Malware Analysis Report

2025-04-14 03:01

Sample ID 240613-df71aawall
Target a39ac2aa2ecc732b55160d9aeacf49a0_JaffaCakes118
SHA256 aed6f63e3522c2301815cdf29e896a6933164f9d9da2846fca0faab91da3e5b8
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

aed6f63e3522c2301815cdf29e896a6933164f9d9da2846fca0faab91da3e5b8

Threat Level: No (potentially) malicious behavior was detected

The file a39ac2aa2ecc732b55160d9aeacf49a0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 02:58

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 02:58

Reported

2024-06-13 03:00

Platform

win7-20231129-en

Max time kernel

147s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a39ac2aa2ecc732b55160d9aeacf49a0_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C3496981-2930-11EF-8A73-D2C28B9FE739} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3dc241a2db915429c1ba1a5afa679d200000000020000000000106600000001000020000000032f2bfbf345aecce4c1638df9ebaa93a91f64c7cf8415d6b8fdbc9e7eb5b9bb000000000e800000000200002000000091189151aa62d06481a2135eb332622b655336060d0543c10322ea9fdaf5b47f900000001c5c9cfa11f3b77ba7a0afd6b02afe7db2fbf4ea29fab0bf622d4ffffb515c13a551de7e135cd20e69aa7704e6978c35b70152d4f8be4e5b4252f76200ebb26d291af9fe4dab91a5f58c915b9f76797f3e39cadb422d818eb49fffda4f567dccb89aaeda924ce8652b4e49e328992bb9850c0ceb17d93d294da8b1c6eef9009a5a7d7f11b29233b25aa4a1416a0196754000000009db678971eaa5927b2f93df9c8a6ab2288da12b9689c91144a47cddd54791b9c2cb9bdbbe3bbe3fc10afdd046e29f9fdb86c11bf9d0eb136d85b8a06f0408e3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3dc241a2db915429c1ba1a5afa679d2000000000200000000001066000000010000200000004eb8fed7c2c44d854adbeacdd8a3f5cb0255fb129fe483097189004bc64f3896000000000e8000000002000020000000445bddd8116b96e2633afa587b563969d000c561bcc0343ade53afc243db1b1320000000176c2b513eeb502569af0bb83c8c9f3061ab964a9159d440fd8d39aa3c0dcb0840000000a04db5c4f7fb97f2c4e9e40576606f3bc516056de84b946c6de65468b5ce46e68cdb18712457d7c3b714e789afc05f6f30b70adf28644ec3a002fd4ac65cb759 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0170a9d3dbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424409366" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a39ac2aa2ecc732b55160d9aeacf49a0_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 pixxur.com udp
US 8.8.8.8:53 www.videoporno-gratis.net udp
US 8.8.8.8:53 widgets.hubtraffic.com udp
US 8.8.8.8:53 cdn.popcash.net udp
US 8.8.8.8:53 syndication.exoclick.com udp
NL 95.211.229.245:80 syndication.exoclick.com tcp
DE 142.132.202.70:80 pixxur.com tcp
DE 142.132.202.70:80 pixxur.com tcp
GB 143.244.38.136:80 cdn.popcash.net tcp
DE 142.132.202.70:80 pixxur.com tcp
NL 95.211.229.245:80 syndication.exoclick.com tcp
GB 64.210.156.22:80 widgets.hubtraffic.com tcp
DE 142.132.202.70:80 pixxur.com tcp
DE 142.132.202.70:80 pixxur.com tcp
GB 143.244.38.136:80 cdn.popcash.net tcp
DE 142.132.202.70:80 pixxur.com tcp
GB 64.210.156.22:80 widgets.hubtraffic.com tcp
NL 64.46.118.23:80 www.videoporno-gratis.net tcp
NL 64.46.118.23:80 www.videoporno-gratis.net tcp
NL 64.46.118.23:80 www.videoporno-gratis.net tcp
NL 64.46.118.23:80 www.videoporno-gratis.net tcp
NL 64.46.118.23:80 www.videoporno-gratis.net tcp
NL 64.46.118.23:80 www.videoporno-gratis.net tcp
GB 64.210.156.22:443 widgets.hubtraffic.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
US 8.8.8.8:53 qltuh.bellatrixmeissa.com udp
US 172.67.218.75:443 qltuh.bellatrixmeissa.com tcp
US 172.67.218.75:443 qltuh.bellatrixmeissa.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 172.67.218.75:443 qltuh.bellatrixmeissa.com tcp
US 8.8.8.8:53 qltuh.check-tl-ver-36-1.com udp
US 8.8.8.8:53 qltuh.check-tl-ver-85-1.com udp
US 172.67.142.122:443 qltuh.check-tl-ver-36-1.com tcp
US 172.67.142.122:443 qltuh.check-tl-ver-36-1.com tcp
US 172.67.221.186:443 qltuh.check-tl-ver-85-1.com tcp
US 172.67.221.186:443 qltuh.check-tl-ver-85-1.com tcp
US 8.8.8.8:53 dcba.popcash.net udp
US 18.207.37.195:443 dcba.popcash.net tcp
US 18.207.37.195:443 dcba.popcash.net tcp
US 8.8.8.8:53 www.cam4.com udp
NL 185.94.239.81:443 www.cam4.com tcp
NL 185.94.239.81:443 www.cam4.com tcp
NL 185.94.239.81:443 www.cam4.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
NL 64.46.118.23:443 www.videoporno-gratis.net tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 108.177.15.157:443 stats.g.doubleclick.net tcp
BE 108.177.15.157:443 stats.g.doubleclick.net tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 snapshots.xcdnpro.com udp
GB 64.210.156.22:443 snapshots.xcdnpro.com tcp
GB 64.210.156.22:443 snapshots.xcdnpro.com tcp
GB 64.210.156.22:443 snapshots.xcdnpro.com tcp
GB 64.210.156.22:443 snapshots.xcdnpro.com tcp
GB 64.210.156.22:443 snapshots.xcdnpro.com tcp
GB 64.210.156.22:443 snapshots.xcdnpro.com tcp
GB 64.210.156.22:443 snapshots.xcdnpro.com tcp
GB 64.210.156.22:443 snapshots.xcdnpro.com tcp
NL 23.62.61.97:80 www.bing.com tcp
NL 23.62.61.97:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JVCWHMT\98372-300x250[1].htm

