Malware Analysis Report

2025-01-18 01:24

Sample ID 240613-hd24gaxfre
Target a43d8edf5a301901cf5cfe42bc266573_JaffaCakes118
SHA256 289d62c5c0d9b16bc90108fad3400b6146f0337c20f8d200b875a0450247bf24
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

289d62c5c0d9b16bc90108fad3400b6146f0337c20f8d200b875a0450247bf24

Threat Level: No (potentially) malicious behavior was detected

The file a43d8edf5a301901cf5cfe42bc266573_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:38

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:38

Reported

2024-06-13 06:40

Platform

win7-20240221-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43d8edf5a301901cf5cfe42bc266573_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 706b18575cbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422553" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7D4BC6C1-294F-11EF-A965-CAFA5A0A62FD} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000491cad4fc1f7014fa8f34ed95751b5e00000000002000000000010660000000100002000000077b89c3f2abf0a26b8774515228c78544446654ec8a8b86f58502db0dfd61871000000000e8000000002000020000000b8a067b2df19280ab76885db13e1687bc3401033a2343cf7afeb5784c694f98890000000ee8f2d8d544f91a57d51ef01103ee10a9fdaf2aeaf99af360db11f39b74fbf18814fd5113d296ed4a8b2dc651ae4e0e63db2bf63a9f93e49678805ea96066e556c9026973596a0d100b9c05ba879bdcc8602da20f04cb9355c5fcf508430e0114bd14c0cdeecc35f0e8a251ea4867c26606d7904282008592a8d131bc60d54a8d108714d618a23e693d2646db64cb2c640000000f4e4809f3fc7cdaaeeb0139e606ab754b509dfe061abbfeeb8553adb16b839cfa5e8e6441580cd1563e3dea07a365c46ff39cd6982d956155c1a7a3ae04a1208 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000491cad4fc1f7014fa8f34ed95751b5e0000000000200000000001066000000010000200000001be7ac2a1dfc417f5666c834e9078ffb8b768f822769450c6b302572411e3254000000000e80000000020000200000000628c7ccb05c51f30f13d371d629c6cc80edcb3dd5a1353d5e943c22dd1a86ab20000000d9904ce3683901397ca6a0b0a1c3cce7152fac850a9f0622a907875f67e4bbdf400000009c896fb5136f0aa4f9ebec82b2dcc0a1b3548ae4b70dca00e2e7921b5c6aeaf343ff3a5b45914c6b83bee6cf0bffe88f72aa26fbe019c7b66d6ea2821c0789a2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43d8edf5a301901cf5cfe42bc266573_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 pbww-assets.s3-ap-southeast-1.amazonaws.com udp
US 8.8.8.8:53 pbww-assets.s3.amazonaws.com udp
US 8.8.8.8:53 www.photobookeurope.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
SG 3.5.146.116:443 pbww-assets.s3-ap-southeast-1.amazonaws.com tcp
SG 52.219.132.244:443 pbww-assets.s3.amazonaws.com tcp
SG 52.219.132.244:443 pbww-assets.s3.amazonaws.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
SG 52.219.132.244:443 pbww-assets.s3.amazonaws.com tcp
SG 3.5.146.116:443 pbww-assets.s3-ap-southeast-1.amazonaws.com tcp
SG 52.219.132.244:443 pbww-assets.s3.amazonaws.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
SG 52.219.132.244:443 pbww-assets.s3.amazonaws.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
SG 52.219.132.244:443 pbww-assets.s3.amazonaws.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
SG 3.5.146.116:443 pbww-assets.s3-ap-southeast-1.amazonaws.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
SG 3.5.146.116:443 pbww-assets.s3-ap-southeast-1.amazonaws.com tcp
SG 3.5.146.116:443 pbww-assets.s3-ap-southeast-1.amazonaws.com tcp
SG 3.5.146.116:443 pbww-assets.s3-ap-southeast-1.amazonaws.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
SG 52.219.132.244:443 pbww-assets.s3.amazonaws.com tcp
SG 52.219.132.244:443 pbww-assets.s3.amazonaws.com tcp
SG 3.5.146.116:443 pbww-assets.s3-ap-southeast-1.amazonaws.com tcp
SG 3.5.146.116:443 pbww-assets.s3-ap-southeast-1.amazonaws.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
FR 18.244.28.116:443 www.photobookeurope.com tcp
SG 52.219.132.244:443 pbww-assets.s3.amazonaws.com tcp
SG 52.219.132.244:443 pbww-assets.s3.amazonaws.com tcp
SG 3.5.146.116:443 pbww-assets.s3-ap-southeast-1.amazonaws.com tcp
SG 3.5.146.116:443 pbww-assets.s3-ap-southeast-1.amazonaws.com tcp
SG 3.5.146.116:443 pbww-assets.s3-ap-southeast-1.amazonaws.com tcp
SG 3.5.146.116:443 pbww-assets.s3-ap-southeast-1.amazonaws.com tcp
SG 52.219.132.244:443 pbww-assets.s3.amazonaws.com tcp
SG 52.219.132.244:443 pbww-assets.s3.amazonaws.com tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 js-agent.newrelic.com udp
US 8.8.8.8:53 a.adroll.com udp
US 162.247.243.39:443 js-agent.newrelic.com tcp
US 162.247.243.39:443 js-agent.newrelic.com tcp
US 3.165.113.42:80 a.adroll.com tcp
US 3.165.113.42:80 a.adroll.com tcp
US 162.247.243.39:443 js-agent.newrelic.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab19E7.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Cab1AC5.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1B95.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f603018a2975c03887e062989af57cfd
SHA1 b23c882cd1d7b7ad55ac80e24e440e0a5d1bc116
SHA256 a0bc957d7a04ceb3658a9166082cc7c7beeb506b72575da97bbabc59d8318384
SHA512 10af2a71c485019f07a7628d071c46f1476f05e910b6493ab77b208d979436333c6dccb1f47a97d44ab4b3f0e78348df5063c8c5439b0bcd1721296758cba762

