Malware Analysis Report

2025-01-18 01:00

Sample ID 240613-lc29mawgql
Target a4d5a3d97f5fc253d3a386edeadc37d3_JaffaCakes118
SHA256 89e9120b61283f3f843616b2d731231895676278447372e2ce6fa6424bfb6301
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

89e9120b61283f3f843616b2d731231895676278447372e2ce6fa6424bfb6301

Threat Level: No (potentially) malicious behavior was detected

The file a4d5a3d97f5fc253d3a386edeadc37d3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:24

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:24

Reported

2024-06-13 09:26

Platform

win10v2004-20240611-en

Max time kernel

145s

Max time network

137s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d5a3d97f5fc253d3a386edeadc37d3_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2168 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2168 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d5a3d97f5fc253d3a386edeadc37d3_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd08de46f8,0x7ffd08de4708,0x7ffd08de4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 inthelorso.narod.ru udp
US 8.8.8.8:53 clck.yandex.ru udp
US 8.8.8.8:53 info.weather.yandex.net udp
RU 87.250.251.14:80 clck.yandex.ru tcp
RU 193.109.247.229:445 inthelorso.narod.ru tcp
RU 213.180.193.146:80 info.weather.yandex.net tcp
US 8.8.8.8:53 s207.ucoz.net udp
RU 193.109.247.229:80 s207.ucoz.net tcp
US 8.8.8.8:53 22.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 14.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 146.193.180.213.in-addr.arpa udp
US 8.8.8.8:53 inthelorso.narod.ru udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
RU 193.109.247.229:139 inthelorso.narod.ru tcp
US 8.8.8.8:53 229.247.109.193.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 23.62.61.138:443 www.bing.com tcp
US 8.8.8.8:53 138.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 s207.ucoz.net udp
RU 193.109.247.229:445 s207.ucoz.net tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.201.204:445 counter.yadro.ru tcp
RU 88.212.201.198:445 counter.yadro.ru tcp
RU 88.212.202.52:445 counter.yadro.ru tcp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 187.77.117.104.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56067634f68231081c4bd5bdbfcc202f
SHA1 5582776da6ffc75bb0973840fc3d15598bc09eb1
SHA256 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512 c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

\??\pipe\LOCAL\crashpad_2168_MVKOWNJSBZJSYWCF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 81e892ca5c5683efdf9135fe0f2adb15
SHA1 39159b30226d98a465ece1da28dc87088b20ecad
SHA256 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512 c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5e6651e29f4929d5e297ef1fa5d0d15b
SHA1 6b9a4542c841e42e78bc94363fc3a72fa706f85a
SHA256 5299063acecc068e0048a7c6b02b742f169174ca67d80dc3c8887c40f0de21d9
SHA512 3ecffad8d17a41a5d0c340d2508bbe634e126f04f1ed4ef85d12f580b15e934bfbbb3a0d464882984a5679fefb0dc34de42c06456c78d52e4d9e53163285c32c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 97918e5ff443f94499a9674b405c4ce0
SHA1 483026f4af0f4f8d422855b5fef8a35505d035a2
SHA256 0df4d43a7de2a3aaf6fc5e1c9813f86b699492fce04924cca154d70d4d30dff8
SHA512 9d66e9eae85851ce1207b0d689515f8bbad33c82fb440a019b44e56c8f9cb521ecf72906847f8c48a0911539fce3515eebe634726e2d8e7dbc161385fca90e83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ddccbf54ff340f8a9fc2097109d835d3
SHA1 8a5f8f6bf8acc29c094f2468a8c736b0f7549691
SHA256 79f0ee6172729048551a2c6f4676eae3a6750edb17902930e17ffa713b5134cf
SHA512 cd88e736841a781c2b77bd671b08a3019ac54615f860f3068c00acd4d9a538f29c3d151e6cfd48a8d2ecf333bdabd62111d4824135b7f097513aac949be633a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 91b2b708f327e7e2e72a29087292f937
SHA1 754bc4050ee254ba207e70fb7e339bf4e5d1a498
SHA256 44a48d0030189475d61c731d3965033e66cd69fcfec9007747aa9b92e297d17e
SHA512 3fb35c276e2989a148914c9825de9f8f9060fdc51c7321810895884565f413068706f82232a85de52c472a9ca718b8ce6b70c64ef52ca8b77312a8158c5ce5dc

