Malware Analysis Report

2025-04-14 03:07

Sample ID 240613-e6a9nsxgrp
Target a3d434bf741248a7bbf25a9ee0003823_JaffaCakes118
SHA256 b87b734f2f683977f793eab8db35d761ee09338c56c09be54f33cb243daaef0d
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

b87b734f2f683977f793eab8db35d761ee09338c56c09be54f33cb243daaef0d

Threat Level: No (potentially) malicious behavior was detected

The file a3d434bf741248a7bbf25a9ee0003823_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 04:32

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 04:32

Reported

2024-06-13 04:35

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

124s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3d434bf741248a7bbf25a9ee0003823_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2900 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 4516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2900 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3d434bf741248a7bbf25a9ee0003823_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcca3d46f8,0x7ffcca3d4708,0x7ffcca3d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 geo.query.yahoo.com udp
US 8.8.8.8:53 csc.beap.bc.yahoo.com udp
US 8.8.8.8:53 comet.yahoo.com udp
US 8.8.8.8:53 s.yimg.com udp
US 8.8.8.8:53 consent.cmp.oath.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 geo.yahoo.com udp
US 8.8.8.8:53 s.yimg.com udp
US 8.8.8.8:53 search.yahoo.com udp
US 8.8.8.8:53 shim.btrll.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_2900_DGJLUMFCHNFCNIZH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d4288238ded762ae0011b6f7b4477f26
SHA1 3a1ca57157320b6ebef113de48d4a8eab9ab61c7
SHA256 fc3dd3f6c7608eb281bb7913de4feac5964b837d764120d443e31e1219280212
SHA512 1fa292cf54af43354824105fe26bf1e9b86585f3ec03986f486dadbc505a8fa006b97049da4e61fa9d4fc9a6f7ea03771518a8619837cc636bc57aebfb93ae65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 de56aedaaf406a6cc2a37b5314726eee
SHA1 cea123ea047e73d4c16b1e3b139f50545d69e349
SHA256 38ad733589fd6e5f2aa8f41ffce8b6c71244f878f171c1889f22890786e024b4
SHA512 824923661aff940d8b30f2191672214c31976e425d14195fccd3fa21bb27e3d5b13283f6623172590594610e8d9cc8224fa566b3f446af25e28d41811bf84314

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4296250673e8dd07ee1d051f9464a1c9
SHA1 9c5d9dbf2970c5ce804ddc2d479a7afc991e71f1
SHA256 b6508fb45bd0fe025edf85681ba538dad39787bd8815b2502bf1e2572b8d96ec
SHA512 8933bbc30f8c76de8e27e8699e922719a6eee0428eac359ad68cfd53d4cb3796f6be86b716cbb96bbef0d62a0caecae7cbfd8905552d80ca43ee73e80bac4179