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ee18d586541f5ff8e073cd5b8a40a1d
SHA1 e4686cd1175547f9b6e931f54df65a6af6bafc69
SHA256 e3cbd2a67afa0df075fa85edba7d34afdc294dbd26d40125f5687a85a8f968f1
SHA512 fbd22401839b408f49a9e79e67ea2299b0de1147a9c132ba6b84690eb57e3efc6cadaedf866a7095136bab0e29a9d502731d203ec28768a43d4da9eb461acc41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46d52b911eeb90b91dac57f3ed038877
SHA1 bb913533ed46ded6168c3c2850d401bb79f54b0f
SHA256 6002143d00647dd8ce99492d6d19a0e8373ed9bcb9b748b6a5cae9fd904974f7
SHA512 8bab424a38dc6cce7ee50965248935ba944f8b447a0451202ab8b21cc4ca988b777cedbc9fa5473487ef7ae6a8f227baec33425ec000f3f499baeafd7786ab40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c8a66da8ef9b77c4aed44604d491671
SHA1 7f7c015498aa13239efea287af98bef85730f6ad
SHA256 7bee6a4ebae93657dfa1a140d1b2c7b8b5fa7923944744a0f9a859c4f874b305
SHA512 f608fc5184f2e4ea8a4fee6d1bf30f5d525efa8238e6ae648a743ef67ef717f65908896c5bedeac084f431f8db3cee59de17912701a29003f2b2f288b2b3a569

