Malware Analysis Report

2025-04-14 03:28

Sample ID 240612-skhcrazbpa
Target a11aede3a8c5b5e1817f35b5e3eb0335_JaffaCakes118
SHA256 1bb9aa6b134a9d538594b0df08019860f4e92946d49aac4eff42083aaeeeb739
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

1bb9aa6b134a9d538594b0df08019860f4e92946d49aac4eff42083aaeeeb739

Threat Level: No (potentially) malicious behavior was detected

The file a11aede3a8c5b5e1817f35b5e3eb0335_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 15:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 15:10

Reported

2024-06-12 15:13

Platform

win7-20240611-en

Max time kernel

144s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a11aede3a8c5b5e1817f35b5e3eb0335_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000decad951f952ed2d4a606db9a2ff821e3b379e5cf556173a2b958171b0f7648b000000000e8000000002000020000000d2e91978badd20741c539bfc7bcb7b09bf540a9ca62b8e5ddb16bb0cc8591937900000003f6962fd9bd43b854ef315eaf7d4e1eea48507eece46f0ba3bcc65c1c32ec513ac2814f3648ddf2297a53187aeccb511aa40a6f1295486c57be3037cbcbf58574004b0e6aff0f464de4220d9084866a3de978cf1d4596c7aee5663af751e0996442a1253ba8fd98aaa74bcdf5d6a4fdc17932b5fb239bf2bd714d022b208f7ab57c88aa49786ba742912030d46ab40d4400000007909eda5433c96143fe8fc086ea87904d3527df872ce2716fd20d905034ec1d260740f2c8b367dec01967a686863f4f62137ca21a23e2bcb61f557a680588b5b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000009a1607d24bc2422c576bb5918245fa9215c8ed8cda40cc45db36c2bebb082c0e000000000e80000000020000200000008e8eb2b69216b6ebd1915a47cfd042578104ddc2a95eaceb1b21993324362a2b20000000d76d8ffcad7d2c3a9525131ebaaaa86964da364dc8887220244e0b50ab3df83140000000a6d5ffcc62185173d8910e83fb56f74d630a18f510a9f4604b48cee388cbe954ee0490060fee239152bbd16cdfef06948fa11e13e43bd342199219e25e88e9eb C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 501a17d3dabcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424366928" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F983AE11-28CD-11EF-AF9B-7E1039193522} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a11aede3a8c5b5e1817f35b5e3eb0335_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1176 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 static.mackeeper.com udp
US 8.8.8.8:53 loadus.exelator.com udp
US 18.172.112.82:443 static.mackeeper.com tcp
US 18.172.112.82:443 static.mackeeper.com tcp
US 18.172.112.82:443 static.mackeeper.com tcp
IE 34.254.143.3:443 loadus.exelator.com tcp
US 18.172.112.82:443 static.mackeeper.com tcp
US 18.172.112.82:443 static.mackeeper.com tcp
IE 34.254.143.3:443 loadus.exelator.com tcp
US 18.172.112.82:443 static.mackeeper.com tcp
US 18.172.112.82:443 static.mackeeper.com tcp
US 18.172.112.82:443 static.mackeeper.com tcp
US 18.172.112.82:443 static.mackeeper.com tcp
US 18.172.112.82:443 static.mackeeper.com tcp
US 18.172.112.82:443 static.mackeeper.com tcp
US 18.172.112.82:443 static.mackeeper.com tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
US 13.224.191.223:80 ocsp.r2m03.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
US 13.224.191.223:80 ocsp.r2m03.amazontrust.com tcp
US 13.224.191.223:80 ocsp.r2m03.amazontrust.com tcp
US 13.224.191.223:80 ocsp.r2m03.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
US 13.224.191.223:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 mackeeperapp.mackeeper.com udp
US 54.174.11.255:443 mackeeperapp.mackeeper.com tcp
US 54.174.11.255:443 mackeeperapp.mackeeper.com tcp
US 54.174.11.255:443 mackeeperapp.mackeeper.com tcp
US 54.174.11.255:443 mackeeperapp.mackeeper.com tcp