MD5 bd2695f4b079c71dbddde3436286fb9c
SHA1 733c05da132193d6cf1d8e242d12e2525c03bab4
SHA256 2e04a18ff185ba5b16f762a0538339bc4049aceaef9738edd43af77d2ceb788b
SHA512 5b73af24d095f7593026d3f211da6775d91c2efb5cdb0e0258ccca8edd3f8645cdf80d8338c863794d260f4bca08637233be3548d83e7225518dee2f47560798

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YW4LOOUK\space-robot[2].htm

MD5 01041709ecf6a3f0b549820730593c03
SHA1 55775e4279d24a34f601bf8180d9f280b8131e0d
SHA256 51907b3319c05ec1c1a7466f4017f4dcc7b6dc59a29ed962bfd36572f223bb51
SHA512 70225e01be14f7c73cc4cebac8759fcec92f024d6972a6cbe30cbf7e5f01fe1d4658c077fbeefce5a47f082ee6eb60a61b44f48ff9a71cb817e4d9d111cc00d8

C:\Users\Admin\AppData\Local\Temp\Tar1BEF.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55ba44b8badd53a683a9546ed8f02685
SHA1 4f991ebc7a350d380a290543ffeba20db3fe3291
SHA256 62e971602b483da413e43e2f8b8d7d8540449e180240bf9d4ad78715b208ed5f
SHA512 ed76dde05b1543fb5fb480eb8a26931a9f4c728e73e7f231bc122efbd4c86706ec88570dfe44acecaca669d5fb101f34c598e72e97ae159fca3256a43d204014

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 50ac6f07f28b0963ef3ed8169936cf51
SHA1 de93c8d2e64b831a084a4bcfb3c00382e6f24a50
SHA256 a68b894c9dfc82fdbb4b88d3e1ebf1daa023d9136fe414dda73fd2090185fe93
SHA512 93f74a7e7b26473dfb7ff3ba87597886dec834f9e8d4b735d64a1b0b84d2e022c45391fa45b2770d2727fbd0d38f2d94cb656edebe88f26b01606d2cacf5f158

