Malware Analysis Report

2025-01-18 00:58

Sample ID 240613-lez72ssgld
Target a4d8bf184b03d1896aeeb1a69b86cda4_JaffaCakes118
SHA256 e4a1045840c7fb59d99eef5953960632587275f0dbc6140d0cace50334ea594b
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

e4a1045840c7fb59d99eef5953960632587275f0dbc6140d0cace50334ea594b

Threat Level: No (potentially) malicious behavior was detected

The file a4d8bf184b03d1896aeeb1a69b86cda4_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:27

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:27

Reported

2024-06-13 09:30

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d8bf184b03d1896aeeb1a69b86cda4_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4844 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 4368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 4368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4844 wrote to memory of 880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d8bf184b03d1896aeeb1a69b86cda4_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6dc846f8,0x7fff6dc84708,0x7fff6dc84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,241924422319185082,10702658078073147932,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,241924422319185082,10702658078073147932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,241924422319185082,10702658078073147932,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,241924422319185082,10702658078073147932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,241924422319185082,10702658078073147932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,241924422319185082,10702658078073147932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3984 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,241924422319185082,10702658078073147932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3984 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,241924422319185082,10702658078073147932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,241924422319185082,10702658078073147932,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,241924422319185082,10702658078073147932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,241924422319185082,10702658078073147932,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,241924422319185082,10702658078073147932,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 podgk.pl udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 podgk.pl udp
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 podgk.pl udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 87f7abeb82600e1e640b843ad50fe0a1
SHA1 045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256 b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512 ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

\??\pipe\LOCAL\crashpad_4844_GNSAZJBKKKQSBFVD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1 df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 90c0589266fa58fc7e93d7f3b8cf9df8
SHA1 093bc4dfc03eadd1339956181a335b7b9058e70f
SHA256 bc32888304d9c635ee2a5e580233fa4aed6b260287c47df0bbd3ddfaaa8563e5
SHA512 bdd57989afb9948d09cbd54023d042283077483269a84e5bb1a3667e834998bad0da2543d4d3010059141ae5a78aa834d5fdfb78f846162afb50446643e2423e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6c1ba58251ecfced91c482306114f0f5
SHA1 530e86aee0936d0282fee59fa0104127e2fb4720
SHA256 78f66264fc44efb008dbdac1b49421cccdfc63cc449c853333664058dee4141e
SHA512 068d0862869a2d1cb003100008681fb5c7b49c6f3bdf2fc03a687bed8954171ab21da040492abc3295364d0bbe687a6ae98ddca570932b27a7c8f6f502d2ec24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d3095a5996b8954da3f542f407bc5d7d
SHA1 95dde7a264dcfd135c74d40d28485dd9e6183343
SHA256 9a50b28c11fba75c456d4fa4561fb6487f8c1be8e5d4a7e0bde62ec8e6c7dc43
SHA512 fb5446286cca53faf29971e6d6676839951d52ce8eabac1c1ddcd7c57d0defd1f02b7ab0353be3910f8c1fa7179b3d18abce365aa7a924e0ec1c7b9fd7bd7d65