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 57e968c63e2d43e4b7807f945528cff8
SHA1 753bb20c7026f6a670f32d0a3e819261096caff6
SHA256 0a6734e50996f6a565e126c1e32f289acebea1c0fde2961267c0f874234c64c6
SHA512 cb082646e94775f0015f3f6249ee2873fbadcf241f1dec0e1024b463fadd7379e412aa1d9f20e4c404e756d95409a9e3bf0dc9beca9fc3f35ae67f36b549f60c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a15ff17279a8f7920e072256203f64b1
SHA1 5a6996900640f1dc9f76fc90309b65bedbc2ffd1
SHA256 ecd6478100930c0e295884de76ea2378793e6652d364a1dbe9b229b8fb7ae9aa
SHA512 0a47a5996f13dd0ec6fe2a4a569aeba6b826704bc7217be22a027b68755593b9d0f9168fd82bc31e85fa52d75b42738a509437ccbfa0c4a3861e0a391c53a9fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d33ab2150e700c6bb16935ce35e60d48
SHA1 317c7dde45d5665fd16670c8ef751f770ff63fb0
SHA256 8b6e0ba6c1cc7deb4c9c00150c03c2981f027f36f4f19443498909ebea3cb965
SHA512 a2692c46366bb01c3c69b6635b470bebc3321fc72392ac52568b26c0595b4a3142d502b0c0c502e420c9228455f2d8a6673e09e3d704cd71f545854a88356b47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6de32d1f13b6ccc151c804bebb7baba
SHA1 b15333acf10ff5a71b722f2937fd8889b944cc2e
SHA256 fff7f7cde3a8ec2be07b6db697374c2b035164bbc195ce8899159cf874837a35
SHA512 ff26024aebe2dcc9de1b692f9813a8a6d70b11630fbe67339585cb885730f0b0a5f16e251f826150755f27a7abd3a32a6d4f1ac5574f4b057bc4a8ec51bf1169

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c408f21cbb49b3aba78237912917fb9
SHA1 89b534b5f0925e67c3202dca7a3fefa6dff33df9
SHA256 d4cda43761ce580b6f472a060b0f9768fefd748fcd0f47eea32da0e7ff317dfc
SHA512 a2e0392ea741cb9e6642c426a5f606858eb9e1e9a33734895f5d86fe051ba9b7d1563d410c698e68bd7f526cb21f36b0d24f45f8aa0846fed2d2771934d81b52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64214fefb2e11b53ba2315239f8f26f1
SHA1 05bc8f174e6c18fc162ab2f93d83066673f2a863
SHA256 8655a1ffd7bae994b4c9d7aaafd4e98ab9b889faf8224028da72b7a2c818d3aa
SHA512 453a071203a0258d9eaa57dd333b45b5d500d64ed5a44aa0052c6f182413138d3de5744ae623ea9883e8ccd0c2f040a5e3dc57ce47f064effaf9548cd16450b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 d83d6487dcad0b0879703505cc5b57f1
SHA1 6fb675be1ea7a9300d6c5f02b0153aa50448c310
SHA256 ab88dbd445477b770e6f12485bdfd1afea682157a83ae7b8204d9dbb6f571dfd
SHA512 f61e57927f5024efb5d529f8fe8897596f408e3bb65e70222acee717b7bbaca7e8367e5842407f8b158bd7dff8483e66da5b76b5a47690307edc6bb91abaf52b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 daf2a4d4d2671c11097691734fdd20ba
SHA1 8c1b1ffc08a3fd9e79b1908cd875fb469ff9e545
SHA256 75f21d8686cdb11a285306f7dbb1723c8177901ddc9123639821417313883fc8
SHA512 0845228dab85b5e3b16978ddef33c6f2ec1de7b16205de738f69265302d6f076beb11d807e6d09376acbca49679d61cd57853495135835440216dcb369a84e67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 abc340c97067ba05631f3c10101934e0
SHA1 a77be5e7d5db3abbf1edce66e386b70ad4aaf077
SHA256 48fd345aa6606edb10590ed483139dce342002533271385476afc0bf112c193e
SHA512 eb461fc659e84c0b59be16ece60655644033352178f957860d283f55c80e96f4362af04723b57dcdaa089d3189049de617b522c0f05c0de7062564ab81972c11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 b20e1af12aadd7304fcc0f0917331961
SHA1 6b009690256bf0c0e28fc4cdfd12b014ed1e8cbb
SHA256 c48d457d4aa686ea813e95fffec07ad19c49d05ca464273b84089175dd9897b6
SHA512 8d63331b26cbe7d5e567c250739bb9d70d0b37fb509127f7bdce211dad9cf1d6f1b34496cd8d57d93a48df9aacd3b807dbc4f8da7229277a3ef3f115292a1213

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 f8213159203eb53fff1a68a4d6169799
SHA1 2a1e79d0d0c65e03e105a8f7addadf3eb1bfa968
SHA256 b2ab6a2ab04a6d32e98513f15aec8ab9076d8d13c25395cc6b90e22aaba7ab1f
SHA512 1aa2af06b3cc9cb8ed90664b3f78ca719aea87a2b50907874b8dfdf27f597308ed749a7351969aa25317faffd76164bd550309516045ebc9d37a6912f6e26775

