Malware Analysis Report

2025-01-18 00:22

Sample ID 240613-lnd16sxcnj
Target a4e4fb52f0fc2cddb53130e1a909da1e_JaffaCakes118
SHA256 aa74b6f4700a12d8605be78e0c1400eef6608b624c24f4a01627c03dea3d0575
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

aa74b6f4700a12d8605be78e0c1400eef6608b624c24f4a01627c03dea3d0575

Threat Level: No (potentially) malicious behavior was detected

The file a4e4fb52f0fc2cddb53130e1a909da1e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:40

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:40

Reported

2024-06-13 09:43

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

127s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e4fb52f0fc2cddb53130e1a909da1e_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2172 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 4952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e4fb52f0fc2cddb53130e1a909da1e_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b7db46f8,0x7ff9b7db4708,0x7ff9b7db4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4320 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 i.ebayimg.com udp
US 8.8.8.8:53 ir.ebaystatic.com udp
US 8.8.8.8:53 www.ebay.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ir.ebaystatic.com udp
US 8.8.8.8:53 secureir.ebaystatic.com udp
US 8.8.8.8:53 rover.ebay.com udp
US 8.8.8.8:53 i.ebayimg.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_2172_UJICEQQECICTDEKP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ed6e43adcd3fc5b104bbf0b227f855f1
SHA1 e40d660f642a72179fb9839b23521dbb79cb7dd8
SHA256 6cfe8120b42c66cb6e05bf65f205d25f1d4f2319ed1863660522c9a04f331bbf
SHA512 50f7381c030b2e121d65ef5d59df0a5dab2f1ab52f28de2eb8a4c9737d480640e1a97097b6ca61b1ea7a33463ac3dec7f6f5bfdda3f017a3c76c582cab779465

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5efdb829c26ff894a56084e92a03c03a
SHA1 8ae09e39e09c22ea4b43fd29b3728d5c2546fa9b
SHA256 59ffc70ff596dd1c17a0f10d787221f5aaa97de8de90a924c831a07d1724345f
SHA512 3694ee1b487cbedd46ccfd750a7ee6c9202a8b486c9425c0e6f2b45a4c7e2ed9abecf1f29658f132017eeecfc8f35878ba777aaaccc11f80a5f70d9e2383f603

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b1c7071d1ef376046d70dc0ace065232
SHA1 468d22b99bc818076eca69b29a62f51dcfaa4160
SHA256 2e130ed890901fb2ce50a9f766cfc3f691934632234923fcddc2d0ecf8534bc1
SHA512 0ec90fd43ef80fdc853c4a50a947196afdba13ae470efb33e742e0ac4b79d810272e950a512a7d4a512ffc5cc5e445522254c9c367dd9c2c1f095ef19843e410

