Malware Analysis Report

2025-08-05 15:44

Sample ID 240525-bh65nahe26
Target 70637b9bddacd91ea14e5830b1dca878_JaffaCakes118
SHA256 81a8b70ee617a7cb6a0cf3e64ba7a2a1dc3665e0f9697289efe85c8ed57a1b75
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

81a8b70ee617a7cb6a0cf3e64ba7a2a1dc3665e0f9697289efe85c8ed57a1b75

Threat Level: No (potentially) malicious behavior was detected

The file 70637b9bddacd91ea14e5830b1dca878_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-25 01:09

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-25 01:09

Reported

2024-05-25 01:12

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\70637b9bddacd91ea14e5830b1dca878_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 208 wrote to memory of 3760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 3760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 2688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 4912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 4912 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 208 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\70637b9bddacd91ea14e5830b1dca878_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff810c446f8,0x7ff810c44708,0x7ff810c44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,18160839688984597204,17554083078977174136,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,18160839688984597204,17554083078977174136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,18160839688984597204,17554083078977174136,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,18160839688984597204,17554083078977174136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,18160839688984597204,17554083078977174136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,18160839688984597204,17554083078977174136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,18160839688984597204,17554083078977174136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,18160839688984597204,17554083078977174136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,18160839688984597204,17554083078977174136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,18160839688984597204,17554083078977174136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,18160839688984597204,17554083078977174136,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,18160839688984597204,17554083078977174136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,18160839688984597204,17554083078977174136,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,18160839688984597204,17554083078977174136,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 reggiewarlock.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 8.8.8.8:53 api.twitter.com udp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 8.8.8.8:53 w.soundcloud.com udp
US 104.244.42.66:80 api.twitter.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 189.67.223.76.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
FR 18.161.97.30:80 w.soundcloud.com tcp
US 8.8.8.8:53 s.gravatar.com udp
US 104.244.42.66:443 api.twitter.com tcp
US 8.8.8.8:53 stats.wordpress.com udp
US 192.0.73.2:80 s.gravatar.com tcp
US 192.0.78.26:80 stats.wordpress.com tcp
US 192.0.73.2:443 s.gravatar.com tcp
FR 18.161.97.30:443 w.soundcloud.com tcp
US 192.0.78.26:443 stats.wordpress.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 pixel.wp.com udp
US 192.0.76.3:445 pixel.wp.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 8.8.8.8:53 widget.sndcdn.com udp
US 8.8.8.8:53 i1.sndcdn.com udp
US 8.8.8.8:53 api.soundcloud.com udp
US 8.8.8.8:53 api-widget.soundcloud.com udp
US 76.223.67.189:80 reggiewarlock.com tcp
US 8.8.8.8:53 i2.sndcdn.com udp
US 8.8.8.8:53 i3.sndcdn.com udp
FR 3.160.188.128:443 widget.sndcdn.com tcp
FR 3.160.188.128:443 widget.sndcdn.com tcp
FR 3.160.188.128:443 widget.sndcdn.com tcp
US 8.8.8.8:53 i4.sndcdn.com udp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 style.sndcdn.com udp
US 8.8.8.8:53 va.sndcdn.com udp
US 8.8.8.8:53 w1.sndcdn.com udp
US 8.8.8.8:53 wis.sndcdn.com udp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 30.97.161.18.in-addr.arpa udp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
US 8.8.8.8:53 26.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 128.188.160.3.in-addr.arpa udp
FR 3.160.188.128:443 w1.sndcdn.com tcp
FR 3.160.196.18:443 api-widget.soundcloud.com tcp
FR 18.161.97.113:443 i4.sndcdn.com tcp
FR 18.161.97.113:443 i4.sndcdn.com tcp
FR 18.161.97.113:443 i4.sndcdn.com tcp
FR 18.161.97.113:443 i4.sndcdn.com tcp
FR 18.161.97.113:443 i4.sndcdn.com tcp
FR 18.161.97.113:443 i4.sndcdn.com tcp
US 8.8.8.8:53 18.196.160.3.in-addr.arpa udp
US 8.8.8.8:53 wave.sndcdn.com udp
FR 3.160.196.18:443 api-widget.soundcloud.com tcp
FR 3.160.196.18:443 api-widget.soundcloud.com tcp
US 8.8.8.8:53 113.97.161.18.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 17.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_208_YSMWGYUNORAFKCOC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 62726f1ba7c16969c6c6e5487b441bec
SHA1 77939e74bebe4699209b810cc383338cb32ff14b
SHA256 48abe18f79f29de4158f988a91face814b98d9909ace62100ca49aaecf4a0dee
SHA512 0dcc11fb50dd42a5d41465cbc4280a07c2ed4310ff68a93cc578ee2d8f0ccf00ce8c3c573d71fe36c93dc028c7031256895f28b984df845c02fafceef1a1ceac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 70393525ecb64369ef1407b89b8f4edb
SHA1 b474140d774f6cb757bfc6f61d846b6a59950e5c
SHA256 ac5b160c3a18aad16f26c35c8173496f277c2c6e14e72b873eba261631d99e38
SHA512 09149c72cb660c734888236044e14965c4cccef7cbd719ad72a1c0faa379091095a79b3984156537c8fcb98e1d6e073c95f809f91103b4b37b3029084a7ff8af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bb5e3facd8677457e3c9fd4f057fca20
SHA1 5dbf2e4491c1883b1ae451be838bc8ac4281c9e6
SHA256 b99814e7ef532512c356b70e11228ceb48eafbe8d82d6561392882212a34ed22
SHA512 723af917a777de360c01114d574f0a1375a537b24353afa6b16fc16d0ef391acc2081b2a2939fc984f0bb33e4bc1d393971cce2506bdee82633fa7b2cfb00c9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b9e2a151be4c8418e4f9d18ec0a181ad
SHA1 af6eacfac4b7c037ccb7f65bd3de69d729f4df07
SHA256 9671093d55977a8d5bf8a73a08f1e4afb0acf1502fee96f6174f2b268b289a16
SHA512 676aa1a9438f1d6ccab29a8045664c0a57741020e4b4526fc813790334857dd99f70f9b83d5070822a38e18aacffcc24a0d14e340ee45b8e10017a387c2175df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e4e93591edb2c5858924f04d4a0dffa0
SHA1 ca4443c3652c7edab04857f41b3aadb4a86f243f
SHA256 3d64175a21a90469358f9aab4ea228b3655191fd24772fcccc2157ed31a88ab4
SHA512 4ebc6e68b162647bb9085bac7bd6cf6962cfe22c66667fdcc91dcd26158c65b220ea3f84a392a485e207588516121026a61e754bd0a2d00d46d6d7cbf88d7be8

