Malware Analysis Report

2025-01-18 00:21

Sample ID 240613-lnyqksxcqk
Target a4e6040b1f00243748ab94e16c2c3bee_JaffaCakes118
SHA256 5247275ddfafdfe0a61539aee9759f8e765d57d9bb2f70153ff2ac0f48d3073b
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

5247275ddfafdfe0a61539aee9759f8e765d57d9bb2f70153ff2ac0f48d3073b

Threat Level: No (potentially) malicious behavior was detected

The file a4e6040b1f00243748ab94e16c2c3bee_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:41

Reported

2024-06-13 09:43

Platform

win7-20240221-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e6040b1f00243748ab94e16c2c3bee_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{19DE2321-2969-11EF-878B-CAFA5A0A62FD} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000193b18369cd88d45bb7d640ac91f292c000000000200000000001066000000010000200000008ae51fc59d818843aa334380a2f4135b204b30397f22cc13703f2cca7737127b000000000e800000000200002000000003e26243d510139216f08a041e15525126a9a39c15b7d99bf9e57fdf34e173a820000000d7f8a50443e16f85e83898515e9004e2874dea4f089b9d99aca2a79305285b5a40000000f91232586aaa825a5cc88032f037196abeced82359ab786dc7177905c0e60710d17aa94d925a6b18c58db2a56a01e7075cf8453b4717ea6c719fb8f299f6ff98 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0221df275bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433553" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000193b18369cd88d45bb7d640ac91f292c00000000020000000000106600000001000020000000a3aef7492e5e32cbb8e2db42ab3289fdc0b7009883211653f9d35b4428421ef5000000000e800000000200002000000037b92407b0749ad13d9e5ecad0ef3f4afa3a6f1eb0ac4f146de7b843dda91be5900000001f1b07da80a576c8e1cfea685da56af6f24ac7659045046bc7bf85442e54d3fe80be2df6ff5735ca040c3a9312cb4edd299eaf6cb83596b80d83a6994d9858618b1221ca548412a58b0871dba54f46e4c3aafa32a482d62e84141e706f574134aa1882d7c1de3db5aee3f4970dabb2ba1fae17c44d2c8ce7ac261b711002500bd484d09cb4af8a3ab51bd9ef3a2646ff4000000067b51fcccdba27801624e8fc21b906ad52a35bd1bcddb5d454ad1d841388b688c7678a6d338d50e46b85c87e87cf5de0719d11b7d0d3b5a6f7dc7be3f7dca4b8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e6040b1f00243748ab94e16c2c3bee_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1948 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 donfreeporn.com udp
US 8.8.8.8:53 e5a87pq.com udp
US 8.8.8.8:53 i0.wp.com udp
US 8.8.8.8:53 i2.wp.com udp
US 8.8.8.8:53 i1.wp.com udp
US 8.8.8.8:53 ads.exoclick.com udp
US 8.8.8.8:53 s0.wp.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 stats.wp.com udp
US 192.0.77.2:443 i1.wp.com tcp
US 192.0.77.2:443 i1.wp.com tcp
US 192.0.77.2:443 i1.wp.com tcp
US 192.0.76.3:443 stats.wp.com tcp
US 192.0.77.2:443 i1.wp.com tcp
US 192.0.77.32:443 s0.wp.com tcp
US 192.0.77.2:443 i1.wp.com tcp
US 192.0.77.2:443 i1.wp.com tcp
US 192.0.76.3:443 stats.wp.com tcp
US 192.0.77.2:443 i1.wp.com tcp
US 192.0.77.2:443 i1.wp.com tcp
US 192.0.77.2:443 i1.wp.com tcp
US 192.0.77.2:443 i1.wp.com tcp
US 192.0.77.32:443 s0.wp.com tcp
US 192.0.77.2:443 i1.wp.com tcp
US 192.0.77.2:443 i1.wp.com tcp
US 192.0.77.2:443 i1.wp.com tcp
US 192.0.77.2:443 i1.wp.com tcp
BE 104.68.81.91:80 s7.addthis.com tcp
US 192.0.77.2:443 i1.wp.com tcp
