Malware Analysis Report

2025-01-18 01:26

Sample ID 240613-kfyvya1drh
Target a4a669cc792812db01e39a77f6f356bb_JaffaCakes118
SHA256 b3f098854adf6cb4380baca486c6226d192c62f36d3fed84fb97806817e3f78c
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

b3f098854adf6cb4380baca486c6226d192c62f36d3fed84fb97806817e3f78c

Threat Level: No (potentially) malicious behavior was detected

The file a4a669cc792812db01e39a77f6f356bb_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:33

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:33

Reported

2024-06-13 08:35

Platform

win10v2004-20240611-en

Max time kernel

145s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a669cc792812db01e39a77f6f356bb_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2032 wrote to memory of 3884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 3884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a669cc792812db01e39a77f6f356bb_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9acdc46f8,0x7ff9acdc4708,0x7ff9acdc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1940 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 riovistamedia.org udp
US 76.223.105.230:80 riovistamedia.org tcp
US 76.223.105.230:80 riovistamedia.org tcp
US 76.223.105.230:80 riovistamedia.org tcp
US 76.223.105.230:80 riovistamedia.org tcp
US 76.223.105.230:80 riovistamedia.org tcp
US 76.223.105.230:80 riovistamedia.org tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 230.105.223.76.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 172.217.16.238:443 apis.google.com tcp
PL 93.184.220.66:80 platform.twitter.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 172.217.16.238:443 apis.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 66.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.136:443 syndication.twitter.com tcp
US 8.8.8.8:53 twitter.com udp
US 131.253.33.237:443 g.bing.com tcp
NL 23.62.61.160:443 www.bing.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 136.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 237.33.253.131.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 160.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 225.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b704c9ca0493bd4548ac9c69dc4a4f27
SHA1 a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA256 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA512 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

\??\pipe\LOCAL\crashpad_2032_QLQTJFBHUZFIRFNI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 477462b6ad8eaaf8d38f5e3a4daf17b0
SHA1 86174e670c44767c08a39cc2a53c09c318326201
SHA256 e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512 a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6f84c2c501574745a3a834ad47fe1004
SHA1 ea2a442fdab6c636d9edbb23fe72f156188c9fe1
SHA256 17731e58103760fc594ca65d2cd0cf93a944e003e73e1fa7739be2fa82d15333
SHA512 f6cc85f134235f834057b46ab03e7d48c24b0c5a910dac06cb417617d38ad830a5fd36929ffd06e1f8d520214a8f8eed631aeb8c69f91b879d49c70efc52b7be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 21a8e2dfeaa61514c4b423fa2d7f098e
SHA1 ece0ef76bcbe900240d04ca8e9b83e5bbb79a0c7
SHA256 71dae6298f3a4a0a72da9293c5c5694add13ffb99c858024a60227d84449795a
SHA512 3670fac953907a3d138b9c17cfb1bde014233afb6970b972bbf195e64e19fcb7d8d6ce29b03d50032c7921674791a46af4edd2d881726cb88816387b39bf7557