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:27

Reported

2024-06-13 09:30

Platform

win7-20240220-en

Max time kernel

144s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d8bf184b03d1896aeeb1a69b86cda4_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000846cfd0b8c95204798c756b61d1a43a90000000002000000000010660000000100002000000001b3b52ac5dfce0fe1145303e6158925be26400018a13d115d4dddfe497f7fed000000000e8000000002000020000000a96c73263098e770868bcaa7d4c6aa5fe086973d581f792c7197ed55a6b1d93f20000000e9230c386379bee9940337e78194f79f9a534241d19e313068ac30cd119f1ffd40000000bb87de8294fac1c65d2e428dac56d393fce3719e1f28e19a13d9c8622a3e90f1d890ecc8e643dd6cf902323346b932435c72aec6d947ffcbeb7938ffd29f8669 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{28218371-2967-11EF-9A72-56DE4A60B18F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000846cfd0b8c95204798c756b61d1a43a9000000000200000000001066000000010000200000003a1dd1bcacc3dbad703f9dc0862ea7fce3d0cf3ee5d780f2c1696aded2843c2d000000000e80000000020000200000002020f9c61408985b51d28067bb25470c2748010a053284e53deccd3ade071ce190000000e91e171cfdb59dfcbb671846d7bcf940efc20894dfc3f20cd434fe0ee4b2a80dd72365cf603e147d1a05ae2f1a98a09e21d1f728cbe1e6fcafbb7be73867e16222d26f580549049d9892769cdaa2bbf49a4204cb611c228d7288e37e093ea3d04352377945d47353ac9a00fd910edf4992304de66f47a98985a48c56e66c588f5bf0d93bf8d6a328fe47cf0a1f5d36ff40000000d15854efee2efba2bd5a7a818d4ced505d26a37a09b6456992536db99bff5185f85012eed3b21011bc4d9bb1d42ae0f0a70cc4456fca27ec2ba3c0d2259d0117 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432718" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40b449ff73bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d8bf184b03d1896aeeb1a69b86cda4_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.nexto.pl udp
US 8.8.8.8:53 podgk.pl udp
US 8.8.8.8:53 imageshack.us udp
US 8.8.8.8:53 fallen.nazwa.pl udp
US 8.8.8.8:53 www.silberberg.pl udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 beta.podgk.pl udp
US 8.8.8.8:53 platform.tumblr.com udp
US 208.94.3.18:80 imageshack.us tcp
GB 172.217.16.226:80 pagead2.googlesyndication.com tcp
GB 172.217.16.226:80 pagead2.googlesyndication.com tcp
NL 52.166.128.236:80 www.nexto.pl tcp
US 208.94.3.18:80 imageshack.us tcp
NL 52.166.128.236:80 www.nexto.pl tcp
US 74.114.154.15:80 platform.tumblr.com tcp
US 74.114.154.15:80 platform.tumblr.com tcp
PL 85.128.128.104:80 fallen.nazwa.pl tcp
PL 85.128.128.104:80 fallen.nazwa.pl tcp
PL 85.128.128.104:80 fallen.nazwa.pl tcp
PL 85.128.128.104:80 fallen.nazwa.pl tcp
PL 85.128.128.104:80 fallen.nazwa.pl tcp
PL 85.128.128.104:80 fallen.nazwa.pl tcp
GB 142.250.187.234:80 ajax.googleapis.com tcp
GB 142.250.187.234:80 ajax.googleapis.com tcp
PL 109.95.159.56:80 www.silberberg.pl tcp
PL 109.95.159.56:80 www.silberberg.pl tcp
PL 94.154.117.200:80 podgk.pl tcp
PL 94.154.117.200:80 podgk.pl tcp
PL 94.154.117.200:80 podgk.pl tcp
PL 94.154.117.200:80 podgk.pl tcp
PL 94.154.117.200:80 podgk.pl tcp
PL 94.154.117.200:80 podgk.pl tcp
US 74.114.154.15:443 platform.tumblr.com tcp
US 8.8.8.8:53 imagizer.imageshack.com udp
IE 2.18.24.9:443 imagizer.imageshack.com tcp
IE 2.18.24.9:443 imagizer.imageshack.com tcp
US 8.8.8.8:53 metalcastengg.com udp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
IN 101.53.146.129:80 metalcastengg.com tcp
IN 101.53.146.129:80 metalcastengg.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\kawerna[1].htm

MD5 c6f91c941f9179193f27cc6b663a5cfb
SHA1 d975205f94753d86d96a57a78b33f02a098a34eb
SHA256 edd2657b68d757e83eb2796cfc27d2723171565b37684d5762a211cd8b3785b0
SHA512 d8f55ab8c2d01d615b4c844cc17021da036335aba62804fec7b58343b6be0f5a3c5c1bdbee2161560b86d34c507d8ec16e4c6e0cf4946e3cbf0dbf3a6d09992d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar16E2.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 268b5d43108e112d88511130c90b837f
SHA1 b4161d4730f0954fec8b9c84cdb90e3d75aaf0b8
SHA256 f8d5e821e9774985f7557bbdf5dec1a364dd91e6c3cd2243301f679fc3beaf1e
SHA512 bf6519ebd2c067500125f013254f17657c27466ebee432b7f88eea6766b9da8b9780d75ef02d2f793da9f88a48be43e24ce15c7555ebe7010a998da8db5d2d15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc11a82bf3bde0942fb056eb8c22da91
SHA1 2bebb22407b1551c07df7f1b67c042bea08f8390
SHA256 bcafbd0de49be93e77ca42cbbabccdc6fc8b017e9e52d312dbb7f82b39eda6cd
SHA512 e99564a81ddbeaa6dbf2ae19847f5a6ed673e8a476dfa86120271ac7781a7d42f639d34dad51e7f42d7624e2155f988b9b0b794abc51e5e598ff68f5b17adaf0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9484f376b6d80c4459a60fd14a365ee5
SHA1 21aefd9baac47d1824e76b04c241f2b716a38e9b
SHA256 823c5f5ddbbe21362be665718d9d672c9abef6546848fa338e73510870f176e7
SHA512 4fd5ffdd50364a9548d61a993d13b1e54c42ae322b2a93af6363723f2d35ace23bb64cac43f3091c0a90c7ca1b7378a336c3163b46a999f0904651371749a539