GB 89.187.167.5:443 ads.exoclick.com tcp
US 192.0.77.2:443 i1.wp.com tcp
GB 89.187.167.5:443 ads.exoclick.com tcp
BE 104.68.81.91:80 s7.addthis.com tcp
US 3.130.253.23:80 donfreeporn.com tcp
US 3.130.253.23:80 donfreeporn.com tcp
US 3.130.253.23:80 donfreeporn.com tcp
US 3.130.253.23:80 donfreeporn.com tcp
US 3.130.253.23:80 donfreeporn.com tcp
US 3.130.253.23:80 donfreeporn.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 104.26.6.37:443 www.hugedomains.com tcp
US 104.26.6.37:443 www.hugedomains.com tcp
US 104.26.6.37:443 www.hugedomains.com tcp
US 104.26.6.37:443 www.hugedomains.com tcp
US 104.26.6.37:443 www.hugedomains.com tcp
US 104.26.6.37:443 www.hugedomains.com tcp
US 192.0.77.2:443 i1.wp.com tcp
US 192.0.77.2:443 i1.wp.com tcp
US 192.0.77.2:443 i1.wp.com tcp
US 192.0.77.2:443 i1.wp.com tcp
US 104.26.6.37:443 www.hugedomains.com tcp
US 104.26.6.37:443 www.hugedomains.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 syndication.exoclick.com udp
GB 172.217.16.238:443 apis.google.com tcp
GB 172.217.16.238:443 apis.google.com tcp
NL 95.211.229.246:443 syndication.exoclick.com tcp
NL 95.211.229.246:443 syndication.exoclick.com tcp
NL 95.211.229.246:443 syndication.exoclick.com tcp
NL 95.211.229.246:443 syndication.exoclick.com tcp
US 8.8.8.8:53 gw.madcheddar.net udp
NL 46.166.186.6:443 gw.madcheddar.net tcp
NL 46.166.186.6:443 gw.madcheddar.net tcp
GB 172.217.16.238:443 apis.google.com tcp
US 8.8.8.8:53 s3t3d2y8.afcdn.net udp
US 8.8.8.8:53 developers.google.com udp
GB 195.181.164.16:443 s3t3d2y8.afcdn.net tcp
GB 195.181.164.16:443 s3t3d2y8.afcdn.net tcp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 cdn.go-static.info udp
GB 195.181.164.15:443 cdn.go-static.info tcp
GB 195.181.164.15:443 cdn.go-static.info tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 195.181.164.15:443 cdn.go-static.info tcp
GB 195.181.164.15:443 cdn.go-static.info tcp
GB 216.58.201.110:443 developers.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2B08.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar2B0B.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65c875b70ad193e792e85e1dace5279f
SHA1 56856e3cc42abd07214330ad0524d9004b67ef30
SHA256 637bdab4b962f8ecdec0beb3410724ad39a834463a8d03b54fd5ac201f0c5271
SHA512 12a59cd10c42d1c16cbc4fb8e22884ce2e0d29444d70cd68d0e004547a0043b414a00c7bc0fbab78ec4b2d05056ecce378cf6a810e509b1d71a43adafce28a69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0c13435c64e78404200fa997e128f2b
SHA1 c3fd467267f62e7063a76582662692f676bfe518
SHA256 106dc087196efce37985febe9c328df6f027dcb4193eb0c9f2f3a606fad8e8e7
SHA512 c731d8f2923534b696c6a88e94bc2719ef6d5d8b8d089c43a415a67318c674b3bf1a01e575bcb1608d336d0954962135529541421174c7bb280b2cb36538c5ae

C:\Users\Admin\AppData\Local\Temp\Cab2CD4.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2CE9.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82eafae8ae9a0fb7b5cb1597625f98d4
SHA1 badb7bd9679d1d288f492c8bc0307b94d7028498
SHA256 91fa88a6d15d220427b1ddb89901cbf250406b08ca4e70b77705041608ab5663
SHA512 b17a848bba81c0aba1baa369a3f0124674336c8740bb4fa5ed3f4990004517843df85cea633e9cddb206997ba6d8ade13c2a3089e1f21015d735636e9bec1122