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:24

Reported

2024-06-13 09:26

Platform

win7-20240611-en

Max time kernel

118s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d5a3d97f5fc253d3a386edeadc37d3_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432519" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000002f0c2d5babe46edf9ab85fafd8adea72f8be868c609148d58cff6b146d8b81f6000000000e800000000200002000000017420236565f43b637bada41ffc470929315966f8fb2f048af3330d587a4cd25200000007959a2e284303e4b526abbe45daa87193854fa2d0d9c8c44b678b498da2074fc4000000009fcf87a8f3ece1e73138e46ba3a23925efce921671c1ff1112fbf4e27c6c466b4d4647548199dd0b2b117faec815ea750fb17a1a68b666697fdf8af8eef02c6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000482e8cc93713975ebe6e2d4f77655f002e3082c38c35d8fcd150d936389b6c77000000000e800000000200002000000036cce6e8a0bfb92559572d004472d1b2021c0b551c3844be1125c686f653128c9000000012748eb534ed8aec996b802240ab88860e882f582272a89789d2235fe5541e1897e174af46928fd8037835111c4691851c6c043b59fea199fc87d7d7eedbdc6a71cf0a646f1fee7ed33a459dd82b0cfc8feb052949e7c0c2745eee089a099641eaab5eea740af7ffc3c289f98a29435808ad57dcc9b0b6b84535cbb732e35ce6e2d3f7c4f3c21d4eb246da8e54c8322c4000000034f9778471375906f2d98ca1977213f34cb932220134abec6ff73cc05ada3d358fc308f4ad2f30637fe29eb323a40623802d1616af7a6d0f33ba69137cda9c1c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B0B1DC41-2966-11EF-AB87-5E4DB530A215} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0d55f8573bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d5a3d97f5fc253d3a386edeadc37d3_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 info.weather.yandex.net udp
US 8.8.8.8:53 clck.yandex.ru udp
US 8.8.8.8:53 s207.ucoz.net udp
RU 193.109.247.229:80 s207.ucoz.net tcp
RU 87.250.251.14:80 clck.yandex.ru tcp
RU 87.250.251.14:80 clck.yandex.ru tcp
RU 193.109.247.229:80 s207.ucoz.net tcp
RU 213.180.193.146:80 info.weather.yandex.net tcp
RU 213.180.193.146:80 info.weather.yandex.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab6FE6.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar7094.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e4f340822c9f133cf807e5f69b1920d
SHA1 2c5253a8815c5b251453e42af91046fe5bc5f2e5
SHA256 93552330d118b6c1f59644626b7e8cdfc148dbdb9873f32cffcdcca1a81af136
SHA512 4630c24e70b0f49ebddcc2316c79e7ccf6f8221686b0718832864bb9720b7394d49c27837a27744ea8295ece214d06108dc6afd94698b601ede0440f7ffd59b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db780d874c461ef96fec7ccc7f2c4b77
SHA1 817860f7f8c825d339a48ffd56c39a844097bc82
SHA256 0038b114b528e24c5d16d28e91e04bb8c831279b9b60458db90f159957609412
SHA512 2bdac1bfa6975794cc19d86740d6d46d55c46abb6d9520407f134b79ea7713ff69103897aa8a0a0374423feb7b815188fe26d963e88ea91d120001cb9a745558