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 01:09

Reported

2024-05-25 01:12

Platform

win7-20240221-en

Max time kernel

141s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\70637b9bddacd91ea14e5830b1dca878_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f752c4c72d06343a72e790d090d9112000000000200000000001066000000010000200000005a85761e528cfde8ef593c09680f9b46159436420b35cd9962052c4a0cc95b9a000000000e8000000002000020000000e6fbc1d4a81c697bf6e4f17f676d13774a7be0ea8767379623098e501e9f133a20000000ade2c0ddb8d18a63b43a7a00d6e84e5225d542320c07203f6f18e07acfa6ac8840000000e4655f8cca02ace252a080cb18d20f0b27923d663b7aa3b97b6f992a6016d76646e4fd2f3bae39821b4bcc33ca8a6129e0b56ebcf3cd4baec28ae8ab59b709bb C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422761255" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7A98F6D1-1A33-11EF-B85E-52C7B7C5B073} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20364c5140aeda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f752c4c72d06343a72e790d090d9112000000000200000000001066000000010000200000006b8f9ce3f673938cf10d6c53cb5993454dbd6604b9d2b32fb65270a277ac697b000000000e800000000200002000000060b3b919ec00a1df7c59feee438ed864b758be955a0d60fe149e63a844ae694e9000000083be2df18af8216047b6d60ec6376e0975b8efb58fa83d144b25233ea93010fa564f9f46f6915e9aaa83e9127f96c7a44c4a70a67e366e3b75c592dbe7db87e80fe61db0f68dc71820d6a5bb1a0e7504b75100d38a07592a8fef700ceded137a92628c95951292160fba74d0b4fe121b3b005778379729712febad5b5fa75aa345f4df08a1525c5e93c16138a214228640000000e0399b7793a0c2ccf826b0b37bb65d2bc8c7e8433f466a3e0ecf5111a9777e87f631566cc74bbfa47ac54f3730cb1ea060cb0f791906a385e3c481b3a1122725 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\70637b9bddacd91ea14e5830b1dca878_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 reggiewarlock.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 s.gravatar.com udp
US 8.8.8.8:53 stats.wordpress.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 192.0.73.2:80 s.gravatar.com tcp
US 192.0.78.26:80 stats.wordpress.com tcp
US 104.244.42.130:80 api.twitter.com tcp
US 192.0.73.2:80 s.gravatar.com tcp
US 192.0.78.26:80 stats.wordpress.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 76.223.67.189:80 reggiewarlock.com tcp
US 104.244.42.130:80 api.twitter.com tcp
US 104.244.42.130:443 api.twitter.com tcp
US 192.0.73.2:443 s.gravatar.com tcp
US 192.0.78.26:443 stats.wordpress.com tcp
US 8.8.8.8:53 dominikanowak.com udp
US 8.8.8.8:53 w.soundcloud.com udp
FR 18.161.97.84:80 w.soundcloud.com tcp
FR 18.161.97.84:80 w.soundcloud.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
FR 18.161.97.84:443 w.soundcloud.com tcp
FR 18.161.97.84:443 w.soundcloud.com tcp
US 104.244.42.130:443 api.twitter.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\layout[1].htm

