Malware Analysis Report

2025-01-18 01:16

Sample ID 240613-hbn4ts1hkn
Target a43a22e2d82dcfbf3e68d907ba8b558a_JaffaCakes118
SHA256 29a9c465b13a85aa777b8b3e09d9062498c0bacb8c5d4a806d826fd563789b26
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

29a9c465b13a85aa777b8b3e09d9062498c0bacb8c5d4a806d826fd563789b26

Threat Level: No (potentially) malicious behavior was detected

The file a43a22e2d82dcfbf3e68d907ba8b558a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer Phishing Filter

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:33

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:33

Reported

2024-06-13 06:36

Platform

win7-20231129-en

Max time kernel

133s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43a22e2d82dcfbf3e68d907ba8b558a_JaffaCakes118.html

Signatures

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = b078a6ae5bbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E97B3341-294E-11EF-AC1E-72D103486AAB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 207753c05bbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dc2fce08c8b1f64a958cdd4530655e5800000000020000000000106600000001000020000000c1a67a2d845efc17d7c0e625970b6bde6a926da440c5fded2573b98370060d43000000000e8000000002000020000000375173ab4a9939170a3cb2003f9444e318cec0f3e4222f69019c76580d244d5a90000000ae6010d37010ceab24b9bb88ee429f8e6d94f1efbf018d70c59108f1a4c6637342df4d8dde656ab16d5e27f3fd1bd11cbe381989742f317324330ec955f69d8ae1e94d954e64f3b6cf077f470bf39492a610b0e88295e947ac351737e9a784b41cd7b923548189e1da82f0f6ac7bb9f8e99c0aec26f158b6e5c9516adc62d82859c8c77b53b385e4d6e9f69511fb69a84000000076b935fb21d65dc3fcdff239dbc22258627fb9e23f09937420a0be7cc4647114e1b5848ef817589905eee778ecbc03af0b7bfd3d902961d390b414f7d1fea12a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dc2fce08c8b1f64a958cdd4530655e58000000000200000000001066000000010000200000001f87aecd843edc9cd5ea9fe0c4f51a3947abcd0403a8c4b30970429dd4f1fabc000000000e80000000020000200000008fb1834280eadb69cd12d0b54d6abff663df69d69cd8415f56cc751e65a4a09020000000a184774e7483c03f72b2840a77381c444c21e62f6b99d821afa349595a2b794e400000004ffab44163933d6d7b39f3054a4fd0b2d4c362f9c2bfd618a8eebceb4f74fdd8f90e4db2839de5d254b117a5160ad96aed23ab5f030b7c91e42cee57f804bd8e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422304" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43a22e2d82dcfbf3e68d907ba8b558a_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:944 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 static.mackeeper.com udp
FR 18.164.52.69:80 static.mackeeper.com tcp
FR 18.164.52.69:80 static.mackeeper.com tcp
FR 18.164.52.69:80 static.mackeeper.com tcp
FR 18.164.52.69:80 static.mackeeper.com tcp
FR 18.164.52.69:80 static.mackeeper.com tcp
FR 18.164.52.69:80 static.mackeeper.com tcp
US 8.8.8.8:53 mackeeperapp.mackeeper.com udp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
FR 18.244.35.199:80 ocsp.r2m03.amazontrust.com tcp
FR 18.244.35.199:80 ocsp.r2m03.amazontrust.com tcp
FR 18.244.35.199:80 ocsp.r2m03.amazontrust.com tcp
FR 18.244.35.199:80 ocsp.r2m03.amazontrust.com tcp
FR 18.244.35.199:80 ocsp.r2m03.amazontrust.com tcp
FR 18.244.35.199:80 ocsp.r2m03.amazontrust.com tcp
FR 18.244.35.199:80 ocsp.r2m03.amazontrust.com tcp
FR 18.244.35.199:80 ocsp.r2m03.amazontrust.com tcp
FR 18.244.35.199:80 ocsp.r2m03.amazontrust.com tcp
FR 18.244.35.199:80 ocsp.r2m03.amazontrust.com tcp
FR 18.244.35.199:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 assets.kromtech.net udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 event.mackeeper.com udp
US 3.165.113.103:443 event.mackeeper.com tcp
US 3.165.113.103:443 event.mackeeper.com tcp
NL 23.62.61.160:80 www.bing.com tcp
NL 23.62.61.160:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4Z6ZDYZ\cookie[1].htm

