Malware Analysis Report

2025-04-14 04:34

Sample ID 240612-w37bdavepd
Target a1bd1e8215c9cff2386b447591f03f16_JaffaCakes118
SHA256 1bb1b69c57d8f72b1fc7ea60ccb367e6f7d5777b762d12f813282d1da3945017
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

1bb1b69c57d8f72b1fc7ea60ccb367e6f7d5777b762d12f813282d1da3945017

Threat Level: No (potentially) malicious behavior was detected

The file a1bd1e8215c9cff2386b447591f03f16_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 18:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 18:27

Reported

2024-06-12 18:30

Platform

win7-20240221-en

Max time kernel

141s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1bd1e8215c9cff2386b447591f03f16_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009f0bc8887b90394da0fcf1053918501400000000020000000000106600000001000020000000a3eb0922b1271cee09ddda75aaf9542cc1ae4787ce2d4321660d820e0f1a6a0c000000000e80000000020000200000006e4cadd33b34c5f88ab6ad0ae4ce9b9cb38636338d1b28b0311ac0f9eff7ee33200000002e3ed768acf252c7372c97b81a52705e617f5f20a841ac494784905385d5ab184000000071dee87ee7d52819deff57c56634f3f601e6063a4685d4ca15b4c8bc30c3b90c05cc67f11751dba93a5a4965f82853b1eee0fbb81e882fbd4ff17b7dcc3aa5c0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7AB05451-28E9-11EF-8356-E61A8C993A67} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0f9d57ef6bcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378740" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009f0bc8887b90394da0fcf1053918501400000000020000000000106600000001000020000000ab68b21304e201798bde1459803725e25e80680b26d4bb3ddc065c790ea85168000000000e80000000020000200000004a9edba06666c6002f44f474d4b3c68bb4b4a34f467439a5880f5c81bc53295b90000000bd369d7b418396f7dbd4b4ab430d1cbeecc2c24dc81ace280ea43a4caf15f809eb3c2ee9c27d7b6989ac81de34a4928e2b076b0c91f213cc92a7e83c0e895455fafa6263de0e8b1f4e26e2bdc89a8f08959cd0141e85f0c4b53828c135fe8603d6ee8e362d4af08ec644bbecd8723c67b48674d474fdeab7c48176fc5c1654ea230f07183d38c98551763b18581ddbbc400000000b6230625f11ad4e28f49a9a07d98d6512a4dc806321e37ffbc9e2b08523360a86af8e647cba3eacd45570f0255378d783d43fd78999adf916762adbd8631329 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1bd1e8215c9cff2386b447591f03f16_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 blog4.rapichat.com udp
US 8.8.8.8:53 adhitzads.com udp
US 8.8.8.8:53 poweredby.jads.co udp
US 8.8.8.8:53 cbproads.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 webadvex.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 52.171.140.237:443 webadvex.com tcp
BE 104.68.81.91:443 s7.addthis.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 172.67.172.130:443 adhitzads.com tcp
US 172.67.172.130:443 adhitzads.com tcp
BE 104.68.81.91:443 s7.addthis.com tcp
US 52.171.140.237:443 webadvex.com tcp
US 172.67.174.114:443 cbproads.com tcp
US 172.67.174.114:443 cbproads.com tcp
DE 64.190.63.222:80 blog4.rapichat.com tcp
DE 64.190.63.222:80 blog4.rapichat.com tcp
DE 64.190.63.222:80 blog4.rapichat.com tcp
NL 185.94.236.244:443 poweredby.jads.co tcp
NL 185.94.236.244:443 poweredby.jads.co tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
BE 2.17.107.226:80 apps.identrust.com tcp
BE 2.17.107.226:80 apps.identrust.com tcp
BE 2.17.107.226:80 apps.identrust.com tcp
BE 2.17.107.226:80 apps.identrust.com tcp
US 8.8.8.8:53 cdn.shortpixel.ai udp
GB 143.244.38.136:443 cdn.shortpixel.ai tcp
GB 143.244.38.136:443 cdn.shortpixel.ai tcp
GB 143.244.38.136:443 cdn.shortpixel.ai tcp
GB 143.244.38.136:443 cdn.shortpixel.ai tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
DE 64.190.63.222:80 blog4.rapichat.com tcp
US 52.171.140.237:443 webadvex.com tcp
US 52.171.140.237:443 webadvex.com tcp
US 8.8.8.8:53 www.ebannertraffic.com udp
US 8.8.8.8:53 s10.histats.com udp
DE 64.190.63.222:80 blog4.rapichat.com tcp
DE 64.190.63.222:80 blog4.rapichat.com tcp
US 104.20.18.71:80 s10.histats.com tcp
US 104.20.18.71:80 s10.histats.com tcp
DE 64.190.63.222:80 blog4.rapichat.com tcp
DE 64.190.63.222:80 blog4.rapichat.com tcp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 www.thebannerexchange.com udp
CA 54.39.128.162:443 s4.histats.com tcp
CA 54.39.128.162:443 s4.histats.com tcp
US 104.21.27.13:80 www.thebannerexchange.com tcp
US 104.21.27.13:80 www.thebannerexchange.com tcp
US 104.20.18.71:443 s10.histats.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CA 54.39.128.162:443 s4.histats.com tcp
CA 54.39.128.162:443 s4.histats.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1077.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar1089.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA512 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