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d3181adbea4fc4ab35d6d58cfe02a0c
SHA1 956b3e3caa6293c9fca71ae43043574c0dc297ed
SHA256 aad6b34130c0625f6373b25d47dd3012cef63bc92283774ad738c425eebb54b3
SHA512 6460fc9e8bf9d93d3080933a49659206023fae798cc586117e9ad6f341085d11056239c74e9aff49b0469c110a8016754595c7c133c19d5c96b3d030e510b2be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a54e2457d97e7f70bfb7be2bf8da589
SHA1 d76442a98f511c9e121d5b60ba00a7a581d9ad26
SHA256 b1c07babbf3bd9461cdc804f369ff19db83061d3c700491582e96271421bd2a6
SHA512 c13f939a691822fbd66bd75c059cf619ad51ef08495ae2ae0a4d07a96ca7e4c8b0be1191a63648504fb6f7dfa3d546d31a3bb257dd60c72946c5890229a47a82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2832de5bb8de1680135550893915fb59
SHA1 00933abd27083b04a967c11f3f3723774572800b
SHA256 2605144c8b867a412a15ee01f8141426b3d2fdee87eda1666233ae8753b06acb
SHA512 43bed2a57084dcf60f8a27399a8e8b103f054354bee277d9297e9e8498bbf5e8cd685da7a6bfed563b5de8cbad087ef949e90d4a2739e9967eb3f66a14c543b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6caba8bff1ad98dae8b38e39c81bc78b
SHA1 8e2ff957b119adc678ba88f51d131f1fc63e44f3
SHA256 fb503d8e8df9ce66bbf2baa4d7b07aa95489075bd339411e4ef1a9d0c751769f
SHA512 e10f2e1c5296920c8d697d88d8cb250e4f7a5146ab86b72458ff9362cc7668c5a7e1340cab9889c797ffa6ef30304caa50e08b3f6d79b7b5ed2b060e9a04ed77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ae308ea89effe95b615ffe9863cba07
SHA1 622113577891bfb822d9c62b09681f0a8a4e8c65
SHA256 071e6525649d312d5bd7586eba5154a5074f6b4f96d13c94dc51f8a318df1d58
SHA512 7681fa483266cc81fa641b7873435e418f9d5c20384f6560a5c6a6a308321c63f686683ea8d34a2218c900e4d0029665558303d0365a63535898831bcda5e511

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da692299265bd8767481672515d16581
SHA1 2b5eaf29ca83b0efef46b7b474ef4d3be4fdd66f
SHA256 40b84d20c1610d94a5401bcf5f0958fcac29668d258452778bca0fbff85f762f
SHA512 a8780654f6c338e73fbd3b41df40fbec283c07852c4007b815d0b1481be47ee21ae23978dc97bb23ca915d590822ea7ae350a8d93219750108698fc11077cde5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 886ac4d095caeee0fce1fc8d872a14c9
SHA1 99545b03dd938496daf3083d0f85b3ad64b40166
SHA256 fd1822dfe898bf84c0364dada0c8ffe18504110d1614ab79769aecaead43b5cc
SHA512 ec50863d5d9738ac3f858833afd8694e156b3ac6a8ccadfebfbbd528a5f3a9824c0b26ec35e680369a97ac57d0179e899a100164b7926d729fc8e51520a87d1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24f362f62a7446ae0da19f4af7eed41a
SHA1 209b1b248fa0845e7baad24c97a457216e394a4f
SHA256 e39047eed2fef9b60c0557d90a773b9735971a9c7173d98f405b0e65e89e3ce6
SHA512 6081c0231516dd7af1a5c360cf0ec69b510f1985a25b15b2ccbd467d9a17c1553a529c09e94da19a820dd1ff23ec136a8a9e47b23fc57a0b767ec80093b7c758