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d83822d60236709101fcaf1eb5b1ce4e
SHA1 8664849485679c2c3c4a7e4ec635aaa159df2d75
SHA256 9444ad94cdaf77ee634ed911e513111696b2314271402986209af19afd7396e0
SHA512 9e0be1498d761c0115699d77836e2fc1b574fcee6fd6bab4c9827dac133e89ac3bcd92b39900c058280386e2c1385095cc52bcba4a59ebefd551ced98302393e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8dcf424c0893e37e0c3244394cc9f06c
SHA1 222aed293febe2fd97d74120dff4709888171094
SHA256 b2b5478694aa8e5c54ec6a6b518a021831d93d157101142373e6b9283a830fb9
SHA512 ff2dadf4a7a88a1216e29441054625a0496daedacbbf33c8c4b8ad0149360518750e74a1213048b8d5f1e42828aff9c7f1ef95894607689ae29c09d3a3bcdeef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2b1761c55c8e3ff49afa563ac21d6b0
SHA1 48d8803793361228767683a1344410cc8fad7e86
SHA256 501d05aa7b037424ab8989e36af8bcae5cf536be18697277cf01b94f1b465086
SHA512 12cd64e0bdc004b3d0f1ed6c10cb65c9ef3808d0bb7531469d7cc29ae2f9861c56ae47cf39cde124f9c370fe7d27612c4f0cabff26e28d0f372f3273e335f206

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f257e590b9f5c7d1054bbc8142180451
SHA1 520043907d019fac69f6fd4d6f10983d945d9d01
SHA256 a281f641c601712f83de32b089ee9c7af3886ffcc4b324433d4520efce95f4df
SHA512 a544ab5272ef457522ff146896268f803e416fa997b9f9fcb04287129f7a05e32f218e9eab187c7e2101cd7f0f943f5308f38b94d1d26f12995262338b499067

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 29c31bdac3d41d86293a5654bbf9fa65
SHA1 7a0d4859d623b9b0d4e3330c34837f19899e052d
SHA256 3f815d8ed4236c2b72b87bfcf8d0b03a0a4b84683efd749d5e2bdd7144a03ca3
SHA512 2bd4681d98f6dccb1f47e35a0a8fda7871ff661da3c1f399a9c13a1a2cff1b8f5f394d066bc891269141967069f2e29a22ca41b4d252385c0ad1ef5cdf3fcf2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af830acdc1125b37464f3383bc105a6a
SHA1 c9331ad3c405a2198334a8cf1eb35e65b77cf926
SHA256 ff0bbcede26401b0336eab2d12b03f0b1256e8334561d427a4b4915b0f7ec0dc
SHA512 c7bd257ac6f93aa978b96f1238a89470b54614361cd7f9fa3ad8bff8030c284acf07cac2eb83296948967d6eda29f8cee1956ebc8c9be1c4d3d8247ee40aa201

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 8202a1cd02e7d69597995cabbe881a12
SHA1 8858d9d934b7aa9330ee73de6c476acf19929ff6
SHA256 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5
SHA512 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e2bea4ce3bbf3c4bfe72999381a225a
SHA1 33902d49a7de29e353dabe7e8507fae3c02bf824
SHA256 5baddb2cb5739838202f23bc97d9be71b4fc85c9cf6f566ba52d7064cfad710a
SHA512 fdebabf424c8e3d8fccc58e489c0f137cbbfe19951f94646e10e81c8408e866f25ee09cba64ae87ae85b6e265f707ba9c7e77d6089eacde1649757fc3876a903

