Malware Analysis Report

2025-04-14 02:59

Sample ID 240613-e94emayall
Target a3d8b3fddd82d04cf1d4ca0549303326_JaffaCakes118
SHA256 cb5e02a7dacd0f8cf661c59dbb11a44ae031728bd7f37f649213bc8300dc4bb7
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

cb5e02a7dacd0f8cf661c59dbb11a44ae031728bd7f37f649213bc8300dc4bb7

Threat Level: No (potentially) malicious behavior was detected

The file a3d8b3fddd82d04cf1d4ca0549303326_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 04:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 04:39

Reported

2024-06-13 04:41

Platform

win7-20240221-en

Max time kernel

129s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3d8b3fddd82d04cf1d4ca0549303326_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0f938bf4bbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E68769C1-293E-11EF-87AA-FA8378BF1C4A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000025731340c2dad44b82606f975799ba3100000000020000000000106600000001000020000000b8c301707af03e6dadb841be468df93d97a1a80b081573167ee271fa7e3b7e95000000000e800000000200002000000067acccbe73977c2979b4cca19a68984814f428f0c21e6d7bf6cfc812c9ccc34a2000000087dbc9192704dbbbb1ffeed057b1531d74b50de9584a0f2eb27c592176e61f04400000000b7c3b9d6c369955442e352aa1db1643287eb758060889d3a2a8e5b11b9da633fa890b9fe3e23ea1fac2bdead58782362195ce57b58a34ba5999e8c73c169b80 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000025731340c2dad44b82606f975799ba310000000002000000000010660000000100002000000093f5e6cf760751169f320e81a396bc99494f7fa73fe9b0e669e4cf4f24c5cf3f000000000e80000000020000200000007682bd83adda7fcbe36a30d1d26940266d59aa495d7593d22a7d52032fb88c2f9000000030e0193ee11344134a0f738dedc979878b17720a8177e15192bc0d2335755187817168fc8f7dbff67a2fafd3aa2f044f8037ac8807138cbdaf76b904e5a562595a4343a5c7b3618964709896210fa0338f37a93671404afeaba508be136e36d4a4e16a15050f6b995247606857d974e23d11101d860643a7f28aae88045ca494dfc5805af7edb33e6eca3d02e8465ee04000000048a28ccbbd7719647e7db738c59039cf1ccbb0632152efcc6ff60797ea813a0b01c2fd08194b434bac1520a136787109b2c54f9263c92f0703907c229349007b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424415428" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3d8b3fddd82d04cf1d4ca0549303326_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 static.graddit.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 farm4.staticflickr.com udp
US 8.8.8.8:53 assets.pinterest.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 18.245.197.67:80 farm4.staticflickr.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 18.245.197.67:80 farm4.staticflickr.com tcp
US 165.227.71.229:80 static.graddit.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 216.58.204.74:443 ajax.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 165.227.71.229:80 static.graddit.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
US 151.101.194.137:80 code.jquery.com tcp
US 151.101.194.137:80 code.jquery.com tcp
GB 216.58.204.74:443 ajax.googleapis.com tcp
BE 104.90.24.194:80 assets.pinterest.com tcp
BE 104.90.24.194:80 assets.pinterest.com tcp
US 18.245.197.67:443 farm4.staticflickr.com tcp
US 18.245.197.67:443 farm4.staticflickr.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 connect.facebook.net udp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 163.70.151.21:80 connect.facebook.net tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 www.cebr.info udp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
BE 104.90.24.194:443 assets.pinterest.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
BE 104.90.24.194:443 assets.pinterest.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
BE 104.90.24.194:443 assets.pinterest.com tcp
US 8.8.8.8:53 www.microsoft.com udp
BE 104.90.24.194:443 assets.pinterest.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
BE 104.90.24.194:443 assets.pinterest.com tcp
GB 216.58.201.110:443 developers.google.com tcp
BE 104.90.24.194:443 assets.pinterest.com tcp
BE 104.90.24.194:443 assets.pinterest.com tcp
GB 216.58.201.110:443 developers.google.com tcp
BE 104.90.24.194:443 assets.pinterest.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f26e8956f86ca8d9b6a6c48a27abed6a
SHA1 e69a394403f9533365ba5976450106e519e5d862
SHA256 782de275e52cbd5bef599444d3520e5d9902426ee888362d31e4e6c2f624847a
SHA512 c6c5b6e40df382a8bf48a632927bef52d9417c1d33b1dc8a7e98f3cc14cd8e60a0db48ff4c4d00c2653a7f192c2b8ba59055d8cc6e1f6a5a54f03515f32bd338