US 54.174.11.255:443 mackeeperapp.mackeeper.com tcp
US 54.174.11.255:443 mackeeperapp.mackeeper.com tcp
IE 34.254.143.3:443 loadus.exelator.com tcp
US 8.8.8.8:53 assets.kromtech.net udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 connect.facebook.net udp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 6102726.fls.doubleclick.net udp
GB 216.58.204.70:443 6102726.fls.doubleclick.net tcp
GB 216.58.204.70:443 6102726.fls.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 event.mackeeper.com udp
US 18.244.18.90:443 event.mackeeper.com tcp
US 18.244.18.90:443 event.mackeeper.com tcp
US 8.8.8.8:53 mc.yandex.com udp
RU 87.250.251.119:443 mc.yandex.com tcp
RU 87.250.251.119:443 mc.yandex.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab57C3.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar57D5.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b81eb6bc1c058755cc001776f956ddde
SHA1 b0ff7a0d82692acbda33a35202e9a033de3651bc
SHA256 0cf821694e4a0b426bbda80d70bcdad46d8fdd57a905237f2338cee5d917a0b1
SHA512 cf15e82a4f9b9cc4ffc41abffbf33e41ad15496e7ecc9948ec19b29f4b8fc3a017e586e8eae6d3be20c14edb9a319253046e26a7ebc738c28d47e71c944ad54e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2aec18c7691ca1a05e80d9b35712450f
SHA1 39f5ccd5c791ad35ead9cab1bfcd754a480f43c0
SHA256 1353f4b0b7427ff9a635cc0d37bd40fcce38e94632e08334798079d873e71d5d
SHA512 32c96d2f98c932ec8d07eff296a5ade94a968d252324b4ba6d7cce38367f84aad9655c89c5fecd0eb2f68ab96f4bee92fc7fcc5b3b1a1779b43b9d3e38d97c52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d134e732ff93b963a463dd40b1c4415
SHA1 ee138d7979036e612a6b9fc706d7e048533a20f8
SHA256 089d6367ed06ee6656048718f1e0ffbc19a5708963daae4e3de6b75200799a36
SHA512 773893105f1ce66c7d9b89b6f837af7678c5289bac5826a1d3008228bd7dc98f1d9663da58fead7f9f9f95b3d043f27f2b9e8dc496d8f9737f381a660ef0bebb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ec350dc7c3690bba3b80f5e8f58beeb
SHA1 2c46ea82f732f9818bcb5d0c2e5021509f377117
SHA256 0fdb5f2c5a3aaf8f1d34e3eaf85ec65f1b603d1db6b974df9538d96c727f6095
SHA512 1dbedb0ca093f8e9b62ae544b6534d7521b245c79e3975b88eeca6e38664b1a48067e7aaeff9cb9eb17827a66d3a82dfb1b04bf039888718a892388276d1d18e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8da123fd3a7e5fca29843aab215ad377
SHA1 108497e1aea35639224c2680bc0dfa66bbd22be1
SHA256 f967e81cbf31a386519a076282c6fd7fe7eac2b25e8de2c57c027ae2c2e643b6
SHA512 885accf0fd3c31f18c6e03bef9b1b196ad77c526a75809ecb5ae2efa896d563255fe182e2b9f594ab97e7a5860a8c2fb31833ab83a0c1cd2ff024236d67312aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 0d7e25a1cb52c6a2e326d0786300895d
SHA1 ccd8950c57cc52cd42ce7cc5874573fbc1d14332
SHA256 b7eeea841d28c51f46a459de42f3a72195647ffd5526bbe026d78afa9236162e
SHA512 2e33f77f3cc099cef24fb25dd95445f24fbeceacae5163a8a00d8ede96edbb5ec43e7f0e1d70d77b0fe2f27bca8589bb4816334c0bcc5b8c522cdfdbea775d05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0af0c5e975cfe058f32ac6a0aa112ec
SHA1 a1391c36bba58dc168a8659c32063522c32bafad
SHA256 64a3664b23151d656f288c8b382ae8ebb7fff798ecb59715dac7c633988c060f
SHA512 d80e5949061d3878b93b0bf4e8f62725da1fed314e9d14114a820f9f07553d3c42f8ea3f1352335f686e2900a1be8b4c66f005a542b7b2f7a65f4951ba9cd297

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7aef7432d73edc07618726058be8b63d
SHA1 babfe4707051d109eca6f6844c470989ac247c9b
SHA256 9eb59ada257ebf9bd1cc7e93eab35fb54d4056d47bc0323831961a71061c760a
SHA512 0f3d19d119d85d316d3f1ba5bb7d174dc5bf68281bd19c74846edf940c7213b19fb041b1a42f8ca14b9304f7f7efe4ffa8551aaabc94334a1db352c384cf1903