C:\Users\Admin\AppData\Local\Temp\Cab1194.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9a3aa0fc1fe9e5eb23ea0871d11b265
SHA1 71386b97d58e90a184efe067a5e65632b90805f5
SHA256 284a22493f4ade88ab936b5b1ab431496d9446877e6b136ab7000d53737b6fd9
SHA512 7e8a76f835620fe189d7ff7f4e4e06ce7b67d822e6f99f1b1eaa3479e7487d7c0325337a8874d3d36f1013a4942a59c00009543ec8f2e86781fb1e6cbadb30b2

C:\Users\Admin\AppData\Local\Temp\Tar11B8.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4d055ca0c137f6129a3795c7bea459b
SHA1 c83bcf3a75ddbdbe76255a620f82abb15c0dc40b
SHA256 0cd946cc73d98a1a43649847e7472520df04211095b77d29c36c76f73a7818cd
SHA512 0955af4922f0a6a1e25769427fb144c0b3e315a0dcd3a10639424da06cfadab6a84ce2ee4a12bfb94f0439052d347dd029c569e7eecd3df7ffbcd83bd7688c83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 425bd95649a90da3c9f0c54b4effc75f
SHA1 09adcd23b6b20a22c6f20b68586c7fc000a2c09f
SHA256 939eba5e604f0e6b656eade3960b5d1f0c655d897346ba9b5db124963b1a76f1
SHA512 dba1266b71c25b6ab005b418e0558e95369cfef5076d807c922cbd24867bdb671e4f159260da5b23e2163e62eb83afe4b810caf8b335cf11ea3b5514e679a763

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4fc2bace3fadf7a8a47b446e5275ae73
SHA1 5f9f9e0ab63c3bb226ff9020ecc7f2454cc86466
SHA256 7319fe526bed3c2d790dbc94c514d590ad0fe97deebef10666204f6ee0cfab6b
SHA512 5c4df3418379a1df21374d5f5138a0b230d7317e6017749e8d08a9c6e2b22df2633fbcad65820750b7c486710c6f25e92c82253d3ebc47c7311b46fd7200b5fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72e0950877ca6940c4492c276f77d38e
SHA1 3ff94847b2ed3c0dce92cebe9d69720aa657d29a
SHA256 3b03155c27119321cea13c87f7dc481cebc71b2deec115d9ec92f9b11b89239e
SHA512 03d00e6449475c2d57a8b4ac0acd0caa03d0b93b6e07955591137d7e57376f826c83d6daa5dad4cfe739f670c4bafa87ed7fd21c159a5be38185602948f18664

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 158fb80369db4d5ddce0224d79636fbf
SHA1 1d17df9fa714ca67c631635820057c0e2d7c2f1c
SHA256 217779e1a36c30f81949611fb127facb67dd4b3a1f7327f6bc1528c3d0cba104
SHA512 4a9361e48e078906c6aa502a1df9dc6135f53d5e41447172c12877962ec87a3b0ff4a99b1dd3a1ecddaf3bc170676c0260b4a3c43fbf3967a699a4f6b3e51f2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 822467b728b7a66b081c91795373789a
SHA1 d8f2f02e1eef62485a9feffd59ce837511749865
SHA256 af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9
SHA512 bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4f550e314a37943df17481b626a0a2f
SHA1 5aebb0bc644b10af1d71b1732473886b9e89a86f
SHA256 c589f4710af4f0a03011ba66038972fee9eecc1af2e5b39e872ccb4e66081a11
SHA512 4b66ed171e4f8a4eb8b618d6e41ae5b5f22a48df403529ce953ec29090c7240c6416337f3e79916c1c5d0deeae2d815371ad6355e21e03ee308b2d02adeabac0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC72787C7EF21DC2180436E5C53A75A2

