f1d5aa6d4b04a9beba766fd1e5264a8b8ef3a2
SHA256 deb3ee17234ec725e9294e5e2a558e4ed8f6c872a962b32c0bf01fa5d879132c
SHA512 7e10976eb0980b7b0fdc9382c9af492423907716b4b93d5bdb30a37b866201a428fe68a119537900b7eec39668d3797c1edad4f28296c1d7e5331f6b9e27fa6a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\jquery-migrate.min[1].js

MD5 512b871a2830e44259bc3ce3343afcd0
SHA1 875bce76a77590c3c438bbc6e014b39c23c8c88d
SHA256 c4d24f6b27cc7ceea56fbec786bb1f486fdad9a1f998f760f76d1f44671e105c
SHA512 7c31817254b71d4cac10120aa2829614311658e468036d27eb43b063b392620c4611ec3db3b3600da3e48fb82a41c5579c048fbd9022156f038b2b6cb5d946b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61bc0d2564253a399e338a72a63aec21
SHA1 e1e982664aa747c2fcab37d45e9c8e4005f9c885
SHA256 d20cf48311b5637883bc3656a986f568d1857708360b1d8d523f1d3c60d92531
SHA512 9533daae5227e108e50d4fc551c2a168d35d1b4b62ebde6c08f4aaca2fce8a0df8a8e7f7d97092f2da768a4b006a41b504a1707e4604634ac831dedaaef10eaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a2b5c02af9e8c453be18b3245496521
SHA1 6894e44c68b6e37d9d438ead002f5cbe7f3e2602
SHA256 0ce8744ef7cb59dad642c3dc58b14e20778c0d286237f00e8b1f935936266769
SHA512 3d5d184e0263a144355ccf181b4d635d58d1be7015bc30ff561ac6612c04df689b954e127f1233e3cb7b37fc719488a0e04430442fc899b38b02343883611b40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 040616535cd7e64d76177a05ab6039b0
SHA1 15bfa89a45c3a4e4b8b93fc0a61715c287828247
SHA256 261bee3d9c6c4c934c4547bc13335a53a0e3dd6b365271c13f4b3fc065b82ac9
SHA512 e971a2b7b482aa8d7173746eac3d829e77b6eae69578d3c94a57cb8d790340185f48cf1feb752e006e38ecc421837b6e014d90290e93d9e3b4f8c4a3a013923d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\jquery.themepunch.tools.min[1].js

MD5 965e0ff705bfbdd80f4f6706479ce881
SHA1 8ba8fc51cf92f0531c3f7193664fcec027f4b6b5
SHA256 3179395361593c5afaf7f5d5c18b7c9c00ebabe5fa335d17f153ee39e2a4fe5e
SHA512 2790e13bcb6373474aba4e07d19e425771c2821b3b1ce6519ee71523556450f2ddf39fcca5850b6da6dd3521826ce6ab834e1b0ab1184a94b58deb8c1f353542

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15a11b212325c0a418fb1de83a1d6188
SHA1 9ab00cb29dfbbf745c36a74acdd0cea49dac583d
SHA256 c4dcce75d73be00aa70477c26aff1a4553b31b54caa57d058895531434c6202a
SHA512 6908064fc7b38c640019ce55ecea087f491071aecd5eb76480d9ae2e692c27dba25ca6ddaa92cf12b7bcf23a585fcf4c1df9a1ec2037934b433b9e68eafeeaf6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\themed-profiles[1].js

MD5 c2e6c816533ab8b4d5766def331b8c77
SHA1 86709e96e6c3a88281ea9b647e70a74035c12791
SHA256 ebd6db7f974cf3bc12557219336a72ad499528c992c3f64569bbc1dcee9dcee7
SHA512 ff1b2984d3ebc8f9472bcce9f5666088cd545989234e2d83fe549526d7459726cc753437716a3cae6e17b5b6f29ff6e937088040e4f0881d3c974b3ecd7fc298