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d4d12f0036b720e0a4d1d48891dc28e
SHA1 8e808585c00e11891f77c4a5f1bdab021db55ab1
SHA256 ded205cb382853637d7aff2a6ac72125a4763729ba7712eb3df956e73852eb68
SHA512 63ef98f92546a32fae7f1722039a49ed75b43113046ae2fbdb209e0930dbf6d63ba13de0f82a79449ab42af0e362694926dafd54a130f70e179823719df66ab0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8cb92e340a7e28871d2f7add76ea426d
SHA1 b95d8cc1a38b8e72f8b87205c20aa51b9e1c5d86
SHA256 f8aed3404ff2ebcc52051e642e06517935fd5e3cd022775ad3e5985beafd3025
SHA512 6bcfc81778b48e7ed35fb37b3d4efa19912233aeac604d86f8f0f1063ebb18ed9b25cc0b24ea7d1cc9613f5408157d66c7f8fee813115045e692114cb868b816

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f328a9fec09f8feba3c7438321d9e2a7
SHA1 6a6787ef0ebf77b83944f14da6fdeb093abec13c
SHA256 c5703d4ca46aed517cb82ce70afe362e4c1a7c8007cdf3fed8e01484f75fecf4
SHA512 9f70ba8dfb1495a610478515acff69d4a1bbf41af0c3717c8793cb13fb3dbc569e2e5e0d1749a47c675faed81e12fb7d62e3d4af9cf889f02901750b6dedbd52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 924f38474e2ef05fe842ab577f84d68d
SHA1 254af278b130bd925baa800d7d6558eca542fc99
SHA256 f843e10cd7d000096980972db2b00dc6788f9b093373ab8694f9c69a3f7cf664
SHA512 ba509d0e6d4d1ce7ea368bada33a5e7767ae3e49ec64de61b1ca4d240ab6455acfb87dcfc9651d3012105016e8507f1156a4fd86b1ef979866555af6fb83789b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 79a72d1f0d3aedb0a047c06d095ba5d0
SHA1 fdd4b89ae4c9dac4ff2472a2295af868f769952b
SHA256 2c2f77e5d5974d00dc146b5ac76a72a80548a9d53d7fa840d2d8681cee0805fa
SHA512 4e51f1073aeaa731d2cde6f7b069b7f8586acb0d32b0e649ca646eca487ee86db8b1d8a748afb9a242ecbcee5500c7073ee43cb807e6fb2dc814e4943e8d5598

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d206e5660b971870870578934b81cc85
SHA1 79a2487add65674170a3bcc071ca16590f3d37aa
SHA256 2a2d5584c99256796c1f1ab95e20532cd772b60aad82273a10b16e5f38a33598
SHA512 eae5be745940af4ced4457385637393ee24412e2fa33403fd6b52d5768b0fd65ffd647aa7d34a30a1e0d9e1163f7423c36846642ebfd2cfc9bb68a3ef2c0ad46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 7c3f0f7419aaae1435245c73a6602bdd
SHA1 ddc738aedd070a8d8e3420b345df05ff3be08476
SHA256 d428aae2a7ab6c523ce4a767071d89045ac0540745bfa8610c205caf60fcb54c
SHA512 4bbd374c9ded8083cd9cf111758c58494d464833ac810c492c314187bca23074d9a66547a2190651c932722313adf5169e601c8d37afe70505bd5ef5696ea580