MD5 a45b4bd2d53da51ecb48397d32ca8145
SHA1 26e9bbc9a9d694f44e89d62492348cd0991c8b3c
SHA256 49dc555075ab77e3a2df0b619ae93670d979e94e2683d08d2d7c3373e7cbd981
SHA512 30a3e4dfcc59557ab7863ab029279fe9c8bd92870da71e7bdae16d71a578fae652728c4c4e95e97ed0b8b3da8efe22b4c74a32e0260eef7a3c66c7b87745e9fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c36a0605d4dd93ae36fc4bb6827abc4
SHA1 e9695612987087acdee2255c4cc4fc7b0793abe7
SHA256 cea20c46686464415e15f881677608327671c4825968c521168bdeb5f933b9ea
SHA512 5568efbcd30747ea681f42cd43a1728acec2761b34a73d450ba060772064b09f808ad4a090dbe77b7ed63029cd4b389302ec92092a3d033b33734723d3a5d3e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61

MD5 658a5be6ed0609a1e4424e8a185b22e0
SHA1 8390eb661f2ede80635b0c5aa0fcd9328d1f70eb
SHA256 1b13fe7852b06a74839aa4b6716dc80cca8190ab1ae78c5b183d198c809d5e1a
SHA512 204f21b2ab9573b3f7132d3df115aa3d94360227f26dd45b07a08288262c6bd8b81f75d348305b555006a8eab328f34d1a9ae0fafdb6a374264484f27c1275d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2185eebf385eda5a2a5e88b52278c3cb
SHA1 c396fc1ed842aeb04010310e0e573c9d66a2ea45
SHA256 37914818d5f2866600c176a9d79e5583fdf4a23d49b4efe93fd217a83d224a88
SHA512 54f25fccc05239502c5ed147e71ea5f7ca543bf89dc4b07b8e29a0550b99c35739fc4587cf88bc27c16b9cd422ad0975b977b305e21a434bb79422f529f0b1f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 300bb3f5c620678ef2acf6c65373b9a2
SHA1 4da9197c2d79be01b6a432e434649fd8d16e02fb
SHA256 59f1bc5825ed507f635b697694c40dfd83486efafb92beca278f76df5818a64e
SHA512 39ed26966ba4c5c9c59930acdc76f863c30dff97e6f9ae8d96bd17cdf8d703e9d90060902f9f7cb0c24a0a0b69a8b41b8b0919e440e4592ee3bcbcf8d0a4ac60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 26e2cf983615b6c166b9b8f616329c6a
SHA1 949d2ecef0979e408399830ece40bf77b6b1bf06
SHA256 58f7402b92b5f448168599b6ba6e3d7d812b6fd3f2d07bb7b03be3205f96e760
SHA512 86708343449890a68f31b85428c833701e10fd86411c8a16058c6b6788f41dd2b288538860f3f7f7a901ff6f592fd33fa364e1ab5bbde96ce793cb8c3af58d0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c21a30eb7c52fb6c4edcea1e956f8d3
SHA1 5142794947847f760cd180838de1b292b13c3f57
SHA256 b7048be9fb37eac81e5c7b97cdcc3cfb15f774beb968c37d01ac77af6cd76051
SHA512 d8248c20acf632a8e6857cb3ce0bc6dd191cca525516b8b14643a46767e71bc7d199c72fe137495938a9b0e25f14bcc63d317a4b4b80b1ae513d709a74441eed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b24989af247100df833418c11f2fc3df
SHA1 a53ddf75a93e0a6098ec7d4f8ee0faa7478a959d
SHA256 1c29b2eba7cae5f51434dbfbfa86e0264cfe4bf9d1ab88cfc4255ced8953f505
SHA512 b630e587b2f33f9de1fd2c5b236f54b5ace4f6fb0b5c10df5135b33f412d779634c39c0383f0333a205ceb2d6708d862b7d7411a2bebdcc22d0ae090512d9fcc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3bc0bf515dcb42398c123c861429d3e
SHA1 0bbca599d622e1a3a8bca4d3450f94d0e4d0340c
SHA256 650ade2cbd21292c9e6a25dadaff50b2fbf6099a0037cc05fa568282bc645328
SHA512 06533b73f2c3093232e9bdf8395b1250803232f721def91c76bc521485113c226906a2ac7e399e54d63634b5ec81b03603fadf98582515e2b0b41ea7be1fcf94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 054bb11c90dd19a767f7ccd93898b95e
SHA1 66c9c23aea6c0ab6456f5461a4c10a9c400f138f
SHA256 5a3acabece8a50dc6f4aaffd6aee44d4847ff997835dbb4b1a3f9d58cb8498df
SHA512 93cfb1d57b4b147d06e21dbd50df51fcb8937bbdca4ded62421ad9a3c43d78a2e03b6ed53f2f48ca6ee1176e87f73032b916b8092654a5f0089fa7065c1fd4a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a9c07a357c9a03623fbc4e42032c6e9
SHA1 23c8e39c80b4aa188139824fd12fd8b9abdaa2e1
SHA256 3ca46a91c3db264e4c46d87860a09cd34dadaa2bae8f91620548e7ec684d4c64
SHA512 6a1875576f9393afa390f5fedd211ecc702c54441f26e80001d2e600f890290e5c1c36aa358ebc0c8ca5b9f67e2c43c22dd35db8799726a88d79f2fd70e2904e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f883b5c37e07eb85c2df5289d4a56443
SHA1 ecadb844aadf5afdccc2f41c50f7f04288ff6143
SHA256 8babe72cab9f1c53bf44b8ca9a95224e82ed30bd1b6ed923420f872a91ca09a6
SHA512 1935012a75286bdca1a7f2d359c37bd71e55f847f2c71d24c6e20dc28e889d2cfc8cc6fc14856fd4485c4761832cefe4cfd0e2989929e5360d6df6d0adf9e968