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f008fed0a9a07d47e6dc658b40f30bc
SHA1 b39cf04d11c2b6182c436c39afe6014730868802
SHA256 1dbff7904cdf0bb215e6bc246400358bc488d1416628b70f0d68fe55ada0a37c
SHA512 8193b214a47c1f3da9ee6ddbc2f5e9e16b99ebf9ab80266cb1aeb9b7a5d9b5b057bbed36ed1d8d639e747022badb94daf2867e9d86d7ab669fe1dd2a9cfa2d5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 280944fb90a195b6b03b9f25be15f1ff
SHA1 1f70a1ffd806492aa7c7d581cb93a790355f7c58
SHA256 c29985f7688a95711845266af707769e04b52c1982836e29e52eae10b4cae104
SHA512 1bb77c943568a9af11348018e95f8cee5f93e673ec9f5bd12d03b2b215f62d9fa3ef73b132aa76e7beba970503593fc609867705ade1021fe7cbdd85870707c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b1dc61ff9ca5c9c79f8714780de42c3
SHA1 6a56c4c11d4a82eba92ecfc450f32db62ac2a1f1
SHA256 4e6125ac9df9df017196196095af436ef98493c48a3f742f8b810cf7227fc614
SHA512 b2369b006066949c9adee550bcb97b06a64c8df3822cf542b18c3b1626e33c83165f6986c66f2b26bace03dc73ecb72648ed459ced7603ca2d8030df79e22c17

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\domain_profile[1].htm

MD5 7ce3a12eb2082a4487b855026107d6c2
SHA1 935fd38afdc50633b354f5b1cd914cc8b6182cbb
SHA256 f42ba61fbfa0c7662b45dd0ee155324d4cdefdfad4a817e7118b7cf596f8c193
SHA512 51afa84d92c86542e0d17d47d1593320b2cb5e01c34a0b4dece24cf34ae64b631d8057dc72adc4661311a1dde4f37c0aaf272a4255bcdf2f2e8167444ffd6a76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebceb2353ba3c7f4abf13fae94f18034
SHA1 b4ab15c5c93c7e7ccf55104d0d21491749fed302
SHA256 85c3fbd34609be2fc4b4acad90fc70f466ca19c8e9d1a4a88642b51ca3e0ba79
SHA512 673c7bd573dcf74f527f300745cb6c9807255f714f1f146bc3a2e862029d999626117f416442864269311e74d11759c991d9ac1b01da0e8c21829ba6d9e7e1cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 bb34347939c8fc0447c8ba01db2612c1
SHA1 953d9189268eb240d5dc56d90b9903fac8b7e771
SHA256 fb1b3ee40cc0bcdf6f448ef8a85b5f4a2393c227062c4b612dc34341df089dd2
SHA512 3d172b69345e351bdb1fc29dd32317749604a90bd6997c52deb0dec7ca0ee6bfdef023c528d670bd215032cf41d632c7a77b0157d4a2e3482c7723384d90ecee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 2c7ecdbbb063ea5981f2aabe7fcf9ac2
SHA1 5c92e25fa96ac7eb2d432563ce62be6a11dbd232
SHA256 a6420b0e8db153c246988af7382bb94364fe491631d88ca68f800e83750489c4
SHA512 8d7258ae557ce5f5fb98fa4da2f55036df3ebe308392f656a1bc21cf09f0d335ada0b44503fb523b16e8067bc7803f7e20e5e05bdfcc9b4ef970e763975b8c93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 c74e1800275ded5dcf6760cb01dfeee0
SHA1 d57b91182d346a2c7ea277de370bcd009229a1be
SHA256 5f6416a522252d099217777fe59c2d13356861ec630f8242d8cf6aac5db53270
SHA512 ad59ea4139977f7a8560cb4924572f4dac30a45738db187093cdb8cb46cfe4a7edbd9cf33042731b7746d6907668b174adbc7703a6a4f9b4cfbfed28d1a651d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 8dc4e9c0e450f2c7c2c0838a005073e6
SHA1 5b5a9de88f64fc367969427093ed3c65655e88a4
SHA256 b50c4525ebf920e69e0d732deb92fd29712cde1df1d075fa9030c8f39aa2db80
SHA512 9bdff76c546a0e02d4b460cb23ca90ab5c183a25574c73eddf6bec023d0c8c54d77704c3038222e6271703fc475f8ba9d0d31e1c852bf2ba570bbb50a747428b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 a807d08342abbf3a7ebfa73cc32f11b8
SHA1 ccee108520c924ad2625cef984bee2bb87a36639
SHA256 47454044d5ef3c80350ae6b599e1ab440135911d424037b93304b3f49cc56dc0
SHA512 85d49a4967b7da77d431b6c75262dad03cc40670efe746853a76496d483311e47f88951924b525645ddedc2f5483712cc2f6c6fc54145b54e825ed161249d5dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 5fbbd11da1447361d95430e07018c9c3
SHA1 23934454aa9c6076fe25696a8223c63ff258f496
SHA256 9018fa7df4d8c5ac5f77c69f1a33e696bbc91e2d44a64d3b81274c510242b2ff
SHA512 c3d1b0ed8493b07dbb496c8369c34011c9cd46c8020f9a693aa807baa5e375a09c0d633f14f05212d2e6ac7c4802e69bc13c186eb95086e0220a26a5523f4b7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 71bd250fbb95aef3fe0db26a70c7e721
SHA1 10a42b40d7360367073003efc7f95690e4f7092c
SHA256 0bdb5e73567e9c3c923c6ff190e128dd4457fe6ea6e6fa84e44f293e5d22f364
SHA512 f5bb68d4430f6ed8556c17a299bd50930572512c75db1703ab62e16b695bc872d7dcc77cd6fba6f99c47db3aae4a04b327066005f36ac040585c35bacd574926