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 04:32

Reported

2024-06-13 04:35

Platform

win7-20240611-en

Max time kernel

120s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3d434bf741248a7bbf25a9ee0003823_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FB936EF1-293D-11EF-9E46-6ACBDECABE1A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0df12d34abdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424415035" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000009851f64f905c1592d8942457fcc6f3baf4834c9aa82cf933c79df5891edce587000000000e8000000002000020000000a84d3186b27664f0602e557ddf320cf3793fef6932d77d1b9be93a1d018c2b432000000034b785221cf1161ae9c2a14124d5e58f83ee1eab097b9295da132740865b04a540000000b9834262c353da3f78eaf3a7cb828c6a8c36ce6d8836ee6d1508b4b978eb1b2ff9ec22cea77b1a73bbfde771a6488f4636aa6b7b435f95c52a7ca7876c3e6ead C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000002c5e0455e9d9d56bdb6d103a48707df7c435698d7769ec5943dbebd9349fd4d3000000000e80000000020000200000003366518c00657a5eabafad1062dfd8f8fdeb13762c2e4ec205dc07fc4944f00890000000118071a8f7bb0c1554c986b40d3331f19e4d2970d2c51fe935399ee69a8816342e1612b0811db3b491ca30a754a3dacd78776e7a2650789b688ae10ae9e48b1a3c38fc57815af3a5ce10fa8b5d842c862a2734f4531c47faa77a9dd4766dafb0649e7ff5445fa4916bc7f79389badd187193e27b943d2106a9c639662bdcac6e1b5c81063193339ad5a8a38c05ba9c6140000000cc36c1f741f31ae63441b30e471d230b523e670ce82937c9f42763d764747ea618272252bfab38743f910dcea5266fcabd90c9a3338c0ddfa342d8e03396cb9e C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3d434bf741248a7bbf25a9ee0003823_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2820 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 consent.cmp.oath.com udp
US 8.8.8.8:53 s.yimg.com udp
US 152.195.53.200:443 consent.cmp.oath.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
US 152.195.53.200:443 consent.cmp.oath.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
US 152.195.53.200:443 consent.cmp.oath.com tcp
US 152.195.53.200:443 consent.cmp.oath.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
US 8.8.8.8:53 mbp.yimg.com udp
GB 87.248.114.11:443 mbp.yimg.com tcp
GB 87.248.114.11:443 mbp.yimg.com tcp
GB 87.248.114.11:443 mbp.yimg.com tcp
GB 87.248.114.11:443 mbp.yimg.com tcp
GB 87.248.114.11:443 mbp.yimg.com tcp
GB 87.248.114.11:443 mbp.yimg.com tcp
GB 87.248.114.11:443 mbp.yimg.com tcp
GB 87.248.114.11:443 mbp.yimg.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Tar65AC.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\Cab65AB.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c9ad03174a3bda7c34a6d63330ab52c
SHA1 09ea47d6ff877403b37ca8246f772a1fe9d05171
SHA256 bdddf50b99e2433147e28055a3d7a712c313316feb41172ce93330351db746ac
SHA512 04085086c5d9a1ca7471022e457191b100084dfc89de88caf0530e612ff4190a74c2b30360399d02d8ce1a3d45a56d59dd6c11733dd3a859518d88200d004e25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ca2cabf2569c840be2dd82b9440225f
SHA1 c448a223c8db6c4f7e0e9949e61c238b97f8c17d
SHA256 15513d7425fd643b01e26a16abeeda44759f3e7783e06cda0c5ce4960c106688
SHA512 234fbff21d6b3aa2a4e7b9b2c9e2955945bf3674cf951dd817935d3d08b0f69ad96a0bc5b24c48a705213b110cbdc803be44b199f09a087eb72f810b96d54639

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0eae056c276e36ed00cb24808ce2e5f0
SHA1 b099dc4ed9bfbcf692d8d4f28aca680c4919a043
SHA256 aea9e221a8b501cc2c8e4c707750ec2c42e267654491781060bd467c838946e2
SHA512 f774d09653d9bf9a7cbf72fa9783fbcbdb482e3c5ec7871cb5f73a83b2614caacad81cc17252be541abbd7a56af8121a3410fb810a47845db7f1ff93d328ae0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 7ac7045fe88b386b1096f31118f3b70e
SHA1 0f71f5438006c22a9f9d05b2db17b80ef78c7550
SHA256 490b8cf2e936ef6bd123535984fa2562862049aeefa9549b05df3e961190d7ba
SHA512 e632960934dccb877eb3594188070ee35df64b13351cce1df2e09e1e2f4cf2d83ee3d7fe89e6ec297ae5b993f291f824d199b77b73bfd459b9fd4d0d783ee956

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 bcd41c432e68379ebc095ab038bbe4ef
SHA1 55d7225d7acbd5367e34e4bd7c927089d3154489
SHA256 31701d674d5bd540b10ad5a7fb0a25d328c20cfff300528c37c1afaa9b525bfe
SHA512 85c93b56f76aa09d9af81433f852ed37e4396ec7402f436b58cc256a6ecd02294360d177767efe569ad95e6ad3f06738baa9e29da31343d6e7ce6d9e5c828165