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08447296df8240449b8c8bdd5c51c628
SHA1 38490ed055ba70117a1a71b28e908bb966313566
SHA256 67322f48c629bbf74e3bc6bd896561da595ccda9ed61653373408006e3f40d08
SHA512 57a2ffa2d3d6f6db31e29c5021a39673bcedc00f75977bc74740883b5c2d4d2d2a1f5563e1a6edd9e76a881834cf6ae017f6c976ebbca9ac63d64391aad01e4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d31871d46dcb91820a281455cd96734
SHA1 35b1847a558c780fca5b34321d0d8e983f51ee8e
SHA256 199c0bde88002c72957468e827b94f68ad621d8b07b236fe60f719a1ef215974
SHA512 fad9f50e09dcac8802c967b5960b3a9e04395a3e6db0e9ae476a6317d5e2261a24195b65e6e5bf0b67da968abfe1535292ed25f60eac01c4592c0b735f70c9e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59b2dd1bac39b5890721e01f27379909
SHA1 2b6342e33661a0d8ddc0b53bc5476b018c577827
SHA256 ea627e89e1d1e946258981655a6159c8b0225a571e549d072d94983129fbf0f1
SHA512 0b0dad1aa5b4211468bdb45d78751cbbc66badcea56acbf2c5d3b94918795e773342cceeae1b82204ece577e2da14715a198e04978a08fe75f0324e9ff7c7d96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d5dceebb1d8fbb9bdba0b18408080c0
SHA1 7ee501272784d5b5a0fc21f7181ec245024cc988
SHA256 6cae22f97f07751e07666488dcd2613d0acd54ccd936b0a896c31275cbebd924
SHA512 72e21e224d0d12e16424ded7c767a4917881aaab9fdc1619e7e140374eca30818c0736b0c30487eb5463fc50b14b74ec50af679db56018c311396040fe40eff9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7543f80050e1526185c3d0e130ef80fd
SHA1 8d69570357a0ca3a80c5d4942bf2cce96a2f2383
SHA256 f2fef85462e3097eb6e77a5ec0f45515bfae4ae5ac16ff17db417a9b62343b76
SHA512 6a06467c034defd3ea839dd1ad786545251ec2a05f4d5fc59c61e5034019d309245149f2015ddd26e704f42b3064c341ed9d1c50128d16b15d7ead9d34d39aa8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1f0d78d18017eb65555a3a94c53bd09
SHA1 39c392d6a33c898cb03b6f7bfaaa4398b5f32138
SHA256 e42fd0cce11534a20b0b692bda346c78eedaa6b4b560f13da9edbc71add7c878
SHA512 2ae05c5a58b611cbab23d76d8912102249643e7f19ac78df178bf81127a95e08e7ad0fa3dc26cac9733d92a3041d4ec382eebf7b48691f2732576dae1463db53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef9ee32fec09015edff331470115a500
SHA1 81c9dd81bcc3c3c89dfefa86aca5f4c63217dc35
SHA256 0c7ed322d718f8639c662390e298d80eb25569ce5135cff36ec55fc5dc8c8cb9
SHA512 00d4554353dbfc8264a20cf5a7ac43fe76e58f0392fe9fa75e506e6507ae95b8a567dff0be341cd8ea52a28398533972a9f541fadd4d02fc777a8c0622bffef8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da0b8a8c9dc9b0a207d63a88fe4a457e
SHA1 12132b58db2ea3b0572e6f992516871a7c9c7123
SHA256 30eb2b7ed7a77356a5f794fbbf62952c843aad04f9c5c24941cbd19b9ec24040
SHA512 48e8305fa82ed1a5d5e8c4caba3730df888567f0d724afdfe0dbb27eaf13a029b8182f6e676bfa4599d8a9ce28454bfd334add2e49efce10f747fa975891ecf6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29c1645d3804ec37dca946f02a4950e7
SHA1 1f54a6f3952299f9d4666477a532c8cf4042e0ba
SHA256 f3d887d2e25f54e255f80944f6000c78a9c974a107b6cf8b7a4bdb499f64116e
SHA512 034ba782c78998882b83cb5136043199c7511c28ea5674af89c07da9f187180407f0773526842fac162240c6b7e686666b44f72f1dcd5800082b587b142332f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d85ae57c040c97a71a0499d8e18aa4e3
SHA1 c45d6caf2b1f6a0109a4dc3fc6f24410daac019c
SHA256 5fda36b8673afe040fdbdd2285441c1a8b18d4cdf81776bced0b1b50b2a485f6
SHA512 9c876e198005a527458a62c6834ccce98198ae6e2118652b99732829c529fa7ce2a47809ae5771d0c772ba75db890d013e465828e87243441f587e4a4572f64a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ef5bb76c37a733aab016edaf81d2f83
SHA1 0c58f55f1f5f8a4f1213935cfe0282f5198af142
SHA256 bce3dce745bd807389684e6cf3a9a132e8374b0adb29218e22c6d1023bdef4d7
SHA512 295a7e113649db46cb94929fb4212ec7d526ad5e5e81be01b7890d5ee4d427ee41c15465b304754ea869218e803f4bf4d81278144b5b04e4cfa15e112c93d653

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09849d0b631ffa5a3abdaee88d0df2ce
SHA1 3f8f554cb8b1b887c0477dcf77dba300b0ffcbdc
SHA256 820f276f14860f571fd97d40029a270f5c753b60a8aceae237cab7b435413ac9
SHA512 08195e89a8d8534828f315e93dc144ec468cd3db0a7b93c45b65ffdf2476d5a1007ad2a72d8352eacac69dd84ab94896bce1f7e0f63ceeecd314c2ce58c68201