MD5 ef21a6c89e0ef6494c444efca3379958
SHA1 17f858b0fc12bccc7322e0db50372d46296a8de8
SHA256 edc67947daf0397fe1be61af67a658bd073af0704933d3a0912be635926ad957
SHA512 b7f70cae116c04368b0997326b52dc1234e71ed8055ebd312afcfc8fdf5b6fabcf572e4dc7d2befd21198c476e608166dea7a85376ad5b4fc535fe81e69a82f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\shortcodes[1].htm

MD5 e89f75f918dbdcee28604d4e09dd71d7
SHA1 f9d9055e9878723a12063b47d4a1a5f58c3eb1e9
SHA256 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023
SHA512 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

C:\Users\Admin\AppData\Local\Temp\Tar258E.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab258A.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar27C7.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee038b2ca62e0db78248f345764dc29a
SHA1 1685d10435f55dea95a6a25c076e47d30acc9050
SHA256 34c9b5158ca356ac9f624c30d4071422db48141710ad6ef98f86fb149dc71133
SHA512 14d609c5574992621d739fb9516c86ba3959ec6554d5976679b34d7d4bb5f52724dbce4430cab529e21c4bc255ee0da8e74fb469b38eabd5dd3c390257f9da95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfd2b1016e319917013bdf563af3924c
SHA1 2392727903f137f6fcce9a4f7a298e48c8d74d7a
SHA256 3225309bc9cf64cce4226305bc22997a0f946b6a003840db0c818806398c96a4
SHA512 28e14c13a1a1ad9e1cd0f6d19e3574caa3341612172bb92050012ae8af8ac00f532095c1e2cda9a502de802f3c033bbdc4e4b66e797ff365399af940ba3a7318

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10b8e9defa03fec5fa3709cf8551ce81
SHA1 9f74ed36f5e7c6e925fa2924713e9f76cde667ce
SHA256 5048cefe8344c182f41a8a8b219fc73b36acf25f39d5af058e34dd07dbffae17
SHA512 acdcfbb79947e4c91bdadf5d210bd372bea78c6dd9419b325a85140905e08725e82057eb4415495480d6cfa2a9e14b6a653ab3f06069df6e969d43ecb6110354

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03bd0d095378bedff2f5a18ce3373324
SHA1 1b1f2026b33c51032bb7544e6a099e5637eea54b
SHA256 814aa36d41a540483c86094659bac65e5828e274f249ff5d85311db869900238
SHA512 76c3464f85520d1673a58564b183bd7efdf985e73282950a75f7db986099d33630dab348a04fbf8ed09467826edb6d2c3cc0bf232099c295a74340f6850175ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e16b759d9ff8925095cd518db8c4674
SHA1 fe12e914a9e9312ed34147dfbcf03226c7f1baf1
SHA256 7667d20543847885ad55ceb50618a1e17deea44f40a216f8240b370b7a3b0cee
SHA512 5d7abb097a20f6352d154b1238d8270c018d2e9e4c9140e1ef430a89be0b595e375fa142013fa372494fa1044bfa63966c7dc691491d4b3a9da572087793a0eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f93932672d590a556e666cd5a925e8d5
SHA1 58bb311d60575cc86bce473831b829cc601dc6cd
SHA256 b073ebd771e0f0b1dbde54a2af2f86d4b677ae82baa5447c0cb83f09c7efafff
SHA512 8ea401ab2c74da0348bb79d80e152b187fdc60da7a9f737822b527d2130545a09a946af9638182e800c373abc4772d149a33232600b9eb957f5c60a893f83bd8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 aa5aead3b91e010bc5c5f6e8bcd6f1b3
SHA1 31a962a9d09e2428097faf23956269f987815bb5
SHA256 1fee04f496e471357d87bb748cadd1cf1c3c385bd90302f8a1e787c353898d89
SHA512 29000ec359ae352667244360530898cc5de6a8aca0c7f5d47e13e555fe16dd6e447f30eb3e454d3121718748a63e93109609649e16b9100d571571486a04cded