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1a4983d1fa24f65b8fe55c6ec2c72120
SHA1 21a56d94df4695d1475f568b012a66adc6c9dd4c
SHA256 36b811daa51bd2b6e609b7a2cf08e31acb7503d2be752ebde4322ebd207532ba
SHA512 db3992d2c88a9aa7e896cb2bbe26d3b0418add9ad0dad3f48de3e29bb9053cc6067da888cf7521543243bbd4c0400c939e26fdb8bceac94f59bff83d886c6cb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 81f9d4ec475481f867c2a33f2bdbe788
SHA1 ffe56acb06c7127c4d484de7b25e3b7c5d5cb8a9
SHA256 d55f56bc11badf63cf14bb02c30919d4dabde5f8ede313e71e15811edf7b46f1
SHA512 e1a491e8e5a7c326d49d4b9697f3078f5146bf1ee0a43b6f5474667244864de835d4f70fc22ac1e5476ffd756b970a222cadd080b3f21967b2189a5fbfaccc8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 e1c71f7c04be834f5587230db2ad24b3
SHA1 f3bab9cb99d9f343bf7ed3981aaa7450515d2424
SHA256 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899
SHA512 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d44efb0766a3e0c3600c6b327da74b71
SHA1 0a0bf05a6aed68bbf34be953251f12c67fe695ef
SHA256 5ccb1b4ee2da89a4b08f2c58ae24c6bc8abf527e33b9984b9e92d4896fffa7f1
SHA512 ed8afbaab0ee913b934782b0d9d036773b89d9f29df806d17195ad4bd2747b118184e1030be664c730f54749fbd5d27d888fe9ff8c03cae8d5b7b0874b84238c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5a4a41cdf53ea267198400f958f60f14
SHA1 ec87a9b52c44fa489a30f46be892a65e5c2518ba
SHA256 624b8d5fc1d2e2fa4f3cea489e0555dd2735946baaf6d0fe363c0f66cd9140cc
SHA512 e2993b67ed68cd0eadb5d9f8cfc4fcb20f1cfaaec4e30eaa5f3068f3bd061d0fb76cdf019d4708174a5b6057dd5cb2a67e56fb01e72bd12f24cdbdda7f5926ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e61095f12005ddb8cc3fa4c847040b3b
SHA1 6dcd0d69ee9711e389de3dedaf0cfdf17a4ade69
SHA256 0f5fefe250168be5d73830f44cd2e4717912a43d483b6a25a76c8b609e61c153
SHA512 fa51e6091d99dc920e2080677e0004f6c8fda433bb086dfc81da13e1ae4059348c6afb8b37a65ef63ec83704c7c9a8f1a65ee6c0aad623501693cc5ce376e343

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:33

Reported

2024-06-13 08:35

Platform

win7-20240611-en

Max time kernel

126s

Max time network

134s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4a669cc792812db01e39a77f6f356bb_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424429469" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9637EC31-295F-11EF-A243-C63262D56B5F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000cc786c2b1925993caff6ec97d373479bf8a308abbb709261be3fafc8a2bdf3b1000000000e8000000002000020000000ac33928314e8b89b2b3e72bcc5448f0398878d7825ad91d6071fe70b6dc19f8f900000005fa122b7beb6831b5e1ec4bf0a249312ef76b00e6cd1d9e99c436e8345e1b42ff6d335016726d0fa9d89f21b7e921cf145aa6ba31a1c3b5956c98ccdfd643cf8812ccf5d470bf499b42559ce866f30ee5c8c1d42807b83a88d043c8b7c34bea11156139154d16e77e06f2f774eec81b03e970575cb9961301884a0e08293713b59c1ade6848f05342a3e4dd3d0c4f180400000007d01438c3bf897b071b83a77fb2588c552e3175ab5ee9be1ef7562fe9695471940b5dd2cf09612a2539801ea2adefde92222b1e4f76ca71b1e68398e132b1e3f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90a5f26c6cbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000020a49fb3010d8662b8191b3742e5f065957c8bb67b006d14bbbbb0a9dd9739e7000000000e8000000002000020000000ce9b1c251e890b119294d2a6dfdde5a9b873fc210f2883d58f9deab5ab54ab69200000000b094fbf5cc7403badacc65a65db99298e1f88dbbcf9e06f10f9793aaefedc43400000000f00e348481a2b9d14002fb7151cc23bd8ef6773476f394ef0be1e3eebf058fd0da10212d083c0e5ef94ffaad3f4deadee221e69a1c4a9a25979a5b3fa24584f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4a669cc792812db01e39a77f6f356bb_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 riovistamedia.org udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 apis.google.com udp
US 76.223.105.230:80 riovistamedia.org tcp
PL 93.184.220.66:80 platform.twitter.com tcp
PL 93.184.220.66:80 platform.twitter.com tcp
US 76.223.105.230:80 riovistamedia.org tcp
US 76.223.105.230:80 riovistamedia.org tcp
US 76.223.105.230:80 riovistamedia.org tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 76.223.105.230:80 riovistamedia.org tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 76.223.105.230:80 riovistamedia.org tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:80 riovistamedia.org tcp
US 76.223.105.230:80 riovistamedia.org tcp
US 76.223.105.230:80 riovistamedia.org tcp
US 76.223.105.230:80 riovistamedia.org tcp
US 76.223.105.230:80 riovistamedia.org tcp
US 76.223.105.230:80 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 8.8.8.8:53 www.facebook.com udp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
US 76.223.105.230:80 riovistamedia.org tcp
US 76.223.105.230:80 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:80 riovistamedia.org tcp
US 76.223.105.230:80 riovistamedia.org tcp
US 76.223.105.230:80 riovistamedia.org tcp
US 76.223.105.230:80 riovistamedia.org tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
GB 142.250.200.14:443 apis.google.com tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 8.8.8.8:53 developers.google.com udp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 76.223.105.230:443 riovistamedia.org tcp
GB 216.58.201.110:443 developers.google.com tcp
US 76.223.105.230:443 riovistamedia.org tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 216.58.201.110:443 developers.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\print[1].css