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b2854b59a58645461e10e68ccc2929d
SHA1 c465c84409897517416539d2590c86a35370e843
SHA256 dc3d7e39042902d74c399245392d20f0c230f266594fce0467c25b9723a96f15
SHA512 cacffdafe987a2b0fcb400c79b950e23ea843f900c8cfa66698411a2bca0641296f6ea337b80116f983f95aabe765e2af18fafb4919faacc470be26bdaac6213

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36bb6c5237133f68026c713bc6d04d9d
SHA1 d3ba9fa6658cf932730dbe18d06a5b598097e21f
SHA256 6c9a157c08a1b0800d513640b241a3064b01177ce0f059e71ddaa558c5ccf827
SHA512 f195fc7784f488ead2907c674961b5c2309527a28081ec01fede85933d741650b56912255e6014f9b97c80c05da380bb7eef8169bb3df8efa7240623f14c3858

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe79b4cb03654fe8a6c5fab2d9241bef
SHA1 1c1fb5e513e0577f795f8dc6fb20ffea5a271801
SHA256 b1b031a86c092bb2191aa3fcf6e9d38c4aad371b5e0e442702fec465c827eb11
SHA512 afeae22a6a2560e888b9f699a858bdf1562b54984e81d30048d13b022dfd1be2d9354a6868b1927e47861b40fde026c61fcd7e274521102582f3061c1a0a01ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 620f14bd3de2fb2b88e0540f8328e587
SHA1 70c46148bf732ca05edfa3eac19e3b570f7ab0f5
SHA256 ea3bb975ba64837514906507ec5bd3cbf4e129ac7ae1ad0c6c7343fcb294f1d5
SHA512 e89d879c2508d202b8782fdb77a03918942ddbdefac8092c6169fde76e903dcd3817a7dab3185a21ed8244c6f85db736b8520f5c851c9de840605852fef049f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9653e29c7f7b4091d7d1250f9ec6fac
SHA1 747302e4b40874f72e16caf21869b20be55484dc
SHA256 6460dd2c0a18f66e0a90eab79e1723a861a1493d1a482407f499ad42c8660643
SHA512 5e26f46775c87a2e3a20f2c9275d29fc0980535b2996b5adde55fadc08e80c19628d721ed48bdc8ae2c4dae8dd4829039485069e059b443b8a5eba0830e2b378