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6363aaf9f59c9adea571382e8549b80
SHA1 e3679801914a8ca6ca0056df191f7e0e6a97ac7d
SHA256 5fe8d85590d9bbf2798b27eda44689ab56e2e3987a971696ceed0eb612d26a5e
SHA512 1739fda7b996213223f85f0984e256fa7105f9df2b0a76077c97aafa981abaf01ec59fe1d2fa1b72af9e3dbf97a14ee9dc2df24e015aa90a744bc606fc05c182

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7599ce96eb812e88a653174407c9caa1
SHA1 bbc3427efef56e21292cd2bbd7cb44906530d757
SHA256 8ef2eef3cd13f6cffa0c7b899d7a727bab4b6c2818b07e13edb8527b1c28a978
SHA512 39c3895fce9fdcef5a68e906953ac6673d4ab6c290b3fda09c8539eed8f7aacb0c7cb104a45b3b309d4dbc6ce918dc6b356d309ad51532e8a4abacac830be88c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e0b02d7055b86bff695d3fa30ef9456
SHA1 d0abea5ee1f753bb87b608ca47c95c6efdc0f208
SHA256 ea65e4221c46511868098b8b29bd6fd9d423343627564c3ab204885f865d1783
SHA512 16196d562e9250a992ebfe96f4a011c1b88b864470611ffb347b98179ad323ccce06c6be406d6eb50fa870a5ba3557bb24170ab0136b9a9987d5df2a3deb5c17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ba26c64507ea1e9ca9e34eec86ab785
SHA1 257b827f17ade58a70e3cadd8baf43f0193fe384
SHA256 013ff2a6b0d8e64877ed13a9e0d1f0dd458306b6d8c2445e25a0a3b5d0eadbe7
SHA512 c5f35c253c0434789ee4d54a07f1e63232eb2ddd8303a57f5fb6b4d5415bff95acc0e9fcb0ebe203e966cb066cbfa4f18a6638f783596b26ef1f728cfd7eba6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66761136c91c1ce4de328b2a0906b92f
SHA1 4be23d74c31b36a713ca1dde3d1da6f4e8e2e847
SHA256 2f35a2a5c46bf0abe2d0a97cdbfdcb0302125c08130ec9fb1d478c28cdf6fcb9
SHA512 7f24941740f5ddf15147c8e8bea1ab811e5197a18fb48505bc536f1ad07c551ff8958f4d03fb23847a65c26a34a7d830023ef050f71fc5aefd34bdf23706b3ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 508d15db168ce8deae5cad588f513155
SHA1 0674ab7cfbc52518be67781e456519b7a4f36269
SHA256 d1b407b696b504d0cc80a9c64c9a893ab2f7540759e9c095e4226a407381b1f0
SHA512 b6be20fd4be39c33237f4d1b3598e6bd71c962f821ffc52ee7b6220b0a16d8c5274e44e5d989a755c5a602cf6cbb4232c56e675327f88d5688517ce585c06332