MD5 4aa7a432bb447f094408f1bd6229c605
SHA1 1965c4952cc8c082a6307ed67061a57aab6632fa
SHA256 34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
SHA512 497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3e2ecc9b951fce224e74b262f8c7fec
SHA1 1660024f4f3767d5a3c848ea1c2bb7bbfbd6a19c
SHA256 8c8f069cbd4d34d13d343385f9a3f4cdd512c497694c2e5bdb65145c558ccd8e
SHA512 152ee817085781ee04f8ea99928fb31fcf64abb23e4d8a22a349a60ed434e50a1a6aab609f41252862dbfcec96ff9d059b5032d4e767bc174334456e744bda09

C:\Users\Admin\AppData\Local\Temp\Tar21.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0445a471c6acc3d6a9f111b51a4d13a
SHA1 d05a43a69cec28e7bf01301ad1d95b69dc857fb6
SHA256 901dfa86a0e1fb351b34ef4ac11a0dcd0d2debcd82c08c388de200de9e372cf9
SHA512 33c041f59310644eead82e6d6dbc5b105ff18e65ab3c61f6262b040a816811c00701c1404dc514f29bc4732310fe1cc453cd0c3287ccf47b23b3247cac8d0cdd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 66815f16e09a82f3df64c2493d1de816
SHA1 e640af090796eb43123f533a4ca2faae0c1b6cdb
SHA256 978bc91413e855c522e6a17e0a20aacc69be15e909d644329c7c5144ec74076a
SHA512 eec3cfed4a2b1fb79d7fe6f35e9d676ad0db1a213a13ca7f6d8a52e1f0f98d7bd23f0dcac1b12f9e3d6527b3f4067e5b390a4c7004c3630b26bed76aefe02f0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac23c7a6c7d5adf18659acb662c38804
SHA1 cb906ce24bddb4d125c50bc8ec679d4b458b7573
SHA256 b7598952aabb66e9dda6e8256cab6a8067dac1b899d62b8d624bdd60d744e041
SHA512 99235f63d539cca2ec9679f406f1ec62507f4a530d593278fff0e793cd191b0b643f88c811466fb66130b051eebdd9bc46b30cb280390973ed224688889e68ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 3b97e7f3e02292af67f4fa9b578e0bb4
SHA1 0d89dcb4728bc0381b53ef02d2e0cafd9ca971dd
SHA256 aee867768d9954122d2c8f99d9cb10be2d05306b3602af7d1afafa57e73278cf
SHA512 4d60d268d327933c2a63a8edb081dbc47f21b0c4d3a8d2e862609cdd18161a5b5a6d30662bcecfd85b4123aee5ecdda38ac854cb6a7a08b783e67597972dda99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 abee1720ad4152d5e61203e06261ad83
SHA1 8a04a24f5d1b6c82e3e062a4c0972b83f8e1180a
SHA256 af05c36f0be6af243372ddec1864b119c726880bc8e649002820314068793173
SHA512 2a66b69e4fa2d60e763d142bcee8799cf7f02abaed93a97f02980e314684d9c9a727a6d12ca7ba8fdd96494db6a365781102f24052e9315eebe24e2514076b06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a1612b4b7fc1cff85118f427e2f7eb6
SHA1 23da57c3c96947d764749aecce278def98480783
SHA256 23cadf4c72baf4338ac46ad7fdda403160691ba8cd01935d20ef7fc403695e67
SHA512 cea48bf7751b9f293b422bca59ec0b49232209cd05e4a235d6e605fd328f63d8213db9801e17aa45082802456e74c1eb0e855217dc73ddeb6503240043a2aa79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa63115959264c98f182400c2c4f971c
SHA1 c933970f2ae2a97861a3addc589eea6d20ef3201
SHA256 fd8c8e1913f50bec920cdf1b2a0af4fffe340a4ef5344068dd20ecb20ffbf52a
SHA512 11d2155f98dd8322e9e0efc678732cf5efe646f2f10330b264547c2070413125ef7764f5b1ccd133e0385f6314cba50eaf0978ed26a09bed0eab45d49dc5eefd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09aafc16ab6db3b1da089a44bf075647
SHA1 7c8d42354008779498f3e41c57997170072569e5
SHA256 4a0a75fe81845349d8372521c748572d3eae5fe84e60270e427b817dcb7ba752
SHA512 0fb9e90db10a6719081faaba95647f132a96ee15e9f03f208f6d0b2cb95339c3021fff5114fc87fc47a16e1a80f65848954c773809a196966e61db926b00ef2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 fcd275fb31f2d30be34dd8d6b86f535b
SHA1 eb298e03e633684efb833f46a1df5f3f04b4fb08
SHA256 a229ba03513f67bee718e103886870d0e567c718723334c3150a4e632bcc6882
SHA512 e9578d3e14b952a3b2754d19889ae9ade3438dccb0a2f993f5e161090895dc616f2f4c45bbae832898c08ec834448be42e03c552a7efc995bd9617d09e33e698