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 903cc7ec3a0ad34bf66fadd0f3e614ce
SHA1 f77072e7aecb539ed306aed54c1bc59bbc33f913
SHA256 02ae9525c35dd0dfc609bfd91ee8edbfed6556567b17e9e565f003e05f0f03e8
SHA512 b596f8aadac10cd615339ee1a853b9402c040e9174b02b6fdd8716097d7da212bba0a593022ce84919d160ed832ed2614d07b80145a0725c2dc82ca7e03cf51c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 5565f32a192373ece59d8398beadb2a2
SHA1 51f78cd07e923edf9c604d9d96b96429eb0a7643
SHA256 9efb3e8defa02038a46ebc0032a50498a8da6b13c03c5a5fb3888bc187e7bcba
SHA512 7ec7836866e2f561c628e2732dda2c82eb386d1d327f2c7a062465da8e82016bd7a9e127699585b2110a9bcc3a7991014fdcf9796f456c61b96fd8898aee45d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3a3156c73990553a51d234326c2d01c
SHA1 dc90743538209e46c6c5c65968188070e9ec1804
SHA256 2689819db26b423063c426f6380cd49ff37957989c2d31fefc7e48b81bb7a4d6
SHA512 dd5ef336b665e5d9de72a650b59fc137a8646e46ccf3ebeeae335f4454e6dd87f570377af2d6e4390e1b5e47983e1cfd30406d4d26de1a6063c0857ed8e13d31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0977c0a3ce959692b78bc92b6ee7397b
SHA1 4f17afe4967833b3e7ac381212df94d7ae077c87
SHA256 e5cd3651abd3d22b8762441bbd34008ed23c4a460104e86b35e65cdec8c047d8
SHA512 5ea89c9bb3f63b913c864ee717eacd6ad3d0abc9ad22faa518429bda8d2d74966d49959f91d5a185bf34b23b59cae48fa7faaf23b0199b8afc384e74f86aba78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 1bf4d60af2793323988192d68ccb7c1f
SHA1 5b20ce5287e48460532a07802fb155cd19499f8c
SHA256 f00cc0d7815365a5a0253eb01c125121c70ce33ff16856f034aa0da9eff58e1d
SHA512 cece782bd2a530eca216ce2e2e391e8fdfa87d58fe810d2db90cfb07dcfc0d5057c51607c7e325bd6fa4b998fe95ea9f9205ed63ec7dbacb6b76d455757cb513

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 44c3d7c15dfac0734b5d142dde705eed
SHA1 f9202378d00e540b53b50c5e4234dc6ebb4ba958
SHA256 3a33912a6f22e1ddc1ac810ac6a6af4f03fd7dd7e8b6c7b69108773e226b25fe
SHA512 fea60076a613ecc2dcb3a627536c080cbf0375e76603b0b7b1a9858fb0c0b18843494bc81cbc8f22eece681011467b1ec5f9a25605cc453485d58553d9dcf842

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed8f9e84a989004087cbfdc7384fd380
SHA1 5c60b02f5700d9d3ada3050d706f7fa1604dbf2b
SHA256 56b105c8f8b5b2d94f3b1bd096d76fb4ace14e95b8db47cb8079574b9117728b
SHA512 c2da410d45bd272af0467b35ed1facba486ac6fe6e84de940cd3aa425f3bb2601c2e900ac51746e36837d2a15425522a4b421c2409e7d9cfd18e57eb6b6cbebc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_5F77C0C9928B8D1890CC6CEDFA8F13D9

MD5 6143e216a466d385bd905b2c2d5245b8
SHA1 49a54b2af8aa62c88d0a1b9d634911ecfc346179
SHA256 a4b39503166270065546360a70c90d2217aaeda928431598c4478327e71a4e02
SHA512 46cc4063434f99dfcbf5d42b7649cc83aa823c5508c30ac9485d15a3319f10a39c8ea80372609b47d074d166de8f3869a2cf3fc80c19acb5dd66b9093f40766f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\83D863F495E7D991917B3ABB3E1EB382_5F77C0C9928B8D1890CC6CEDFA8F13D9

MD5 bc0e62f36329009ac70e869d50213118
SHA1 d4d12c51237b9b939064ab2b5ec0cf02280bf090
SHA256 6256f022156b97e0700bc7810f0d1b43958b9c4feccf6a9e8428d18698090b21
SHA512 1494526104377f656b4100257d8023dd9e65c07537f70a74a5ae163c6c370a8637c6e465fec71dbcc534bd6f7528af05b0506ba03a9772b92f2093f3af0a3dd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\83D863F495E7D991917B3ABB3E1EB382_5F77C0C9928B8D1890CC6CEDFA8F13D9

