Malware Analysis Report

2025-04-13 21:38

Sample ID 240825-lkdk8sygkr
Target c073870b541dbac1fee61645e9d3be50_JaffaCakes118
SHA256 dab9a5ab1c050eccaa34c37784da39b36dfc6d5f51dd9b60cfc76c419e257e67
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

dab9a5ab1c050eccaa34c37784da39b36dfc6d5f51dd9b60cfc76c419e257e67

Threat Level: Likely benign

The file c073870b541dbac1fee61645e9d3be50_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

discovery

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 09:35

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-25 09:35

Reported

2024-08-25 09:37

Platform

win10v2004-20240802-en

Max time kernel

147s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c073870b541dbac1fee61645e9d3be50_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1372 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3656 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c073870b541dbac1fee61645e9d3be50_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7fffacb846f8,0x7fffacb84708,0x7fffacb84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 www.turkhackteam.org udp
US 104.21.91.65:443 www.turkhackteam.org tcp
US 104.21.91.65:443 www.turkhackteam.org tcp
US 104.21.91.65:443 www.turkhackteam.org tcp
US 104.21.91.65:443 www.turkhackteam.org tcp
US 104.21.91.65:443 www.turkhackteam.org tcp
US 104.21.91.65:443 www.turkhackteam.org tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 65.91.21.104.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i2.wp.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 i0.wp.com udp
US 8.8.8.8:53 i.imgur.com udp
US 8.8.8.8:53 i.hizliresim.com udp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 199.232.192.193:80 i.imgur.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 104.21.82.74:443 i.hizliresim.com tcp
US 104.21.82.74:443 i.hizliresim.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
US 199.232.192.193:443 i.imgur.com tcp
US 104.21.91.65:443 www.turkhackteam.org tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 193.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 200.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 74.82.21.104.in-addr.arpa udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 178.38.239.216.in-addr.arpa udp
FR 142.250.179.68:443 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0446fcdd21b016db1f468971fb82a488
SHA1 726b91562bb75f80981f381e3c69d7d832c87c9d
SHA256 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA512 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

\??\pipe\LOCAL\crashpad_1372_UFNLCDBCCKCWKXTB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9b008261dda31857d68792b46af6dd6d
SHA1 e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA256 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA512 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ce395fc45bd3c8b00d23a9c7f4b69364
SHA1 cd6d6c32c9ee5065c08a5aa25c78290452500058
SHA256 45b79743d8538e996cffdd7b39518015cbea07f14672daf4c2f94b124b315617
SHA512 1a9e35b485b16669029b78ed9dc16232ee848225d0bf9343ba0160112992d8b3f47ec6e553f8ad482bd18b2ea4388b124f67096f98d7d641706d8cee523096f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 fbc3e2c43d7e1f3b3b685988a08dc3bd
SHA1 23678cad902aea05ef8612300b7f571f9e7c178f
SHA256 f2797ea94effeea6b06dc71a67603221bec6138f56934a73ff48c445ce924176
SHA512 af5a6796229b42e069b1d5a8e2ef1094f1ec95ddb65b33136dab9b30c84666aeea0459179c89f50ea0bf5fa53e08ff5f260a328a0d2b5e9ac9709b2aec4e577d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fb95b6f1abb375a9db0a6aeb2cb590cf
SHA1 712f99abcd79dde3b0b270fb36cf74b5f7a7290e
SHA256 abf79c399971e60e41c1e695a33b215a23d3d248d8308b6a52867625054de644
SHA512 6451746cbf59e0fce86756dcd6034285eeb9ec50b30da931be046878339006a2d5a04df8fa6acd3796ecfffe928cd0bc0469ae257416fe036864ce7089b45ca7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9e5098bcacb708f6971854b7da8c800b
SHA1 d2f242d94993cc1631d852c6164ab6c901f31cad
SHA256 23dc3eff9015f6505f820b7ed5b4206b8cf034e6e618e03eb9da260de36b7e41
SHA512 38f9e3fe052be653b4c49d3f8cd23b663de691bb62195127ad7133c1889810ef0c6c659b0c8e067d2fdbec49df836e8d9d05111b3ad81bf2fbb33a758e055db6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c08d5cbc7c1d404431bde759c778a4ce
SHA1 7b8bc2f04043951ed471fbaa43aeb312ad54da10
SHA256 5bd16f960e735315692f337e57fbd00ad125109a3e64f47d419498cf727e938f
SHA512 c1272fc7706a949e9e7d7baf0dc416dd9d2ce13f0a4b0bf849a831f8317e8d750582a752b5387518e48e8bc0190edf032b6f493ac7ad1bb424518afa40f111a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4defc13d4d85ab327f52cb5a6f6f86d2
SHA1 5a66157bcfe8841a812ab7090b6fcd1294a389fc
SHA256 124cc9c1976b29cd00ef503544d36dc5e1376a58adb7526ded41a91cb2154f10
SHA512 6bfcfe7e23e132ce253ea6a14f0a8222cbcf17ad8b99556d86a5b675f55b1739ae15ae3227479ed4a4472b22291cec37bbfff7ae163144261e4c2224d15f5119