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 45641e5415628d9191366ae77d26083c
SHA1 6607eafd23d8e81e557194e915c81a5673ce2a3f
SHA256 7a7bc5022b76923ef4a3ca46f2fd4d0bb7395851fe92d1c72dfae180db2d634d
SHA512 7acc9456045434217267ebc1f073d4d0c0c57e59cefad85de2d16bc3db5b9a7949093bd82791e8a445b1099fc3c44104c577bb6bc316259ea5537f4fd96397ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 d83d6487dcad0b0879703505cc5b57f1
SHA1 6fb675be1ea7a9300d6c5f02b0153aa50448c310
SHA256 ab88dbd445477b770e6f12485bdfd1afea682157a83ae7b8204d9dbb6f571dfd
SHA512 f61e57927f5024efb5d529f8fe8897596f408e3bb65e70222acee717b7bbaca7e8367e5842407f8b158bd7dff8483e66da5b76b5a47690307edc6bb91abaf52b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 ea3f3b04fec5695c0b7d093d4f574db7
SHA1 0cdaed31725041c7875a56f2cce0fb5254fc073c
SHA256 0e505993e6d94827d8839ef89f82042b90654ddba6ea2bf5d295e1357ecd650e
SHA512 e62f3624283abfc3738d6c5e51df10501528f1450ed0fdc314eb032187ecd924496cd27cea8cc806ae03ea1e6056ae6404dda0010bee59a88bac83f7e73dcce7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 abc340c97067ba05631f3c10101934e0
SHA1 a77be5e7d5db3abbf1edce66e386b70ad4aaf077
SHA256 48fd345aa6606edb10590ed483139dce342002533271385476afc0bf112c193e
SHA512 eb461fc659e84c0b59be16ece60655644033352178f957860d283f55c80e96f4362af04723b57dcdaa089d3189049de617b522c0f05c0de7062564ab81972c11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 a3511f30c914a8593588fb29b6763e1c
SHA1 73dd28dba327b2e78a7e5a5a50e94e605e5158f6
SHA256 e818e4f0659f3b8dda565393ff273ed3b2f4d827c523514e2fc1c947107e6a2f
SHA512 fa8b5b0f9f93a407f6043ded7136cd8a02c97998e298af5fa998750e83c1013a2cab5e9fbb200177f008914ac30b8219afcfb0b34039f0bf15985d0d3564b980

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bbcbfc53ae9b2078f6b76b695377420
SHA1 a2b6401ba257cf619ee390d4de2002315690e51a
SHA256 643887f98cb0399507827d40243cac41be443b008f46d65bbfc67c93f0e2f422
SHA512 02da68cbb50a2bdba5c569931d733a9ef03ab4a9d2c83b13987800a6b367301c89bec85492d236b0480e3858b768ae413179a0fc1ec70442d381753c5112a268