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:40

Reported

2024-06-13 09:43

Platform

win7-20240611-en

Max time kernel

120s

Max time network

134s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e4fb52f0fc2cddb53130e1a909da1e_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000005a75385f5a28e61513e5d7986f970a3dce53941d78348a4ac5f59a44304474d7000000000e8000000002000020000000e7b6f408fd8752c1408f3dd2ae62076cc401d7ec4509fe1b398beed22dfb8b7890000000ea6691121e070fa940c981b3eb7abcda3036f1f862ccc13c72a21ea579ec37e8fd92f2ca8bd591c480b26839d1babfe0c7aea8d2b2f0ffa1ad9d13177214e2d5f630756365e8239c8f609668f1f1f435f69d028233c3cd15b56194d1f562ecf4bbb3b11afe6af4b6ea311701faa01f80149e0b6cfa5e52a17b5f7db51cdae2f658ef5a2fdf5110c1677c22e7d5fe540540000000885ea25cceb61564d61c3c11b0a934de95b0e241cadbd916b34f5ee4e2a4c9b1c4cdf516d6f1e12ad643e0965bb9155b8958b920f82ba95054c84254b28c3673 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c05a58d275bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FA113CD1-2968-11EF-9E46-6ACBDECABE1A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000c943bc8b52b638715524f97108532bee6d8fcd5754b6bb0356ee7377c1747287000000000e800000000200002000000003ba5e448767b5e3ccb685258d0ac1233bbb16b8497eb078d48f6d710507b9ba20000000c812011e97dfcfc52a1251d73d171f6c0c7eb2d406c6412b0c762af4cb1edc444000000095d0cedd1ae737fb62cf408cb8a0bb17985b0035e60310ed8cb4932af6bdd1bd99db597ff4a3dfe5c0fe4d9df46cee6d123618fc147fe336afcb4a130e7284ef C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433501" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e4fb52f0fc2cddb53130e1a909da1e_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ir.ebaystatic.com udp
US 8.8.8.8:53 rover.ebay.com udp
BE 104.90.25.126:443 ir.ebaystatic.com tcp
US 209.140.141.61:443 rover.ebay.com tcp
BE 104.90.25.126:443 ir.ebaystatic.com tcp
US 209.140.141.61:443 rover.ebay.com tcp
BE 104.90.25.126:443 ir.ebaystatic.com tcp
BE 104.90.25.126:443 ir.ebaystatic.com tcp
BE 104.90.25.126:443 ir.ebaystatic.com tcp
BE 104.90.25.126:443 ir.ebaystatic.com tcp
BE 104.90.25.126:443 ir.ebaystatic.com tcp
BE 104.90.25.126:443 ir.ebaystatic.com tcp
BE 104.90.25.126:443 ir.ebaystatic.com tcp
US 8.8.8.8:53 i.ebayimg.com udp
US 151.101.2.206:443 i.ebayimg.com tcp
US 151.101.2.206:443 i.ebayimg.com tcp
US 8.8.8.8:53 svcs.ebay.com udp
US 209.140.129.25:443 svcs.ebay.com tcp
US 209.140.129.25:443 svcs.ebay.com tcp
US 8.8.8.8:53 rover.ebay.it udp
US 209.140.141.61:80 rover.ebay.it tcp
US 209.140.141.61:80 rover.ebay.it tcp
US 209.140.141.61:443 rover.ebay.it tcp
US 209.140.141.61:443 rover.ebay.it tcp
US 8.8.8.8:53 ocsrest.ebay.it udp
US 8.8.8.8:53 srv.it.ebayrtm.com udp
US 209.140.129.84:443 ocsrest.ebay.it tcp
US 209.140.129.84:443 ocsrest.ebay.it tcp
US 66.211.166.8:443 srv.it.ebayrtm.com tcp
US 66.211.166.8:443 srv.it.ebayrtm.com tcp
US 8.8.8.8:53 gha.ebay.it udp
US 8.8.8.8:53 pages.ebay.it udp
BE 104.90.25.126:443 pages.ebay.it tcp
BE 104.90.25.126:443 pages.ebay.it tcp
BE 104.90.25.126:443 pages.ebay.it tcp
BE 104.90.25.126:443 pages.ebay.it tcp
BE 104.90.25.126:443 pages.ebay.it tcp
BE 104.90.25.126:443 pages.ebay.it tcp
US 8.8.8.8:53 secureir.ebaystatic.com udp
BE 104.90.25.29:443 secureir.ebaystatic.com tcp
BE 104.90.25.29:443 secureir.ebaystatic.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab6125.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar6167.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD

MD5 285ec909c4ab0d2d57f5086b225799aa
SHA1 d89e3bd43d5d909b47a18977aa9d5ce36cee184c
SHA256 68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b
SHA512 4cf305b95f94c7a9504c53c7f2dc8068e647a326d95976b7f4d80433b2284506fc5e3bb9a80a4e9a9889540bbf92908dd39ee4eb25f2566fe9ab37b4dc9a7c09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4dcb4f254c1b2d939273164725921c10
SHA1 b26c26acf98884853bfead8399cd3ead0d9b8ef8
SHA256 d10e882d802d5d1d87d449be531aeb96aa23b94b255a105c0d97be3b42344471
SHA512 65ef52f1d50840267bb2d8e473f764813e9650dbdfe41021daa3a0580e36a9574a7f2c1d87d0d28999edce068e349edb8212ee0f417e6c81279f2ca966fd4bec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD