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfc7294c92ab57a605303946553df823
SHA1 4c8ff48d11f150a5c1d3e134d2b34290d4a08d3c
SHA256 7ffe43ad0d85bbf33d0de85a7abd3ede778ce1e29311fb46dc92a157f757fd45
SHA512 0a9700b8505bed3e7d378f0288a6245d50e29c9138acdc3fda8a03b096e97e15e6acf2798f59f9f2a427351a35fe810aca5a7f26135117a27fb0bac48b0851a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fc3bfae05c0df5539499d2656dbc34a
SHA1 20b5e9a56da2f95210843e90d74fd913597d028e
SHA256 f74fd693aca006f6d594231839b63bb43917826a14b620e0a256b3fddf6f5205
SHA512 7ea4eeba63195b72a155de69786d6a9deee1b4be798b1319d9cb2f5b9d4d093c55d8338e147fd95d1b2646969cab39a71aa759bfdbe086b606fb10633bc6a613

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b124bae579580e17ce623fbb7a35f7fd
SHA1 4eede76397c4bf18655cb90ca6c528afc5dbc517
SHA256 b914b1a91b828fb72b6f86a68799623197b133eae21c3e996ddadefb2229327f
SHA512 c377a8dc6841326a9b1878bcb16d8a8ceec7c552e0b0d981ac7f0768adc08bcaf6e97ca91747a1fcea8ec9c1247bc0d2c454850a9a22a3a9bd1663222e0600a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 849a761343eaa8db2d55f918858f6553
SHA1 3dff1f76c0c5e6fe2e2d3674bf4404d30b8427f8
SHA256 441311ba24ab6fb4f2fb64e0011dbe8c703fedfbe143e576d1d031a3c27f14f7
SHA512 5ae8bd96e8d260c3479b643c04fca32c6e45e9bcedc647a35117561f5016f3e5135542c3c20d9abdbac2ed09d0d7c5963e15b3c107279a5c27adf137078cc95f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 500cb7075d107a8e6a9e790e46ae4d34
SHA1 96914c3ad0ec38069bc410b9c81ba6f9d31aa1ce
SHA256 86de0efc5580b52b8a87a71ddc80b80722b3c3d2fb91e00dfe94bd67888785dc
SHA512 db9b6443d81ef0ccf379a2c268334dbb5884fb2a6780929e49bba0c456309b1e0e2de663e4235aca646d370877d1f982783c9099bc03af31909ba0dfff82879a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 436894043e4bd874a27f388bc767a223
SHA1 0db860ae05c245718088c0b1ccbed185d0a53870
SHA256 f1c47239a623aee58c3fead766963816f713527ac0a79faf16d389aac283d9b1
SHA512 7fc0859f0515c4aeefe0a9833a2a03ef022d7ee4f138b04400f748a4841e9958f1a0ff22cbce5e8cea22e2cf28875c2351cb823618314da7603c0561ebf055a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 331240cac65f769adaa1c3932c5d0233
SHA1 0150ae2dfbad378513b5f14f1ab73a8722625ec7
SHA256 a598c78087d249ee549cb2543b6e1a543793dd825322a4ebfbeffd6e3d94e9f8
SHA512 084d6b5118c6be13cb6368b25149696cbc32bbbfa36569509a8e2e196f02cc54653bcb4129aca55ab24a134faf87a8d366f4adba0f0b373d362f3ab647c6a2bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc5eb515353df56f0ba23c4de19351ec
SHA1 3b6a7698647eee54e3e76b77714aaceeaa3e2f43
SHA256 29077a9d2aa840493add5efdfc56a6d03e36fd001e05ba3459a2be61338896b2
SHA512 81e117cdf2244a811304efd3f73ee9385d715e86f488bacb2257c69a7eabd2e0193553b6fa8293eb578f612929cf5ffae282345410462157b7caa1d6fb772be6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 3379fc6799833835468428ba565431f2
SHA1 f58f8b472a752f93fe7da2c59dfd376983f6cbc6
SHA256 6b281d0afa4e892addcb4f6a87a4364501c1722cae3cbd7394479957ffff6ade
SHA512 908d41dd0908716add02fca010a707558e0d77326fa7705c59b2540cb1bbc18b9600b2c9d36f85bfe5705e0f8fdbe1d9b7cc936693aad301621148fa38d8eb9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 702f3b7db1298f278c71884962a779bc
SHA1 c0a55dc1faa922567707c36a3851d27bd555bf54
SHA256 b8f5ea566097475e1498265408a0db75d563595c7378d9eca5063f2a95cad563
SHA512 cb3592636e8da105fd0e22124c251e3bc39b096f71f6e7a57c329d954923cffd25bbbf0fc5091e04994e87360eee8ab5c07acc87152e2f7a0082c18232b9e906