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\jquery.themepunch.revolution.min[1].js

MD5 c1007b98017ddf7d6f6203d99f68b1c0
SHA1 25d856e7804421868283ee4bd2ac676a14ef6c07
SHA256 7e5efee0efab67664f43a04820573d1631e792052aeeedb3163b6d0579ec3e34
SHA512 c1cb916de7d94b4effc1165a3f152fe71e516d50aab564d78461a5b8792d35cd55f5eceaa8ebb2e621c4098cafbcc17792fa34b07f5a136afbc7d3c1763ecfaf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\style[1].css

MD5 4c467708fec8ebfd6b0dd8bd88131a47
SHA1 66aeb7247558eab00ddd3c9b7d386ca675cf43e0
SHA256 21934c18f6073393faec4497c4a25c6e65ad6381568f3da7e8e788c36441e965
SHA512 20c4f6e68d1298554d3378c44f0bb32604c65a378ef7d4d20eb7df79664101631c6eeaa4b235924dacead755691f5cde738a0b6cf2d0da97f53238259e81cb45

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\bootstrap.rtl.min[1].css

MD5 2d209f8a53326fdc661f893d093fcdb0
SHA1 a9f927888e822f4f89ddd7bfa4bdabaa083231bb
SHA256 5e8b2fc660410793a96fb263d63c6b2c2f9619e60d7c0e1693c9a3991befee82
SHA512 7dc43644f85edcd6ddfd34ba0fd286878fc83a4e4837470f93b08a90c40b3a40f6ab34cbd5b5cd7ce0bcc858d8bd6cbb1efcd35bd341eb10b9c7412e465719dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de314679d63a9e3c8f2fb93dea7406ed
SHA1 1c97ade0977f6388830b1b7c9cbfcf92f882931c
SHA256 52b2ff3ed044e33664d6c6a032cd9aa7652259d8f1618bd06381c4618b41c926
SHA512 1332ded8daa1ff89d47b46e55fef46011ac928bc5c9f1517c3135f3054bcdf8e57156a72c8127a602d473d7f1c9b310ea4ca2d7603ed5153a212424cf500ed57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\279D1310BC7C7B22A09709FB8B261EBC

MD5 fdbc2c24024b3fd3c327e6cabc3f84b6
SHA1 d05726507674ebf83a3b598822901696243d021b
SHA256 a705044cc40e62e31639e2022f8f024ea7e950b00cbf3f029cce6c44002cd075
SHA512 014bc06bec71dd93e2d7bb85e0f2dae978a2f353b262797d4923b10f787abca1fcc0fcb48b5581505d6d3aa962f7000cea79f26ab27da372e457798f1ab9f5b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\279D1310BC7C7B22A09709FB8B261EBC

MD5 26fa15afd08728f0e1aad59a65b14909
SHA1 71e5ac0e605c2a5e8340341d5d55bc3e72a7ee51
SHA256 f24bb62dd6be4c08f1530aea2b97cb848c4cbe383bbb45a7416a725b97977b9d
SHA512 ab76438e542d77f2b171a9e3f560690956da9b1ebf9ab087fe8df25f936661fa15e070faa774823b7a29959596bc4b9478a622797c46bbad9758d1894dc55522