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d3049f1a4b143f13261e38abab901109
SHA1 1810917619ef7b98f40697c12f35a75575665f8f
SHA256 69df6863aa24aedecf107a7e2e0353d592c52a5905cc2833d824c2298733e9d6
SHA512 6af844057e960d6f4165f297891b676492281fc4abdd7346a220b1972124fabe2a9e0f7b3825c9f67c1ed885262cf6fb994c4dcd607c1981005291a240b6e958

C:\Users\Admin\AppData\Local\Temp\Cab20DB.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 9051fbb71b45eef9f66b010f8dac5313
SHA1 8b3078c22ffcaf69050a34bf4af99d2448accabe
SHA256 f36498897103d0dc7ac29db1054086d87cdf36df13ff5d9c9dc89e58c657109e
SHA512 8e5f96e61091ad99b22363bf6093048a9ca7aa8dd8ae234af7df1498ec87b189345777d239b9b288078d2a1bb0879724b43aa3a9bd4a7ad033a17d9f05f00aee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 402e177b3378ceab2c0523d11ffcf41a
SHA1 da6d300ad454a53d31c2e67e8d5c079367dbbdbd
SHA256 2d777b1ad0474dc2496a108266b6c63e11d0d98aa44400595a0687ad404dfd5d
SHA512 ebd6fa671562beee3514642430ae4a3328324ba721834dc4c7cf7ef4a09ba3df7c7f1852298ac38f09e0475deb609b3c5be62295ca37091d15188169f2f6e99e

C:\Users\Admin\AppData\Local\Temp\Tar213D.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87b8aaec2f4c6a64b10a03964df7e6ed
SHA1 3cb775c9cd0f59248c5de9f85d18f03dac42c769
SHA256 8836225cf5129983a4871e4818c067b9ebbd50d952448c8becba1205d1fc1775
SHA512 831b426c6bf0f8cedd33411b69ae9b2899efdfb17e3a79517344d876736582306062dc58d99ad3270a04a2091b6dc454ee1eec9366c0412749d6c4ba4b5b543e