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f43da35b4cea9164dc1767bc51097886
SHA1 1c0b71ba9fea5313beecad8387abb76df98be2e9
SHA256 31db2fe211241563ee223e4a3ddf9a4de0fcc6be273cd444a432b6b13b31e9be
SHA512 4cbe11c19c0a66fd1448519df8daf2008a614fdf746f4c496f0d03023dfe29342b6e5908bfa0604c3ae438c916a2d8dcd5d64bac23ec04bda1704bee9983c24f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 506214417b54e39d1a520399ec3ad3d0
SHA1 48639572439ade050eed2dc1de62e5dbb16e746b
SHA256 b909f98da95a6ab6cba43b050dd28df41f8ddea73fb363d1b17ca2130eaeb45c
SHA512 42e02d4b852d869146cfe48773a72af7e80827caa5f46f9728a16829d56daffc1f702b5c0b2914a6dd44c1f94694a7a9be404c592826f9bb83385282ffa1d96c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49dce5ea4ef6e7d96f41fe5b18a977f3
SHA1 66138aed53483de645f9565ae97eb2702815499b
SHA256 75b63dee381be97fc9093659e732579e4160c0ee6d3ba664882c16684a43977a
SHA512 acccdb07d9276a06dfbd8f635324817a1926acb93ff9058de035be9738567e4cc2ee57ef51acfa94aa465a8be4e6e600dcadaaeb513c3e10b13c7efa2951ead8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88faa7658fd6a38e7ac64db0939bb1f1
SHA1 675853ffa356c2b7c93ae2f3ffad69297ade6c5a
SHA256 255da427e0de553c69425049fae37216b7962ebb225a1d5b53f642794d17b790
SHA512 d9691c8995e9ffb22c584d0c3c3a779d381b1a41d27b8d1deb35c7f0f98e15d6db858f70f474d03fca1d3da8fde66a8e542a709dca45fbcf95cd82dc049b65fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95944063c3532476c8819e361817d177
SHA1 47e854d8ea7d9b75a8b59b648b3c2ff39112d6c0
SHA256 2ea50369b1ad76ce3dfc7c0e2dbf335d2453fb20d85f20312f332d95667422cb
SHA512 ee09df2b7da4c8813fad673b8c260482bbea05b4ccf5934cc27a389aa6fe4a160c2ff839ebe6a759fa352e09c1bd9985fa748ed3fc3b219ec08884c0e5a2fedb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6efd40cb8e4f46498b9b3529dd17b67
SHA1 faa11f80d8ab43f7fcb8ed1ca08d7302c177aa60
SHA256 959eaff59b77f9218a4dcb7c5c7f9e7c1e5bb8d7196cb9610cce062fd319135c
SHA512 228c99307bd592f169f5fd82675c3a779f6409b7311b1f89fb4afa3594d19bda0821ebaafd1b3d3cca2ce217cf3bc8c4927445bb92d29516db75ddce1987324b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccbf9b5d022511b039e2824aed2d1d32
SHA1 975b79b3eb2635d185b1f2af013fe6bc81f43eb6
SHA256 c7644508635bae3d79e581d5840f457763f668dfed37c82c05aa849adbaad0d0
SHA512 9bd9a185661cfa29b0bd90882fc2ef07a0a9656e186268abd783eed55e33cf568741d865859d5998c04db0d4c086e82fbe9208a669a6ad0790803bc5016a014c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9264a0edc3923bdd65e50b0c9f5fcc98
SHA1 da43b0efb1d3567f5d40d6c4a5e616f9f0726477
SHA256 ac4ac7f69bf0e8be4d2e3632433e0fb958a47fcd8e5702314cbd20b5222c44ef
SHA512 8a6b5e6b5714640afacc32afe55163fc6a0543f05d630aceb17180636df0064255c545e7835f7c3105b125e019f7543bb9433b0916f932be7e5348466b3f02e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0adb58f137c8811858cf54b6304df233
SHA1 54f9ad9275ef4c5ffb13c56b2f3bd9270e937366
SHA256 a341249b3226edddd4237b32b88f96723a10edc848c2dda10e7f2e5f9f425fcc