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\BYekan[1].woff

MD5 a88aece774e17aa9bd68ec1eb9642a24
SHA1 0e1ed8ac5e824e9498f91944cac61a07954add07
SHA256 f69e49fc873a61e07187675a04e0ceadf134a21bc74a708ecf560c24100e637b
SHA512 805d061fc6213a145888dac3fe9292028899ae276669f48cc501543d844a77c77d17bc33321406ec28e3a4e6f0a8fc75671f288c17c2a5920d7281a137ef6a09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f207f29e1607a6633bf732094c91d7f4
SHA1 474665ff7fea764df1bce80b98f02e87bada8151
SHA256 e8ee22ec883c49bbc4e0f385baef6e836d85627c7e27e3947210a4f325c288af
SHA512 f84453d7a1e3af52aea07bb99826ab3536e733a61c143ddf194a5cc24f2a10872432b67883bfb4342300815d3e3c32b0b6b7ee74dc8fec07c6a7228508cebaf9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2599a56a06d20d100cd019529e65a5a
SHA1 8e160935551bb88d46c91ebb7f3335dab954ca7c
SHA256 66e8ba5b582646dc130c57a86d82970e6a5a65be9c0511e030454b955af8d767
SHA512 01e5b413c44e9d135f57278f78c8aa6c1a4c1d8766c314c843840d35f45365e72073a8dd4875b81382ddeaad7f03443528bb73d9a163545897ec05beb67fc968

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 02ccf4a74393108dc34f1c7a379db3ed
SHA1 e1dbbe1b143efdac6c1fa57b92ba8d6cff43bbdc
SHA256 4f9f00da7cdf0ce274b3374a5aee9dd6e25edb098200381131e02d1a0b68ce89
SHA512 164eb31126e9d8c0882dca23b72adb4e1720cdc28ce169a09effcadb1fb714d615c00f83bf0bfc54a533881f704fca98641d3426bcd3ac242f78dd8507c99e76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 2e2231443cb7ae1eb6893fd2c348071d
SHA1 f42c8ed36b7533765f49386ede30bfa16fd4b8c6
SHA256 8771d0dd41d115c03c9db99a3afd8dde40764531109ed5d77a810c5fd1ffc5fe
SHA512 2a5df718114dbcffd833ea8b8e0defdfae0d47a3898787e2dbc592025c738713e49c02fe18b360ad8481c401969d54a53761600895f92e2a1afb948d522098dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 21b98ff7a3673f265aa27c67c2974939
SHA1 012bf22f36648a661dd04389f1a0401fcb1fa753
SHA256 452bdc876e4e80ab592cc7e9c968af22baef86ad800abc88cad129fef6e8801f
SHA512 64b237f048d0fc08b01850db9834d4a1e4f820d96cf29d551fe0bafa1d1e95e74e2196501ae72b1b20340e6d190d58d8b3ef3103480105a3100f9b8e260d25c8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\tabligh[1].htm

MD5 b046ba2e52f1ee9c2fee8fac2f24a866
SHA1 2a8e2002d00a8f26dfc3f454cf703e1b534c00fc
SHA256 534f9c85d71d928906ec2df12d4359bda89394aa195baac01ba337083f3e503a
SHA512 f7fbd9f01ab8a21a9869a079bd3639dc9fa29e6d1cd0154e28ebb08421edfb8dc820c9d15ed99484e2a0b334b4e99b66238fd4f783ed77d08bb35b5ae840956a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\tabligh[2].htm

MD5 76a752fca9cb7e66b4905fce7e5a30e2
SHA1 d1cc2256c0b4db587518247fc6d5ea1a272dcb78
SHA256 f66a9f68cf28124c75b08d01d7100f8051f8c399b3a31cb61c7bdb04f56ab3df
SHA512 7f2b6afb08ed21f1ec0ccc14b11c7ae1ba7dad6b63aa3940dd9a5017f5610e3296b2e29619da9087686ee47c9d4c46b591a2bf5f52111ce5866597509b676627

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

MD5 101f14aebd7eb53feb653df1342c1b3d
SHA1 261f445383f5471fe8e17e4d17f20c5a5b5a7a57
SHA256 0cb1b5e1c91609999a90078562f0b820ad28463cbcd68fcb602c84ea632265ee
SHA512 fc0366db2ae154ab8b5607983359e68829e4733b7d81f87b8996b55cfdbe20090033d603e5b7ca031f45c29abac5de714f448532f95d149819ad0854eab53850