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 957fc6959db4937ed3661391b3967fe2
SHA1 d7555cfa570697f5e0c1ac6abc5cca8c28464545
SHA256 5de03806943da1801f73e7e8a1e9042c60c12cd3c9493c566f6f1a8ba0447e83
SHA512 c333a793ee7fa2f2a01cbc37785346eab2c93a9c2515413d2d9b7c84b19be2053bf06da0a6ad1c85c610ebd9f6da41e3129a051c756711f44f7580ecb23e833f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99d3dc6caf50b7826f599d2ae3e20156
SHA1 f4c231f55db008fee6c6988ee355992f99397368
SHA256 db546479f06abeb35aeb17889feb6265404f3700da10b4da24e419b187b1867c
SHA512 377d4baf2d297ce911f11a27dd9df50312e06d98334c21928388c423662924258df0ef658f900f6da5cfe943704528acb5bdf82ecf5af0d1537724f6edf2c3b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 617102f67e794c95b28ebcb0de4bf707
SHA1 3881a7e7fce6daa9f4e363287416afc5045b4bf6
SHA256 cf3d05a0bdb21bd9148fab616cd3a875e706482b2c081429768474f516d7d9a9
SHA512 9b5e4fe108ace97a28d7ad226377682e1ee7e19b3b3138b546bda742e50d36023e1bc78763c16ef79bab2e32d9347a466d42547afb1bbd3c4cccaa847c9fdec9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c1c58dd4f525b6a68733d889a67ca43
SHA1 8e7a22c89e16c2e0bea8b635c8d68e6c5f8ab4a0
SHA256 a0174a1f1e5ab98c42f3fd4b58d4a37ebee78f23a2f1b9b645adb87f1fbdea91
SHA512 82b5133f0451aa4d60eaf5dda730fdb3d96c3fdeb272c65a3831587e52d4ce21768a0f8c7213694b77b533d86b4e0d14d6f304718e06dc8f9482e74f0c6a86e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eeb838751a6eef307fbfbc5c6336bcb4
SHA1 1b57afd59240250aa9af0b8d70f746173bd66c89
SHA256 e6857f086e0e7b2fd230d3aeb2abe997c08b1a2f874a292c3ca0501e6a544b0b
SHA512 6f1b96c1f5cf7fea33bbd75a61734ec7f32001dcd1bcf55ebb2eac49431b527f3389e0dc48e26534555c95f57821c407c568717b36e51c12d91e3368eae64c5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 671d265dad50a15f93c3fc2285a7bdc2
SHA1 bf770e05fb2d68dcc9f70467c554a5a9d14d1977
SHA256 997bbce21d8dba552f005434d91da4dde141f2bb7f3964cdee19fbc134f8f1e1
SHA512 be9ed5c2193c893c2701a0c9a23ee0c2394ec6e5fd0757104f027151798b85141d3d5c6b4a41af58ae60d273233ac0f72605e3b2917dccee5e517ce5d7b98e14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a16af447987395ea45be128f36e04214
SHA1 84e77d8c21d18c9773106f53ed3a3797d93e2594
SHA256 bcf3e2c218dc79c958f9dba723934ccc6684a27f84d6b8f6dda288b0014cc5c8
SHA512 b91a777b436c71e6a0ba709c2627929da973afd3a32910388bd7081011988d654b1c8286a5ea7f71a63e07cf24d9fbd7f737838912488834664506bcfd2efb87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3565c16302754dedd928e4a32e8a7ae
SHA1 866a0213beed6eb7b05c010fe8cf15bccfcfb1e4
SHA256 44bc1d478fff2ae14f8fe625b500408005590192375d10f8d074fb7e7bdb8121
SHA512 eb3d40de47af702b52fc5d0bbbcc9c7b61755726866f5d4552fdf780e8268c6f6bd9d0f60b29a893aa1e4bb324860932cb80a1eb7b00bb181bdf65efa7f16a98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f56a0a492fa29ca983a693009ff9db70
SHA1 efe54ed4aac53f3a74206280a3c4f0f6fa57fb8e
SHA256 24b0b4f121a6af9e39a9d5980735820947784db972e7ac8e47b9475a4f602824
SHA512 d4ab769752021243b24a75ccea2d2f8ef9115ce447ab8154663d223c1bfaa3c493ca239839f6f5584739f9f0ac408cb696ff72cc59bc0e6d7e34253d11b84f59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4223ac4e698bb23d0e40445a876d8490
SHA1 18b67e6db7fdfa6124b4a8e80e62ff69624841e4
SHA256 d0706e89fc9cda3b613cca6d3f4d16560cd70847d099cb9646af5bfae02f708a
SHA512 e26bfd77ecbd97788c59e20e506f5b708292b0c55a742c9bdd3c8e8c37f33810a02102427b7618c3bf9944185f02b1ae6b6b48d8cfeab01415af22650e61342b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8bec8c7f4ec6b783506826fed93dce78
SHA1 3f46ca90b1894b52229a8648bc91bf40c077b103
SHA256 525100d86cbf27be6db380dd0709314c11e1dae9f1af2ac1e83240fa0660327d
SHA512 969baa2f248adb31323f2b86566b864725e6538348f5751aa479621576d0ba0372c126ef11234b4e306742b1a95561150d9b059bcd69a0df4dafeeabdd04204a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4dab7e737150299a62301d130b81f6a
SHA1 6c8b676d9b64e4692e209d290d46477f26523123
SHA256 fecadc82ba086933d2dd814046aa6fbc114e243ad40ef768317018d8de66c27e
SHA512 cedc41007816e4c9e1b4163819351a06f9d3d4102a966055a9e3c18018055759738cab5b638a2e7c2d515c2ab8f8b03b3deb25b54d650b66b7feaf7a65e34d22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1de9b58e28ea30c87e6ed71cf5f820d3
SHA1 5f020cacbb3bff3a95c4ab2ef571a02f4a0d7818
SHA256 b023bbbc5c1d2777ec8258cf680bfbd6a7c05b4ba6e399c0c598d54db41080fb
SHA512 6857970ad6a58641dbdbacb27c21c6ac3cfdd61e3cf3915d47c259db814876e70e6665839c66342aa8a4ec003029fce8263792498831df07757fc459b4423072