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 7dfe075cc980605c6b5573880fcafb7c
SHA1 7d63ea78f36a6cff90c616425e085cac248f0f18
SHA256 243711f3d9da8283399084fdf9937c0c4ad37a295a9f007c686ab101d01c3ba7
SHA512 900e5af822ee120424d39f79f3d550f47f97765ce8e18efe7fe7d8a1d8fbdd138f5cf7d3a0444054b9e22a5db6088b08b640b9e30d9c7c8f6d3e0a63e725a49f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 b1070dec28650a560054da7f177b47df
SHA1 39cca2ec9a2b2cb86b46a435a0a3062a5dc47455
SHA256 e970a41e072ecd8f2f76f85b8e0357d564d5801805a2e0476668b229fca6d9b2
SHA512 cb59e25ffd05f20379954acd093b358e97a8ab667d9c47689625668e3452739474779f217aeece6eee05f29aadf65694233adbddf386a739161181308b0c8d85

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\ads[1].js

MD5 ce9eed9a9bf71574b9cf93a118b69711
SHA1 14ce82b1c88e00e08467ab92194a09a416054a99
SHA256 2e6c19708a1954656ad12fe7eec0af09c2111993549709c238ae4ebaea0990f5
SHA512 c270a6b2736d713c966e9d55c79cab0e77334bd46e3bfb961497069f229e3893d67186236f54b7a76cf415c08056e7525ca090ae53636f95312cfe3886a99545

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\22359ecc38fe646f5c7684de3230f4f63e1a171c[2].mp4

MD5 1b2739a59a00eb4a8c2af8f693cd59ae
SHA1 22359ecc38fe646f5c7684de3230f4f63e1a171c
SHA256 7f1230083b97e7827e1f9b6f19688ee970e68035cf8eacfa70f1ca929189a76d
SHA512 c539220d32c4af950e72fb0b71b659c237124d719e9b30ffd59121a496c96bb8cc8f59c3ab813c8f6059293cc2b45d45de09f5131b9f6d6d1227c12538b8a289

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\cb=gapi[1].js

MD5 0fe383a7ddb9bbaefc3105b3297f5583
SHA1 f80c9d789f251909c7560bd91a9e1b9a10c26362
SHA256 d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683
SHA512 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce055253edeab0445830a460e5032c21
SHA1 89b171a8b91f4dbe6e26b1d8688131d6ab6bc707
SHA256 e294af044448c3d5098dadd0a3edf7faf6591f7b6f67140334a2d9c31f039993
SHA512 a50cdf73c56ed9b97883934f0de7e99ddf43c632c76c9fae62f2599f8ab840b545b2d55a730797b8b737ed6113da9cc032013c7d8bcdb6a97156cd7933ecd646