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

MD5 ad393e5b7479efed96650bbb5ad97ffb
SHA1 c308b8ded43223a619b8d9f647cdfdaa10053ca1
SHA256 043f20b8a992abfd4629ea68fa871c92c4e1f1862c870fc426bb4ed24f903b6e
SHA512 e8e7796e8641c74473c639f7adff6dcce6761824d24efc1702f74d748fb860b574b5b9a6e9f6834e75f9b555dba4dae277c3539116ae3d1f60b22df690357df7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

MD5 86c629e8aa822df9a19111f53c69cbab
SHA1 c19ddf49d4d8c241aec94202f40a1d46a9dbd097
SHA256 b07f643186f2eb5021ecca62154a4fa9b49d959507fe979bcaa0da46291bde51
SHA512 f4498d3981b7e4170e19c2c883d96a9f0fd5762c84d867f5db9b1a8b89a6f4985ece2b64f0e22aca108a5a2fff8a128d2077df9b700297a8d39424d7d118f5da

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\c[1].htm

MD5 32eef302b493dd0c07cb8a9f57b11212
SHA1 1ea1f3119c3047b67ae148400d9325fc973d9262
SHA256 1a38f672e987fe3e7e70969cc0b38ccdf32f194c0d5ab8a5cd1cbf3289c93e5b
SHA512 25eff84529d22c64cb0799a23f464ba22b621d394d664eb6f36005269c389f43a24c5eddb974b548e1e1ae31622b92e7280cbd570020aa457bbbec740cc91bbc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\index[1].htm

MD5 d45ddef47c6758934531004a5c25f6b6
SHA1 0e67b081666a655b694355c68cf72ed6a38374f0
SHA256 ca302f83295896c4ebb6c2187bf2ed89004f17dc0d3edccbdb079aa4afeba35e
SHA512 57b281a0c13fe7ef9e8dc230d421ade63a52eef3aadd7dd5ab7cc01fee0645343c52c5f28488d59fc1de1d16294fc293bac772be8013447f6927c866d9abd070

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\bootstrap.rtl[1].js

MD5 487ff61beee9790d2553c7e2f7d72b2e
SHA1 1db6a27d51f172e940800bfc6e8a49e554fa180c
SHA256 533f6969bb2b2718c3441e929e1aa086ab855fc194497b20c7de8e162dcd0871
SHA512 d34ec06b1e316a449f0b16b46fabd9504aa91d1bdf5ea57ffd0d445be3df61dececd74cfcb83919000e5eedeb6848d6a93bf3fffea8f2de5781e5549e971eba1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\jquery[1].js

MD5 e85aed5c30d734f1e30646e030d7a817
SHA1 b8dcaa1c866905c0bdb0b70c8e564ff1c3fe27ad
SHA256 8f0a19ee8c606b35a10904951e0a27da1896eafe33c6e88cb7bcbe455f05a24a
SHA512 a5b7c4911b530b4b550838f50ceda9d9382d86aad7cb4ff13c897c269bc7ff350ccf01487534882f294749bc19f3398f0b338e1d8b03af3dba1ef382168ecc9e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\custom[1].js

MD5 48fc61b5be29ba0d3f34b86272fd9479
SHA1 cd334ddb530a490cd6e7d5590968b92d16bea2f4
SHA256 9ac7069149de9062fa31385c8046b35cd887877e9fbdffc7a5132a94f9c71d64
SHA512 bbc4ef5452149f312be9e5444915f7b18560407f7589d6499c28ec60d73016073f962f106707b724efafcc3b7b603dba1cac85272d476233b10aba178956a295

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\bootstrap.rtl.min[1].js

MD5 a54981743546427c5bcb4239f4f08447
SHA1 4d08ef1c6d970dd9e852447c124bf2a02fdd0410
SHA256 63bc96f2fdd396681c0c80a495a4020c6253b1085ccf9f74543fd5c6a373e793
SHA512 afdc6cb9ed475095209dee8adde38e683ac77098c32a19ab25b8984f48fcdae14e00c9811a7a7ccc4beeb96e3d3841cec60cee81f0a0b2dca5c4d3d727e0c856