MD5 fda44910deb1a460be4ac5d56d61d837
SHA1 f6d0c643351580307b2eaa6a7560e76965496bc7
SHA256 933b971c6388d594a23fa1559825db5bec8ade2db1240aa8fc9d0c684949e8c9
SHA512 57dda9aa7c29f960cd7948a4e4567844d3289fa729e9e388e7f4edcbdf16bf6a94536598b4f9ff8942849f1f96bd3c00bc24a75e748a36fbf2a145f63bf904c1

C:\Users\Admin\AppData\Local\Temp\Cab60C8.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar6167.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\cb=gapi[1].js

MD5 0fe383a7ddb9bbaefc3105b3297f5583
SHA1 f80c9d789f251909c7560bd91a9e1b9a10c26362
SHA256 d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683
SHA512 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3fbf1a40f65dc478396f525107d0addf
SHA1 65c013a4d006aa69407ccafea38731cc0b626266
SHA256 caae2d7c5ceb1b75826a74de47606dbfd4ba9b35ca9d4a0e57f362519793aaf7
SHA512 016fc021cf6530114e8489041e132ac0c12faec964285195ff9e9a3ccb7f031661639b0ef4a53be3b8311899400912589986b30af8d13fbd8a53b3463f9f9fbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9705b9ce129ff8fd6462e08c1a61b992
SHA1 35cedad67d969d488a2587bbaf90470c968cd471
SHA256 46490328f8de1bf12bd5c670e94c033e7877a625df4c5c003d87b71e07e5da80
SHA512 dc4a075de0088013a710f2240eeefa1a19f2ce6192a418e11f1b9fbfe298de68140f115ea300af31da3245a09f8f95ef394d933cdefdcb01630156fde86923e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 724c651d39d44659dd96f93c851b0d46
SHA1 867063d9944e323e60aa7f3eb9f7e00f912467e4
SHA256 410d5f06a842b7efa8234b68fa8fe468a13955047654250e3ceb9d71033f0785
SHA512 c258613838e61b55930deec296e89efcb3f02f20061ec31ed09e8b754e92e84dbe00bcdb43124b129d7da830b079cdb2bf6c02d1cd14d02f15f23e5fcc4be21a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7089157770d57351d1bfec65f3088732
SHA1 2819f0d1b0721972e781c462bcdfdcf1aa269110
SHA256 3727166a012240bb6c304b948122a6dd7a2275ca71608c8e80bc9ef13628541b
SHA512 1a91ec7139ca877f9f6b99f6add763c7311655f96e61780741f7a47916e4216a222388dfa290d4c41ee50bf022fc180218e980206a6ca7b1398cf4a71710044f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97890484e9fdd9e6d8b98659e73bc0d7
SHA1 2ca05cf9bd80e78ed1951979561a9b492554a7a9
SHA256 d43a73f66f5d2b537ac3a07d8c20faf97bca629f33f76bcb7f399a6b15dc8419
SHA512 646345af039b875cb69192ab24b7d8c8a543ffa3678d811e6f368fa667beef536eec12e05f2fcf85298591d8d7c0dd83b9ad4b18805f1dba5df267f8bdcd77a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed8f59fb1beea2905bf69e21d241da77
SHA1 d27c343b995e9daccee76f2d63ab54147ac8ff7b