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

MD5 25efcdb12d984b9565b3cf3340ec644d
SHA1 a1ddf2ea517db16cff441554498d36be1251db2f
SHA256 a522f4e297be6975e10c0c964905b4e85936db23050cb898c6028ff4c9a4f57d
SHA512 340ed3719e310d1f570e444064796f6a97729ee85dc6a2b63c229044d93e29719e6555110d9b6edc973b9cc71d360f7afe44d6a486a3b024b0f606c346107f44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

MD5 3ad742db160a67dbdfbba8f27fd0a947
SHA1 54bb47df211fdf7a8116760f750365bdd023f5c1
SHA256 e3ae14720dbe660b3ff5c9229a269bb0366e9417e58b1a92960ac09b4008bc8d
SHA512 4a05104b5a2b02ceb3651d9c8d34cd4dd7ee2cb9c1fbcb7e8c38543fbd059d8cd0ba15f5454c4a36248594ab1e4ef08dd130cbc331d4c349a4036e217b5b7866

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

MD5 ce3ed298d18f4ff2c14502ab3f690add
SHA1 812a43fbfbc1bb7e860b182d4575cdac4c0e85b3
SHA256 6f5029757bd7c1a7e1bf6244fcf367605d36407eac214cf230936f28e177c0d3
SHA512 65dba9061c07093291967775091cc2b71472290e0b4c718cff0b6b6bcba459fafe264dcc3912498241750dee8f2bfde088e8250f6f47f18b32864be05669c056

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D03E46CD585BBE111C712E6577BC5F07_FDFA1D9CF081428CC7ED8308BD7A1882

MD5 1176508db2cff5cdb6099307e4832aac
SHA1 841458771317c7ff1275d1ff52ff66c33c8f6202
SHA256 a2f95b9c537f0b1d407e93e21609f1ad270fcc9817c6ac6ed007b05f2097f211
SHA512 aaa6e57187a64349dff5b223d8df0ee1ef67cff08c009507e4278a4ba10a4e8ab39a051479b86845c04a3407047f6052f09f73650b71a0cf79ab7e224f34c387

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D03E46CD585BBE111C712E6577BC5F07_FDFA1D9CF081428CC7ED8308BD7A1882

MD5 96f3b935a87332551689575ebd8584e3
SHA1 346d85e973466296c5c37ee896ab3f810039debc
SHA256 66cda21d3fce32c26d32ecc0e68b278f1f56f0aa1ce1c441306cf9fb4295c2b1
SHA512 d15351fd7ba9d5596cb36b7865eb810a679eeaa01ad6e72eaebe77d94f0c82ae2053cf32dd5d4e2a53b2f2f3cfb842a87f7a7eba6043c7b165d1b13a7fc31741

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D03E46CD585BBE111C712E6577BC5F07_56B2A1FF8D0F5C5B4060FCF88A1654FE