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\core.min[1].js

MD5 204d1573e5f9ad0d0c9b61bdffe4a37b
SHA1 79b34bbb206e47920c1889293ef20eb18ed62425
SHA256 191622240e7646a2e888eb318557bcca854828b59b5b2e960545ee08ae142382
SHA512 b72df94f4d594fb026cb876b15fcfab4f0522b32f74850c732dc47e4ba12ef38fcfa72f32123d76489f70bf6dfeaa75db8f64c37630bd36d0a7f9fa29f1b7faf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\datepicker.min[1].js

MD5 82e28aae0e34a07a0b13ce604d021b14
SHA1 2e057fd976879ca8f3d9714b9d51c1e1528e4543
SHA256 dc569104765dc63add573c1e2256369b5330d5a252efae5cb8b4c531dca84100
SHA512 052cfe448531b0cec5f206a7918399eae64b91d58879d3f43560298b8cbe8bbd488e136bd73db3a958a5b89bec896ffc1e17eec8285aa41b4cd8280994169dfd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\plusone[1].js

MD5 53e032294d7b74dc7c3e47b03a045d1a
SHA1 f462da8a8f40b78d570a665668ba8d1a834960c2
SHA256 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2
SHA512 fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\cb=gapi[1].js

MD5 1ab070cb361eec71b29761b82790f8fe
SHA1 3dd26a77bc9b62ac78c5e643304f291cfd74327a
SHA256 7316c367fe324e0a4122c50a7b5df1bac93928e82643dbbddf18be9576c91ffa
SHA512 e7ddca43ccbb14790ee8d99f0a2f5c133dbe8e83c906ffe3840a1d3a14a365b738c850d878d3f37305ec9c0cb604741bf8eed3e1a014a057bca28fad066a7401