C:\Users\Admin\AppData\Local\Temp\Cab21C0.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar21E4.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07b126cff3035a07bd9a63957f52ae9d
SHA1 5b07378b792a5436e3795aefba5a7d65464bc048
SHA256 e0bdb26fb6f5a8f244d1286984e5a1aab89d8781bd2aaa44c68becdc747e7f68
SHA512 b683ceb12b268c2b5dc6c23c7425f4ddebb347f6c17c0c1ca85a10fbffc5c9fbf2cde5afadc3ec92aa6a71c0b4adb03424319c434613df1cc554ed76f0be577f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95d0994381291240d2fab0544b3ac774
SHA1 dca39753b387ccd1a5db8bb2b36093ef0f6a90ed
SHA256 bf8ede12f95876e91f716259ec912e4813d49437ad3bc60257287e3f42665587
SHA512 7fd5fc7a941460d8e6a4a1c9a0a4eabf93a6e0b955fd24f462a428a1b1195f26bc472bb9c57b4fd5c1dd2bf19f56e8f974d2a4c6a30afa4ab9def1a144aeb7f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 a9845bcd7d838b22a50431370f7419a3
SHA1 882cb6b1a9cc39086f35c9a38661980b59f839bf
SHA256 ccb502e134048ca4ec9e7d07c2296eb1ad12e25ed8e2c43b4d468d15f1a8d6c1
SHA512 c697ac7ea2e9674a0c2d1cfa40b52e6defa392e4eeb5c5efe6a9d5faedf60d798ce3e74a9447bc18a213e7307ce54d6fa29c9dbcd7589abee411844f56ebd2e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 331701b5f75b140fb4080bc7cd8218d3
SHA1 53f9e0bfc9a185736b5e110ad52e83da7c722a43
SHA256 bca3b7004600054290ad3e29c90d506b27fffd00fc4274d7118ebcc580c613b2
SHA512 0417e7184ce8ce60cb3d489318f7a1c785a65517f5d705a4c7cafbe21642172f6d08e308ec9e774189ef2265319e75d6a0466bc0d9634a996cbab49f67ad0d0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac7d66949570fcd4285be282f3e5e9ea
SHA1 aa889acdd8f3456c346aac41e3be54e4932b4742
SHA256 4e7b8b6b073263531c746cea8708f74978dc70bd7f941c828f56dc857641a0ff
SHA512 82997aa925dbbccc939e9c9fade8e1b8345d6d004b6dc00275fa3d59300209fcd27be307d79d876938545fe064dcbb95dc77b9e5a04ce5289e3e5eedee414a21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4513ab61f459b0faeb18447369b100b8
SHA1 e99237f6c612b07a75f3ce7b63df9deeb708f3a5
SHA256 91d42d12ce5fe0fe1ed6421701874fe5ca8520630995343ef60c4a0478d5866c
SHA512 8ca3a84cea9d5a89e18880855371474345f973ca3d872129f1daf35dea5c43af05347b03c57adb8d8a32e6ae6406b906edaae42355427e7ef5cc07db067f172b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\cb=gapi[3].js

MD5 0fe383a7ddb9bbaefc3105b3297f5583
SHA1 f80c9d789f251909c7560bd91a9e1b9a10c26362
SHA256 d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683
SHA512 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4c57bea85ef94e5baeaf84df97e7953
SHA1 de9ecc746dcd69d440ab363d0eeeec958bdb1a9d
SHA256 6a6af9d86e7d9c3c4cc40e71e12c3892ce1a02376f13cc40cfc734d84a88ad7f
SHA512 9a63947636fc31daa0dfc4fbfb797acec6ccf9ba633cc1b6fd09eeed4275ad2c3c6a5a005bdb53980327b97913479bb77ec4711987e06ed8c4ca267d955b2695

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee3c7e383d66b95c9846b147ed5b2c3d
SHA1 009d871e1f4606e1c2a1afd2d01f7ddaed0ea332
SHA256 2d872fba29ed984ccca49b433f59db00c8327de03d442823e3d6e38c4d460fae
SHA512 468f289313240064673a917f9b0f8ac69c59da366ee5ad1fea4abe16a28b402707908346dc85ef74912f3e8678e52b79ad823a287fb4eca1737d559c52ad20f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0583b363c1dd81b6f55ff079d8122a32
SHA1 b6a97cf45cf1779b8f95b03e53016ecb36f0d48f
SHA256 12ddec0a865bfdd02c98735d683d30d858e56bfec7ec6972939b6e217ea68c66
SHA512 2c29158ac187d5b42696d5c787ee0155c6ddde3cabaafe54cc5b1e89276e6dab4ecae78bdee5dfa4ec5ef4b5920aecd0313db43943cac1eb48f69ce3f733d58e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11da37cf30ccec0ac817a9171828b724
SHA1 001133a0aac475cc7b9736afbdc944a74d95b55a
SHA256 8cb84d7c3c902c9008422c7e9edb622d504c430cd23ee9b4b6dc39b0824e32ce
SHA512 91a5f07689c33f9a5fbc245732e508ccc67bbe0916cde5e7764a914c4f016ec2ec0d667f3bc58210be552b6b1e1c23333e24245db27d851f8169f275418fa5d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c774536260ece52fa31f0b8a7b6c6b9b
SHA1 85c430bd5ab5dff666dd99bbd02a82e51e446603
SHA256 f98ee72042c50540d591886144cc5643d32db2a53b9dac5f7340af098028c8f2
SHA512 c8cb2edf2e4f08b751a6f196c8ad4faaa776385cc3a49c26ac7c12340aa445ae1489e94ac10fe1ec59af237c07a5df2e80cb1089d8eaf8881b9c7d66e0bd0a63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7b7523483a0e550d1b0510981d2b077
SHA1 0f4d954f6c133434bee509ed6cbffc870b606204
SHA256 6a4065382f3971edd68ffd721da709747a77106345f520cc9523d82004b6efe0
SHA512 d50a95c4b6bfd6e4d9d7a0995703b24eb1c433eb9b82800504aa44d691c0d58ce176b91bd92b5d2bb245e14d7b08ce2ff28901c2bc2df5519e510130b21bfddd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5cd4aed975a49188097eba036c6ea7e
SHA1 b362b722f5835b08ad0c1417a007411a8e10cf2d
SHA256 4eaaab9a7c02631b9021298e00d51cff449d45d393735de7fe6da51e1e8a5abe
SHA512 f21b51ca728d079f3b63203f93942a1936177412fbecb5b13ae04f15650d32707a3197e559e2d08afcd4382c6fd88fbe25e10bc8333f94de1ddc4237b61fb862