MD5 b6625662a005b1b7544180bc5093c24c
SHA1 bbd079742fed6451e0c920cb96b605ba3fa9984a
SHA256 730cb5dda3b676654c97a82cd5c609afee9656b665c164dfa13172e41c60a18d
SHA512 fd9f21985de66e2b444ad36e9568a0b8b2d404f52eafff6b9dd13647047ae6fc7de8cad8afad92cf263fdaea7675d863e7ddee6062ad9c98121fc490927ca49d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8d4243590a8cbf1843b13d84865415c
SHA1 ff5132d9178071269a5cb6a923c677945d506b45
SHA256 5930705964ac3cd0e625d5262cdc994a52d0a2d2c7294e117c47108186f390dc
SHA512 d77106b8d68aec624b7d8b5910cff9220903172b6d0272371e844250b24f37b102c67aa37b043c63141ebcca95e03981e29b7e24a24127db1720d369b9a5fa1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 139490cd734eb32d7440c5e0a8f2afcd
SHA1 dbf9e960cee5a48d10f3edf36c3c8bcba327bbe2
SHA256 70d0db7b4f3aacd7ef64f66abc67c95d47c0bc9e1123032005519fce86fd7ffe
SHA512 4d125395209227ac0e9fb3b27e1c417a4fb6ffcfa09851e30d7cd679a99b16c9b28868ea1138d597bdb09c5c3b56072ba8a23ed1fbd1490ae12503f53336b0fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b572f0174486cfb79bc89de2aac64d55
SHA1 b6ea469b39f92c1fd46fe7d37d2f1afbc4064206
SHA256 570056dd006229e13d1c10353ce944fbff34337a1e267e095d6f8abed61d741e
SHA512 9ed8c0fc16b7052700d1122052952142d355cf4f0b114713ad018406b61c094d9000a1a8b02596d05ec8bc1cbb3f526da7cdaf27dff92ffdf9dec981b9713a2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fdc8e21fcd366b014fc72b8f7b219969
SHA1 5cfd233ba63c10bb90b053eae0c9b9787b5fbf9e
SHA256 6236b5b50ba27ad8f44ef6c3698cfa0287d773d8e4193f021a887afd65a7d9a9
SHA512 df85b9156527c0a8f3fe09e0a8059e0aaf131e7b052042e5f4c832d13d8283637042ce8089892fbc4fad9d053ce2efc8b4bda2d223b0a5681ed1603d5cb7a20c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79570165810d108ae44e43feed51d7da
SHA1 d9b299d310c915a16225bbfddb233298d9834a17
SHA256 380f8218743170f51a2f9d2b4b8dc68c97e8140624136d4c01e5023173e1f8fb
SHA512 df016f24964ecf9921bb724f7b1b4c6e1a4bfb6e25c5a889275b7e80c61bdf2f137b14f7e294a9005c2e10c7d563d610e2b77316fa1ef80a6402f345fead603f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ee43d75c743240797c1270a5f795c05
SHA1 00283d3e0a78cc2e5bb4790e15f7222871238699
SHA256 f7a5cbf97c070d67f16acbb8e07a2cf120dbded302eb4d08a502de6f5dc0d47a
SHA512 8d718deb2dbc3b38b91bd44c38b2f0049720ec9b327faa3b6e5f59e5883eb82aa97f8bb6add1ba9431bec9e48a37f9d38349b54c1603b3a929d09b3fcbad86b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e260caf0582bd662de0afade495006a2
SHA1 97396129e946cae16e4c5f2ca87a3d15d958e82c
SHA256 1ce72952a2cf60bf4f877900736f9f1e64c5a6b6ef3b93494e9e5b2d33e96052
SHA512 8b3d99461ad156e211ab07814f638823bb6152f2cae7dca016e8f6ca84c4863d54901ead63bd9d64c0d9ed723cc37123fbc45f76bdb3a2d179311c89bf7b6298