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94d73e30f0794cb5f4429f9657a02e18
SHA1 7252c9bb03fd95ebd21961015a880072fa9726c2
SHA256 5ccf8d9c0d893473aa991efd3506d3fba81bec96fb12811b1bf0bd8cd4e8223d
SHA512 b8295200a1fab6d21b20f5c9707428008c325ea36423bb45d7d6bbf23a07b4b2bba0ab292e2044e795db7e4a54b853af67c7229a9320310e282316ec4c5cb377

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48d40c58872fc10500c39552d9185c5f
SHA1 f45d3906165d77b8f74a93c0e80f579f83de5833
SHA256 70616281de039ec0b4fc2d221dfcdaa987424174b0d11f036a88c6688dfe55ae
SHA512 0e997c50b2123d60a4435e3af2a1180d849b87ca9f97e3d54347d9957b26a07979bacaf490ef87676ad70763cc3cf6c8a0761f6fc10b13f15a41af21a157e77a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11f99d1e08584adf9300f53d893813e5
SHA1 b71d370b4755187c59ef366fe8e416de5ddcbcde
SHA256 68977e8ba236929c54098c985cbab3cb686a6128bf6a1cc324776c0727cd4661
SHA512 b208de59aa6dd58dde2b95ad0a78b387b89d4229c55e2d798981eb738d80e7b6ef829a408468e34bf9653bc20968458b57c66e5125ef9773ebc3d0e3203c9420

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3999ab062a66404de9934d3f0e8ee99
SHA1 e9a7a7727e811099ed60ccc85ddd4a9a6bbac557
SHA256 cc4aaa7dc39c9757e9d4c08134c0ed849429b541851dc1c25a95c99d7c410995
SHA512 99609ed183a9c4d7335b830a29623e69afc3775228b1275498a84de4d603bd1435ff64b9857ea2eb4ea83695e820ed5bc53f2e3ced3e7519a839ae5036c3a19a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d4c87eaba482baf98274a7358c1c3c6
SHA1 87bf7d951eb71fa74dae3658109227230ad49f10
SHA256 464d6625306addb2156d013a109fce2a40b43094fd6b9562cc8851ebf3f63cd0
SHA512 b8e72220ecc67bbb16af80c7dbdd5c7706ccf039899ffe7cf0d2b4f9d76da3963bf1dfccadc6061eb25faa47e895db0818eddda5d054afd79e4427237e0aac52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 64e8c9ab55c48804a45079df58b46d2f
SHA1 40c1835b05bd622b2ba31b837e0178c53f5c91be
SHA256 3e8c019e01fa3b69369e509eaecc56bae6db7efadf66cadf969f683b430478c2
SHA512 8ea818eaa4619d704cdec6fa1b0408b2836827085b7418f0b261096249344bd67e636a9b3c3f5b86fbe15c1af22008f975ca78435e41f04f101271756bfe8970

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57e065722b4aa719373ba3b96588883e
SHA1 3dc497d326cac2e9c978aa31bd23d32bcf50531c
SHA256 a93a12cc65c2b516c6b0fbbe7f62569d31af25ed8739466f123416eaed71aabd
SHA512 dc87024230edadb71454bfaa4998eb7c063012bece4afed9b16683e775ee97e7a6fcf7cd5e4ef33967daa135e1a0cc051bef9165eda667e665a56673781963e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d10568e1d7bb43356470ea8a1346ddc
SHA1 f670f57572e43e3222ee336fdc56ff11cb26d64c
SHA256 75939dd9667211d08180dcf204722a0b4a56922c1fbb41f21e57f6b1d0d47054
SHA512 78137e3f9e0ac63a8fd66b60ed2ef76afc38c4c9dafe530615fc23071d280f8b41d15cee32bb6a68070137162b0b8ec7816340eb88a96692b98bd6bb521ac89f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0dcb9f10e77ac400a826ec806fa6d1dc
SHA1 09c452da1fbfb721282833befdf35f8c70d433f6
SHA256 9e8141bf1e87df7e247d00fc7017ab08038e7beaa164643f21b7685b8b7a5395
SHA512 4550d6487f6db12d9f1c9df723726a634d77f9ee18a8af275a9dad0b9e37e6919dfec4018193812b2360185d4d175e1c0f514093eddb86a4afcc83230bffc5e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bb09238b8bd4746828796fbc01eb6f5
SHA1 20d99bd139267f2583ad9d7919d81b803a6fc680
SHA256 ada0b19b8ebc58c74bf5d1a257ffdf254665fd57ec11af26eb9d3ac20192aac1
SHA512 f25df6141285b567035a97179f6bf6f9ef12f86a31b2d929526f5bd5348e7bc2261cbae2b1f263463e7a219cc28a858c4637748e9e15ee44704ff19f54bae953