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2d70a40cfc2df0916c08068ae385172
SHA1 c5e33ef52ce922755f5d09fc00899854f5d45c2d
SHA256 fdc57bc12c8261b05795cf6ca4e8085932ad295376913cb2aa4d827fa7e7a99f
SHA512 cbf2d1a3ce93b963ca020120f3ad8cab267df2f2fe8854bdac660a7eef75b09aba780e08eb5c76a2e112bb4f6550a7fabc3514f19d1d276bebd79640d5042703

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\3498667442_ec2183a0ab[1].htm

MD5 f5d40b7259645010f9a248858ad14178
SHA1 b3051d17a6ec8c9e166bf09a62b48261ab86957b
SHA256 7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
SHA512 1e82bc2d067f726670b3e6054d73e57868f6e7c50eb979696bf927daeef699f2d8f8de201e8252b86b0e9f86dc69e5037fc9fa08ef6c271b033f29d4f0f4c1aa

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\css[1].css

MD5 3187b9d4ff2216aa2bd4bae3619088d8
SHA1 ae776868e2c0027c4527022724f5d59b05da6c66
SHA256 a183f0787e54c8fec34bc4fd2a3c41f10c5f45a8f3510cdf6316bdb3e5215034
SHA512 c2eb02ce0a2a40f1c61621dc6b42e7ad7659e829c3a8f12b7bee2f463c31e868d59c6a0e01c30e864080caaec77098efc47b331863f1193bd637c88cfe8c7d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\css[3].css

MD5 cb39a89917eec0f680f2d31bc9fda9ff
SHA1 c8574e4f5a6be55eaa110fa16c01b4695441628f
SHA256 63b9e7deee11b4ff0dc967aa0c0cdf89b0c9b3094118d1102f7507556e63a08e
SHA512 dc4442a2ff2626988a48e549da8b151d6cec94c813a4b0f6030536f8afde0846b89a49bdad6330649b07c5efe7926544e90f94f7db0bb3b42ecdbb7bff738953

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\3957297643-widget_css_bundle[1].css

MD5 aaf43a01c7c5882cff81d32aca0c73b2
SHA1 72ef4599ecf450c0c3309670f44b927203fc0a14
SHA256 f328796eb94f865db398266520986fb34cacd1a47258442affc00141e279fd22
SHA512 0b1eabb32b3b43dfcc95138270383e0dbf04968f3cff8126a92c365c2ebf80c1a88f091e1c190fa76fd5057b7b87d0986606d2a6cde96c33c2abca3813532b35