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1fb88b964c4470454d87a7aeee8f8723
SHA1 9360e71ed8afac41225a4ace79fafa81e569588e
SHA256 3e5ab36217330898d3e6a6b00164f7749f829fe7a1513bba944f43ce91b0e556
SHA512 39ecbb6590e0ce245228e22680114a7e0f094fbd9ea851717e34978bcc2aebf3e672f92855e0bcf588e64402e48b469ecedf5384ec230b0c2330ebefaf3bcbc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 415626f0a8efc374c9c4067513f003e8
SHA1 098b8b0543a5fee3e49084846d26af8940fbf393
SHA256 c1d82b3ae4837781b39ccc67f59600b06a7f3c1b569feddaa12777d76810881a
SHA512 cfbdc8b156f4e17353ed5a8eb2ab1b6ced3637995b0e024cdf519908905d0921fa7c2659289a3e3ed626c17f9682ba4aa689df0707d6b2cb0b69fe8479b2e0cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f381ac0225539e782fbbd0803983d738
SHA1 1006bef5b775daf53ec55f974107dc1b0e6244ad
SHA256 4a177e8cbcc55c28e1c291f37f174a2f445b5ab1787edcbf14df74cb9674f324
SHA512 6a057ddc25b37b6dcb306e9372af546f3ad5642f14fd44c483435445c9349d85886d5ff1b8db0e0cfe6a6e6dc3c80179e6eedc7096d6e1df5d03b7042974c67f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c62068fa721eb8dc6d7cde7f943d91a1
SHA1 ec24a3929255df0c4e219e24aeb4a677ede36c31
SHA256 9df1b2d5a0ad0f5acab094cc4441750050e5271183b9a8ac5e4ca26491776248
SHA512 1b925f07bd888f7ea741d213196c4f3cd7d8499b269a2bf29357fee5d8a10fc8fc8c6e78501fbd46229ee525f42d96f561740b70a351c327b2f8109f973a0d83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff105aac774854305933752fee15ee10
SHA1 15867b5eca33f0a52784531d44ed1ca1c9018058
SHA256 bde248494f8c035225027eb9dde12d146ed01bae534d1fe6f087a94c33eaab18
SHA512 9ff719f795805072d8e97a7ede61e8b2475a0d2254de255bcaab49fa6c243744e073f38cde7ebb62d21385f56b771b178b0f86a75971dd6a8ef19af9ddbc9ff9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf9e94ca51c33b53e05dc23afd2f19db
SHA1 90b12f81e729021fcce9304e0007be009cd2a44d
SHA256 c40b3024cabc61f18d937b89ba16a692729cbe45c792bff8adbe6f65ba551b67
SHA512 5a3372ade27fc4d62e9577942f507e9cebed92234d5a8b9810bce874fcce21f3e535c12fd95eec1353c08698875676ce726279a745e8fe3c092c66fcdcc9d0f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb16a86d2f46f4ea1fcd97283e268924
SHA1 2c76abd62b07f1ce662a6d940254232f15379be0
SHA256 75037d5630b3c1581c846d23a6ed96b1fdb30f135cca0c24f225012c29276103
SHA512 e755f7a63ce2cbfdd4c02035c64debdb102ca962ba5aca891b33785f4ba025008cd1253752eee370974699870b425114cf5dc4fed7e659c3ac39ee42fd7ba12c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3dfdc9ed70a72780d5aeaa08c487b849
SHA1 2b56dd68c3ec37d3531874fdc3cb5642438a2ff9
SHA256 98929be08c221fb1de8bc54c9b7b7d383c3deabe6ec0c23465323251011b58fc
SHA512 07bf63e9a4e42349a811ba73460800103e1d947c70a251747318294130a1fb76512e6f3a8de9059da06600bf61b63caf6f3aabb94c1d8176ac8c667ed2f5493b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 225783d10edb6769447c5865ac5c3cde
SHA1 c9fab80d632a411f090d3cbb658779c37bfc4913
SHA256 f56cd1cb8a61b7da7e50d4b224811e2c09b65d2a671dc1f97b02b23252ef5fa4
SHA512 90f537a722dbc9106ea12d4b5505bf11392abbdea1361cd4d29e17cbcaaa60aec59ad5948b40ac9ecf6347c74d63f4c62d486f79a213bf676af65571f0b65d0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dab99fb610fac1c0103200e362a57819
SHA1 45626b5f6d8dc4d9a9feeccb2ce832905024cb84
SHA256 e58ecad1c38870d01ac4d7eca89a0719fcbdf9b52cfd07c93a4392ab8e3f780f
SHA512 3bba1bbc3a701a7a811fe6f7a867f5343106ebf810137e8f2c228e64b72bee13baef03441894ae67181be636b7694240deccd6ee382155b6b6038a72683f01b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3928df08e293a51d270b4cb1d62d04c
SHA1 d3f9b10ba9848c71c23ac9d28d8a9c887d4d40d3
SHA256 541e7f5506cbc38c77b91efb9af6d9880a7a5c3499c2c63bf517ab51bae59800
SHA512 a51f4a49c14ada34fa45e11eb6ccafd6fca71189d27d0534704b51bf47ad40b3b4ee551e5f84610f33043d9395cfedf2e2c0af8fcaf8c16f803b3d4ea1c54f1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c574a5be0c51d01ea7ef5bb4176ff78c
SHA1 fcd139c101e096619194a933900179ad4bb498e5
SHA256 e11e39f097545d817393a6a39050209b8be15ed003566f3a579a641bc8bab596
SHA512 7d2fd23b09340530cff6829ca41f9afb0e740fb56a55db309ad722e902490ca12aacc9a0e532a8d83cc3c664873d5b53e3b7918a451d86af1d5218f88f7c8750