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\loader[1].js

MD5 beae9a9078cc3e0edf38e71a8f1be9ec
SHA1 273ba339be0544351e4737f49c002abe5ae0147d
SHA256 98dc0129110a40d076932377a78b9a67b7a4adc909feefceebdc12840be3359f
SHA512 ed24f74e2f271280a30d9a3928d1f6cd93826c182dd0f50f5901ee7f214d5a143134e840314f78e9df46c071acc9da6a2b94a51b43a9fb2c1f2f4f9f3c7e43dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8c2d5c22a1f4d2063fee88442edc8f8
SHA1 0e3c2542e5b8325fb8055f83070cc578a074afeb
SHA256 ad762e6844b26bb950b3a0e0b7f8d376ddadeb19515c09b7e55c16a4d6618332
SHA512 fae27c56156cfded3bf5da7e3b16e4c0a7dcabe62acd6dd3ab675a7510b1355b541352a3b1601eebfbad0706f39d8db9e2c2f4743b7a981b469c46804366295d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 4a13e46595bd108893613dfe45881f9e
SHA1 b9f0f0becfe93b8ffd693f95d67c085256acde8c
SHA256 a653cec8329c184250f127e909bda6c528add8778f18dc050d46c3fbcf55d4ab
SHA512 7121a1e8f5ed5edcc1fec434a38031153bf853fbc55a6dbd91c6bbedda3ca12c832d4f1fa431bd18c88deabdf1ecb31df7c32ccee8a5301e3753752f437d499c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3eaa20251277aac7af951fe269800352
SHA1 685d1d1a740a2c4341ae21e8e79392b9487e0cba
SHA256 f735f418ccf2bba714a8500b7e2386a6681bad27d81ab59571637b6a2dc3b99a
SHA512 351236673354ab05db6dabc787c03b1299f8ef3d3a351e29dd4b66243b6b83141cffd4e5125c231b2dddb1e05588ebe10f2274d1cf000faec86c26230d4e4aed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 374e5e7d156a0311af164eb1dc7a9815
SHA1 4183ce7c8932a1f71fcb2a774ec0e29a31fca814
SHA256 caf923c271e04f57ec72a05799d16836c04293f137068f110612a51b3ea8f351
SHA512 a5a3c378b7958cae46baf01caa584b5b6d1984011642d2662939e91fd8f27062cc100e273df9311323565413290ec44dd6a7848501aa39a846855c85e1250bed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 410dff2ed8c20932f20245f47d3d4834
SHA1 d0dfb4d1002b0102cb64897660d36dc4225065b2
SHA256 cda4956793dd7ad9dd90dad21d78134ac8a4dc406737783f2e9607e7c681faec
SHA512 1c85a2cd131a3449bc404a4482189423cef0bdb422bbebb7c3b15ffd494f65d153d3851b966d13a7bc5b5678056fbcdddba10ddd16fa451ddb543a2e1e68d58e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1486befa4015917ad7ece87be4603748
SHA1 c577477669d7e92458ab703a2fabea7b408a73a9
SHA256 5063baf698c70f6e58efb92a5e79c2f57c6a6e90d21d055cd12f07933739fddf
SHA512 1d5abf7f47b789b195ed54d4dd5432b80f114b12bcefa63c55af0a2a2578b2ece3706fd3bb2a0d926f3a1176095ecf123f8b56f5348c6c8e5e1ae5cf9951af67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 aceda1bf3ee1f550d5b84d787b58b992
SHA1 95d2e75fa0cffd29ea1665c74db9340c051a6362
SHA256 cd3c85693914043b526982af1202b4d713d87fbf6a6d8d85e059224cc0137e15
SHA512 b5545e6bd3f724f319bba8bc7fb1717662002dbc6bef337672eb493547c1e2568cf7f5e38347e87a3b2aa84599df3b522304916d0aff1ebbb89ce211ee6b083c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c29c969ba778ac37e911ed5b116b03a
SHA1 554c943d624e94593726b026932e453315ce08f2
SHA256 32fb86af0c6cd8447c144a3e542b05439488a773d50973b2e4d77d6bfee17b0d
SHA512 edb979eaf2f5c5d13dbf5f66f7629d903b192417c719cbe539455fc39ab824042834245e4787fc72c0897d18bdf227879b0514ae9925fef5ed3220d514912e4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b2b0c5c64cc8a7cd7ca22c7505a2c68
SHA1 72302ac38c243e64d97dccfc2859622761c3d684
SHA256 5b25406091895e98e83aab73833482717d4e1eec34c4aeaa8f361d46995d1f32
SHA512 4fdc397dbe5350ab2c862e178952f0190cbf1ebd9e6d30747f51468b7bb7c996afe551ed42da5f0dcb74005cd07f30d040db5d43c530e2b8c0b84ba244316cc7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1918b2b80f95f468f995194b64ffc832
SHA1 63cadd91960c53641307d51edb99c75b73cc42c5
SHA256 5ff81c2cafcf9cae0c43a8f3461ec2fa4154d9a9b162af9fe66f283f17482ad4
SHA512 88f84dc8f44dda81d8a723a0591ae11a350ddb0cc865fbca27bd052c60e238124a54dbc5bf83bf9ea87f4b79a794f94b156b7395355cf1fc7c6af67dd623d8ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2196c29ee9faba9c1f262d222ff9e88
SHA1 2cfcaa52efdd7b600ca224f5ca42d3953e72a625
SHA256 d1b4c979ebe6a17f34fcc2188f7cb5ed575f74c7648446faee404beab5582b44
SHA512 70f338b53711e727c43c5234a28e9af3cfee9af0150ecec8413c2656dd5396e349d71c81e01cbaeaeed8011b6a5008de07778769382197fcda0df00b23481cae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa5bf6219280eec11202e55223033f6c
SHA1 4d1f1620d87e8ebb742fb8e40aad2c404a38b353
SHA256 33e22d8a77ebc3d21b1f480aed892dbe1ef23764321aef7e57df3518d58bd954
SHA512 ea21ae060bac9f1e618110f9c7f86a541317a1648a7ab5371ccd295911ce6e753428a2360aadf27882fd3b7236c04d3d282659c5526ca6e63c04885ee45378b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abc7ec921731178f104c2b1862ee6ea7
SHA1 6d80edb5e24fb4b08aadbc662c482f0433a0f1e7
SHA256 aa599572ff444acb58fbe99d20cc5ac362682f462c922506f479404abc3255ac
SHA512 5fd543046675e366fe5e2bc11c27d23f3d50bcbce0466c62b65ac7f1e54724cadfad5f2d8a721a8ce4d68ec19a240b5c87343b3369ab68cd9b4652793d4e3018