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\jquery-1.8.3[1].js

MD5 2073df88a429ccbe5dca5e2c40e742b4
SHA1 2c79a63d20c490446752bced27e6223b41870617
SHA256 756d7dfac4a35bb57543f677283d6c682e8d704e5350884b27325badd2b3c4a7
SHA512 1bbe23d89554ee460aee510cd7bf96234b20c563c62286fc496f7767f600f80d1535c91e64328783241b913daeab9f42062feffe013b6d76cb764a62e5067d15

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\jquery.easing[1].htm

MD5 e89f75f918dbdcee28604d4e09dd71d7
SHA1 f9d9055e9878723a12063b47d4a1a5f58c3eb1e9
SHA256 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023
SHA512 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\jquery-2.1.1[1].js

MD5 7403060950f4a13be3b3dfde0490ee05
SHA1 8d55aabf2b76486cc311fdc553a3613cad46aa3f
SHA256 140ff438eaaede046f1ceba27579d16dc980595709391873fa9bf74d7dbe53ac
SHA512 ee8d83b5a07a12e0308ceca7f3abf84041d014d0572748ec967e64af79af6f123b6c2335cf5a68b5551cc28042b7828d010870ed54a69c80e9e843a1c4d233cf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\pinit[1].js

MD5 9e724ccab52ce087d92250b1e06ef0ee
SHA1 8000043a1fb8735345f8b27c65b85331099aed8d
SHA256 3faadebc89cdb21d11634a032816f152462d1cb8903eb21d0642501fcad065de
SHA512 ff880120b2087757cf3d0d0333b7a83240d35fe9af7420477f9bc9684ade59f6e3c94bca0f608a12c594282143a2ccf50b33be20b70aa8c1aa818dd499050473

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\jquery.min[1].js

MD5 a1a8cb16a060f6280a767187fd22e037
SHA1 7622c9ac2335be6dcd3ab8b47132e94089cef931
SHA256 d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
SHA512 252476e9f94a6db579e14cdf1197555e856e6b80dbcd78c46b9345ce6605a1cd69da0dab2a4c475b51d2103404d2c61acd18490e005d625eca06afe4d75c8a6c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\plusone[1].js

MD5 53e032294d7b74dc7c3e47b03a045d1a
SHA1 f462da8a8f40b78d570a665668ba8d1a834960c2
SHA256 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2
SHA512 fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiYw[1].woff

MD5 57a8f14ba2567b39ba4013db835af389
SHA1 101b638945cbb93990c70eac567cbc060c573cc1
SHA256 7210e1fc5e0b71011f6d821fce7aa459b4c2452af3fc4dc0f493abda10fd13a2
SHA512 57ab3b386ad8487341a9767c099dd209523fc4b571efa74cdff4b8ea85a7c452da90e8f10406f17dab5f74dc64750a6cc0dbcea830169ffac37458a7abbab8a8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\BngRUXNadjH0qYEzV7ab-oWlsbCGwRs[1].woff

MD5 eed6edd3682ea4dad7d42e43648b490a
SHA1 3c16df451896fe5f0263d27bb1e44cffbd86ee41
SHA256 fd3b97c19b90a1981c6851327e8289243e44383a4fdd8e45353214867eb5b5e4
SHA512 79e44f268beca9e61506e12fdd1733c6e822e90020e1118a0fa325bf09682a7b41dd9d17533e41c85014e63fcbe8c65225224a6fc63495617e0b14d639c1b973

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\all[2].js

MD5 7c0d2376cf140a69f3d06464b10c0d1c
SHA1 8e97ae5934cfabd63dbb65f4932f3044c93ec801
SHA256 fb8bdbee9423d63602c2088cfa6ac673965c23da5000120aae51783e169368d3
SHA512 605b34e32e49743d37d4fef59cbb18cc5ca320e10cd9777ec6ed7d33cc8cc16c1f6607b088f68dee91a9c5f5c47043c2e521130c0518301cc9a8daee440f03ae