MD5 0b04e29569e58111b28219ba157d8b60
SHA1 eff206e250cc7cc704c721fe546cf6fe7319a461
SHA256 bf031976907405b010c6c814a22e8f6531457465e1baecb1db77cc700ae405ce
SHA512 cf1b3232e83741898e861af2da2a169a52f6214de0d8c661b0b4eee88a659fe9e06885951cffce27e70a6ffacff56207a82073a692329f772cab13a5a5f41b56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 aaf642c144cb3bd3525180135ccd9cd4
SHA1 9090f98c36dfcaaaf9acbc11663625ef1bf8e251
SHA256 7b74d59821064a65268409899c4dab29b31d5a3b03f0a711a8d531e3998f8a92
SHA512 83c37ecb17feb1652e0b3f64968025be7f5fd605c9c16d958c1ef70bc395a4dc16ee8e2c030825d1fdd3c3f6466aea438c43f09bf916442b2982622db9ce5931

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 2042d864f2f9468acaf68787829f594b
SHA1 1e09ebbfc6a1dd0db5736337c4c71eb637697672
SHA256 35e316b6341b4029d27b28bb2abc4f03a816ebd63c1e47810d0dd80f30fdc559
SHA512 ee6159c830e16d0f38fa6f1d00f5364827439d92e194692354e4e0ee740b2f9b313d8cba06ba26026710a1e6430636322e894377374479c293fdcefeb7f827d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

MD5 923f81cbed01b4d75b8e690c035f50af
SHA1 b2f22797e6253607d8752a8bda3c3a4416f58103
SHA256 d16a303cd9aad6ac97fd4596f6c5d64ab780624f7bf8396bebad77b79176279d
SHA512 00c020be41e3fd6d5d019bd9c7918e879d88e3925d9077aa03c25c2f17808fd6408cac29ca14cb7a13df1a4e5ceb27c9dc2fada15e9462aad10bf7406fc6091d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

MD5 84bea47eb23d8bfe85c6e4a9c9b5758a
SHA1 6ab9a3e182dd25f6e9ec868f23c1ea9eab38b13c
SHA256 eab8aff5f1d5ccfdacb2348958c1ab90e9060f5760ecf1b2be7ef178200fed51
SHA512 373a53f68814f77bf71df2b196da03e0aea238bec1d09658fd4e4b0422ca3ecf36d915da56bef3ad8b58fe89e680e6c38fbd8be1b7f5493f6f6df0995dda9723

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

MD5 03d5290042e96f52d18bbbd028367dc3
SHA1 573a3a446e39d471cfb223dab2b1482792efd57a
SHA256 78729a57848a71b1dcb57b182b979e243e6e86151bcb588142a7b090816b1514
SHA512 4090ae38b146e1b12c94a3776cbdb09f1dc8a22e9b49f156d475cda6fad70d4d644c3d3fe141633ba4705ce68cf9eb9bcd14ce77a05718e6501a1da8d10d4a24

