Analysis Overview
SHA256
c42eb4f9e30b38069a29763d36ce5aa5c0fe3b0a21920dd044c98ceee6521e3b
Threat Level: Likely benign
The file 13e9be4756aa037b5693dc6cc9a14be2_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-04 18:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-04 18:18
Reported
2024-05-04 18:21
Platform
win7-20240221-en
Max time kernel
135s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000f63fa964e5dcea584ce70807cec6c3cf9364b2769ce3d3254335052d6dac2e83000000000e80000000020000200000008e4fedf9a88aa78da186b22b46a98a153b8f0890aa6b3e1df9b75c3d8a418aa220000000f2fa5793cacd7e6be10e1783a09e2ef97938c32f00c485f5c89a05768ba0b94c40000000fc5beb7f113e5e6273a745457f415981fc8febeb54dd3678046f3c6012c65a605a029217aabc34a3231af6f050a5addf341802cdc9ff4ef71e04fb464f032cfe | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000073fcf20dc7c14f5757d5b340aa76e9b7c079cdd1a3253ba3368282114aedba54000000000e8000000002000020000000e9000544ca7ada233f2d35cd6acd35c9ab16b8b668c95c91fa871d90cbcd5daa9000000009743e47dfe12f3826ecfbb2ad58ebac19cc0a1e5dfd80c6e570c2670b9931ef7ba96f96f7610eed6a70ebab239ba723cc5ee37edab7e543dc40394a389c0bdab1008d5a164acc00cb21ada59b5a400e88d2f660b7ad2923b223249fd8aa85981f496429910fed5c69c8fc2fb295e70aa8faab4124cd4514fa6f05dc3039772318912cef43414e664f7e35dfcbe0fd5440000000c209ca34fbcde53ddf472077aeb44c2a8d461e402b0061f1e92e702682627f1d1e6b2f76c80ad4c7bb735f58ed88edf4f1e32f9f33a4a803cb9aa3da545f92d7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4033f39c4f9eda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C2136141-0A42-11EF-B35F-5267BFD3BAD1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421008600" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2140 wrote to memory of 604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2140 wrote to memory of 604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2140 wrote to memory of 604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2140 wrote to memory of 604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\13e9be4756aa037b5693dc6cc9a14be2_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2140 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | secure.aadcdn.microsoftonline-p.com | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 8.8.8.8:53 | ajax.aspnetcdn.com | udp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | portal.microsoftonline.com | udp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 13.107.6.156:443 | portal.microsoftonline.com | tcp |
| US | 13.107.6.156:443 | portal.microsoftonline.com | tcp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 13.107.6.156:443 | portal.microsoftonline.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\TarDA7D.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\CabDA5A.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarDBD4.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Temp\CabDBAD.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9ed0c292f4fc1c579767d128ec59955 |
| SHA1 | 4add88e7390f40c8cefef6f1999da60ffd83ebee |
| SHA256 | 8e448fa1ff97d461af14dd62f472f338e2bdd2fb23641ea412784cfb0e215ffa |
| SHA512 | 23619bed007aa83a78a9461340445ef2c2b809ce35fd4340ac1f20855acf991a435b98eab1e281d34ee54cc27ab7843f64268e781b2dff04601862b4af95fe46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 114265712097961cd0a9ab70280c2a95 |