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 09:35

Reported

2024-08-25 09:37

Platform

win7-20240729-en

Max time kernel

145s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c073870b541dbac1fee61645e9d3be50_JaffaCakes118.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c9200000000020000000000106600000001000020000000cd5ab552a2ec1353c1de923234ddebec0d000bd88cf756b5731fd62a31ab0fa5000000000e8000000002000020000000d85751c34b62a3aca8914ee26643fb2ff88ffa03a118a9450aa3f9de99a691ef20000000777b4a8809e56136d68f230718003b95ccb08566dca6b066981e7fc859b7c27340000000fed125c724268a60c45b73b0a33e1f526fe4f8fdb6c38c7dafe22767247d6fca2f04bd5e6d33394971ef4b8b5164933f2b2f3825d675c273088f364983d6ffa4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d019782ad2f6da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c9200000000020000000000106600000001000020000000ec351def713714a96408935f778016d4f3ece860c20bc04ca2abcd815d137bf3000000000e8000000002000020000000c798ba8ee4f4109c03d96c12e86de4bcbd2b800f348c8ba168a7a068ed1a2be99000000004209aaeb65bf2b8ab7dea048dfaa6b4df3556c6028b87fc82652b41f26e421eb5d77cb201e0e0a6745f6970bdb70e3190947541106f2349f4a0b338872e917c142c1fab783c780b1a516e3867cb83486d8fd50917514fcfebf751a1b7ecb63cc29649474be29686b5ead319cb8423840ed0b2d071492d06ef7da5e466922e8cf80617a2d050473679926b06610afeef4000000049a77aad1194c1624a509266aed7b8b2d465bb27f59c490ebac09aba98462bd8f1b20333faaf134c6e8cd429172c8626937e8e35db753f021a996f3a303894f8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{53A33151-62C5-11EF-A17A-428A07572FD0} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430740380" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c073870b541dbac1fee61645e9d3be50_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.turkhackteam.org udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 i2.wp.com udp
US 8.8.8.8:53 i0.wp.com udp
US 8.8.8.8:53 i.imgur.com udp
US 8.8.8.8:53 i.hizliresim.com udp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 199.232.196.193:80 i.imgur.com tcp
US 199.232.196.193:80 i.imgur.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
US 104.21.82.74:443 i.hizliresim.com tcp
US 104.21.82.74:443 i.hizliresim.com tcp
US 199.232.196.193:443 i.imgur.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 172.67.211.30:443 www.turkhackteam.org tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Tar3E9B.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\Cab3E98.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f63e8b981fa1c1646c99089ba22fe32c
SHA1 bde5a5372118e27fd9d74b5b0a63ef767665abf2
SHA256 0e190e45a9a5a7ac76bab78ca18953c842b6dce15ff2e6bc69f5a6a8524636c9