SHA512 67e811d87e9c858dc64d3b4e14ef208bd6b240192b50e8e048a10645f9835a77d938353a875a59aa79ac8bb228cd85827f294ef7ca5a354d4f4c6b3a64a00ca6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f9be2d3acf01405299efbd44807a41d
SHA1 c3fc19bbf3df1b29303c0eb494a77af8b7b8c253
SHA256 bb3f49a978db6a71daf80754747f7ab2d9d93f9c0f240e2fe7726cdac80acab8
SHA512 81fa02da46e23929aa8cd8c0f8a1d01cc63f3bb287653974aec1bd5c68e6cc61138e603162bb73b82bd797e70ec9a7e7c9273f9ed57e81dee0b663d8565d6ae4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 455c841d782b1c0edff40f0dc9dbc3a4
SHA1 b76a89b8abc1110a29923917b99729760fbdd240
SHA256 2210541a573e988b66cd1efb86a1587ea748e25a25c5a30cd2fcfb17482fefd4
SHA512 47889ba7f28f9ddbcc936dc213822276390787a050fa780707e4c4c762f3ac588a76b9e9d99f29a5883c6225f70f4ccd1709b9e44f3fb69f13b3b3fb8564db57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 055cd6571e8def2cb2ac5efc314c1140
SHA1 145a7a343114e5b6bd3c25a17542c661c350ac6b
SHA256 ab307c7a91474b3cddf4290b32389ef2b737b1d07c55c22a880d0b294d02c2d6
SHA512 ffd68a2c6e486f51953ea550d6ab8090c5b4da31c8ef077c1b92c492d182c9f1c2f8b4fa3e0e1cf529c2f09022df1b5e82934d60d13313f99b91b49d5faad8a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1452738d72ed80f1df4c4522bdf5e068
SHA1 1ee73d94cc79bb6d6c7cd1b3196bfac93f8a70c4
SHA256 976d16784a91220ad0fe68274990b5e93a93b359c4ee0fca7f66eeda03638602
SHA512 012c1dbe1e521c07736778fa0e71e4896f5e67c13c923f352a87db7ee37e4b1542a229a5d447052ee742f0956d21dc1862bf79973a04cd372ecc0aba21de6d3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc9a157121df57d59ad72718552da950
SHA1 67103b72d0580e738dd3f71a40252060d4d70a41
SHA256 eb3099d4bb08d4bc73b92b94b172884b324902f2f14f9c52d382b8c9a8e4ba8e
SHA512 230ae4e91ac1b87b2e6af82bc261952c820949a55fbcbca73581ec27646475c93bd8e83fb8263ea36fc2472d7a80d5f130e2fe4e104aabef9b41cfc43114569f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 afbbd0a88b9b424d4f84282aad2fec11
SHA1 59c8f7296314003f39634df7268964b0f20f21a7
SHA256 66cb6522c018ddf0c65fe7d631d8ca45225f64df8904c38928d96354dd590436
SHA512 7c6815f148c6ee2f82c28c841d7ff355102c23cd0e6cc744adf5afba7da1982653d8ea7b481c6bea88ff1051abaf3dc0712c48196c59ddfd8137c5c133b44e03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c0e45ef3f04cebe5b46358308742ee6
SHA1 cdb72b39086033f89a3d9b177f8c8c32a6f684b3
SHA256 f376bcc5d0dfe29dfcd776111ed9c1cea39a911ff0210d00bc5fe91466d8989c
SHA512 bad4b67b717480b78dac5273a42f740bcc808e4ab681246b5290c51d978fbbe5bf1e3eaca468809234656c2754000cfc38eb4b3869e8dccc26f00e87b293ef07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc9ad7150038d4e3b29dfd5e8a0f05da
SHA1 8473f3f028cbb57542fe42f493df536e706b3aa6
SHA256 faca5e19ee05a205925596bcbd68f730aea1cb9eac7af0307ce3a75b9e913040
SHA512 7cf0bee75d58c6d92bbe40c37ceb3c75a69766994c0c16f92f314a4bcfabbb2c743a53254b9e7f6e4418a856da51fc55be351ea361f564610cdf374486dd3090