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\cb=gapi[2].js

MD5 59e7715983f1a5c4cdde2c76b015e21e
SHA1 0c9035da67e550e458c053e562f3781e0520e182
SHA256 85454302a9280ba5160a95772914c07adda5b464d74a354f13540f9ad5127aec
SHA512 449d9ea80695a0c96d501b7d5a98328eabca18576770572b472fac7553723bcc4d55561f980f6bd4abb7d173a8d5525ea1abce92fd794c92ae36edd2aa12e522

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\all[1].js

MD5 0d643ee748b867ba9fc2298fab661637
SHA1 b4d7387596f2ee060dc54eb59c2dba1aa2a0b2f5
SHA256 a7aaf820b92e56fdcf2b9e6f60901c38f1d2fcf0fdaa1eb832490564d9a45c30
SHA512 e29f2e16e13f89a7ae0ce4914a802fd8228935baad26552d103beef0d6bb67d797947be3dcec4d3ee4076dcddde32506060cc7befa8ad667f1ef424ad0d2cc39

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\rpc_shindig_random[1].js

MD5 6a90a8e611705b6e5953757cc549ce8c
SHA1 3e7416db7afe4cfdf3980daba308df560b4bede6
SHA256 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679
SHA512 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bb9a6d183b1acd281b7535a79ec95c4
SHA1 df4e23f92409f62239bb93e28e8ddd0995ad38af
SHA256 b6d19a5dd570164ba61b4fdd338921c3b8b765fe4de1d14b933cab96278f7978
SHA512 c8cdc96edb776725bf158fc45cfb19c6a855213a1f99f59c7ffc1574ddeb993008e68fca30a8e4d294fecf4bcb1a55d430ba3d7dcaba75597dfa59ec4f96c19d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 c63f700c8821268f69e5c037f31a79e5
SHA1 bc755ca6edfe41afc4b2fb129a46eed56d93084b
SHA256 8e41ceaa3f5bc405d597e4f1c117496ad11297602281107d79237beb84d38960
SHA512 e83c95537a6f426813a5e576e4ba0a893f1823548fe43f995f4f8c2a4914e7263c5c35fca0802dfa0082737ef070c26dfea7acb918419f71902a917be2c57968

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\errorPageStrings[1]

MD5 e3e4a98353f119b80b323302f26b78fa
SHA1 20ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA256 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512 d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\httpErrorPagesScripts[1]

MD5 3f57b781cb3ef114dd0b665151571b7b
SHA1 ce6a63f996df3a1cccb81720e21204b825e0238c
SHA256 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
SHA512 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2a30413ac503a13c01278c036411328
SHA1 4e1c3cb5fd33bba9052d3d803f850b76716ab441
SHA256 f8e3f9205f656f7a445a1567998b4d419e76c227ed4060ee4f7a1354a0d65153
SHA512 a7b6d7cb383eb723dca1f759fd2d1c80f8685cb3ce9262d3048ca330a36f16d0376ebead3e62a8423bec664df5285b6248e17ae3bf54c3fc2975cb2a244ff3ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5552cd526ea81a0d927da55ac1d4ff76
SHA1 1d85866af7d8716700603ba4227674b3a8ff05f5
SHA256 902fd38ecf2f7a4af59341e4dd890c69a274a7bf5842896f357e9e095decfca8
SHA512 627522140234765b3b2eb745e317bf9ab46b6cca6208c6ef81fc942538ebc216065d37b430d760d949a5c8002fe7cd5f2c152a04eb1d853a41498fda77bcc416

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f624629ff9d386941127105dbd006335
SHA1 6fd621e1cc829abae6c0af4ccfd0876b36beed44
SHA256 5b0f425744fe006827a245787c3f77cff9ddc47b29cd15cd19838df19acbbb60
SHA512 00db3e75b177d54cad480fe1b5a01112aec9359cbc70eed1c9fd2ec35d3babcae50b7700b55e411dde2f1336c85552d6a898703a6439b02cbf8fc5ac996585b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e136edd7892c7ce0abb5ed56b5dc1936
SHA1 a480a6e0c70924d67a1519224ca05be31570b02a
SHA256 e19e9e3907cfef4be61d1c5578410a8a496f10cf6dabaf1aa2ec2e6e9eb48432
SHA512 f70fcc9ac1785c3806651abdb3d1267cec1b1ba99675bbe39c95cf61f6032c73ee87c84aec9d6c860c9de718712ee856b81ad602a866e809858d107f2c78c909