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c4dc699363150f4ec47210bf8d67572
SHA1 84592af88b0a18625d07d5e5f0c3d5bf64b66f7d
SHA256 9edfc3bfd2311c511306e7ed179e519a32c9881c45886defbf78f49a7e354b2a
SHA512 9b0e60a839f3a0116c96254e3596d4983ee75789445fc96ab9afe0a853eba6116fc171b0422bb67e1af5ad4e90c8a6d8587f38dbd3f74e465c7af96026e343a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aef02cdd2ddc6617321fe08ba40d9f95
SHA1 5f9a610b5aac62d5eaf6402d9c1a654b8c03fa88
SHA256 50f2d3f8f23f581ca72782e6dfe3150a80080062266bef960551e0dfa66be619
SHA512 6a5eef78034ef06144edf153730293d78ffbe78aa981695fc504ca6f4b3ea8f3115ae2d571eb8b7ca174900815bc3d809e67c801b13377389ed9cb7aaabf9e3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16229747492596966845361788d3f965
SHA1 f5fd10499ef4344702a83cc0d1e3d58201e38746
SHA256 870d50fb81087d58e8470d1a379a814f328b352965d33b2f6f355c6caa7bea0d
SHA512 ff2f686ba4541d21b382e5b9854fe15165899eb20b4b692f62e7da2f619fca41e4ede7626410236a81a3a75e6a8fd9e8cae27d701a592db8972d4e26fb9e8d73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 beb40bb2552a652cf00524fbc7dd57cb
SHA1 7c3a94c594fc39e8438de2a08b236c975c78c18d
SHA256 7af2589a679fc7227190384d2b802822be48bf3f78673160ffebf46e41b5fe10
SHA512 b9b56b2566e903c19bdb1f7c69efd402e56dc874c02008843f347daa061a5ebd53df855ed36fef3d0188e113a8aaaa71adafc04e076ad648e913c4e961899dbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68af8a500dc9c9669622665d7287b8bd
SHA1 528cafd483641062cfe3404b0977b17497e0a2cf
SHA256 0be8936bfab2c56b71afb8407056c33294e02b58e1b0e82745fe417ab8000a3b
SHA512 a6f2b881537ef630178e4cb66a8059bde6e260771d4b959e3e69baee7b06f8cdcf3ea4a3558083ecde63842b34938930f26311e57d4e594f1ac0cdc30f80bb7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5536c634b13e3feab10bc722040a9090
SHA1 22876759a057393585aecc97c455f3367d22c9b8
SHA256 68b4d90778b5cc51af69305a5edc5f2a36d28dc3c5317846dd4b29af795415bc
SHA512 c30f968b9f56ef35c97ca7a69d19193ac337de143c10b472f5e6221746c1fa6a13a6149d4e53ba6e4725526f41cb01c6db6c3149bcd49f2b5120b8f4cc843e7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da9dd34440d048f39797adb5039c0437
SHA1 9a59fecb414f78c42275d2ce064a6cfbe6b902db
SHA256 4816f1c8ce0e6fd5484a253420d6b3e2fb28b8f5b3f341299eb47c4d259baaff
SHA512 4b715e01caf76219bc7eae31205d0acb5a3b00af0169b6227ef8101c5e770d716c34193199f1efb02fd97549b9012d3a8481ed3b3e1e9b3816cd6850c779dd98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34de8f3b4b42c09aef7e1ed8454b324a
SHA1 2e9007d151126f61619e040d59080e55c0b3d8a0
SHA256 4d62022c83074927def07cdd1e4cb36975a68d7c949113e6601c8eaf38722971
SHA512 4912722a71d8814b2ed5af84e834982e045ba5182367992a66ccf598fb4128ee9c38f3263f85d3a38564c5dee014c4c0bb1bf701a242ad7da8561e329c6fd398