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5bb41906148c5606b7dcfcc58ce756a9
SHA1 97afb6a138300dd49dd602eb627467ae1ff180d2
SHA256 482a1d4ab3980ae299429f1cac44b5ab98e1e52681ae430c274782dd226c8504
SHA512 dc68717bd8bf39f7ab8cc9fa2e0a1193340cfc7977835fb079b428b3ca9c189864c35901a7aa67b48e60e7abf0fa810ad603e50d97e5f0ee0535726529f3777e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cd7372a47c468525898162323de8aeb
SHA1 42891da317f546a718289f25b4ab91998bd562ee
SHA256 7e7a657595560a59efb675b3fd5e2c8f55fb1c1f38815cd5e5ad12b218e613bc
SHA512 8946a832614d5f3c7815cb1b0e831fc654a9f33027d39357af0563a7beba6c1af97243a4f43e7a36005026f5f1690c587791b44f3780a7531ca40c26da823713

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 5038a0915871081a94d453c01009632a
SHA1 f22c818387b71d6b7c68b8d8d6c89ec4c4f8153c
SHA256 8c52b02e224b8f044424636479b3100864535921917383291471dc7a162458ed
SHA512 a110115738a713c48af9f0f71fa17ae12fbb917a2473f08d32eac2c7813d4360bf97359ffe4a2122ccfe5905f5d35c710b8e59efbee4bfec01ff8cbb2e782199

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9080ca9ebce7216471530bdf735a4e2b
SHA1 e13b194df73fb66b887f7107bf21e3989953fbd5
SHA256 df7e52f235dd1bac052efafb0b36500d32241a2b7d048b5e647e2d4b2e2ecfac
SHA512 9bb79a32e0d56c458b419a6b321ad76a7cc08380e4cbb80e912e7a785c2d1a4abc0f923f1d4285429a93aa1822986146003e830156c4c89b2ab397d7d173f75b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e036194e3f00fd7c101856fd3dc5966f
SHA1 47aab0fa7387bc75a10f5b3c8ede4c59ad6aec7e
SHA256 b292b003a29f4ffe6f136eedacc1c22e26f32d7dcf08a5732adbeba14e60b37d
SHA512 63576cb4be52a984b9b8936957876f038a79be27a09ea0ab113ecf53b2e66f719ce73bbd8a9c1591c925616d975afbf0073d1e0c0527c7d4576114b6e7deb0f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b577db3076670886f6029e4173914bad
SHA1 6da2cf2296732afb6faf23b1235c2577f0f8bef9
SHA256 d9312628b1933339e867ae4f9090e876f713c1023ca2818ac112d51e27609138
SHA512 b52e45a130cc312daed8c1eb618f2fae550f577faf6f963325b793a69c74d23e19a313aadfe42a7547478dd71c6b7ed657a55ad009e5d6092248f545719d3221

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d851c2fcf67ca6ed909e010f726633de
SHA1 a14243238f29d43bf7faa2e50de187c93134ae0c
SHA256 83ada5b42105081c23710d99776d103bdf7c19a55ad6203ad630c37bcccf4743
SHA512 abdb13abcba4190d8089ba3e8ecf420fa8dd2e1c8c9a2a25e3d152a8142363676515b4e91fde44fcadbf5f1977d55a08e48948836125f9e9696fe5944df9d260