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2295afbdf7dd2ca7e7011f1ac24af4c0
SHA1 99304ba32ba3a15af4e06898753dc3f0eaa801ba
SHA256 c0051d849cca67e7896e4417175908fba8f3324f5423a33f7c4105e959d6f3d0
SHA512 170bf7947cda5848f3deab89de9b76d520c1345d4ae99244847736fb54f1570f1dc4314e67fc89480d467ffbbd64c02c8788e2fff49ae6d2fc696193988c3522

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c730f561ccc4ea35f37879752ecdf23
SHA1 57a85b40c5ca00e8a2fd1cefad0bef29a52d4c11
SHA256 3fd4c4f37d785d13522d6e48bcb52f50c981e3c8cd3f6855e443501daae76f22
SHA512 60dce75383405cf4c57fc4b59fbd6f3ba3afdf836c0fe1cee16b92eeea98ef82c801f687b4635b4e04207460873eeb5e815a54aa15623897420eb8b24cdcab5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8880778706fd4b48370e46f2fa865dfc
SHA1 51694537e8c9af024f5cc6133dcea0baf4124e08
SHA256 c49c507b882e220c443b58eca1699fa8ac31a92bc4df9622f3f81011dcd9c8ec
SHA512 53188958de20e4fc82492e7144bdf0272400c10b16dd8c9d3e3b62abdad5bf319dbc9b04f1aee07bfdbcd5a7cd2cdeeba59571479249d21bcdc9fb6ceaef5282

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 cb65042f3551d644c2e04cd272121c34
SHA1 d0ad7d981bfe4e0f6e22fd0d605191b625b1a9da
SHA256 e94e668f867d5908c65d124a5684080e9a985c4f68206374a5370187c780eec0
SHA512 57e5db022657eb0e1837232d1b24a0d66dae23161c6056094543df33af18a8157a0256d7fecaab3c61b61c93c941729fc032adb84cb53d4ba8e17c8ca851081c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c7c9874b260434d13add4a145b79abe
SHA1 03ee28b53c3b748a13e282ef0384dbcccf27b875
SHA256 8a0a741cc6a539717861ab54a6b3fbfe651e20cee4b255f374e842844b07eaf6
SHA512 59591d336e96c5268b83582e9cffde2873d385b0294b3035b00ed6d22dff9505baf343cd4e60cf14b497b0275f59d1ca975132c18eac2a365f4dfd81687841e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9bd0450be370f1f039a1fab16fe0be4
SHA1 1219dcf6402442d3bb23bb73612da240c488f6bb
SHA256 8754c14ec143eb86e820df5282288009413a84fd60902b2eedeaf609b1fec73b
SHA512 d9a215b707e0aafad3af191d386d8b218db32a74b7863793756a1a302e7056bbd64b08af9f372b769574424af6fddfcc036f2da6ca98e57d8e6cb71790348a9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c64d087c572697562379fb16c77f91ee
SHA1 f8fdc63d526c441d10ad71b28a41b1abdd5c0800
SHA256 f3410e90e62014ffa18933ea0f86777544912062f3c54de748f0eb18f6e9a7f9
SHA512 2e1369aa8458e646faabc46bf40e36c36740a27416a687af0c7983470f24debc972bf4fbd795e5c6c26af3c3f260329ded18423627e60d2116c8bf9f07ae45b8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\fastbutton[1].htm