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 facc193db6f15cb3cec663e4760d8e3c
SHA1 27bb97c335e242437d184f7678bb4c89a081dd1a
SHA256 e7d334fdad3d9bc1921a16c47e60409a70ac453ee31a0eb7c21579c8cd2e88c7
SHA512 3d3764444cfef4328ad4cf3b7ce0a810f5d5e552dad3fcc5d01608d5c67d369d3463f80a73682cc51e9f1370695b8d028883cf5b83ecb250b6324d55f9188800

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b21a2ac084472fc1286e8a88a465c92
SHA1 5debb2304dc95d25894116c53cf76a427646569a
SHA256 f94b6ced1987a9311bdee1fc456d1f55a115e3cc63c5b0368202c23760b00f3a
SHA512 576a1e6d47ef3e2f3f3c7639f2c254b160638db661700b1b08871a46980d24b828a9c2daad6de91eab2c200f8b9c5204a628dddb1040a48f8100732ebf12aea5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a2a181e4e3f0a8cd24d006847d78f3e
SHA1 d61de4f250b32e1b7c10b0eeef940116e2a4c4b5
SHA256 55ef32b48c34cc45cb36d430cbf8e16649898d551d206978285d99a7e0f5974c
SHA512 f1fab157c72dc52c681f2b15b8cf56ea4cb7cfb3129c6709417188bc0dcc550ea64e1b22111454754e8b89016456cc110c436617263b22970ab395db58bc5165