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ffe001a1289cef91249f4bff4168188
SHA1 10466387af23ad2a127f03151fd204d434d5aec3
SHA256 ffa2d6e17699f7391126439f114c15383439a87c25700e129632d07513648fd8
SHA512 c7336815e48594b3033fc8c47eaae05383a5ab86effbf19a6638dd540e71b29eaa35e648ba65f7299506b433c222f7ebf9c3f11d5d9587026488454cefbe6772

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fdf6b89e0e9b4079ad2ab16b68e18a9a
SHA1 161b2f930de92cec5ab7f0c7ba2fa1ab0e288070
SHA256 b144413671c35d40e16f153aefae9e65d42e1257df1feeea6875041accb03a97
SHA512 53d09cd12ed881c4a3b977033af112f046b9e0df9df068242da5e465c07ad49959291814c9c82e477aa0c3d039583d333c20292bc1b61a76b8544d1d3854742f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd88393138a98197b7e8ff0f59448a53
SHA1 8b0fad0ceb46b417ac983445580d10fdd5a3d541
SHA256 5aa8fc192da5277f1a005e07643a0cdc88c83b5c77b44d27892022f138da3010
SHA512 4828243dc51d54882d46ccae65ec57bf8212e241b036f002ef65c551d73a84b55432db3d8815a2755a94d8ba5d3d264ca892b0a39dd7f46cfe4897dbe4a40615

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66d2a6a96a29ae13297c2f2b031e1f57
SHA1 164280f154d475a5feb941e08ee19509117a0457
SHA256 f4f1203d7c804eeee48bdb58764fdacc1eb5656e1f393b817b5c7ab9cf7067f2
SHA512 93e48669f0ce714f7b72359b438c7e2d3571a63c773b6cd2df8503df8ce28c0a9ca3a66a65ab848a2e559e67146bae3630111b11732f4d9057595fb88fec7d8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6a4e36493572422e4ef289536cdfc68
SHA1 310473461cd6f5693f6465c8e3f2224f8b1ab266
SHA256 4245e66a4946c2c05920c450ae0131e9d788de5bcc8a8e3ca07cd3a10d411dd4
SHA512 e342ff47efa69b4387904245adbeaa1cfc2dda7a109b3fefe2f8f474bf0ec47ceb5b32e8b798740147ab57db8983f2e4ec7e37b093f2a99b54047eb2c348cdb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe8d68891da640a427e3012082a62589
SHA1 da0dae415f49d4f67e034d93da57652598a25f03
SHA256 f44103ce8f9265a732287c07acbebae9bbd7993cc3bc927755a6a9a1db59d054
SHA512 f6987773c24af2531da4128ece964ed1e966346942da2542f114de9cd46a8b46efc64bd2a6178cd81f86c58c374e1234f0354795e40c2485d5226116451385fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1aed502aef9eeaf89924388598d4767b
SHA1 bc1d4964ffc210e232e756ce15bb4e8deb45857b
SHA256 124cae1f47f784d52599e5f1bffa07ee6b0b74c6081075383e5950584faecfc9
SHA512 ee8bb524965915082c49ce218d27c335b24cd295b6765656325347e20fa3a542fb5a167dba1149584b4496f1419155c281376cca0253fec066c9c70db4af09ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9c9a1e250d17303c6580ff078d37a58
SHA1 f27d14b718b63ee968e89c1ec831ef156d19d102
SHA256 4e8a7b79fd561179c73b3373556b62ca4a44cf4e90f6165199d2e36dab825813
SHA512 7c289df6e689b8c64f56d45b57d24ba2f94471134728847f17bdb174a05f47bc717563ba90e5fd396e74eebc345d6aa31f5355fb7f05255573ad56d9402470de