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c6bcaf482c3c26cea5718885910f21b
SHA1 b48817d3e4e3ff472c6912175a44d0a648c279ea
SHA256 2856ae3a339577b64bb06334c6f3fe4ed0416a87d34eb2a2bb931f1485c60d1e
SHA512 1f0aadca5cda45bf18688e58acc10df0b23f7ad5f0183f44830f99030d30c52877e68f90bfa22aab632950bb6a2759b73ef69e7eede05676c83b835e45398b8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83974502b6c7a57355b695de3628faed
SHA1 fb5137d88896a18abe5ff95e74cd46b8eb6c84e0
SHA256 7e3673e44b1428b323c13d2145fb62a9daf89f5e3707f8f781d154b180fa2d61
SHA512 1743ecd39bf7d89c90b331448db79844af451137a955e60ea9a4cd615f80a4846bbdb050603fdf21790da4f02a6f852b486247231177dab23566d78e1e421834

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e964bef19ec7dc2049249543bd2477ee
SHA1 c9c071e1a7043c3d906b4dd1e7741467e37fffb7
SHA256 96658f0a3b69d055a85035dc71e7f5603c6bff485b351748548fa8f9364d9622
SHA512 f1a5f3f429b510772233eef81c6e19fc284cbcffaa02a4006590145854a015132b40f7b20864cd402fa1a5b94e4ef9ef91f20b2b1e0da652117a4fa5ca00fb87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f566c341837a3cd5d94d7e3781d09872
SHA1 ee1f0800a0fe742808965dc6e374f3934f196430
SHA256 81a3f56608d67c8645ff0a74404c02961f7b4515418833fa432ae1a486ddb35a
SHA512 9d2bbdecb8be3de43c7596f97740929e740406c64a3dce869ec0a9c8c887e0ad6fc10ca9d59bac1959bed10f68d3429f5d71e7069f995545d76947cdadd1448b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72b907291a6601496d6c35f899f0be00
SHA1 350f9abcd88509c36932d87233e7e800bdb04db4
SHA256 3b07a2d419b9479d77cc999d585f770949157916fddd8d786eb7b0d6a9cf4905
SHA512 a32c36aec133e8b0bf47ea7e67583bd86f5155ee757dad8b0ed6c7954c5ddcd937ecb1b7da3de05967b3dee000d4e6438d3bf4efa243aab8037a22d1ba9d5dd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20506f0deb400636a149bad72891e881
SHA1 ef63568895b2c63e083117e44eb2f8a4fcae7d2e
SHA256 53e0fee98214171a0cdaa2c9294ed73dc9b9360a7bd291ddf644923d9b4b4ba2
SHA512 4f47b7f66b946b1adaecd82385c79cb0fdd057d8b273a807010fa0ca61927edf2d41b053e2596cd19486a859470ac76efe6d8bf2ca4a877331e21af7eb67e3c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da84843114240f534e0a32acb37d217a
SHA1 fc54eb90763b193d2dce9186622536796f4fe9e3
SHA256 4e696a9416e3f104a95d6e25b10babdbd750adc37db431698759762108007c2a
SHA512 20216846c1eec36253fc9946dc94e13eef084346c65fa9d9da4687329b73541485a72d6d497c307e33740031624feae5c58e3fd5ec97ae9f41568bfb4c7c7266

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d778bb106cac940f711bfcf467ec4c5b
SHA1 38e77e2c2b3aaba5ef07b459371cfede28839d62
SHA256 b393eb8bfde2e62bdd43b5b5583832b6b78327cd4148b1991dc2723502c845e2
SHA512 055afc4872a39da0f23ed78fed6e76b0ec14469fcda9711bd0e2d630df6f718c62c10bc57adf8c823db69a39622619e6dc8bd50e4418b9afa6a369981cbfb582

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47001dbfb7643f6e3e48ec90b78af222
SHA1 680d4e49e108ab5e8a34aeee6c04c8a19f8f0619
SHA256 58ff3879cd07b325b17e562da81d3f2f029b331e64c5e78ea87cb7a5a5d240b7
SHA512 dc2ee06017416376b3a1749cad4c559861b5aba0913165925a2353b606d53b2723cc6bcf01b521054dcaca11ec32c1b82edcacf2d16afc8bc93b4cfc4ee18f50