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac276361d3fde15a6e9c7418591f6755
SHA1 bb5815c92580187dad3e6cf05c015fadd7123ad1
SHA256 f12736b0d2c96b71d7ce96adef802c92692baa9fb296ce960a8c10784959f3dd
SHA512 3374d6d56205a931f0311fef5e412531c8bd808d32909a2832a58611cbd03229a73c16ea22c1f6d07cfb953c478c60b15e87c290758df5f2806c84430ad2294b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ca40789ae18a168b87d9235f0276039
SHA1 b3875eaa6d88670c862cd99aa8d627dbfb84312a
SHA256 7e93bd10af656b4286a0b3f561b10263721a89ab6bfc7f2e2e3ed90207115d83
SHA512 18529a297765050a3d3172b5d8042c4914ec607874aeb3d0fe53556d15f879904d8c71639e41e87d400cf17acd329ac7d7ade37b415b2d7820ce9f45eeb7efae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 685f43a0a64fd3960da2ebb31b25c1df
SHA1 9486876cf0713f9f0761e713cd695b47fe884ea3
SHA256 8e63afee89cd907d751dc46345fd978dcb2aa0a93d9db3679114a490fa095676
SHA512 5ca1598a90be8cfbaf7efad391cdee92256cf19fd7b3d8246e856a2f7078c0dc44cce527fcab28584474f63bf8dc04ca9b7aa495bc3251ba2b8148fcce599b3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c95695bc8b1432c75a92a6a74000838
SHA1 0fdbeb4db961e2d6a4ef92708fad07eb4a794840
SHA256 e640205249d289430377c872177d8a0e1424b82d3850d5690f5060001d68401b
SHA512 dfb48cb38e7e9d832b3b46cde0b99f51c5b23ce5d7fa483a051ea50f13693ccd391c4b3d57619d10985509f65ef635428723cf01f6f2c78bfc018918bfe97d53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b9fa361e575f298d80648ab5f4f523f
SHA1 8db57c6f197b0cdc815cbd534e519d34dc6c9d52
SHA256 03e052fa99afe5e0f3d710ebc7de358430cd96c1b9eb49b038bc6ea751e31727
SHA512 69fb221332b37ed7ba9a1c16d3648f1d4ab4ec173dfd32aa2266ed50a0efc66b163aba35efb2a185644743348958392a90562be01898def89bf8eaa769e33169

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f895b2bd0a4d4bb78bcc0124602e6f1
SHA1 d93f34d19227f2d4b6617f68d0e0efabc895e23c
SHA256 be1f13323e3220fdfac1af1c5dac67a9975dd290fc1e69d2d4a1796f9c488c52
SHA512 b588c419c3e3761d51cb2ade488d4f792942da6d98bbfec71c94a350f88a78f25ea3148b2726143ce9d10d2ffd1635fc20ed2c5bcbfc14400bb38e66019bc66e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7537993269798b20905b5e2c3fbea856
SHA1 1adbce479d2c2f0a43d3b527a02c92fb11e22359
SHA256 92e35f4f31012eaaea454f9b779e22334e71a0f5ff8bb1a9ef099d11cccee72b
SHA512 a00496303f515d5f9bcbe585cb0023449e70b2859590eb7cc746ca1589ea3fc3315db9a17ef899bb8195f82132911e1808943d860478d90ee67d148e3ff0f875

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ac155d4e439325d4306695bdbe11c35
SHA1 cb9faaac8b74fe984f1dff15596ce42dedd691e5
SHA256 fc8d5767f77d9ca181935e92f880fb95e7d034d355e3aa9573b1171b083ba752
SHA512 1c15ba42a2a81067e501bd45a29452300ebeefc321b4a9087eafaee563c7c4af266267f5d42f8d2b8ad4547888ab016f04d49689ce2c438f41fb8e601e094376

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ffd12b2b842ebfc8e866a7912eea541
SHA1 a72e99a5b11d1538a6d4fb438743cd27414e3871
SHA256 4a0a62846bb28d972b9508a100a1098881e763dea3218250cc9d21a722486636
SHA512 283959906ec28060525fa9e4081eea5a843273ae110747af2f58eed358c1edde311fd3a8a5f24fb58a52cb9a608867c6f3895c1ffba2761266c30b2b8bef67f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e94e237b7bc7f0b7212a21c8c3a89f7
SHA1 3eefc8ec4ba2d9e42b1787bd4440cec4b92843c2
SHA256 fcc97bd3b8e8729677925b17c1961eb5aaf70e2b8afde81e072415f640f2312f
SHA512 f9edb1a9307f63ebc1e6e7fa291b612ffbe3d6605674f3307bfa411d3149b98c396490862f8539527d9b923a6dfdcc646f6cc174c45d90b782656f4b4b3c660c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64e2f1fabc0a4f20fd61bebf0498a899
SHA1 97340c77efd8867625007c3e8a6b50d03a693924
SHA256 180c72caa2bc6f2f31901ef9d265d6d9ebc6d08a651c7242d5f2ffa40d88c5b3
SHA512 44b3bf046332ac91421ba33d48074c2a991fedf9fe37d1216d2c4e531de9dcf77d7933703c652852c23e5682da7631de728c32eca1d1bd651ebbd62b3cf0706f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5925febbefc971f198325e16c342ccdb
SHA1 d6d005de1e2a84080004fcb32e40e56857a737af
SHA256 08638424f30031e2587cf558bc34146bd1dc5548bfc55f71ab2417d0d30b4db0
SHA512 9daec1f24fd5ba3641170e591644659da9283f8a6ec673a1898d8ae25bc2573047eb430c7b675068f481837525fd70b175aa8ada2a3df448946ba8760c2d7993