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a21a130a94c7938876e37b577f0138c6
SHA1 d9bf776f2dc14e5552552f0b314696791f641034
SHA256 ddb0deac2a836b37d0bf94c757db7a7c7f7466a0c14d0616687942697f4ad486
SHA512 3db2ee5d6d36c1fd38979ce5d19f8a066fdc9267aef0359cd945c2960b90215493fc2113148a30d15e68e1cc506c73bd9c0043724deb49567ca30027cebb142b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4a15327cd0619ea25bca082ae695e82
SHA1 6eb0f6051f3d5928d3f74c9b3aac7da2d6d610ea
SHA256 5c211c8f33dfebbf11c0ed5fe4e0daca4bfdd5e80ff698fae7445eaadc32621f
SHA512 1fd5954512d0cbbbd87132590f343d91267d8a59dd3af1000871553302fa1e85b3834371f8c805d13e0ff349f3fde0901162ba19f8c5b21fe0747b4a2c876c16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 093db0265e4de931aacc7ec4c43e3166
SHA1 b2e4a58ef5c1a99bf1475d0273e9fabae1961181
SHA256 041eeac02e5edf8c6e7e48713bb309f10e7f6c872a5fa4bba018127d4699ce1b
SHA512 6190368f66041b37a4ad4417e260a3a248c840447fa6df9b9d56369921560b9e2a1e7b101a923c78e05f73338e745117fbce68f70f4c94b4308a0f00858eeae8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04011b6b3ce7f0ab205c193d5e09cd65
SHA1 9d446b35b004237f16ecc0a606a87beaf07b592f
SHA256 db45bdc81666df758c4bfc705e13df48342d766c7fa9218a1208a4383766e564
SHA512 cdd3c373dd0e9db8a2ed63eed488a0d681376be72fa989874599609723335ae33a92a43a579858fcf21280299ae983eab236110cf5f4413ebfd5f44487d9877f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10565ba9f92ceffe629363765bed6d47
SHA1 79124804e4a065afa5a986c081e0b608a2eff9aa
SHA256 c1ee3e1cf2eb4fea9f227b8e6a8959f78fd2d803bee21af0a2df421c2223263a
SHA512 e77713b4a92d4e2370c90f249a166b81fd80a29f0c853c7e08969932aee099061547d3a0fcd2111f32aec92b0a9d26a19f85a9a92a6c4ecf586978853050c5ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3655e7ad3b4d5965acd60b8f0bb73453
SHA1 62e96b9e5ac0d3ffc7fdbbdc73d725c8a80a2d4b
SHA256 a0da6fa316a7ad222790a0f56ae8175ad17426a7b3f0dfaf6a161a5c0bae8038
SHA512 8c92bcd83903d1ec5cd59a6ca94c33ed4e685e583a96f79ce017da18ae0c642774b91991bad212da214b8b8491015fc5d9add0ec5c3fc1b1066d45b59d1c6364

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0010627b005f482aea7e37a9aa60b489
SHA1 e1c3a464317aa0b407d8e47844a1671dd2a5bbea
SHA256 afe805493dd3b792e9d0d9fa3c57d994713e9c09da725503e2ecfa6141820a27
SHA512 e0b0165078adcf1c1a98ae6e41b34052579edc66a0c5619ad9f61d0ed9923d1842ba477263cdc2459fb9ffeeee1395f3d9c69e710d30378f3e7f88b087b79b29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f8adb7f75d45e306aafa4b5f88b1349
SHA1 a5803e6ae98008499223e46c826513c010f19e83
SHA256 937a7baee0eb4fae254f355295db4ae7d71ef4cf74ea01cafbcf53446ae9e7f7
SHA512 c446291d073df24866a2833cca7e3b802a735ab28843d82bab21cb7b48f0dd4569cf1375294f409f308d8f44d70f3ebd520374ecafd930d508b2e11f6213ed2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b0bc5115520f6f3535052f1f46acbe6
SHA1 723beaa8f3037ea7a3f24055c17780d5ea46cd9f
SHA256 1dae82f094081d31c94df2fc6f45d6fc626057809b9dbc9dfc3b213921375530
SHA512 80b617740a3abb315988bf74be788cc725cbf53af4559f672de3f465beb15811466d1a11e30cab5d4c9d432d493a3d8e4fe8d1b321a72829e2745e8ebfadbc9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4604fc769addd347063d07e54eebe79
SHA1 1765161c529af8546a94a538f1624a7d33a02a40
SHA256 c69108b8d0d79f9bc7c283ef4b77a411d18b4f99687b51f708e1c5797262f4e0
SHA512 9753888679f29929ec4e338dba102a59fd229fda88b359730feb90d7a752c3f31a40ea7c77d49bc80cb6fdb2ac99d0c8b7affa5a5d10c2240d251e5fda3dc3c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dda66e0fd4b0ad09a72b512ac4de760f
SHA1 9212432e20657eec2b5d690300a89299f0f827f6
SHA256 631c955af1a60d9e01631bd67b87761aac3174a47f3b5b9862dc34824ff4487b
SHA512 738c32647929808efdfc780d18904b8952f44062725846702d32706776543dd9dae1f68a852e2dffa003a1b15f782d98bf0b535750c7324f477b127721d53862