SHA512 55cc6c3e81adc23c9c6ac3a728961d3ef5a8ff397b8c2a652f2088fdbaacf82cacaf0f32d0d11bcd634c671fbae8e50e660c97b9578df8304dd1122395ef74c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 9cc6af7d23261540bc6f00352ca050e1
SHA1 7e7feb8219ef1c6de109f39bd9e2fd91a76060e0
SHA256 810cf34d4e353fa265968f686ab03ef327f6b5a769efd6fe7b19d3315ce74b59
SHA512 b6109d3deeba857c830190444f98885446bbc7ce889e46de0a28c191c95ca66fa3d513ce0c7ce9a0e10f3af4b533dceb07d715010bfe76a666ab8b5b6429d8f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 1aa607fcc86dc218e04febbf0484b0c8
SHA1 04ff72f900cfca65306f61aabd4b6ea337740961
SHA256 02cf8ed5e9267c2b9658c3e07951626d85e6f5ebb3eb032e58abd347bba18199
SHA512 a2f99e445d78c1107d1c000c639fa988f71faf51ebd2a35f7ae55c8fc7160798b51c3e5de69ed99b25c5bd31c31df9508b161c31ce778b548fbdeb2aafdca1c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 84e144ce2595e7330bcc255b6714451c
SHA1 0472c649e98e3c61c3b2890a952dd06de3a7b0d1
SHA256 b073b3375f8cf0ba877912cc09cde02436e09a5c81751a2d5ac00c718160f8ea
SHA512 3dfe95f67a9881e6141f7707c92f4bf9634a8a1c6dcf8f4ce25c9d9c8247db1c5372325e853b068b8c0608541d591eac6882455803ded5f16b4f063e702437c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06c2e9efe256c2c0b179a2528c39a2e0
SHA1 b4a7e87a1b8043d82f374ceac610c97aa34316bd
SHA256 8b64cc2838e822646c41735eb929cccd1e80aefc2ac1c49a006d6f55b6ff543f
SHA512 488553507ed7dcd3e2241130ae8fa040e5690d7b40697868e6fc8a3ce1b9551707a3f984627f504173af641fe239d4de7591df70799b976169c94751d97cca5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 7d5a8d1f94c03dd6fbd16eb7b1d6a49c
SHA1 d359c253f0ae612687e1fb8941598c66d5ac8560
SHA256 b25775125b9b9bff4a4b6a4e64b55594a2d428a8cbb29ba6ce1cdc74a92428b8
SHA512 c47011b80ee2b1c9dd1dc19a29a50633d6736d4c158d8ad20618e88c16d7a75a0101dbd4c22caea03310b95a80bfdccf15fae138f7a052ca385ab0cd96ed005e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 b50e2529b1e53e9e3f8eeb9457b5d5d4
SHA1 9587b74cc8637099e31e50f5f3eb3f943b249dae
SHA256 61b83ba3dfbedc56821fdd64e85fab087281d57d9882b67fef7d6cf470a93c32
SHA512 2756fb8b1632f37f541de72657c8da89493174c37b8493bf229c9f40d6a6414e9a400b0b5f7609b40ead53d2753c3df73b3898c64e0f3c164323d499141ea0cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

MD5 971c514f84bba0785f80aa1c23edfd79
SHA1 732acea710a87530c6b08ecdf32a110d254a54c8
SHA256 f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895
SHA512 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 a16f9d0900da8bdb169de42a9277d3d2
SHA1 1ad4355020b2b59939daef5472d85b5983c2bf98
SHA256 f432e05e6caa736b2967a6d79efd8e2ad233b2b2680b843992169bd5e0309744
SHA512 875af9bf4a38a50419e5840a93d526ffc2bd9b1180e973b24f061a56d6a1ac9387d4d2023fe5474757e3edb798df6d463f99f7d500e1d601e9681e0ff70aa421