MD5 453e395083ee840f2dcfe95dce5a8e0b
SHA1 6aa5e6e97eff918807aa26a164ed376681a7e517
SHA256 bf12c5f504c3c68c7205846145bf02456cfadb3cedd658fb0b626d0898aacf1a
SHA512 9b9c2bcc46a43c91b0c44f51f555c74d77002192edc9a64408cf15bc39cd002384b72e4b05fd4346170b3baa8a831a66bbafef5abb196eb41b35e69a7916be34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6faa6f8f466be297df97874f67770cd7
SHA1 09c0aef5b851f59bed083749e853240bf330fc8a
SHA256 101c9f808285a24f1f2aa2a8604e6524886f1aebaa4acf695bb9545b510a06f0
SHA512 6856683521bcbca167be554d511751f5da910de2c14fda64861c935dc1f6255c5f999acd4cfc59c302d9d31fac42f151ca5020f92bf1b90216795c19a14a0c65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7312f096e9328ae4619fe2e86102280
SHA1 0ec1572b02a531857e98f47ca8d73a007005bff4
SHA256 f58565178bc09b723050a90c6387c7ef3954ddd7ab76db40dfa3afd96e4fc5cd
SHA512 a9997899b1541e332e2843e8dac4448d51fa4b781a781bba7773435d97bdb8408bd770327d431a2565a128b7d5dfe0fce928a395dc98b4204d7a77ac062ee690

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\loclist[1].htm

MD5 4aa7a432bb447f094408f1bd6229c605
SHA1 1965c4952cc8c082a6307ed67061a57aab6632fa
SHA256 34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
SHA512 497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6f15df28bd1825db5ebc516f42b73ed
SHA1 7b22afc851cbe593ea1ec498a9ccb3ec3a234f7a
SHA256 dba953658bb583a21ce23b496f94c0ba63edf1e1bb3beb670002111e58f33265
SHA512 0733dec8cf12e7609f8e767ed35052742b79f0c7887a742d28a83cf106975cda6abd4257af9e9caab153ccae421e4f8a30a413464d1e7252b2aa9360388e5028

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D

MD5 760cd3d40f345d36f7facbc6511b5e86
SHA1 efaba60746570e85a5ecff762bb519311fba7150
SHA256 339d35e67eab6e527b6865c2e7d176e766d675f5b7695f38bfd059932bcdd359
SHA512 775b32119732090b6b3b8145f0b8ddd60631edd0ecb249b8503c71299338d8f88ec1467e939d71c3bc1eeb1567342212b0ce42f2ffe207fcce36180f999369af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D

MD5 c6b2df9f334da25aa3a50860d6547db6
SHA1 56cd17bf0d9bceb71cfeac10874064b1f6719f6f
SHA256 6792953a119540095fd42a392dfc2df966946b9a366a88f3e1c319af0ff425a2
SHA512 15ee3631ab14fc7b42865e2044707b0f2a08e9d97d121db1db2d0e8563babc42155c4c0f71c8c89734b6cf3cd8f3f3166dd1c73618f9d6e51cf169fa75e8d899

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67d3d7f75ecf099b2fd18ca39b52a404
SHA1 b8be873dd35ddfc3e5bb1fcf6d4a3a5a8b056bf7
SHA256 40297de430b53cd9d69b99cd1451e06338efee804c0e8685e4c2875a13df75c8
SHA512 1b32b409a3bf468ea6a1cd0c361423b02dad3da9c1ba4a69f04a362fd86e43910d1f591bfd8253b550e8f43f884d9fbc20c138d28710619eb24606304f63f8b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 878a8cf00175adefa66d4578e9b879f3
SHA1 7e5a1bef3d01fe2be7a739b464da588f43e2319b
SHA256 928f69e3db7c9f402d9fe2bec804da13df12f6ea342f5730b7b0843c7dd7070f
SHA512 648a02a526ffef3ed138bd75e856448430afd19d6f342789d6986643b41eda663c1b3a776ba29133082c4059169ee41c0e510221c893af668443cc86aac8dbdb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86a2801cda9e39a0823f6467420caa80
SHA1 077400d5297829639e1567a63c83cb1a21c8725b
SHA256 6d51ced40038654c99d9f3b19e8ea13152cd81fe0072ba1937a16f0cc2a0152e
SHA512 413682b3a676d111c701dce1fe3a5d86225c1ecd4d2fe26f2c3fe09ddd031bce9fecc95b45550d53873e0bf3495252dd6879eb8d443e3889de5c569d17aa492d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff9e332a809e0ed2fa5bb6f79bf333bb
SHA1 ef7bb9c1dabfd1828dffd170da2a1579e333bc87
SHA256 a9805d03e2d8c10323ebf869529ec0ce5a51dbf5902c9d4d4a53ce5a833330e4
SHA512 79946863f99ddd0a2e4793c2a483d61e2eaea2f2f13feb302ee439e765f13bb69fd87c615efa9001dadbff44bc69233d807e4596ecd619658896087a4e788b38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18737fd5b03030778a72e7bc077aac06
SHA1 49986a8284f8b6e805e5f79a0c73dd8d6c43e91d
SHA256 5821b528f5ebd15b0ae5fd61bc54edd90375868f0ad142a40192ab9f2847f052
SHA512 466134364eda577ee4534e6df4c4adfba1170c34f6fe7aeb6ed8a7d45cf4f88813641635a2aab8bdd54a9f3bda7f4c32e6b0dce8b491256072f3b1632102db36