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09e11f9d9549ea5d818c7e3ae5d704d3
SHA1 711a6bdd50ee7b1855d5b5ab410ea0284330d5f3
SHA256 5b4b41baf89ba4fa6adfe6500a1e67c14d498f4ae004145232c3c27760d452df
SHA512 c73e22c4ba8bb69aecf408253e217000b0e907f265d4e0782207bbc65645f17ca806fa76934b0bf0dad6a0b02d6213b1b2f988c1fa70d9668489f643c2bf18ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db2ffa929a082e44e1cf50f94e057340
SHA1 29cfaabcfa84a63bddc64d9610957af6c26b0731
SHA256 4db7772d494954863873372d95ea9804eea95dc0063e2461ce7505b7c6a3d784
SHA512 962e76146d489979fe5a6f6c70183f58ddf58d564013cb727e8384ad39fcc2d59587bdfcb29cf19f1818fb2bb6f365e8877e8bd88edbe0b52198ecc60170d2ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25dad21b315c2426fa100e87a377c4f3
SHA1 84adfafbfedfbc0cb0e36d2e89512048ea226e86
SHA256 141222d4b898614007125d9ec027cc1401466f909f906089970758ee5c7acd56
SHA512 26d7a5c6d23c55d8f7fe093eea61ef9af918bd527e2c3c33db33164c70d03d7e59112ca4a330ed1ecd0cbadea7c19d9bd1dff5dde54a2ddfecff8ccf6b4c3531

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 163ff881535da5617f4ffe85c3d1d7da
SHA1 79b4166a329f62bfab0344b2df71ce17b4139f2a
SHA256 d062aea465b915b4fad8805bc878952a8b68ac94aa2ef5705429cc89686ef6d1
SHA512 462f6786d707863b06e685745c333d8eabae5c7a222721d9ed79e55d3a82b808350a35834141236a5ba18eb93cf0a3dc17faa71ce2e167dd88ad1c8a921d05f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9fd90812d31aaabe619daf6a2c32cb6
SHA1 1628dfe7e378e179dd53424a1c41ecc802894066
SHA256 e168766fb83b8bc525523dec76f2a075bb3eedf78ed954cb037d9c1ab53664ad
SHA512 412d3836be6ed18217697b517d666880c30ae1a11ac92da4ca551dabd3915e269aaa32e55e71f49d812124d54e1186e4ad93002a2154226b33d3ca70882d7834

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 597130af2e176c4773018ff7d580dac7
SHA1 7899bc71e21fcbb020884e9ae62b1fc4a9f4d2cb
SHA256 9f3ef9c9a1c73fc03a04708df85a185f0433b0b574d511cc93cac8e38312ec32
SHA512 23f6b6bae092d8ace35f457d945aff44218cb4e8c05ad4e245b3e9d73735e32db3270b22f06bfe012b9e1493400d296e628b93e2c5a78e7566972f547192e4e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7eae00768c64f11c2505c142d3404d1
SHA1 d9a44131f4d345f9295dab2dfbde0bb32ff12b2c
SHA256 f7bbc3e0722d6d74ef16cc150a2d721b389ef3b8e66f92bbd0820a3ac1d947c9
SHA512 911c970b5a97a40f2a5e7f1ee57f52227bd1456188c629d45d9987f9031870a647dd709a39f2b58da08f064b2923def932cc57d11c30a361dbe3cdc6116cc49f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 641edb28dcde1c07ef7ffa15a5fc061d
SHA1 19ada53af252cf7191661ab87b63cef361c698ac
SHA256 82120cb0b980bed18e3739499a06a2601161a76673959f6c28cd037ce8b0c0b5
SHA512 a9d8faa42977438f728f1e36f62e140e6ff892965e3415b1a14952d37ed959197e71b7403140f4f909e4963e3f30135e29fb6b7afd66fa418c1ced8718e348b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0e0f17b45ce3102177f4d3408a9a37f
SHA1 1e004cbca7aed6d97f2ee7809a4a892042f8c200
SHA256 6f211e4c268aff95c633e9eecd204b443914343cbeaa630b799e0dce1544cfbc
SHA512 828ec192b84d4fc04f5d2cc8697e5f0e22fa9919e5d0f526fd00bd22ae5cf1b1a0a2802640390c4a0b43aff1f7709864cfffd6d3e5a5b3fb5aa0faa4fdc28bc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 ca4a4e921489f40465f058867e80ef4c
SHA1 e8d237dbda2448fac4e66a171dafdfaeeff1d337
SHA256 b8eceab34a065f3623ec31637691ab44282a2bc58a6284a9f90ca58bc76629bf
SHA512 7cfd7b9c8289e0563090951ffa53933d57bb1a31d24faff7f484c5ce674596ab9d47678f1921442b79637ba7f66f3df8ccd30aa95935567831f98baaab240206