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e953782e643d37414a57430f82f488cc
SHA1 ce6ec1baa621b16d82a12efe84ddc13baa711178
SHA256 47f446dbeb8392d3509c3d0a487021836c158ea9ca25b1ff43121120eec7e5d6
SHA512 73476bf1335ffa019e308d634a993630d25fb5107e5715eabb0c15100aa4ddb436cee3dea8cd45d716abdc7f82e535e17348ac3521c8d53f64ca0c992b4fb404

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5242228a69756ecd252e60c14dbc540c
SHA1 18016d235d332ad131824f0cdd25ef093daca47a
SHA256 276537d96a6878d34d620a7dad92be5181bc2ae37c2df11817993dec74f1b577
SHA512 2d17ff194f2466e76f8e9dc48940b6ebf1ea1341f1e09950ebc8db5b630937747afd4b477e347e69be5fd283d20e208d3210961508ab9abe9d9c79f7afb02208

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a583371418d8a56695fc628373e0723
SHA1 104104ecfafb27e8fb2ee92e3979213b0c0a3dd9
SHA256 a3bc8431815d087b0a75dfea7938de08f5b331c2fd54464de36f2e58003350f2
SHA512 88183a5821c6a23d229b221d3d27c5ba1724c6940b17152360e3abc0cb3b3bfb91ff3a12992b6ffb0e51b25c07132db4a7a4ca65df8862e13200e5457a42669d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43b2b70eded63e8ca55541f6cae2760e
SHA1 82c916bbd4194f9880f60f5de2a76026ba46dbd5
SHA256 1753aa4b5b61ff48d40288ea30ae884767638b260fbe25a5c2057df692217631
SHA512 0baaf0bd40eeaf3a4ae5d27e5aa40240e78155e8b53d152f204099a5a00620724a776d8dddba36568f2a9dea6fe11682c39a262ac9310eff3788541639c64b57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9057fd345a9675254bb781c531313c7f
SHA1 bce55e11f81cd951cef6fccb12a1255382f9c20f
SHA256 495ad2d1ea92c00e888cfa9b1ba8a15fd9aa6370d316ba75f16f2dc2dccaafa7
SHA512 a7e6acccb310ec742024f9f83f71d72fb67e38afb54f7bbe652e67764fab47905d56bee7c32762a9d9a22a45b894d2ca1eadd93403d15897ba5e9bd42dbbb445

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7889172946636b5a7652bf4cf7f4fd66
SHA1 144af6630e0bc991abda8061d89b4549dcd173c7
SHA256 aed0b071749386e5085086fe403ce5738b09804f16b1f260779bf169c58d0013
SHA512 69c0c12be36ced789cb7072d711a6f0ff0e57c213ebe48dfdf6c793fc9334072f08af884322fc660b0915114369c57126362be05333b06ad916de7fb244d225b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8737b8c753e6a285e56f748b0ead5bcd
SHA1 6424ef20efbe003ed071390a5114f221fda9e336
SHA256 a73f387b2b1df07fa501c93e5c8a09060425caebc6e4dfbe97b9fcf2d80e58bc
SHA512 2843741e371e09a21ef6072957028862b363287579ddf4523ff6aceacab037700b50724a615458101ac54da682b3d10855dd43e309e541cfcb70afd0f5dee659

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f93c9fdec06f3e586dc0c9546a96f6df
SHA1 c399a99d7b578bee8980d41c22fa8c5905a2a1a2
SHA256 ccbd3483a4283c341326114a817e0bed20bc0388205194902bb03a65584c6e43
SHA512 cbd8147d31a5c56511ec2aab44b26e7fd78923b265b6c5f18be41430392c074d1c6a954de0fbfaf24d14066c133797aa995f1ad9be60ab2df1b9a4272dba9cd7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5166a7a4e6574abb2f780bfa99e411fb
SHA1 8219916b53614284825ca5e4c8a8ba484f9f40eb
SHA256 36e0f132e46232d7a6544cda63e1a38a98adf72912b9b2be9751c2b10e6054dd
SHA512 ea4d82f6d8c6445e28fc4f023f8fad501ee275b21f206513ef86c07a4339e6e063c705bba04fbb71a919b0336dfabbd242b67bb21f7274b89615ca4d305f9820