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D

MD5 5fc2cb94a96cd0dfcb5e4d0e4cfdfabd
SHA1 d8b0e6d15349c743320a717548de8b947bd6c504
SHA256 e3a7b0a871338263878cfde538c2259bbeba54dda73fd19e8eaf4786357d43f2
SHA512 c00e07d87ac0930a49a402a271d58d3ff90acbfd619caeaff401b4bee4a0f5f3c898528b48e7837d02a629ed6b6166ce6b168f7964c2e79844a3ec4b25559d87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D

MD5 2d83dc2352c2f7d967edec557d6aa280
SHA1 4231f0041bb53858713f1fa31104ec7876a5565b
SHA256 e801ed562e0c16abdb720253c559ce0ef20f77e96c1eba36c96b802fac302ecf
SHA512 e92048a16fc20a07b87989e5ce31a6efd33a52f302afb341831a4d4f822d1348459e96e35351dc44941acbba3662ffebb938b8129fae55f1d979838f6f09377e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D

MD5 143c7fa1956045395d9ecf9e283dc5fa
SHA1 9336a4581a9f58d23de2853419c776142ddac420
SHA256 4a11ea88771868fe5d6c0bac877b101c687dae786b60ad6ac8e7f7d9c64aa072
SHA512 999294e0fde49b2b7aaaa083643ebe5814de3714487c9f334bc3d404bf273adf883510714ff5e0bd91807480062a6bd73d459358a81d82492766a5063ad27c35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24152e9b015c716fabcd4a9087838736
SHA1 a71fa16c9244ff9f3d50b227ab1acba4b69976ce
SHA256 0a73b49f079b190bb62d4ec380df5b79a5ec4d10555905084fc83c6c9e286712
SHA512 96c4da34cb530605f931772cb5b3c9ba6bd4843db59ae6c46852648e4ad014d608ab081305171246792f8d3317409c9ba436e832087c734b321110cb822b6db8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d82e57c93f9babcdf1bec4217eaacc3
SHA1 6246201c06d61db3ccb0faa520820ebe88009d21
SHA256 eb37f6e1583395e7068ad6852ed5a248b8d836d35e6f038a4af5273778e8326d
SHA512 9e582c337bd65ed523bd2dbdc460c466d95c2950f0760f2c02c3eff21a164b8dc4bd37de07d4ce287dec6f7b599391e8a153b0a7d7db387060d25c5020310d45