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fef274ca5cd2f0a207e06fab69ea1289
SHA1 8828d396c8ca9bb55560ef52335c9b7d9db2b0d2
SHA256 9f99d2741e1e62f0d8de37b6564e07754764d58e4a8163abcc7e335535970eeb
SHA512 5e529f0aeb7bfda539f9c3fd81b3f1051ee9b5d46dd8e9aa18ded9f3d87d6b0f7cc763e71a4c7d495f682683e2c991eb69af692c351ff2fab81100e9fe2fa310

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ab5914d0cd313697fe87f231ee1db48
SHA1 8a72cc6b570e1ab84e1efb0e99946abe87e5510c
SHA256 40fd63f11768b86bfa6c3742d089323912a87a6c35c2ab4a2e8fc5a8ebd1f651
SHA512 08fb6cb8ee7c2b87a358b5f8720a9f1603b57843f7ff45616e99542042e559c80fa9976e4862914f7a0de862ade33ecf6cf8567df684c65545e1a258e0835906

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 176b3674fb0bea0852e65fea11369ac3
SHA1 82fde7a6b35208d1595df4d89f3fa78251ebb479
SHA256 4750f7d838937f3a0283822bc7043266bc65c09afd3add4958fbe8fe97212571
SHA512 035a55211ce093e799fb1f4a86b6a796db2d73221b205386926aaa9f287c0f0a8aa0e5f481ac7e5d4a563b6efd8846cecb88a456c3a6de0daa91571119c11c9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fd3d491601d3008e5c4cde898834517
SHA1 b1a69228d38fb4a2d56d9aea7d27b56d27c924a3
SHA256 cc9d1af2e618b362620fc7ffdfc310372c6d83b9ca39e6530d6949b69ea1c8c8
SHA512 41d029676c93026bc89ca5ed3e1562769402921ca2d84e492ecad17bc344f37c46f0cb78310d437438da92fd76bd0492c6ff0349729b2f3cadd8c87b1cd552e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 d00ab38f73e057e3c272789793b688d4
SHA1 0353686e400a49a8e332bf131523c5503a263c0d
SHA256 21cb4fe008ff9124149028a2e5b34946bdb9f3f95369cab76d6eab44af802d22
SHA512 adb6d44af4aaf048ef70b666c96df8c678ad559bba2714f3542ec9c4a5a365ee3e28dd142db889ba989bce2e32f0bf2ec47f19c63f6ee1b3bd135d9ee723f616

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1adb28a65cb8862be9f9d5caa10d286
SHA1 427c53c72dec8a5cdd6766242d7e21c8f07c6759
SHA256 e313d9905888a979d602455d30fe83260b3dea9525df8542f4068095d0407096
SHA512 012b4dbdb22de7a5b3da4b8789b766d33c36abad4a99f20a0d8db41075a90a17f983f11159d7924fa4c58d0823dcdd85c4c16cd37e0697f1dc61cbbf2198f23a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d941bd8f5cdd158254d989d820729fe2
SHA1 e49d48c4c57e05f14d7f6529d0987f4dc918585e
SHA256 e54b80ee898766926f57bd4512b279e604d5df7fd1f016e7490b62ca085e2352
SHA512 acba4667ae1c4976ad1158c7c74b48e2e46c153585619f9fc823193661f3ccabf3eba33784d2baa9d9e3dd217f82405f41a5b93c994805e334ac30940b566731

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05ab9d404dba27251aad4838c171d541
SHA1 9fe9108982a43cc93009b2c474efa61abe42b5c9
SHA256 2a01a48634d7e6a78dae7003caa0038f8285d388680d59cf0470a930177ff444
SHA512 54c0c1cb648a3b1384f30f8422a837ff406995f6d2c73a8b09dfbb49873607651d1491d364c28dcc247dd35326df8a0a6666e41274c5be999490a1bf398a4b64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 763e0630ae1b59911c36616b681a014b
SHA1 e5132236d4fde9ec24841b9f76e6479079a6f654
SHA256 448046294cb2cb117d9155e5718a87fb63df8ace733871f534ddbf982aaa160c
SHA512 54c9af713698c04b3df2dade2e57ca2da3b42828b123d93a24e96a4c2b92ce4c4781b65f514a03c3a07ea3c0a4d0f583dd6c8c19195ac5beb8c9dd7adc7f5b6e