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\0[1].gif

MD5 b4682377ddfbe4e7dabfddb2e543e842
SHA1 328e472721a93345801ed5533240eac2d1f8498c
SHA256 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
SHA512 202612457d9042fe853daab3ddcc1f0f960c5ffdbe8462fa435713e4d1d85ff0c3f197daf8dba15bda9f5266d7e1f9ecaeee045cbc156a4892d2f931fe6fa1bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 514c563c7e98f473bd1f1f973168d0cc
SHA1 a7a11437c06c0be9a7d379325834439ac5e3776a
SHA256 2101005933b850a9fac45beacdd2bbc2fd20e2fad7e2100a886fd311cfa4deea
SHA512 f33e6badbfb29a3564a5f066ce77b4bceb57488251a45ccd39023baeb38ccab1a4148c036698c2f90b03ddaa3452fbab76982d6bc0f436e4aa1e45dddc99aae4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92e9256e83e8c001426307478ded45db
SHA1 19d9afff1a80863afe358063d7b891e6395e219e
SHA256 9ef9a2cd3742f459357cd1a6a41304e3925539131a2550a109d336757730b251
SHA512 2976c277ff45c4a9319a306de9959b81d1cf34e8587658f65efeccf783b90e79b4709a721b0846ebc833f9e7c313db0fcfc6a75adc59ab7c3e22bfeff1ffdb7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39815c318367e82c6a9be54a70009854
SHA1 cf606912b03db9a49d4723cca4f800e0770a8984
SHA256 8fa881c4812e02b52eaa4f810e881d09a87da798f082daacfb6e5fe87bf01f9f
SHA512 27738446c3d9a1f289b4fbaf688c14a5a289886e448b63ca070843592545cd20bfcffab990f5f73549b3af9c877d2fa3ec24e4921fe0674a51f16d901c55b9eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f8f76c397a84c85634c031c23bda46b
SHA1 c75d84b5e028a9799c7405a613afbc11c880c034
SHA256 40368e617c57a94d7dbd5d3ab0ef4504921b3132e8824053b186d68c7fd9894c
SHA512 19204b8c6cd5ffb920cd399dbbb1ac1e3c882136f07f97b307f0603880df89acaab7fd242c62ffbf66481cb205d464df411a8860a6a3f4e6ed2e651e04717a6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc9586d9f17ccfa02fd8a3a81a486111
SHA1 6ae1800f70f0b406afeaf7c902fd3ad2d4ddc29d
SHA256 1f1309916d3d4ea903e10a7f35b9eb685741ae63186ec632f2492e00b01e8d9e
SHA512 1d37effa7dbaf89e6ea0eea2a9ff965bf17d3cfe22666471bbb0f88fc0b4197900cfc76e67f3ffb2d1dde3ca4ae359d1091506397e186ceb31ff16a5be177e90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 320cde019a9f81319821b3b08645ac5d
SHA1 1b80499cf3e441438f5bafb5597aaf884e137c43
SHA256 b3e881d5706eef9602916ae3e9cf8f8b65b8b6998cd2adb586a696291572e640
SHA512 6389feee8708dd84819839fadaaab75a70b0927ecfb0f516df9c26be41505b3b69cdb275640ed8273940430d1385c3961176688291cf526e4028c85271d72f10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3ab70c499041ffb58713c04ee3b9c76
SHA1 e0984871d8b5aca0fa615647d42726bfc5e467f3
SHA256 53e6a01af9507e285314b73e5f96ba213fced5ac42161fa59748b0259200d3b3
SHA512 15445beade6bf3b14c2dd24b7f0c161f37a1625a5c4b98d0194b3176b3c6fc2b10b7038c4210e9477bb3ebe540d851df00af01d96f678abf22538d303d480fba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ffd1de8d54a0d643653f0eb5c56d1625
SHA1 def555025f9300d58962745d6067f106454a2914
SHA256 e6850cd1f4e1042caf18360054e0af831a9aa9f7f2ff580bca7a0735c95a0294
SHA512 d1cd878ad3ee60676131059f49b1581d1ac034ec688b7f93d03b4ece52713a309ec05f43b0f8a8bb151203f13ba05ea1aa0f84b122b40cb2f20a70c53cd29cd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d90e614500c773a0b0803087b29c7314
SHA1 b4bf24aaae3d60766acd93d4384f7495dcf9ca1a
SHA256 6376bb4f7360d87f293ff8ac3184625c49bdcd4cadac28de7ce7af7175d47120
SHA512 920ce8469a2fde6f10d7655898425d9455b6be76d810f3fab1b9a5a1946cb44641a79f70fe45066e696ccd4f4625430f08d0dc82df123abc80298e2554473287

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fdc20c3088d655010b06a88e141f46fb
SHA1 f4f347b406c0bdb77eecd70ca40d20d357b038de
SHA256 245ab1be58b667ee0166c0f7afc0c6c990a833ca29143b6638f80e8338b824ad
SHA512 44f3ebbec4c0707297674b46d1f42d469976f6661a8b83195bbe658d056aa53c04b9a0c7f8029c8cceb1bcbed64712044b3006b69ab1a86b3af1120ccaf2f3f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fbc14cffad21ff34c02628464fc003bf
SHA1 04e30b26d7203fc21e504cdceb6895bccb6799b2
SHA256 06ec1247acdb630ba8534731f2d8668f6d4cdd6cc084d901bb32c69787845b91
SHA512 7b74d71d7183dfa9805a928029831c78530000460541dd7ba08495ecc9e3c06c3e5b1ad3864c58604bf880a56d5234a0fa6bc553d7048f4e212938045c0fc0cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 823c58a86833b0720f518b0844ddd5e1
SHA1 f00d215008e47f6ef65437e478d863c5155a691e
SHA256 b5bb6f06b86134a931f643e140626393a983cae60c1eed52fa7307603a8e22e5
SHA512 471df8afdd058eb637cb26b573de029f798bf6b8c7a3060ebde9e5dfb38bca1076e2204c0ba1a5f864faf7d99b0fd4e974c6dd8e8d37418cb67790cff28d1584