SHA256 e88704778b60f82700497c7e106df635de343f93e61ac3527e4b41f4be59b197
SHA512 1a2141781fb0861271595e6c6a8c26862b57d2ea00e91008b63e5a845cea2aa5ff67320aeea439a3c923ef50d4cdf9f45dfff99313b4216fa5e965ccdfd77b70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83e5748daed97fe1d9ab5fef3a65203c
SHA1 ba4f7d4c92bddf079cedefba51d9e2b4dff3cb30
SHA256 94d0a3885e3a9a55a8ea9fea8d62f6a02ec5fe5723c3c3b058a4326cb5ac931a
SHA512 123084a5f4dbdb718185321178d2f7496fc733cfc7ccb9a04b9016c7f6cd43d4820a535e96f2e481a782ecd7d2c2946c4ca78bddedceb0d5879e4245c18c6df4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f64349d164406b6b99f6d635751d11e5
SHA1 9deadef1f663847ee3ec1dc39bbaeea750318b73
SHA256 2bd560cc9789633c19b31f0a08c7c4bc0c144c545c76f2f8fc08b78cab553699
SHA512 f3403b70a26f11bd4981ecb9f053f6336ed4166cb8f4c4890f4d929a8204de33ae184581e19db9f909089a470bfdf8090b1584f28649bf79d7fe834a1fe70e99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43f718da402d556570db70dd03b56d53
SHA1 eaf9ed2920095c6e172e6dd87f105fa5ef96c9c4
SHA256 a6982b9a1a2b7300c6dbf98a3b99d56b16467dd968e60504e0373e8379e41bd3
SHA512 8b4660fde7576c1950251a6f70fb2b8b0f26ec138280263afad071b0d6761d8c874e97a81c99ea0b5eeaaf0dce6f55a01b8afdad6b15c96bb1cf7698786f4e3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2805b48dff6054cea0aa0021ccff4e80
SHA1 e80140433ffdf1f34d3b8584ab20a0e4318ddba4
SHA256 1f3e9c23bb770856755edabac7dfd708630f75731539803616c7ba1d24462768
SHA512 1564ba3296787f7b23d368d057a5ef2c5b2db11244736d3c7b5daa9d49c267eeffbb8c4a93877d46c2076194360531247d8e69ecaae63045e09e608edf269a46

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\rpc_shindig_random[1].js

MD5 6a90a8e611705b6e5953757cc549ce8c
SHA1 3e7416db7afe4cfdf3980daba308df560b4bede6
SHA256 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679
SHA512 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a4fcf76e3009b99ad0afc6e604be241
SHA1 9ef851618860ad9fccae9e521c8dc95fea1496a3
SHA256 1e3e16bb1cea3bfef0020df14ed666ab600829651fadcb755f8f9ba2938e4983
SHA512 b6de95ef0ff4a20fc4a07f1626cb2c932d2605287b9711e172752a86e6e3082c5a611f4303dac5f0dcdba5c552b9ba38eaa7d05143a1f796512510bd5c0ec49c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5bef75ea22f9aa02d1d0875319e6787
SHA1 cc4c37e9c47c703997fb5b794a057e990ca942ae
SHA256 e2413c3fbc1ea2bdce8f307b2225c05c811716eb8a7c906aacb520260f8c021d
SHA512 5bba7acd89409def5fdecbe3927516e1bcd743e20a1cf2ca5093d651417a30397cff51883ab242dbcaf0c89b2e92f9b17d1f2c60a22885dcc6665d0e76f57271