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f294ae3dee677a70bb9e39f02bbaecd7
SHA1 cea06df3b45c0c3114a575de01632a825b89db18
SHA256 592e369727024ec85d7ffe1e8d2ea0d26113363bca8f90c76e0a62151ca45379
SHA512 b4a601f922e1f51065580d606373659ced60109ce5f4bf4dccac66c4754be68d9fd2c985623a234f6c3e8495d2c816ad9e68381c730f99bbda1fc800064899e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 41b51b0d24a3df887c69faa2db885507
SHA1 7e21774a09fc090c29b6626734b591d597dad598
SHA256 e429486b1cd4e7a1731c07488f03adac709d2e61e151c4ed9a5e28dcebc93a96
SHA512 16a0613672b1171bb7ae0a05a51add82485985e1ea9fa9f70220d8803c0b92e42b1020bb3c7ca341bb7e6b6d5686334de7efbb8405f23d947921b72886b5e30b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afd25d997897aa2c5ba1846d8b4051d8
SHA1 541cd497f518d8b502100399b362ac7f46d35aca
SHA256 37568edb6d38c679b51e6fd12a146c04ccb54a8cf03a9f5951004d5076b7b7a2
SHA512 ae47702ac2beca431ef4fad14267e20b83aee268333aaa4ca5ac3d014e9b7277820a4800b016999a875826d7cc0cc753eaa901fa83b8cd4b52fad42d9da27ad3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7dcd35210d55656daf848b9c8570e011
SHA1 415718fc687211010bf55dcc8e26d9c8ac03adb7
SHA256 4e9fbd568b024e2a9a2e177410be82d35210f49e4feece173a99c45efb484022
SHA512 7f53a1c4ac764589427d7988d6a2451828744c09d5710a8c2f972c00f5890ce1b034d12e3b2b2cc03a74251d037eb49e084afc5ad11d758b971c9d5ac11e07eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89dbc4c5e69aeb0bda6e5d2bdf1e7534
SHA1 140b98a47e0a0fb6b0c9a21c5e4435c3cb76c8eb
SHA256 52c5e2e4d9a0390d0a6a22b1e00d164b9ed6f54a4f0815d60bc09c2e2f44b083
SHA512 32b5ff147a343ca5138d22ac0c8c404590717005875384fb7b4d1dd19544b395dfe78a641bfbf4e2624d8b07555bdc225da9caf888171b8ac81640189466c6ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a37f160da82b23c7e72dd9e7cbe7ddd9
SHA1 6bef028021db2210d4da8dffce76c9cb50f4a1a9
SHA256 251a38b7c613870fd3f9bbf9663587ac888ff721a760b6b079b322958f8387d5
SHA512 7cf74e567a7ad75cf9a65a1975e8027054943b64d388bd35336da2013402618292b23482e8cb974f29f96ddf54872f56f4d775fb47372cfa327457245775655f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e977b90c8b8d11d5ab4c92c0d8d1c413
SHA1 20ce3eb4a7adf30e82a1044063fb738c826279fc
SHA256 6366c8ceaac67fad63d48933050b33b32842d0eec4234b3752db6eeec7ebe5c9
SHA512 2fbbe7843d3be79f27f779b8aa9e29ee021c778ee2de1c4a1754b31754e38ff7853b0d90c0f2d2ba7d5c072bae9e2694b8d791f074fd6f6648a6946f1d1eac59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c99ae2d4965304a2545f8ddfd2dccad
SHA1 643c4c060106d2e72448202bc16bf59b871b8b1f
SHA256 d56105d9830f74952be4a04b664c801553deaec493bfa093a91c700c0cb51967
SHA512 6c5b51a3a5167efc256cfa1b313082e0a82fa1c869b08b7828345eac942104d6fa6ebb211b7d35048e93cf8f9463c96574adbd60d71358be7a849777c60a6a62

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 729d5b371b9aaa51418f21dbd8f6b357
SHA1 d6d5552a2d3786acacc99f8af5a7d9e5df7f196d
SHA256 87c880f46f416ea23fa6a8ea1a502981b478df05f15a71f0f8e7a8f8d7656971
SHA512 b61d5a210e4f7378fd1a3798b5de073674def0c4205355dbfc2e3ba2d8c22b60038360a07983a060f98d34ba6fe34738a70ce2d33f6a4cd343fcb2bd059c727e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 34f8590b6432a33d9cbda3dda0fe5537
SHA1 1654a817d44e70a0312b84258f1ec61940765128
SHA256 f3a9db86d73b918969350e4f52080cd7582cadc9453451abfe3a2cad178bcbc8
SHA512 6af9dbb72055786ab9996613ec4ac303d5d6ad1eff56849ca995c06094a78bb8a8d530c159131fb8b4c62b467e6dbe56f935f6c1d1c099322bdee77da35b30c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f03d5b6dedf016c88b41d35f6d13481d
SHA1 d06151d046869f6237f028d5ea80aeddb1ae2123
SHA256 6fb978ee5b52a09131b0eebf22247319c692ce9a459ac791de905fa5e35071ab
SHA512 7a9565dfc4db900641c7e7393cce53430db34864f969f5c4db9895a0f35de50f0a3e3e9073c07db2c1d3d78dc6a39bcdd13767acafba2b1ea1bd639ebff195c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02709b28624637fdb5ae81f40caf3ed8
SHA1 f4e597413162ec4cc4ee2d6d122351ad50b37d61
SHA256 ab1e2e54eb8cd1c96c38379629d7b5f059c4edf5b55500bb84d2c985580295a9
SHA512 1b1650d72697830c63cd6aa4f8755f70663786d27143e54c48f21f11fafafb3c267d3b0dc50faf5f0d048c4dfd42fae6709c10d6a7abb3e72db640f7b92673a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6bfe2e20871b6839edbf7ec513db73d1
SHA1 f98e2db84c223fa8e9d6a70b1180ce33ac23b4b4
SHA256 c67a086e41aa08ec038d05e25e0ca4457bb8aa4eaacedb991809300e093859dd
SHA512 7ccbcd87f59c2c152fa3cdad79d1b585959e3886129384f8b8529f7bd43eed1e51105e7e81623557e5e941a9f19967d58561a6c6b652590ebd6642088b213ff4