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 772af3af5a6169700696a4680203612c
SHA1 d35eea1f3f811aeac28d5a958d54b75a8b5e6d17
SHA256 9c4130f8909512af0a7ae7575e8525d8226e52c15b462ca506c8ac0249f75782
SHA512 a0ae87e2add515870989a6ce76d9a32fedc99d351c56cdf987af4bdfd29fc4f4657d247e9c90ee2b351a8f39c213f5dd9fe357918a0d08b77ba14f2fcb7c2dbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59db042f4f7953648ed7ff80d0d8cfe2
SHA1 1ef0def97c75a30c3247cae67e4b5e24d1b6dbee
SHA256 145f930c0d183572063fcf98aec7e026c13e3c5d95ea131ffc3ce3ccb09bde75
SHA512 244a60e14d0728b3efc7f5a38992bcc6305425d89ef1ce9144784278ba147e76ce2a49dbdd5c2048d633ff15f56df7aa5a957b6cbf481576aabc248871c9ebbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82da12a3d847e37e664508b2794df839
SHA1 2699ceaa5f159760716bea5ceef52289d83d41e1
SHA256 1355ca041e4eda14694194e660365d26da4beb565de2711ce2628cc2d0a0a4f6
SHA512 1c9cb56735314ca39130d453ae33fb1987d01ddc147f3b918da7a071556ff01af5618c67e214328fa169abca96b6df0b8777cc845bf2e65fc1d9f1422d71aefd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 07205b417009186f55ac08402febc2cb
SHA1 cc85eaca1c294c36a7be20b89faf7b0078b2d857
SHA256 409945936f0f3d617fc2fe58ef1a2e40dae7a44d1e12b51a606d57997c1803b9
SHA512 e97ed3e24278a946352b169802fa1543c9df73665b920f80b4be753b626589f3af88e93f90950739e590910cc4bfa002542e165f09c574af2476448b7e4d1969

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c70bc1a7aff6f57bd92f1839cc45c4ba
SHA1 1b6ba295a3418a81f2e70b7df8bf8297094f60d9
SHA256 edac761d285cafb89affb0d08d27837fb4983246369e6147fb3daf96e2451562
SHA512 ead6da104933f17e54e51cfb838334eade76c96667973e6a4bce73bace04c757a8c4bf75c2d05309a80c4732dc6c08c9b04b7a7598c369bf3c937dc448cb060a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9582403613a6d3a4d20670f2e7a3e831
SHA1 b248fd3f2f21ed3f3019996373c186927d6220f1
SHA256 21a228b458f88ba4507088beb74a713627b330e4fc62793a48b499884671ceb9
SHA512 d5f2e5e8857855703c1382a8eb785633d802336c2d03e0dee328e094fe47428a2f27d05fdba5722aa1ca57be76a1994a11b74e0fd5cd399ff99a2a9a257a3fdd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5da9882f08312005f03e6bbf8c571a0
SHA1 78f5b8e800bf9c2733c13f4f98e27f7dc783751f
SHA256 0428a9bc5114fe021f2e37405411c49be22d5b39fb1c307c774d0c40ebbf4dc8
SHA512 50a1a95eda0a7101163ae1a770232be93d804817a8fd2a4aa8358649bd0df1c760e8f7537f640ee3000aa909233e393bc151e0779a45ee7f0e34c46d9babc27e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4460c38e02c7fd6e05abdd0706deda2
SHA1 2c9a8c20f086b936b18020fbae33f997096ac9d3
SHA256 81c86b7b6fa73e61e657eb754385a077fb503663742443a4655a17df4dd18a57
SHA512 d122550aae3ffe6902ba2227b7f4a3e56944cc4f3b446d3d40b1f48fac076c74e0804fe59f873c26e60958ed9fd8e7dd71492d1d5ff2e9f2b2dd7ccc55b61ee8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 d3c95d92900badcce7b17e112b9fffe5
SHA1 b16150c212c92dee6a7809d66cdb0771ac6fcbed
SHA256 0193f00bbf9a532bdf4419a9c008c659a8c5c47c3011e1bcebfa3258a03292fb
SHA512 abd3a7d9685fda7d2ef6449b582eb8b675119d2d0b2c46607bf675715ff987f38248111135232f9b499b2c9e6d3e76cbb1a630b73c2842255afc5f8853fd7598