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efd01cc38632e8ad4afb3e030bb9471b
SHA1 3782e7d87eba8b7b18b15b57a97fa408a41171c4
SHA256 54ed90af9901728194fd42396afe003789026606f994cc5b8add926641ffcca2
SHA512 878ec50b4a0f70ea0c8229ee625de9ab1160249ee671b92925b7f416db629456334344e4d93a7735cd3d7029593ab70d140d6a464747e57d9eb93e9ff079a8df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d764d64bede3f096ac8c84322c9fda8
SHA1 2b78b91ceac2f81aad389ea84f14d4e7ec3d1a52
SHA256 8109e09b1fe9d4ba8a0894b59ffffb34bd6f4ff6279f44b7f603f0561c53c2b4
SHA512 b1f84416bf816366453e0130785ebe34e36cd689d54c7dce65e53e04fee2f9e6f35ac759ba953ff118895d6a2ce703d3bfc0b15f7d1d91ac803468d732b42345

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f049098d4a6d8051e828b77e5fd4f5e2
SHA1 bf8a06a330c793be27f89340671b71d64e41ea23
SHA256 76a91a4ff8093a40059169f87d7b4a1fad36c12b72280220c4293d41680f4213
SHA512 bf07e1dfabe2aefc2d804421fa7550ca61261398bd68f422e311710d03085c435cc91534f968a91564646c236d594f297528137a238ff1d86edbcde1505678e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a8ddf7db78a9534d10fd9f28cdff181
SHA1 bee94d0356a7a34eca00d6bc10449002a4adfdef
SHA256 27b4143b53254349e0b3d415df45b1776e41e92f174dd1bb15ded7196a507c16
SHA512 6c659b2fdd3e5e576eb6be212f713a9ec06ed4b224fea066c666e6a6f41ad602957be491ddaf659bb46aa124f8663f3a4287e8fed796cca6742a6a7b8eb4ccb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57b940f3487be2234695c68ae6ad6bcd
SHA1 f33f0c7c5ddba53bfbdafacc51553f5d58e12771
SHA256 0ed322a2243efc9a73f1d8d30727313b281aa08eff0af4a4725f474e4d46cd6e
SHA512 b53479dadb273e0f549c2a9b8db63bde1e3897c36489bf7bac0855fa36669d8163aecb891a8102c50de9e33c3707502b1d79d677bba66b29653468e6ea935126

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8060d98d1e0448348d28139ca177c2bb
SHA1 464ec423511908b3648edccf5c212e99ac36454e
SHA256 130f5379734d4886d48067c154baff0e7c771c682eba2aad982fe13c3c27b3d6
SHA512 c8418ad56727ca982c0ce927b8e8667cac2f8ac14bee986e8e629ed98cde9f67c0670a5ed801669c6a94ac34ca8a1d4f8115673af5cc81a54e64bc5f3e45eac5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88f2a5e12da30e621af10920f228ac5d
SHA1 5d101973f64cbda8ce0aeedb9f6e0fa7db223038
SHA256 c51cb71f416689838dafc24a8d35deed364fd8623454ec3585300a28cb20ab47
SHA512 ac1fe5c1f0ea1bae85006f195c57085ee0d50f5da6946caf0631be5d79191785fbfe6bdf54a257115968932f2133bec5541450813a9dba8bc3ab0c4c9e4aca51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d0e37b642681fee6f1b02613caee8e5
SHA1 e48c4332c56985f6e70af346067f084f93e2890c
SHA256 caa5125b00914d2829f503050e51db472fabc21a00fb1079b89303489294d6e1
SHA512 4f373581ddd7b8888e60f31c574c1b858b1e37ec640620ce8497e447978f7f202d8f0e7f12337f92eff2abce24d8aa201b8ce1a74cb7c9eed1ef4a036a6ed9f2