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4bd07488a5ab4e79c5df220588abde7
SHA1 77dd16b1aac280272c762d13d15ada7f7f078387
SHA256 5005f6e1089e92b886f3720c43421c5502e7975c30f7d8800c1a42f76e82d6d5
SHA512 da470897e787225a57819eb2f5540627c011555cb45d14b8fe25b1494aa0e9e8f5a82c691c3ac2a9b2bf386ec298f7edad4212632978718e68196fc4722cfffa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b88815fc2e58dea03ecc28c612b7417
SHA1 e2b1ecf086fcfa79d5cd6fa0f4898d7f1d452a96
SHA256 747594f90124b78e20d4da019c5446e33f351efdbe04269bd1bedb52d8c00cc2
SHA512 336b504c9319cf406413cb3b49c54cc1e17709255ea2ccc759b6648e2e13e9b1cb25e992c4e447b987219c526a29311df24449380ab04f8f889f3be6e43da4a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4fdf1b4164cfd322e885e6f11e2dc6a
SHA1 9ae67dda67cb44a0d2de0fc47f7e966f7644a6b7
SHA256 b1129de5ef405f81dcbfa050e73864093b49baad66a842bf66b5327648099c11
SHA512 c83aa3c498a46a2f51986894848bddf9b503800567409aaf24e35e47c0b50dfec9ee44efd3e1b908f1f47eb5c065f3f3946986aba3fe514fd4a137f5b501e7aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8166d0364999020c62e9a4ac062ac24b
SHA1 178008fef5186f4e33b50e2ea572b3fe901bab3d
SHA256 7043abbcd1851124850503453cfed04413330105918e840e4edbec690cef3ac1
SHA512 41a4c9f84805c48dffaddc2413fc3356b82f6a4e7dd6d6e9eddfdd34c3e37b3e3b9ba9284888a24abb83ac0dcdefd5bea0b7e5adfa7d334b7e228b14d1cf4953

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b614bfa5c39f54052defa372de62dd4
SHA1 4e1b7d21a3e4474bb0479808378e6801530c2998
SHA256 006387c559e69ac6f833419cd12946f8802cea205b5ec57ffa7baa885af7b7a8
SHA512 8fc0a8215e64906fe1c041d19905fa16211e4a6b0aa8377beda80a8fa2845b43250a15fa2a3a804b837f4b0e03a46875ba074e5142035466eba4747e3315e728

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90fb3db5e8f5576b19a721958fc71057
SHA1 1641f4d890ccc408db56de9e23c01c6908875deb
SHA256 3639de304e9bb88b123048a02509b3e5a069b8238c5e10d33e3874dcb6fac457
SHA512 d33a9d4333c5712d2e141a4e2a97b9aa20fe4f721daed2888471882e421017b907ac1432d31780c716f3f556d7c60d48d56cf02e699be5e7c7bd78fb58676d69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7dc472849bbbfef5ea71015a9db46021
SHA1 89f3dfa4be0c4c4330e51186add367a84a2d2f7e
SHA256 1e73b7f4c99d4bc5bbced63469ef7d5483db2be1e7b705c9786894bb490e2ebc
SHA512 532ed6b781c6034eea2286bdd63b990d1affc9999d7fb16f77151c62b8792a49722714801e790a7bf4acb3731ceb39792a97dad1a955d011701c73bc4c3c81b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6d8d4a35a6c30f1e267aeb66d669758
SHA1 f9baf034072946220f5d87f9fa7106647cb8e711
SHA256 31f0381b7b95deff861166cda8df8001b0ff2d584093a17237fa2460b4fdacc8
SHA512 6127e1ae1bbc3edec8fcc8a5a45a868af4958b889066f64d433f3d7ac137a89d555d42a85134e83c61e7bb41ab4716d80c70f6c30269d0d31fce44757724b77f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0506db5b36e80969ef76316c20b059dc
SHA1 6ca46098f69fc65da4b00c1ade26c12e27b65624
SHA256 0d6ef8480e16bcabf9e3ef131987c4d8e305b9a125c4e40de6bb9a6bb655b025
SHA512 1b7780dc90129068cbbc5d0af50a39e736ea32de50824610cc4989aefaf86f7e38480ec281e19eb810305a87e1e863a07ead533e8ec06695f2260cedc6135662