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 02:58

Reported

2024-06-13 03:00

Platform

win10v2004-20240611-en

Max time kernel

129s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a39ac2aa2ecc732b55160d9aeacf49a0_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a39ac2aa2ecc732b55160d9aeacf49a0_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4144,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=3812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4352,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4776,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=5320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5472,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5488,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=5560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5300,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=5972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5500,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=6156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5664,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3680,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=5700 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.videoporno-gratis.net udp
US 8.8.8.8:53 www.videoporno-gratis.net udp
US 13.107.6.158:443 business.bing.com tcp
NL 64.46.118.23:80 www.videoporno-gratis.net tcp
NL 64.46.118.23:80 www.videoporno-gratis.net tcp
NL 64.46.118.23:80 www.videoporno-gratis.net tcp
NL 64.46.118.23:80 www.videoporno-gratis.net tcp
NL 64.46.118.23:80 www.videoporno-gratis.net tcp
NL 64.46.118.23:80 www.videoporno-gratis.net tcp
US 8.8.8.8:53 pixxur.com udp
US 8.8.8.8:53 pixxur.com udp
DE 142.132.202.70:80 pixxur.com tcp
DE 142.132.202.70:80 pixxur.com tcp
GB 216.58.213.14:445 www.google-analytics.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
SE 184.31.15.40:443 bzib.nelreports.net tcp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 pixxur.com udp
US 8.8.8.8:53 pixxur.com udp
DE 142.132.202.70:443 pixxur.com tcp
DE 142.132.202.70:443 pixxur.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 23.118.46.64.in-addr.arpa udp
US 8.8.8.8:53 70.202.132.142.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 40.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 nethcdn.com udp
US 8.8.8.8:53 nethcdn.com udp
US 172.67.193.18:443 nethcdn.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 korfo.org udp
US 8.8.8.8:53 korfo.org udp
DE 142.132.202.70:443 korfo.org tcp
US 8.8.8.8:53 www.hotels.com udp
US 8.8.8.8:53 www.hotels.com udp
BE 23.55.98.239:443 www.hotels.com tcp
US 8.8.8.8:53 telem-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 telem-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
GB 13.87.96.169:443 telem-edge.smartscreen.microsoft.com tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
GB 216.58.213.14:139 www.google-analytics.com tcp
US 8.8.8.8:53 uk.hotels.com udp
US 8.8.8.8:53 uk.hotels.com udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 18.193.67.172.in-addr.arpa udp
US 8.8.8.8:53 239.98.55.23.in-addr.arpa udp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 qltuh.bellatrixmeissa.com udp
US 8.8.8.8:53 qltuh.bellatrixmeissa.com udp
US 172.67.218.75:443 qltuh.bellatrixmeissa.com udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 75.218.67.172.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
DE 142.132.202.70:80 korfo.org tcp
DE 142.132.202.70:80 korfo.org tcp
DE 142.132.202.70:80 korfo.org tcp
US 8.8.8.8:53 widgets.hubtraffic.com udp
US 8.8.8.8:53 widgets.hubtraffic.com udp
US 8.8.8.8:53 cdn.popcash.net udp
US 8.8.8.8:53 cdn.popcash.net udp
US 8.8.8.8:53 syndication.exoclick.com udp
US 8.8.8.8:53 syndication.exoclick.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
GB 64.210.156.16:80 widgets.hubtraffic.com tcp
NL 95.211.229.245:80 syndication.exoclick.com tcp
GB 143.244.38.136:80 cdn.popcash.net tcp
DE 142.132.202.70:443 korfo.org tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
DE 142.132.202.70:443 korfo.org tcp
DE 142.132.202.70:443 korfo.org tcp
US 8.8.8.8:53 widgets.hubtraffic.com udp
US 8.8.8.8:53 widgets.hubtraffic.com udp
GB 64.210.156.19:443 widgets.hubtraffic.com tcp
US 8.8.8.8:53 syndication.exoclick.com udp
US 8.8.8.8:53 syndication.exoclick.com udp
US 8.8.8.8:53 syndication.exoclick.com udp
US 8.8.8.8:53 dcba.popcash.net udp
US 8.8.8.8:53 dcba.popcash.net udp
NL 95.211.229.247:80 syndication.exoclick.com tcp
NL 95.211.229.247:80 syndication.exoclick.com tcp
US 35.172.44.169:443 dcba.popcash.net tcp
US 8.8.8.8:53 s3t3d2y8.afcdn.net udp
US 8.8.8.8:53 s3t3d2y8.afcdn.net udp
GB 195.181.164.14:80 s3t3d2y8.afcdn.net tcp
US 8.8.8.8:53 16.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 245.229.211.95.in-addr.arpa udp
US 8.8.8.8:53 19.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 247.229.211.95.in-addr.arpa udp
US 8.8.8.8:53 169.44.172.35.in-addr.arpa udp
US 8.8.8.8:53 14.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 www.videoporno-gratis.net udp
US 8.8.8.8:53 www.videoporno-gratis.net udp
NL 64.46.118.23:443 www.videoporno-gratis.net tcp
NL 23.62.61.194:443 www.bing.com udp
NL 64.46.118.23:80 www.videoporno-gratis.net tcp
NL 64.46.118.23:443 www.videoporno-gratis.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A