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bb5a32ce4ac6fecafc474db34102253
SHA1 55df1003c12e26c0faf715f7ae264b3d399ab2ec
SHA256 18e2a1b21e2fb8a8b494ea8472274a6b810b58c469c409d8885d142ab3eaf032
SHA512 143eee9a2fd8e895b344e7af917a2189eb2afd33be3efd471021199528ef2b11997c04757aa194c8e9fbbeaddce9d98d5ab49259f7977e85ef88808509fa974b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3aa9315c6b5af8d8c516c5cd76ad382a
SHA1 0b147bc51c8a3deb14e89d87903c14ee197db5a0
SHA256 eab854ec62b0244f9e57e30e463d232aba8097bd3c036288b9aa202d1db22efc
SHA512 d6d5a6d6f72ea712fc669f524e294d8605f3d3b2c02c00aed515768328398f12189c6106ddb02e92f4ab0f28f833ebe3fcd5ae1b354d7d29c1579addda91be14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65f847a079bb7963230516324745c7ca
SHA1 31eb4027892ef095746908dc383f57813ad320fa
SHA256 a3ef48ec76ab9c0b17da0326624fdc979e9b19c241f113cd7dbdc1682e1f7ff4
SHA512 56a34084a5277f8a27c87c48c552540e18895f08091870c254667c77c2c62565493e92d005313569fdbd06d8a7932f49dc8590edc888e59a176f74ef7bdbb98b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec271b2d32b82e10fae36619c06ed1a4
SHA1 1a4dbe8e9ee78173d21c1e2a1f1356be2b8e49b2
SHA256 66858906eaee9a0caef93da333242197bb09a53ffc3858f22238cf63300a2a1f
SHA512 35f07390a7af8371353c508847fd19c2c308b8755fe3096cbcccf051b83f022b6291071d1333fa56a4f2bc76774da9c0ebdeafd87a10d100878a7d7ee71560e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a1aef5902c38a36d0cd200f07fa654c
SHA1 ec9a12838895ba0b78683f0d7f2d29f662c497dc
SHA256 89ac32e2284d382153ec41c0707a6cc966da23955b6067d548f107817c786d10
SHA512 4349b99e133b821fe69bcce321250526aa747a8bb26197d35ec206bfd317d3071e98ee884b87b1fd846fb6096cfb095caa7c49b2d8475ea36386e17b5b0ba710