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\js[1].js

MD5 2e537e48df164ea78aef396b635b9621
SHA1 e93f3303d84afb59e7b2bde39fd2f9e2cecba699
SHA256 ee8aec2ff7bd597391d59cf620c96bcc540cd5ae2e472d6c9a8c0d08cefe4af2
SHA512 5e09de1d04c09d98ee09abdf60bb49443616b777f259e2b423dcc85d1f13d4ca549fa905384535008ad72b32ff61f1868c74d132a44e9eca41f8d0fc66708eb9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_47A43067FD26B14BE12C55F112579786

MD5 a503800161977dc1adf3e4ab5de77153
SHA1 acc48b16874377d30180b4cdca09d05b0df94c96
SHA256 8ba5c2bf462f462622fdbc492dd73b26946109eedeeecbb1790379331b2ed90d
SHA512 fc6f4355e7437f3ffcb1b78e2099384d0962b7dcc009e9dbf507f494a5e93b7ecf0159424b2ce54f0f0254cd54fc83119cc64d9bf1656798b4c83703839c1475

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e730e6634c567ac26806d63d2bcb613
SHA1 771d077b11fefcc7f6ea5081bb85975374d6888e
SHA256 59c76282efd51858755694fe5d42001e6681efea2502559c60f15ca39999e2a7
SHA512 e5b06c18e8aa0e7773512fcdf6b409e44e59b62c8fce5abc928dafec4d68643a0cf8d05cd2813f88e1591842387345af98949922cec15a355ca045da3c355cca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04ddae85e368b0a087a5789022463e7f
SHA1 0bc72e108bee629433536054cc5b57044da49651
SHA256 0bbf29f064eb6bf9468fe6ec4c79a63d50d28be1439888ef04259f235cc5a8d6
SHA512 2c54a2ae05d85364d92158454ec2b6396c33c88db8cfc76ec5eab5e8db3743ebdec1d639a1756303ed31e7649f294420fec7f0c826459e1a131da1147efd7bcc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e675efe6b97aca42bd77fe57dae5df00
SHA1 d69070e93767d6d8bfe248e2e341d0e896473366
SHA256 617efa4fb15bbdeb4216c6502ae6248204cd4844c92f84316148c8b311f28b53
SHA512 4fc33de227e97d193b20c428820596399af6216a92b7c9b4a0aa3c0ef6305fde9993ee4cd55ab5e660cfbbc1b8c73f2cbf3a4731a9fa0a00984ee52e444fd4c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6bf9a4c3caf89ffdae5e377faf1dbe4f
SHA1 c0bb756e6efc5f0bbd38af734c77600e25e411f3
SHA256 44b4018d23a4689642be94d1722e07c28124ca40ae1b02e7386947efd7b822b6
SHA512 e89a331aa7771dce0bc438da5d1c7d4a4169463713abe9086e02d0b7d6461c8a4523d8de77e8a072f18a271044944cbba6ea0d01fe296afda22d5c30a9d4f65e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6aaa12576093c6fb2b9dd45e7593532
SHA1 90be429c00cb6d12a783294d5cfd5d821bf59f5a
SHA256 9ef7a78b655ab80832f65e279bddd070e8a823702c8d311cd37dc1485e174963
SHA512 e9434dd29d41449074764f3c4e7ec04bfd196c064e26d1d7fb3b73f8340051bfa45aa8a8454b42cf57d8468299536dfa48b7ec8973115fa014b980872fe1ed41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c29cb4fcd617279aa15ffbbe774604e
SHA1 20eff42d39e282abb14fa8fed027a0ab22c786fd
SHA256 e5ebe64b6be6bb17ca8fa878daccbe7c0c7d9e5d1bc5c9a10f9fda3394862d13
SHA512 348b69a40ce1eac3cb57cc928114a07b6be114b2ee7e42610f92c68c993f256942df20cf2a5d37b52c03062d46c7a7e65042bd0c97236c8b678648c4cad5a4ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 750ca4f31139e875b8a839358723d6c2
SHA1 14a0b107119874ce62d7374045a220ff4213869d