MD5 4df07581948280a6e769a24c5d99d775
SHA1 843a2c95362347eb8894a6acb607f139be65ded4
SHA256 3561b93a48d81fac116ccd6e60163bd382abb1d594c81240f5718feb1f197f73
SHA512 bfe455150379d9ec4303659ac16a5082e093ed248fa9d75276bda05287d8bd51c43aab5896826ca55ffee88dce281df359fed6d38395ac3e7cdb7b68c2d35e4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cde2818c9ec9ff993dae6974f84d31bc
SHA1 24cde08688b395603ba5e4ac0a1536e0e16ef3a9
SHA256 b0cb03e18530d59685435878d0604995c2e9af49a68256d4fe405f7633956fd8
SHA512 ab8a75c3d27eac315d6f1a4dbff021f4a2f27117d21c54a91ad7383f4f761a8021a89f2da83ed37f98799f2b9e5e9781685403a3df27f540b2ad6e2eba8fee52

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\J2H4P07V.htm

MD5 9dd5388b011d54a6b875eabbb09a0434
SHA1 e72fa02d1120f61b8c94f4e68fd9c0707b3e560e
SHA256 1c8a9274ddb587ce28b0a084c7c1798aab2cee71b7b819e3e260aacee2f0103b
SHA512 5ade6890a92f976d4a2b986314af813772cbc4da443c64016c8f31c657ef867eec4c9500e5b0bdc87560ad33ef633ccd43f633400666e0f1a045186416e7a79b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\dnserrordiagoff[1]

MD5 47f581b112d58eda23ea8b2e08cf0ff0
SHA1 6ec1df5eaec1439573aef0fb96dabfc953305e5b
SHA256 b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928
SHA512 187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 04:39

Reported

2024-06-13 04:41

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

134s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3d8b3fddd82d04cf1d4ca0549303326_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3544 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3544 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3d8b3fddd82d04cf1d4ca0549303326_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa94c146f8,0x7ffa94c14708,0x7ffa94c14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,921070192757175730,9350960944181040531,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,921070192757175730,9350960944181040531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,921070192757175730,9350960944181040531,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,921070192757175730,9350960944181040531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,921070192757175730,9350960944181040531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,921070192757175730,9350960944181040531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,921070192757175730,9350960944181040531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,921070192757175730,9350960944181040531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,921070192757175730,9350960944181040531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,921070192757175730,9350960944181040531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,921070192757175730,9350960944181040531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,921070192757175730,9350960944181040531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,921070192757175730,9350960944181040531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,921070192757175730,9350960944181040531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,921070192757175730,9350960944181040531,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5384 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 static.graddit.com udp
US 8.8.8.8:53 assets.pinterest.com udp
US 8.8.8.8:53 www.blogger.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 assets.pinterest.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 farm4.staticflickr.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 assets.pinterest.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 static.graddit.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 assets.pinterest.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 static.graddit.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 www.blogger.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_3544_DRMNCIENCQXOCKIW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ec7bd89eeb19c1a275071a27b9bbde36
SHA1 6b9913b6b9f3e95dff78ddc70f9412497d28c3ca
SHA256 bca84753b0e33c13813d87c89ff882ce8936213662a87cdf00fe4e8667de88f6
SHA512 dd0391cb5fda72cc2c1b58ee8990bc109915f3481e2c5a4df84fdf5ddf2956e3950a5d8e13f37bf419178a5490d93e8457033aeaa33ef7ac76ac0595325c2277

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4eda7469b504ff8848222048a7976b77
SHA1 5a4e59059634fd2d26976366668cc6d4bf7c21e4
SHA256 36e6a597a4e152ecec39a35e6c7d6b0778f259fba3171105b779f9ee71a7a187
SHA512 69ff3311d93dd53ff373deb07d1c56f727cec86e8e0ffb9b6c478fb6ac57cc335234c98881d18fb98aaed99091766075ba988dba85ac3b4f6f29d767e50cee11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 02511fe7c40341a9fcfaa2af5fa1cbf1
SHA1 6df19265a1c9dec12bad83b9227f33296964c17a
SHA256 0cb9580dd94d1c5bc7c58e357283d3efe42c437fc2ddb9c69faf661f759bb812
SHA512 033e621557bbbf55a4e8ad7e1091a85e5bccaee6ddb016cbc567c555efe084c09c6a0dd242d3522cac28e779c6a4111d52c389c9ca8ea4ac74ce8ccda6b68ed6