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 21:57

Reported

2024-06-13 21:59

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6c37c79a981821b11432d6c6a113bfd_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4704 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 4492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 4492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4704 wrote to memory of 2828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6c37c79a981821b11432d6c6a113bfd_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb93be46f8,0x7ffb93be4708,0x7ffb93be4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,15856102788931673785,14713629326802828461,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,15856102788931673785,14713629326802828461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,15856102788931673785,14713629326802828461,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15856102788931673785,14713629326802828461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15856102788931673785,14713629326802828461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15856102788931673785,14713629326802828461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,15856102788931673785,14713629326802828461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,15856102788931673785,14713629326802828461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15856102788931673785,14713629326802828461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15856102788931673785,14713629326802828461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15856102788931673785,14713629326802828461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15856102788931673785,14713629326802828461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,15856102788931673785,14713629326802828461,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4360 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 adpic.asiatech.ir udp
US 8.8.8.8:53 ads.rozblog.com udp
US 8.8.8.8:53 rozblog.com udp
US 8.8.8.8:53 s9.picofile.com udp
US 8.8.8.8:53 ganjbazar.ir udp
US 8.8.8.8:53 adserve.adpulse.ir udp
US 8.8.8.8:53 winphone.ir udp
US 8.8.8.8:53 funha.com udp
US 8.8.8.8:53 s8.picofile.com udp
US 8.8.8.8:53 dibamoviez.eu udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.jenabmusic.com udp
US 8.8.8.8:53 up.rozbano.com udp
US 8.8.8.8:53 rozblog.com udp
US 8.8.8.8:53 shahrefile.fileina.com udp
US 8.8.8.8:53 rozup.ir udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_4704_OCGKSHKYAXVKOONT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1bcc791d651839c694541cca52f3d02b
SHA1 7ba6ba7f177c7ecf078ddc5ea84db9506a19e22d
SHA256 963c3d4c452e7f984455061835387a413a29a3033b209fede12fb13f021838d1
SHA512 957cf0a2f78e8f72f05d734f8b72ee5e24d47700f4b622193e1f6e7b2d0f294f31c392527b6a0041ef08930a70ddac00ec7751441cc2d9bdd132e89c597adf29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b5f00456d46e5661d78b058952ee839d
SHA1 93eba605fe307b66f690db1ef62d9a784a197c33
SHA256 67ea81aeac27faa6cedcae871a628e19fae5de5b969091e78748106332b623d3
SHA512 95337df93d11f364c7cbe70b6cfce41f9b35a6d22ad5add8e2361b99e45e536302a52274933e22ac2d49c324fdf6b34e7107042c5e598900779f9b0ea6256482

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 90d6203f36aa87d51499967df19ede70
SHA1 308f2be6453e94750a7e0a51063173a759546a14
SHA256 6da2f4f699d4e046a9dd8d68bf1897fa172ed35145a6e895f6a12e3b91fadaaf
SHA512 8f709b433919e83481045a6fba178bcc6456eaddc3af8dc4cf6543eadb9f9b161e8b7bda1de8e38924b42cf61bcf72ca12ea1a2361b06006bb7b6c5fdddba715

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23