SHA256 ce6e468df162476166a1496fe3eba5a2a16c2df156c0cc1c6ec4bc1f7366a6f0
SHA512 80b4c97c0199df47665241c12641b49b8db8377b56ffab31a9337f07fab82a07c1e7241905ed525c626ced7b15e00b9c446b9bced33998bec583ee628baea0a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab129450cf772ef91b2fe3377e494b50
SHA1 8a5db5481d8bdf32a8df770f4c3db150e2e78e20
SHA256 9c45c82ed532b6ad6ab83830a6317f7b2b2001d5178b184039e247f29aa595fd
SHA512 7a32bc6cec16f06e8328cc6e8935194a86d12645fb4293f3dce0448ecb0aae8038e33d1f3fcc2949514a4b35c22d5efc65fc4d2431c0357730093b03edfcdc3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49644f95a4cc5f6673f665a03292a30e
SHA1 5eee3b2a0a9236bec3f775fdc70fd80c6f23faca
SHA256 0a60097700fc836150ff8188040fd6e749acff7de355085b95b3821f4d484177
SHA512 6ccdd0d51e4c139c124cc29708b8e0487cd3fc07320eb8cfbd943cba0cbb893386736ab386153c29ee434db183be0360f9aa2edfa5976fdbc63203142838efee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79317ec592358ea436889bc233cdbdcd
SHA1 894a68c0bc76344de2a02a656c56efe9399709d2
SHA256 f75e372f2d5ff736b1ea3aaa7f288a27a2137268e548d409a8bc0a847070c176
SHA512 f31b6cb153cd3ca855fbd510701d3c21d28f31a1d7b0bd915907c04eaa23036621b9f0052eac2e8f79f0808606de901ab246e8f32da8cafe74b29bec0c7cbe1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86bf869609bf0494a67f897f76a72129
SHA1 91789de333e2b39b8a46d46ddce6ada064e5bc7d
SHA256 48f3e8a343f1c9bf6654b1a4f010d4ef78c099ac212e7acd11ad37feb58a51c6
SHA512 c0ae862fc9d1d438fb213c4208d1d74c4603a6cba7fceaa54f4a2eb4f70b7dacbafb8202674a811c39317570cf97ae1ab0824e9a9c85fab0c60a8041762f9a6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3d514c09c92727def84620d686211d5
SHA1 c0101efcccf3ce1d10301a9b220ce0cd11e59af7
SHA256 0bb9b166993a6d71f75f005679a6dc2e99508e28c2623b2233a012ce70fffb61
SHA512 482a88fea3a084e10e2889d946030709d1e1daba9f9f1c336c1f40a8f121563533d0786accc8ada9e7f8c40e4045e559306c09c6a37e4324d05ef1f5f51da3dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aeaca3ec6b2ae5842ff44261a705d92e
SHA1 18e2f4917ee9bfdd6f1844566e684762dc6d6234
SHA256 51a4a54bf13bc2c63e6ec208d8e7a2008f31675d8c20ff4d0a5c51a6f95f4cbd
SHA512 b724dad87322f71704ea6558b7b868ee2bd46320e3b95d491e01a971cc249135cba1a3689471b22be8b1a87f4a62b6897fb0ff5e4cd2190a5ed73edd7510a2e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a2f526cabee4378b56d087c06d402c0
SHA1 6ba6a703df7a33699dcf7b53ecb805f54cae146a
SHA256 b33134b3fcee17045cb0251d23c7d0da819a9a655aa48a192eb8ce581c78e168
SHA512 548b66e3b1d2aa95e802c974c740eb81c25974533845bc5db60a77acfc2ee75aeeb97e122a8c5585106fbc4aadccaccb7f9f18d16afd21d7c62df1f13232334e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77fddfbde1c4a02e75c29dba952efcdb
SHA1 c9411fcf3e4d4e9e0911ab4d80c81dec9e84522d
SHA256 7d066a989644416653e7e8e019aaad835de17235994c11e2cf5d96e6f0cfca2d
SHA512 f685c30c2f52c4ee3d6891d1334ff6c19330e991848cf750165210d479384873a76692f47bac57261506433848caf45964cffd13ba0e90a07433ab15cc9a8f62