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85be96526cd8abcc37ecc382dc93e580
SHA1 4c2eca41423fa158931b2fce59d9bf86030151b6
SHA256 6924481978f5605990f65c2919f2937593ceb1ff64c138e9e04ec835ae522152
SHA512 2aefae6bfa18905f537451a0f880f07f61e2a34017c0c5b7e557a17155e35eb8ebbac81bbe664983b0ccf38a457a50647eabd1d564935ee60f2f250c479e9ced

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f0f00fe2c27ce30f57f22a21181563e
SHA1 77fbb2a83ed4416ecb4850039a0e12a79121c125
SHA256 d772477b5c42fbb6305b9be57182acfd74c8f370145fc525d2afbf0717db006e
SHA512 6248eb79456d166ffb213c696325a73ba92a2edddfe957153c8471f5080760a3b5fdc2187025000d3fcc0670153cb2fb14e56c3b2c3c53615ad1c500ca5d9d24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cef6d85f2142da5e82813d728e564c45
SHA1 8b240bb629722516525908e7f23bdcec481ba2a8
SHA256 446fcee2f5af04677def9df6bffdbdbdd6947c487d4214a17ffbb6df4767e776
SHA512 dae293ca28147af3389414f2d6aaf43072128951600a73e8f2c6adf9546b8e7e90188985727ae7b81e846a854a89187744d3b4c27e10934eb5a9663715af8c4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ebe176cccb9ba84371b7159d150254e
SHA1 261927988b7a2e8e62e74e2b553adb49cd2920e3
SHA256 2a59c9862b50a5dd27f4a1587d0607fd350bb899d148abf54e1137bea64514d2
SHA512 5d5fac1d5180dae05a4760b9d662c75b53723a413669d0da25a162ef89bd8230c83d96cb7588bbd84e6fef22f567783ee26399e745ca8f3d32dc8380eb9d9270

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8c74ebfb3b4c7011539faaabef4d288
SHA1 0d602e3c2a5b2eb936732911bacc00153efddfda
SHA256 151dc3b00ac08802483d8879f717209017cb2b1ecbe8bfc588bd2714d40cb343
SHA512 9b98c74a3641eff77ddda097c2c3284f4a058d5754428d1bea248431e15b2964ad4e6a4a987d969aa54c5423624e4caebc7363eccec8eaa625060939e9c3616c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa9328a6ed70f096ee59b91405e1d44d
SHA1 613ccb2fffb2c7dcbfd51f8ff041a89f9e6b2b5e
SHA256 0152be808562aa905b2deea2e22848c905bf108876096041f9b6b3257b3c9a8b
SHA512 38bedf56cfe5b4c6b9e2618246e9daff6ed88561858367958613e82def0697617a19c15475d4320b607437a60de4724e84011e0f5154a35e68e3f6b40e625318

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6bb193710601cb09a773b2c2f005fa1d
SHA1 edaf226f32934e717201f78f411adc12a95126fa
SHA256 ee563d49c4ce09a7fec9a99891a57063f5c53cfb49525bf187e925fac84c4c9d
SHA512 2b2a16f87af342c6a276764b0a11d3c6cf21109b8a4410f3316fc6174110916eed6202e83c085f05f0fa7642374674ef61fe8e3b928e1f9984673d858f7fb148

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40fb8f198f356ad11509fdb36ccdc5c3
SHA1 725925e9a63fff60f76cdc2feb2e244b17df8707
SHA256 f88e765b5ae6d811d523b645594847d07204847193b64e2f49a173f7a2d6d654
SHA512 76cc5acc1a3fea18eef830ec3f1354bd233bb0f4c24f04d8b82ec7da75fb47adb7214447b0d9c77c9d27140c7d9a731d41d5379ce5e3b479f6c61ebbc00a5ca2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 772805f244296111a91b5015f1d0d9a4
SHA1 030e46f1ce0737ecae8934fc00737dd84c1802a0
SHA256 c7f584559df3d885f2791d2417bc3c91614cdd758bc0e77dddb6a0982081b107
SHA512 57d9593108009a4ed1b38826a87885c4b620e3ddf316e49c90c7e30bc0e72982530b24d52225bf5c2763eaf19a1589b93cee841945e5a19478905e7a6b2c1cf7