| SHA1 | 38e998e276a87d0e3c195d060747d371fd6a93fc |
| SHA256 | e4886e9a096a62857eadda9e1a8065d974c020e7ab96bddaa11a3cd42086e7dc |
| SHA512 | 27a8f37eba3cf742de4277af11c2712f98b8d0e8fec01bcca1e82595378c10c6544c2350ed04bb2c23ea5c35a144259846ae6c79a4b70065550ee9549495a80c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cea436a8db40eb95bbc24e34b40322a |
| SHA1 | b9ec1814adcedce5d81fd5bb576419e7235a6ddf |
| SHA256 | 511e0e6562dc66b56a05305b5c8322717a20a01d8c16d262760a9f10989f7fab |
| SHA512 | 8b42655ceb8f406c1ead840257237b6a68bd09e73c46248494d5dea233371b0dfe83d7d704bc41d2f964dd750060efd6b0f13f4fc599f8159b7b25f4c26c98eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8ab1601c03f81a6d01c4b91eba15a18 |
| SHA1 | c46a8ff2774592ad61bec43f0ab001b3660d0669 |
| SHA256 | 8b1e844c4e4617a6061d66210f929cd2009bc8bb63b1b23677573ca9c04c4f17 |
| SHA512 | 6d6f48bd9f090bdcc4723b5e391d24ead2d4f43431c0bcfe287a294ea497b8c539d5bd71dfa2159b17458fac0de33dae96a502944bf057c0643c161c5c825ee1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ddb4bb7140a5c3a173ce5b6fbdccfcc |
| SHA1 | 387ca4a0a0ecbde3f8b6e170e39d7571057c0fdb |
| SHA256 | b2a772ab1b3daf2be69c227339ab5b877c03f315a1dc4095d8cfcca28effb9d4 |
| SHA512 | 07a7e2d474550a18bef4fd9e049accf94f0040e23b8bd9a5f645cd6b961153ebe9d0627b60fd17e4a15a2d8319a07d157314d4e2e4b86d2ef46424d3d7fb0feb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ea0fd6cca06792d952186cd25166baf |
| SHA1 | fb767628ba8c628a9f5d3ccc3e7602c7a2456e53 |
| SHA256 | 18d9525c171203b9b5ead2202a13ccfec8dc1b138f19b1d40373bebc14a48c86 |
| SHA512 | 3d6e4d218d7269b3b818ed5b3d8fc55aa0c7af68e7fedf0f3765350e5c706718678904bfa38f4948fb92c4919079aab51402c8398cf93db0d51570c02134a307 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08c15166009d8b24988836bc38a68f95 |
| SHA1 | 7989dc703243813818a11172021a22ce0ebb4689 |
| SHA256 | 96e44dd819fd4d052ec5fd4022e4d5d421777bc0b2eeb61109eeda037962b3fb |
| SHA512 | 5138c4d481c6d8f9653344031d474ef1a955339004cdb25c3bb936338a464a60d13bb32489b63f7bae16a25567f4bda32cf2ba1011a63eff9bec7ae99af0a357 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5708a1b1d6d4d43270ca8bcb84f67ea |
| SHA1 | dc9cca5a4f2dd40aeafccbfced9adea2683008a4 |
| SHA256 | 912abb9636221714814f76dd511ca7ab2e148bbd14d61eae24a9c3bf3840e7b9 |
| SHA512 | 6686749528d7c63ce72fd583524462bbc6a6ff41007987f9c62bd034a0a4e89b40eedf2385e3953ae5c5d129549857a028db03d2dc91c4f68d9e943030b13890 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 093535974dfec21b59cdce6bdce24cba |
| SHA1 | eae4ca6475bd0f608aae99699ea9a9c778dc32d5 |
| SHA256 | 8ae03c6df83019a5048dd728b1991b08ccd5b972919f162ba4e64b51bbd1ecaa |
| SHA512 | 2e1694db7749404ec54d41811a9e9334a8b8108956e9a6a33e91c8d492e18fe0a3e464489629bc698a1e345e45ee5badf56deb215c9298aca3e56b9958b4fcf1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 124dda319a9440b54e045c3404a56b94 |
| SHA1 | 3d57951495c4b6777b2e7619ed6315e1275d70d5 |
| SHA256 | dd3def5d9fa432f4ea8c5abe433b59594be7c639b7a0f5fd9beed6ff361401c8 |
| SHA512 | f868a5a9a8e74982194a7c8cbaca0a102276f23251b7af2d9924283889bccdd28c88dcd1051280cbc8adf9f049732dff4fe07b2ee57403273553f77a6b21ca9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebfa3d77c20f269a8ae6f677140d7242 |
| SHA1 | d7c25db0570e300a8ed5bc8a6f7d386ec0d2674f |
| SHA256 | 9a044802813a5a49b54660a6687395e86fd31a5876717a4e362f770635ebde90 |