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 18:27

Reported

2024-06-12 18:30

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1bd1e8215c9cff2386b447591f03f16_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1bd1e8215c9cff2386b447591f03f16_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4072,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=4344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4148,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=4040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4008,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5480,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5576,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5848,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5488,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=7076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6928,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=4824 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 blog4.rapichat.com udp
US 8.8.8.8:53 blog4.rapichat.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 adhitzads.com udp
US 8.8.8.8:53 adhitzads.com udp
US 8.8.8.8:53 cbproads.com udp
US 8.8.8.8:53 cbproads.com udp
US 8.8.8.8:53 webadvex.com udp
US 8.8.8.8:53 webadvex.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 assets.pinterest.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 blog4.rapichat.com udp
US 8.8.8.8:53 blog4.rapichat.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 adhitzads.com udp
US 8.8.8.8:53 adhitzads.com udp
US 8.8.8.8:53 cbproads.com udp
US 8.8.8.8:53 cbproads.com udp
US 8.8.8.8:53 webadvex.com udp
US 8.8.8.8:53 webadvex.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 blog4.rapichat.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 adhitzads.com udp
US 8.8.8.8:53 cbproads.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 webadvex.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 my.hellobar.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 webadvex.com udp
US 8.8.8.8:53 webadvex.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 adhitzads.com udp
US 8.8.8.8:53 adhitzads.com udp
US 8.8.8.8:53 blog4.rapichat.com udp
US 8.8.8.8:53 blog4.rapichat.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 cbproads.com udp
US 8.8.8.8:53 cbproads.com udp
US 8.8.8.8:53 poweredby.jads.co udp
US 8.8.8.8:53 poweredby.jads.co udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 webadvex.com udp
US 8.8.8.8:53 webadvex.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 adhitzads.com udp
US 8.8.8.8:53 adhitzads.com udp
US 8.8.8.8:53 blog4.rapichat.com udp
US 8.8.8.8:53 blog4.rapichat.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 cbproads.com udp
US 8.8.8.8:53 cbproads.com udp
US 8.8.8.8:53 poweredby.jads.co udp
US 8.8.8.8:53 poweredby.jads.co udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 webadvex.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 adhitzads.com udp
US 8.8.8.8:53 blog4.rapichat.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 cbproads.com udp
US 8.8.8.8:53 poweredby.jads.co udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 www.ebannertraffic.com udp
US 8.8.8.8:53 www.ebannertraffic.com udp
US 8.8.8.8:53 poweredby.jads.co udp
US 8.8.8.8:53 poweredby.jads.co udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.ebannertraffic.com udp
US 8.8.8.8:53 www.ebannertraffic.com udp
US 8.8.8.8:53 poweredby.jads.co udp
US 8.8.8.8:53 poweredby.jads.co udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 cdn.shortpixel.ai udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 s10.histats.com udp
US 8.8.8.8:53 s10.histats.com udp
US 8.8.8.8:53 s10.histats.com udp
US 8.8.8.8:53 www.ebannertraffic.com udp
US 8.8.8.8:53 www.ebannertraffic.com udp
US 8.8.8.8:53 www.ebannertraffic.com udp
US 8.8.8.8:53 www.ebannertraffic.com udp
US 8.8.8.8:53 www.thebannerexchange.com udp
US 8.8.8.8:53 www.thebannerexchange.com udp
US 8.8.8.8:53 www.thebannerexchange.com udp
US 8.8.8.8:53 www.thebannerexchange.com udp
US 8.8.8.8:53 www.thebannerexchange.com udp
US 8.8.8.8:53 www.thebannerexchange.com udp
US 8.8.8.8:53 www.thebannerexchange.com udp
US 8.8.8.8:53 www.thebannerexchange.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A