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91e289e8200d0515da9be9bb4c062207
SHA1 1153058eeded692704851d704ad2e93a7d7ee665
SHA256 c68b7e4f8c257df359925fdfb298b954777d7e3d00156d5da45ee8e91491f01c
SHA512 f90d8c7822c0884e31182d3630d6e88be2c047777d440c8e08f2d18512e5d0a34514dfe15b3525b63a3ac766d392c8b8bf92d341202596aed44ef27edb8c941b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ca82711fd6c761789f986c69bb222d8
SHA1 5e7c79cbab9f1a2be5ed5da42732fb7afe886395
SHA256 7069f4e09ac0d30cf0e5a351acf2ec6371c2e074fa481b49941b0973d1015c70
SHA512 af9eb949d74b7a6aef173285f0218afe2db00db897ed6f482db89d9f358a68d88e52165c1c14528fc8231485ab4c6da080529915e51216be567a765910663c28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40370e029862fd9ad3d3841804b2ce1f
SHA1 271a3534a0a6a7c0e3ae683b99576871d593547e
SHA256 fa10615ee76951a3bc4fa059d3c56bac2698aa98a81473222be2eee5d391876a
SHA512 18af2e03feacebaf592abc6ba0d926eae3ba02d6a4de6477df24ca91aeef074a5c5f9cbe3b8c52c3d66771768bea451d2ab8a4ce22891fa448f35a2431945340

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3c9489e8ccf21da6d9c3e1be533fe15
SHA1 255aec2a3daee280c111292cc72913e9d254c43a
SHA256 08477601b6d64aa6a41e76e67681da267fc72749dd14d9e9f08231c3c750a2ff
SHA512 08461f704d6f30abfdbeef5660a3c05413bcbe22c1c02875c35cd2637f9aaa278c3c76f913847cd004db428b9ccaf385632fefc0f892fe1acc3cfb272edf239a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ade959e8c5b0b8846e179ef02ca0030
SHA1 d01f1ccd8aeafe814f2d5906daa37356670a5cc2
SHA256 88b3b49712f8eaf08ffc3d1692277db3b2616c29e2d97d505d86a9e296f05b55
SHA512 0311fbab03f4f214cff7abdbdbc3ef6014773821aa0034430e37d0665a1b3e17d560e45c7aa718b455b00e0e87c78384b311640a241ef11fdd84835bd15fc061

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec98ee6a19a17642ca065153b8a4e7a3
SHA1 75d34aa7eeced1cf4f523d1339792734f8a3b923
SHA256 9a7088878712209d00198073cfff4a618e0f6fed4a7b7ab4eaaa3f066fb8abfe
SHA512 a209553681c7316c991456f76f18cedab2e29ef7bc42881de4695e4f77557db687199e1f926357f9ffce4736cfee1bad29a220706fd32781d7af1bbce3d824cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69b9c95329fd8eaccfc1fe4c5c748d1f
SHA1 fde0bd280ca3227697fd9aa279651ac1734c95e0
SHA256 f40e88e8feefd9bde02851b169c16ead6f0e040ee3208843abf47e8bf92c4af1
SHA512 5fb4c98d14ec114792257d92e7ff223ec0f9205cdd69abb69303d282f2944de49ff6f870bffe59fc3fc2ba11e4a32bf05804226515c203d289fc595ebfc644b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a1b78ca330bc0bc21fdf0164caefb37b
SHA1 c4b9cce72a5eec1afce9c877682487b1499b2ac8
SHA256 ff4769bb5f97dc0f1df7b290959ccbc601a1d1289a2fd269e5240bb6a5b800c8
SHA512 898088a2fa9e32c6796b67dbbcef9d9a8344f007c556e6d04352b169bbc98a431ca115daffa12815d98a8eabd1545b681e0d94acbe794a3e295c1f5d82e301b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e52daa38465c28bba0b72acb9569de0d
SHA1 7d47fa0d636f9afa93d85e6a84222bfd0e05962f
SHA256 15cf3b0ff7c6f1c9146d477872c72e64862e27c66661a72a7c51bbe22ea14318
SHA512 04693e3a68c5def0a981ef6af496968225a124765464694dbe26c6af0f4bc46b44d0a068ee8ca98c44126391a9cbf857ecd94ac3198829e41f36fdd4060c2531