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 d211813d3f53d4d012cb8999a971cdc6
SHA1 d5ff60b1a5daa022e1ce2ad4e50ab10ec6186158
SHA256 01135d373a3a18d0eaadbbb875fe72fbad354c1ffa158ae6868237731fcbd780
SHA512 3769d588c36146c8da0bcbeda02b26b2eb580f3c9c8312d88b1ab3498c0534c602588147a0ac5f943d0a3cc908fd297a79a59f7fec456907aee065d14a5d62f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 b4553037c14481bb1be90bfe45356c50
SHA1 566b9885a8274908022d1df856833d67721b0928
SHA256 c6ae0032005a6f4a346590e5b078d0baa3db70cb6970121f8d0c9721ea2a9c2e
SHA512 d4b928e4a02f77336b2291adef19e0ec01351a6fa225c8ef0081a1a01c22865edeacd5a05c141c17b98b313d1fb3c8a099f65e145536666a4f7981862deb8e76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 d5e8f7a9bc4388bd5d1117dd21f824ff
SHA1 2bae050693a200852b2127f688b50d777b9b5b6a
SHA256 9b554201d8e85d682184283e37fd1cc0d334429f29b7ff44d0d4e7bae38e251a
SHA512 4676f9eb0435c6685df530d019840b490c85a83ad79ee00f2fae0a6b721e009fb387d0f1c2710dd4676f23005835c6b87377b7484a794b72b8a43ad88b3dcb41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 61cfa749f7b753fd31357c21f5804c67
SHA1 9570c9c9c60364c34bb388eb7a5b368a0c5c75d0
SHA256 456f3caeb8352822e158ca305ee1e32e76a7be3fad1c63820278ba273df5f16e
SHA512 9643686f2ae4e8c6912c545a9e37bfeb55cca9e002c0bcb74ddfc0ae43b7ef6ff7e05b9b83bd14b251100372094dc6e4e6ec4d3206d52dcb29e02233c2e2fa11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 7fb5fa1534dcf77f2125b2403b30a0ee
SHA1 365d96812a69ac0a4611ea4b70a3f306576cc3ea
SHA256 33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f
SHA512 a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q98GZSGI\recaptcha__en[1].js

MD5 70306d36ce9dbcbd8e5d1c9913a5210f
SHA1 04949ad636f8cd09bf91059bc4aaf1973c92a15f
SHA256 1425b3dc4e809e5488aae10e2eb2511f652c6a9c3845c98c3fe69f07fe0c9e2b
SHA512 a7f00ba83fee80e7f2006c9e1f0121e2e515f4956182924e67c95a8c5522f30735f7bf4a6f7dcf3cbd29a685e967b1c4ddfd72d7f1f4cefbe55326becdacb275

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a621673c22e942662d81d71b4a98f5e4
SHA1 12765c6e1bc4dd0205fa9110999df439cce9cf68
SHA256 47d041bdb5669b43af9417825505c54fb6f41f8f142e2c75239e2935b9b7e056
SHA512 5991de8a6b9b8e2d6cfee4abb28dfa19499a772b0653f0ce6f7e99ab18abf60eaca28d9181843e70243305862ec27fc3cbe70bb778719bf34afc551fcc233598