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9194bd1cc40a810b260cc6bd051ef97e
SHA1 b625c05955a110fc7b0fc363bc39b96e5f9a08a6
SHA256 d1a8126549b7db6ad53855f282ffcf96dcc70b494a1a410372d56771eeddf95b
SHA512 d31dedce9d71d73e83366a1b84a48be8966ebc1ce6a3eb8203b5f65a7a0f864ebe1a6e27db36e8c81e514741177605d0f46e8edcdc00d5431862fa7a9fe2ac50

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61445bcbb6788db8f363a40984ecb5f0
SHA1 c1d58160716700e674f9f44987223e35cc26b1f5
SHA256 3527933a0fcae9d1a7c48fdf51a37ebb9cd61fd373f6a26c3c23a335cb7f1b34
SHA512 14771da237611b2395759c5c8f0b55815155592ec8849f726a14a481bd60a70e1c469fe328c6eebee60a5f85de185009df653a40f5cf147bd46357e896ce6257

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 828550ce4a2be612889e9d1b9350a0c4
SHA1 f04ddb84069dc2d7d001b423e2bd3704b6253fe4
SHA256 d11894bc3442489e21b7dd3ecb79be7811a484f1a05e6ddddcad944e47e4f7ab
SHA512 945239703de8755269e4a4bb9d37762b8833ea6d9e592a117211003af998c3f65e349ac5512ed0732b2009c823c0d6b75c1994ed37523f4b11bd0b8cfb6c89b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45e866bc6830f9d266d0ffeb3494ac2e
SHA1 c96853c09ca37a87c4f13284e113c7dd95de5c36
SHA256 f713ad52db1fe70c9be46033faca604460204a7dd8f95b55389b62818bf3ae3c
SHA512 1049e956f749bbeac0a2ec357a1b4d8a9a66d69dd42e1e5a973278261e212c8034bd119e9ccc48adee5df08d9789311314ba539a1ddcea252584b73f0ed74610

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3cd9d51f0ede4a2027f7c5bd88e6ed3c
SHA1 4b45a4c1784a2412f4c0e7ed17a1b7f048539c1c
SHA256 be8ae01b5f27a0e4cab67925db06e1b8598fe2aebfb8e8788fbccede0543bf50
SHA512 47275df110bcd14a0efdf13680b3414c9e196ed4e48d85f5262547e13a8fb8df31d2c0f0a193e1508a9c08cea033142da6aa25e713213fcd97101dcc28e5120f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 677078906ced558427628ab0d8703b6f
SHA1 4d5162b989ddb5f918ba73026f3db7d53e987c63
SHA256 cb3375e378762a4d255bb360b5725714636e7bd3258a4da5964ecfe35def0d3d
SHA512 8eeb3e064147eecd31f0651dfbe2ae11f4d46b5cf195363479b6c89479d5d60433be24a306133d556d0c67291c1123b0d8b8da4fbe644112b2b172d0ed464841