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33b2336a1915d788597a69fe2d332a4a
SHA1 1d1801d0a1fc6a537a9ee2e447541bcbb5c40a6b
SHA256 8dec831e7bda1dc5afe1404586a5e42a58e2dc954fd997e227c20f81b4f7f346
SHA512 58d6f1c2ac0bb4b4934ae6a2d569fb099d913e0c042df58aedfc2db1040f274f2cb737dd85428936e40f7a197c26af501acf50c9691d76e8e1ca2a8ab7890aaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c733c24a3e50169b36cae3c92456e87d
SHA1 4daf6f3c5ad7bef58454789abf2caa326cb4c013
SHA256 2471f2a1c9a303d71c88d142d88e54e9eb348c606ef53b87e30c5a38f548ca20
SHA512 e4aa1ff083c3ba148e10899b04972819ea957019ebe826f4b3bf68b9bbe0f64e80d14477957ddcee504063aaaa05d589f135b089d2527d76613c5d5aae66bc27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 075e56f0cba624e50d7f30fd00e7d5fb
SHA1 a85b863d2db83b5a85867af257cc778e2ea76324
SHA256 ee0dc42e976c516255141eabe1523f60a67de18bb8958dc31d78169a302ec4bd
SHA512 e9418b249f8bb71fafd9fdc4e3c325f3260b656b76be4920af8b846d23596a22174483a94e85d604ab266093fae058f1b0b133e4adef1f04e6df321eef6d6fb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0626ae6da87816dd676dcc52ec2cf603
SHA1 385cccaccd1ac9b27cbf8a134a8391738583133c
SHA256 b05e7b8c38cc9d1577a8472b1396817166d60ece06598b9e2f7b23453de0b85f
SHA512 7d728fbe994eff8d1ff282803c4318efd17b81ed7257e8b1f35112983c8013e865e494a11cee1bcc612200fca1d960f868cfeb2c8504f98f05a8c22e10ed9f5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7425614b9fab3d8e32f4145be153cf7c
SHA1 bd4fca91c0f3b79d34b82a01e8feb809dc4fe09f
SHA256 bff9ec474dd1791e72b282e4fcf2cc04db248f62ec80df072c5e0d62d99c62b2
SHA512 66ec2bb11bea4f0572cebd38f2d7d1656dff96a31199e656b20abcc3a3c415aa2aa2870a1f4558bc50cbd7b0b5def3ffd193e0014efcd78a9f6b212ccb0dda19

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:38

Reported

2024-06-13 06:40

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

125s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43d8edf5a301901cf5cfe42bc266573_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3688 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 3148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 4964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3688 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43d8edf5a301901cf5cfe42bc266573_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3ad546f8,0x7ffa3ad54708,0x7ffa3ad54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,3145590965937908507,644177115730862324,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,3145590965937908507,644177115730862324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,3145590965937908507,644177115730862324,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3145590965937908507,644177115730862324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3145590965937908507,644177115730862324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,3145590965937908507,644177115730862324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,3145590965937908507,644177115730862324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3145590965937908507,644177115730862324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3145590965937908507,644177115730862324,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3145590965937908507,644177115730862324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3145590965937908507,644177115730862324,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,3145590965937908507,644177115730862324,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4628 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.photobookeurope.com udp
US 8.8.8.8:53 pbww-assets.s3-ap-southeast-1.amazonaws.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.photobookeurope.com udp
US 8.8.8.8:53 www.photobookeurope.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_3688_INAKQLIXLIFKXNTS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e0c047a4f3473437824cd3f25c0ca52f
SHA1 be71f308c51b0c748f0de1aa440d8e7bccec449f
SHA256 f8161a75dda5e813919c0902369887fd23a4461239056586fac19fe0224bebb1
SHA512 c18c3411f054e006a33366957357e2f1c45e9a90cae88731d982df91b5d9c884c924db206fa864fa43e4ed9fc193fcacc564069f8ccf454cda4f801772a9d92f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2d7d2bad8aef958ebd070cbbbc7392b7
SHA1 8e7f757d6d2d2ce68d73f83b614d34a22142bfa9
SHA256 e5cb992eabd99b0d29653c72eb83e52c275afe7f7703ae6782e27f41d5e401ce
SHA512 c7437c4a9c6862965c889c574036d3d1fe2fc314646552e87ea71a5db226b754ede5b91dedc5f2a4ee35fa745c380814314624d9558cfefbf602dfc36cfc4a0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 89a267e25b4675b88d72d2cdc671144c
SHA1 719019429df174f3c5bb4dd83348ba2fa0b44698
SHA256 490859251e1ffd55963abbe14eb2a9b1acbbd317648be036cc90730712ffd152
SHA512 7f95d1532627bdc4f2c7c265c5c11c5ff81bf52294ae1036c7a986335442af17e31b17e42d2ab5a60a5bb9759976cc62d7640b5011421466982558ae56b68efa