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22c21d149c7f3e0588eaf6881650672d
SHA1 e8d158dd35afc4d23cb25e7eef834555a185833c
SHA256 e266560b058302acff1c8dc91151fab4d4d93268a23d5650dd41d9ebdf086556
SHA512 eb27f3ab3c72e5ff15bb9ec1d5178634c655167572f3261268c9a34429deb989788c83cf8c83fd99af94217d7af8874d3d6c84407b01ea26bfa457d0137d2d68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7549aa3d181816252e212bb0efed471
SHA1 54cf424cdbf0975ccf4d9d52b9f9f9083f0db07b
SHA256 1e1b6540b7cec00237dd432858bb74caa680475988a7cd969608db272d5e915b
SHA512 80059dc6224526c80f52e039f7287357c620ed160aec1dcb26c305d4987d20d9bf623331cd1faf0ccc5d8a1dcec12411649c3c78452403f96109227bee7a6fdd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88bae19b801b7f13eafe9c863dea074f
SHA1 dddad537b348579e3b3a22e70a577f70f3135be0
SHA256 51e09da0740db91d2a5ddfafb209feac236f92ad80ae3390a6794df931302d6b
SHA512 a1312c133bc04fc9fab39a162ae339f72583973aacc489b9838ebb0ba283798f208465efada30a83b3f4af5bcf904c795524387c738698455bfb8d44c8b1a1e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89dc5aa62092017521adb1f7cd20f3e9
SHA1 01d832af3aee8a444a77b5d3911bc5d4b0e36b6c
SHA256 5efedb9f943251893573c0d96e21769a6f4899a5d7929a39ac3e81861edd4c82
SHA512 5bef2a14d051ee76f9d5a3a1ab9f686aad0f3fd6bc93c5fb6708bc91c70a9a4065a4b240d379b6aba2434209dcfc2047f3748cf5824bcad40ee18fb880555e8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fa5b0d17d4168612204099aecdb75f7
SHA1 d10596c4508dfe22d27863f0860ad35bb9248409
SHA256 ce5a90799997d08dad1f69a4e61c06d160c41be57ad040638c2d54d4875a2277
SHA512 c67c8204dd7dcab8fd4b04dc7659a271277391f46aebfeca9749d515c3ba95427dccf95d86e4b5b67afcbcc2af9771623db61900ceea9a53734356aae663a0e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61e039481ab6258b1266315a5786ca66
SHA1 9366c02277a024cd3915fd1069d985c7454976a4
SHA256 4f9d8c1b17dcdfa4091f068d697e88936039882f67112baa23255543c6139ce0
SHA512 6a083eb543a93dd827780f662a39415719669e7ab8b12c147d1eab4506fd985206a72099d4321a9209d2257e7014250cbd2d760b10263db158963b892c480e7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20909181ea252d4447ea5345d4ed80cc
SHA1 ffec10104fa1a3980e745e9bb9919877a3b0f7d5
SHA256 d4293550708003ba368a0e58886b7b0e6866917e8ccfc0da8d6a57872618103f
SHA512 5661ad902d38e9d2036322e9eacb16a02909c339e0a4486dc192c4d89281ccb60b98d863fc58ffc00a52b990e84ebc2007dc1289ca6863c5791262e367188283

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6bde04e48bc927fd808a576d4d605eb5
SHA1 b77e0e95a13d7b42faa135d086a1688f2b663580
SHA256 da569dd47f835cb0753c6ca08e99c07cfac5d81d1a122f27318172d651d6ab56
SHA512 50811c2933b97424633c472045a154d003c4856af602aa41def19fbc56d69612328bf37ea85c92f1519a02a145ad5947f6be502d4b50266186e5b038fa16afa6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 299dc6929982497c173a71b320929eed
SHA1 f752ff64c201606af1c5a355c05eda3da4ca2035
SHA256 f16aa90ab37c0e3ea85f2f47efe4856aaaf8d8ffad5995cdc7639091f76125fe
SHA512 bfc98f656cce18c4b6ca0aba995b38144770b8ec35cac1c46f54bb1a578e9492ee8679d9683583c82666259e2b35586d588705ce3edd9b6701b2cafd89ff0bff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 012ba9b2525b6e0c4646cc73506bd991
SHA1 77cca5f457e23d0da26ebe01320506145a08b544
SHA256 2f0b9ce4f4ee281e300cdae60daec58326e0efe58e9972ac5b8fa28cc3cc6708
SHA512 8a719fb53110e9fb7e079f38f36c7422a4dcb2f78c34b82130d00c4b1ee341c6c102375258b3f64695354719aea7d45f8ecb61631bed8e484ebeb67f7a11f695