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7ecc71b7d0685a481118ed2dfb4ba82
SHA1 b3dbcd13e5acff8c8e135e7267a3fa89b896a245
SHA256 135fe2ffd74544c06f6a58f45748e4f5e594c0424f4b519ece4c3799afeb408b
SHA512 f47800376d6148de568306c14d798103da19b2c0daf665e2b17a3f0c0ba789807a2e15fa3202c436e75b71da34985c38864466001e9f885e2311c7c53d795c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efddfb81e49c7adc602272f189523007
SHA1 f3134ca4de28c29e0ec95e7556e86fd90514cf4a
SHA256 73fa409825d4f11552e292269d16979de556e4e3ab637a076cfbc24ebf3b68c4
SHA512 100b9d3aec2d86c6af6e83c5173e7167e4f7dcc588883a84b58f3182252e785047b7125e8733cdd4e8562d4d062e90426d535c35a20f227480751d7954cdcd28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44095a35d27da076be9fc24e0433d610
SHA1 6813f77ccf12e3bb2fadd262b619612d130a6477
SHA256 f06d78ebe95dbcd91d4ebeb8178076afcb023e4de7cae2bf93b9248c17b77c8a
SHA512 61c1579f382cd6e43a88eeaf659a48c4db011ba3a22dc6903deddd616eed4bee25626db09822c913daab9afe4cbf61e183e59fa177e050f7572dae0cc2e0c368

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a689c598984260ad2475958ea708f5a0
SHA1 402bd6e482a8d2b3a90d6b097412da3056c63772
SHA256 a2b7249a7917a200ea0ce9d6aa413dd37b5c969c1a4fcaec64418dd23bbc174c
SHA512 3254c5b2822af085029e313b54bbbc66725c03b52e71e189166f35afb1d744fea42715b4ed40499296bb190e632593bd92c7e38f5a76ac5869bb6333480e5b52

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\rpc_shindig_random[1].js

MD5 6a90a8e611705b6e5953757cc549ce8c
SHA1 3e7416db7afe4cfdf3980daba308df560b4bede6
SHA256 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679
SHA512 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:41

Reported

2024-06-13 09:44

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

129s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e6040b1f00243748ab94e16c2c3bee_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1232 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e6040b1f00243748ab94e16c2c3bee_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c0ef46f8,0x7ff8c0ef4708,0x7ff8c0ef4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15746633054261547594,16202169933271579496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,15746633054261547594,16202169933271579496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,15746633054261547594,16202169933271579496,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15746633054261547594,16202169933271579496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15746633054261547594,16202169933271579496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,15746633054261547594,16202169933271579496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,15746633054261547594,16202169933271579496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15746633054261547594,16202169933271579496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15746633054261547594,16202169933271579496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15746633054261547594,16202169933271579496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15746633054261547594,16202169933271579496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15746633054261547594,16202169933271579496,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 donfreeporn.com udp
US 8.8.8.8:53 e5a87pq.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 donfreeporn.com udp
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 s0.wp.com udp
US 8.8.8.8:53 ads.exoclick.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_1232_OHTUGUIDSOMDPURC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c28bca6ef55a5dd236619a6b460bbc74
SHA1 c819d4b4aead1292476c805c12ac6ac359136b55
SHA256 0e2c0d851af061d8f8e7e0f51afaf73f9e08f778c37dd39da0ba1710b27a2d98
SHA512 ca5526107a3d253d08d232625da917392e1d7c5c19bd07a99fca19e91446918b2fb688e1304c3999fc2bdbb4f533cc75de5431930faaaa3fb8c3bfdcd7d29528

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2018bb5b91b74cf8b753bcde455b12bd
SHA1 64734036fe25c104097587ce5327bff6834eab14
SHA256 2f4fac2d34f6d52795f19d99692e166dce750779849697f5c9871000c4d885b6
SHA512 7fbfb4daaad91f6b27eaae6cd02a9d1b335ef979b3ea95d97d1c8e1e6e7484afe6b39e72e03c3a42130cf3ca66010fec93a5ceb58f3f01fa56cde953be105be4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d2d0077d0ebaa7f48a7a166ba38ff800
SHA1 43b98cf465b3a016a6f7f5fd83c61736a8fc5d73
SHA256 5d2b9f665202598bcc61cc4964070a846b2d6b4c9fae2a1194941be2b2f266cc
SHA512 7cc2297c53038e43a9e8932e8fd0a9231917e5f380ce5c834cf97acee2fdef2babf310eaceb274678d6965a0524a778a3d142c5cff88194e0f95d32589f9240c