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b60c58679d8a4127f8380e11be6fba10
SHA1 418bcbd4b0bf8d287d5a6f278e2459a197b30624
SHA256 51bd0c9874e5969c3ef28f4b53be650248eb1e899cfc54e1ed8b27bf03e3544c
SHA512 f5ebaef80e39a3a99492d270da62a3f15de33a73ad9be9f2ef61694c8d97ec461d26cbd8591fe7f615ac9ea453c3a16196473624ef3b589f55ee8a10e60e488a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d5cbf06ff19fc5bd7de8818c36ed0a4
SHA1 5b3d909d8038534d2f00744c9cbf49c5c1a76021
SHA256 59514a6cb8d466b5d493b5d268a2c763b0a07d6ecc54e86cd09a39408267714b
SHA512 8948ccc7cf67a3cec4f4cacf9529148c94b2b6188a36db65cdb9c381eded165b0b1e9de88e050087cab22deb5e743f165425dd96c65a0be2a5c028779a54793e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f364636bdd6243948b98ed8de23dce08
SHA1 600835ef20c11cfd8924f182f19182d9358f988d
SHA256 96ac17d2b7b101da194a6eb518bd1caaf285e268b0fb05f0b3280fd57c508ab8
SHA512 4fbbb68a398f114393f25b5408dfe54db8cf86473983a5909243c959eb8e1f50e2dee517f3e221c2db2f5d1643a08095e048612145d45f8c7b958f404a1c2ae7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35b435a27458847184ebda39a798a4f5
SHA1 ec9a8ec6be2d29f4af07b119617a7f37d913493e
SHA256 a1643e66a563739d0844419d8365f51af4aaed0d8d839e14bbf95edbd0d4b0b8
SHA512 ffe3849e080acdec2e63f8eab0cb7aad81ff0638912843668d4e2d7f8d0dcfdd936ddf7ee6b89d08f575b28300d076614fa1609b2c8a65dca1346427e17e4fbb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6deae970e698da7bbf2d47ca057af7d3
SHA1 51cd953fe0fa88e687d745e05e28599d27b375f9
SHA256 f5229b8cd807b394b2e00b960222b688a37bccfaf559877a755679ac72fc7968
SHA512 fa5dbd0253d03a257edb9757019790b0ab9fc5ab1fb2dbcc3322b8c6ab4e745e1669d1af39359a1e01761aac5a8d7b28111358a7ad62d90dcf1d6be1ee6fbea2

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:33

Reported

2024-06-13 06:36

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

126s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43a22e2d82dcfbf3e68d907ba8b558a_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4396 wrote to memory of 4492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4396 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43a22e2d82dcfbf3e68d907ba8b558a_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc002046f8,0x7ffc00204708,0x7ffc00204718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,16286841817504409841,13331452883717571447,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,16286841817504409841,13331452883717571447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,16286841817504409841,13331452883717571447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16286841817504409841,13331452883717571447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16286841817504409841,13331452883717571447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16286841817504409841,13331452883717571447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,16286841817504409841,13331452883717571447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,16286841817504409841,13331452883717571447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16286841817504409841,13331452883717571447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16286841817504409841,13331452883717571447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16286841817504409841,13331452883717571447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16286841817504409841,13331452883717571447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,16286841817504409841,13331452883717571447,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 static.mackeeper.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 static.mackeeper.com udp
US 8.8.8.8:53 static.mackeeper.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_4396_VIDZDIYEGRFDQEBD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 de71d51c2bd07534eff186ca4e6cf209
SHA1 a32245e8facea349663dc1f79dda6a010a7bc250
SHA256 d699d4a0c1e69d5bed03283db358c986e5bd0f9569f576cf407eecd359e3df2c
SHA512 56f011db293ddc38eca05472d3c5c6c11a12f322d9eecf2054719a8b5407b9535e98b53bca5a452206452ead16c1916119e02d0caf22296945d1eb4933f3e21a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0fc99a1046c12815da5f1109814b5e2d
SHA1 bf2aaf04de4cc913815fbc1b4adad4853f8f21b5
SHA256 4dd62c02553054f78ab0c7681e288bba8464e4d11d2f0e3b6b60c0eb535c7d0c
SHA512 789f903f68e70d2c96a081f30b60ef190a70af1da9bc9bb37b6c6985024b434bfb72fe40e6c634c507c9e5f526666721e21946dd18b87dfd715fe81413e82909

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ac45786f2f164bc9a9f290278bfabff7
SHA1 3fa692c95414dce46702d704075ad6570d6f11fd
SHA256 276c98e36687ba72b7d0614fc6733a0b3104f61e62ba71270a4cc7b3580814ce
SHA512 52ad9edabf105062d559b4b783aa9ec853f4bf4cd8f0aeb07eafe7e0722b96e88d2c89870321516b06c126830403e7e8d04bcdfaf5ecd6d3151afa7cba252c5c