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e4e0a5ca47d6a516ad82721ffb94a17
SHA1 e7175a73c1e774fd52a7f0a44a10c909726f09cb
SHA256 236d03dcca28906455c5378012f4b2ef889e8da06bca31ce6415b8e89469770f
SHA512 a30c6a5557a2dba8b37f1ca8fe77eef620721276af0786c509b87d458cddac8575f31ac975e8e0a49d23d043c68afabdc1885fdffc77786fe91f621985f559f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3a1628014148b43050a07d731f9c9c6
SHA1 51158cf8ff077df444ec19508e9589755375da65
SHA256 a7ed004b7d573a265f5cd97d4e9cf71e4835b92104ba310dc4012a041655a9b7
SHA512 fd324e584ace0db994989ab82f38f333ed4309a36125e563e6aa47bbd390d6308f8abb3a28afc61b9adecac27c00a97b6106da745fdf433c3f48d0a37a37ab83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fc6b4a021dac8ccf34face2daf97a25
SHA1 f6f89ecf849b425428abf2d92b9aba58780e70a6
SHA256 079f0266bc9b82f8e8e129b96c886df6f58015c47ed4b5ce7ce9f51064362df8
SHA512 28e7c5c0c38011e58ea29652dbe068d54920f302984d59e2fc03f9e58d5e88daaff84b8b494522a17db5a2b6b5b7a0cf6369f968f60057f4d43a23d68342c33d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96e62a4ee821ad303e598525e0bfcf9f
SHA1 0968d231746595826316c56eb2eb861aa29eece7
SHA256 9e5398d6f1e6480d6ae2b2576913702f713f62a250bf095b58c06041cd52d67b
SHA512 7415c67865e32b5dbe95e5fa6ae9e8bb02fd3b6526c8e56e1e7a316e51261a0976203ac0469b41fe83d3b8faf4ff24c80c4b2ca191563642f8c84ed2efa87633

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b42aa133df8248d29d07dfd5b4152f78
SHA1 a1ec9c8d36f920554c4deaa3183dc3ac7b7258d2
SHA256 4e92b9397444b7109fb4cf15ad7fb5134e710bae278815ea897e732f72d4cfd6
SHA512 65cbf635d6ce32735647d8f2377d6e4975b4e78280a64a5a0b810c15b108afddafd9a6836aeae3b02d47f409a9663f245e3fd7504b09f015877575f8c05541ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 264aec1fb7ee0f25c94650aa9d19350a
SHA1 c39caff769ec151f31fe8196878221a46ffc102f
SHA256 fd97e7c3f7045bfc368b1e3e7075f59f214a4004f3f9fe636bca0199ab01518b
SHA512 30d93d638fae89a028c672a86fbfc17504216327c344462b8ba1abb1d1a3414d486490aaa6663ac1a84e4ad250f364b5a2b31fa12a22d041bc3cc5b7a7f61e95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58398978da6dc7de1523146adc38d6b3
SHA1 f9bc4d30b2b2e4e28e2958d8341b5d2c9301c1cb
SHA256 cd63b88f152873d7f5cecd2ca5766940d314783097e57cc59272d3c693498212
SHA512 226a17142cbb7ef95009891fa100e21de8c1309e8efc43d23a793f9f569fd579e64c90b2a8938e7a36697f0213d2a15b312cb1937ca52c909ac5fe27270a38a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55d08566f39d22ee392fea6419ac741c
SHA1 ded99a1396ea706f21a2d05b8f66841f7ba29ffc
SHA256 97e5e100be0e46bdd5f9c6cb0b29171d1e5496713bed2d78e1122726271683e0
SHA512 05db66e064c030410362735904f78001334c5962b615a002414036f165ef3246ff987b47432b744bcb8ea92ba0efd7c7b077adc70839ab0da27aa6335a8b0839

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6733589b5b0f08ff738a2bac9e75c516
SHA1 de6df82b5b4eb40a27ade055de3fc39bd2bb73d7
SHA256 e17233ea6cf0058220d8417d6b39cf9fca27744ab19c9e471b424dc4165a6857
SHA512 182f3496de3b752067189698c212763993e308abd2767c30571bf58ebc1c1806502b0e0098ee0a06006c0941f1c1f0f9091110234a6fae44dedb468d6d83928d