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ade0044c8fe05934b6006a020a14964
SHA1 ca99c3ef69b42c5c4851d7c3b2283efb3c5f704b
SHA256 ed18d32e6b9a9958f2947a4a9344051e7ba3b79a97683b229ad37521139d4640
SHA512 d761e9edf394f3ab05feb5f1f8257908e94309a380cb65833962881ac46928560af6653a7a10c56a4c7ca32ab61cfe3f9f6cff862b6e870a38569a68907f23e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2467a1576bdd8af34a16c198564a10ad
SHA1 a375bae5b5d07f5d51d75a8771c8059cb6c84c60
SHA256 a5c103d604b39e1bf6d260c3e1fb72c230078dc3d02fc147681123c3deae9c6c
SHA512 f71ee65f3f41fa23d621dd02d27e4117f9a09fa71cba369040cc74bcf5a7c0d7899c269375558729501d38b81b9c8db31dcbfe7251f9d10282ab094034a7089f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e768f0b36c3f82373b4c4c0ee89a372a
SHA1 89a42cdabb267a4e90dd9c2934d091e9dbea67ff
SHA256 4ed8dd1e4595847f4649e1817be2d2b7855b92258b9853624c24bc604ac6d1f4
SHA512 0aa88e40ee4901dad9a90a4b9c09d6548d3439ef6bf2357791fb7e6c8bf5d91ba0adcc9d732247bee1c05fa91bef22dcbff9442f52c0e9eb6fed057188f58cd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7c5cf6f10fe36779cdc43aa93cf96d8
SHA1 ffa9ed413ee66b05304372811501642c075af811
SHA256 fca605b5c98d44748fe242d85bd42accf82d9b54003289944b7aec62532a8399
SHA512 e6841b73b539bbfaeed8c29e48e6fc99af92b535ea366b97f6e18a1b47a939e92289344a5c8f740cb9004d5cd3d199d7b9636fe00f2e2fd23712d7a11a3b5c42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3179be76cdb5eea0f17a91554193a3a
SHA1 f2f80a684241da9087e54e2dbadfc3c8f35639fe
SHA256 8abd0ada64846ab9dd2d7058f275fe9c0bd55810cd703b270fe79c33c302cb99
SHA512 c0ae089faf6fb46fcabc454db6b1a1f7fa1736f6bc1f935bbc933173119cc80c341e94e9c59a2cf0c59f998e64fdb68632b690a9740dcf6e254609f95ed65134

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88bbe198eb1cb4fbaa322301c9404ef7
SHA1 bcf13a1ca2f717b73788c996096e7fa4902e5e51
SHA256 4e546e7f91acf661c9c314d76047d7102c84f79b89f61a2eeecb3ce930912861
SHA512 10fa9fddad1fed27bf385b9da552c00b16a09fc5be6e39559b802ae6280f5827c1c4177e97b917879eec290c15b28245692bb821f7c515c10027db0607ce762c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6eaf8836128df8442acb6ccedbed428
SHA1 eb91d332a51ae7291907e336a8252887ccf8b4e5
SHA256 a2ef0d7f6380875a9f9d6d5c8c2cff716c1360be5aafc6bcf030b6fc59cfa4c2
SHA512 39bf4362724a835ad8b97503c4f16bb4fdc08eb11d99e6b4527dad3a93e04748756d3c6aeb02c05bef346f6f3a57580ae9e462e3e8d535f24e424208b1edc593

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25da6d634791b28a337464fd86765bc7
SHA1 015f5214b357a3fba3bdd47d395000a7cba2dbb1
SHA256 7b5b13d182970ece02dbd7fcb1bacaee4aed76523d84f4aebb63e1266ee118fc
SHA512 557adb0a0ed6ffcaa070fea55e5c1745d8eb54ac3e6ed8ca53e538dec194428128c463bfe68d90333e4635b3b8ef46ea42bc7e15371b8a65bdf2ad95410423a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 556cf0141a103783e9999ad53a12c918
SHA1 ceea30201cf477d2f913f8b03baadad115b499ec
SHA256 8d016d3ca734f33ac892c8fb229ab9868b6b48c9112e91f1d696a36456c001e7
SHA512 b252e4487c609fa71958df1e38d515c1b64f30277655606eb02cf9420a9eb7542e03771c69de0f2a55f5cdb632870f23fad4a5f0538bafd6692734d9c2ff1ac2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b8c981a5b311cc60e13b870284ab2f4
SHA1 7a336e8bc5941ffd0af5e20ad4f10e1b78abd922
SHA256 37657c197186409fea9aff480403fd45ee3c6011409f57df96400ced3523578c
SHA512 5ad35f6e7471d11a355fb68403e333fde4f9ec971f917e015aa8d18fb10f2f540003de7a1c1bf9c9135d9265559ada1747f2adc47f3f5b6f86beeb7327032fe6