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 26d1760b7b7ef057436ba2e7c2f20b5c
SHA1 0b349c51912daea727d2adc006ba331777699168
SHA256 b408cb40e07529fcf76fb9e42ae5a1baddd8f368930c465fa355eefed194f490
SHA512 11ef821254c3e558a1249eea45dc0d6363e53a84237aca586dcb01dd6260a6cd8346cb52f68fc45454d3160dfcc64878e85c8c1245d63b80937b444093ae711c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a1124c667e47e573d955e0ed7e1d6e0
SHA1 c90d8d34442091f3cc421b94d3968ab13fd7a0f9
SHA256 f20fbae01a0ecb2bf296655a2cabcc743d53913a4bd00c2dff47a50236a70099
SHA512 d4acbf298e7463c423cf480c54eaa9d69d1fe25633c5846104e7e78e1517414d43fd0e85d3e89bbd199677c27867e2d5360b937385e27cc51bd7a84ad5748712

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0552105bfbfc45974a02bf03ef5753e0
SHA1 4ba0a0d04cadcfb971f01fa13cff52eb57d2387b
SHA256 593598097b431deee12e6a22fb3b3fa660eddd2da1367facb1a76d4e508c94c1
SHA512 0318cc54c2d99b43ba00fdaca2b133fa83a936799ec845d6f89414c644f062a71285220369e4cbd150ac146fee5ceb89163a9f4ac9f703d9d57f6129ec4daba9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71ceca003066497d0bab26406176584b
SHA1 716ab94768974fc622d467b270969638c1672c58
SHA256 344be7bc83fcb85a35f2d47f5521bd0db14591956cfe3efa43b815bd5edffac7
SHA512 d1487cc40b3d24907c297ac12715b191e6e7ebcf0a527e1a10f812a2fa8430d09673514d66836c9793df46e79bf611f2d704c676da8b1e17d6b3e8ec32fdd5e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c1e70e6a58f5e92f485192b23ceae9f
SHA1 88bc5af72bd4e5a9059f0f48482d22179b806359
SHA256 6cefcc46ae9f45bd169e3522ce3821edf00c10f7af103eaf15895b5e04a835eb
SHA512 dea2d6807870305277a8147090947568103b3fcd61862ce9585439ce9dc8cb5850978291a83158b21ce6a7591d186350618b42a737a9e2cf7d442d7c7f0b5540

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 5fffbe158b80cb57c370964272a91779
SHA1 0705ed38a1480fd0d2e6ef274aaa82118ec609e8
SHA256 0d867af8ccd8aded71d0c93e896096a8215b5ebad21eeb743bc2a0b3e3bda092
SHA512 db7625907cef441aac01dbe145b0ec7923d6c4934ce968a82d5dc8e0a1b96b374eb9d2e823d3595a4c8329a416c3a0359c537037262d3fc51439124e14af5595

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42054bdd0b1adb25978bf07dd13c87c4
SHA1 59f912dd8c036157248f577ead2d33aeeb519985
SHA256 51dfe3572f0548cdf62de6a3a00b7b0a2a2130f5666df7c07c6d5d4201989654
SHA512 1c249bb00436498aa46cef8d8078c1b12353d664728b739fab345ff98bbd7b23a4f8e408443a14bc183a438fa78cc093bc46b3db4a8cac297c60c07d3815014e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db054d004270e6b8ffc847388d85fc1b
SHA1 b8db2dd4d6f74c005f1f1637f3b3e2a29d7d7df2
SHA256 a38219b234966a142ccf4e44262d442db027d9d680922218d7e47aa3be52d321
SHA512 916e2d62bfd56d03fff7852a0eb349a9ae9ff004f52acf530d084d714d8dcb472f62d527d506eb7cb08dcb33b40f89099cce2dddf68ba3820d15fcbfb1967c0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4138b57d7a29a4837c2e79299eee2e84
SHA1 3916e609709d245a9b8b18e438a75c41a9b58a5c
SHA256 f1f03943271dbfbac128e973da1b5b571e13f8658d2c72f0ed94db344a69ceca
SHA512 7f79c24197c514f376fb86515bf1049e496b9c54a8eea255f18e5a25a6474c4e1935ec246b96f5f0873655a3d521b224e1b1987ad96e4bc880b604ca5ab3175f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95bb92a51accb082567320140a1be0fc
SHA1 980f19447f37de849baf2d57d9f9980824d38e0d
SHA256 e70907195069baa93f7fbd75217ae689a9cac7f769483d30d54f32583e341d0d
SHA512 bcdfc1217516bd7ead68d0c2a958601f2141cee4b2f8c6125fd08d9ba14b5a22317481daa7c584314b34158da803b780ce6a70bb7cd40acd97668a99f7df379d