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86660f705c89d8e644efcde9324fdefd
SHA1 b48d93f0ad6fda0220f05ff14d3b30d3c417394f
SHA256 c0f3a0e18fdc0a302cb34f9858f8d92ca150e64dc32d5ba79fca376e862a240a
SHA512 041d18669ddd5f93c7fb84db295feb2dd8b73848f7a6687f799d08b07fbf175d6c25a7a025b59409079aa83c2b2315ab0d6fcce196db236380b3ef87d29793db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 addfda9c4b7d4c1f65e8a23989fc6c53
SHA1 0bab3f843d6671dc55237479e1c1e5fe1fb97ed0
SHA256 05a8fa2b3547dbb9665d6511de8bc73b96447daf378dc69aa47c8c2baced1f18
SHA512 ef5770ce1f6fb94d17f8c6f3cc9003b95e6c262ce4888c16b74cf13ef0b2455bba0de836bb87de86c7b376d573743ebd12ef770716e42118c3001fca3d946d47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0eb19e1078236969575c4302faec64de
SHA1 cbef6c6bc7c5146edd56174d5fb17d2b13d9a9e1
SHA256 f82575b8ac985084a0dcbbfd7d6f0d8ea260d7087db7f2e37ae08c266e9b952b
SHA512 8b114d44d6a9936f3f90b6d8d1c155c972dad6dc0dc796cd3a3f80204f86666fbc45dc02b72b8d334779f05d4e69e385d7e4a0ea67c54ca24a463a60279f07d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20999a76e4a45cfd0c1a014520e25f86
SHA1 ab3715e0404b5cc138d3468cd84638bf635999df
SHA256 9a866a4cdb44998b90cdde7352859254fab4dbbec01fa2de0b0e3a267506e9f7
SHA512 e2e40e4f916e9e7e6433e632947a691231ae59c7100a95225e1c77739d0444f8cb86980bf25beb94b1147613ee04b934b220447cb041abcfceec42c1fd977757

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 15:10

Reported

2024-06-12 15:13

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

125s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a11aede3a8c5b5e1817f35b5e3eb0335_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4008 wrote to memory of 3632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 5064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a11aede3a8c5b5e1817f35b5e3eb0335_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c04046f8,0x7ff8c0404708,0x7ff8c0404718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6878337614432027585,15490765598571798223,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3000 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 static.mackeeper.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 static.mackeeper.com udp
US 8.8.8.8:53 my.rtmark.net udp
US 8.8.8.8:53 static.hotjar.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_4008_FMGACRGCPQTGLDEP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5c3999c27878839f7a323a1ae7871221
SHA1 b6f594d269fe80ab4638b69c1151a2264a05058a
SHA256 a631535dd735ece9e8b110c921ad2d09c1bba1de8e3bff283be4ebd30c9a68b9
SHA512 736385e3429c2ceb1e885e7d9ff31fc6e020792b53897a7b6c69cef4fc89a1c30e4048d0e9f51ce279aee9fac214ad2c407baa293b5bfc7a410ee08c6f26109e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e97e37300abcfffa40d024012e0b56c3
SHA1 a6ae000d7168e19b9bcab5ce765913ebed4aebc4
SHA256 eecbaa5af7de37a613135011588b8bcc101dcdac3ef330f3264b43f9c746dfd5
SHA512 9abff0eb6f57b4b192e63545ed982a3a58f9ae67bf548cec3207fdc8347e7589f5b02e3eed4176b2ce1c97a206bf8fd3adb344663e76b717511128a2d434645b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 92fd98498f225d49c678afbdd95dcfb4
SHA1 a886a82c02120c1d50d3d467b38c499074fac5f7
SHA256 79a8b84e742179417309c5ab05ecfb2d55828dc16cccb745c0176b48df71e740
SHA512 ebce40e3dbd4004be62e7da80df394a3eedfee1be4419124c35c3b023eb0a3cb3bb6b41031b1fd058b6d9fcf86c05224e64cad48ef83571412d7b077b77f825a