| SHA512 | b5e2bd82924fc17dba4b1307dd4613eea222ad43a76a6e69c7737ce11ab3f6f25e1a104ffeb614baf944226c8c298881485ad4c993e5d68050c46c4586a84b9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 527f173b5e116086a42d47c85a40976b |
| SHA1 | 35b4ce64eb54dcaaa1602b7de708585513681df7 |
| SHA256 | a3af6352765e6b628be106a7dffbce5c2572ef28d4c407da4c4cd58ad0cbdca2 |
| SHA512 | 1dd74f54b398f21fde4db75293669976b50561e1b89b8d0dc42f6cbd8c8249107fa4d44a68a4037a1d433708a8dc6cdf4e2afb7e9142efcdb0f6b2574ca3080f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9951acc7e2c272f38c6480a1e16cdbd5 |
| SHA1 | 28883cce88c3b82c11e0d1c06c70dbd379ecedd5 |
| SHA256 | 732fbce961864e0694b8e624c51cb4a8fd606a9f93ef3354f2fba3fe795c4039 |
| SHA512 | d0634a579208bf24b797c720f6d9baa92fe660c92420c9a1843b5d3ff2911b56dee377cb53d123fcc342645ed90cd309a411661f9c50bd7c3bb4b1a2e374dd1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19f9749fcd085b6ed52309039c6a1e58 |
| SHA1 | 90e89f0bf831a694aeed28f7a1b929c49fa2d55c |
| SHA256 | eddd6a00f0feb92b99a573a00b5ea9e612355135024b4afd7760973026f9ab5d |
| SHA512 | 475bf96b32f9881c32295249de150028d7cfa3e841feb015e2191bac580097d1427dd4f3d3428967bf73bd8905b307b19b4a26cfcaf8ea2326d9284d342479cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f5b463f185abee9baa6efeacd90430e |
| SHA1 | 3886ba0d5bc1ad74873dfe063e522e9e23749ee3 |
| SHA256 | 2651ea51c75bfe1814be855f07af71499dd27c76d928c5095a0ee6e9b6321262 |
| SHA512 | afec2fe02a954dfcb26afcf10edd9e5eff9cf68a1508b5b0919e868cd250cc77085b7a004cc3dc038d3449f039789aa1f33bf6192e628ae0b989d1e64c415284 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e62a1c6648173cfdaa1095950821cd4c |
| SHA1 | 5673e590e690df831e92c1a16a799e5f50198300 |
| SHA256 | 8a3dafe2b38b6f7db16a6989ef5fdcf5c0464121ec4c8064db803e8eab26c859 |
| SHA512 | ce5a925df7a4ea907a4540fb3d7a5e03afde983088468a5650c370018346e7c30ae9d90aaafe7df31d7690f19a3e4e75f434b6aef271bb52eb2f5a07ea6f7c32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7185cd523a53dac97f33f9fe6fe6c80 |
| SHA1 | d6a52fa90a93f38c4803ad1a2176b2b8186b5d33 |
| SHA256 | c73ebd60b585eb25eee6991b022b20e10ca4b1a8e466b61f05c1c00a2f4dfbce |
| SHA512 | ee032a33e0c96f5161af21387647c00b40d7b4b6c9c7fea18afaf5094e1271934e8c8fa4192bfa3f2ac72668c00841502ac65e97175a13748efee51cf5183af9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 453c48975205b4273e6a7c9e997783bb |
| SHA1 | 81f3da5d5ba2d4d6c4cc2545772b60ffe93159b8 |
| SHA256 | dbdc54202bde8026ae9f8e5286edd50018d3d5fa8d6eda558cd11bac586aa52c |
| SHA512 | b3ae4c018ded3131081f102353ae9899d7d05a8584723040e83a678a58c474d4963c94584c8b22c085a3a7d49b53caa5e2d697cba86e6444e45a985677440254 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60bf3ce11fde79c1963e6ebf6d63065f |
| SHA1 | dd95cc2d47424858d2a42d621d3e6a4498ac5b83 |
| SHA256 | b6c28d23809115d8c34f38da8c16c9e78a65aaa67a462346cb8a9a1718003a67 |
| SHA512 | 92a6c8e1aed8bcc7a9f46f25fb07164b747bdd9786e2d6deb5adebcee6b1c0e3c7a16616afc942c5b511058f62f2375bfb3f18ec852a2cc8f72e4dc6995b6920 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 169118afe864f734345a6652836860f0 |
| SHA1 | 2c048b8cf3960ee79fb2f14473421bde6f93e5b5 |
| SHA256 | 6ee60a196a63663aea59af9316f667a5fdbac8a16f960e9fb096e70409bbfabc |
| SHA512 | f08f6a310308c6389ed2d6209b3899a03082f49b20436e90a5f2f9a1fa7b4379d4d07e5ac70606a2e9fbd0ec61483ac0db2da219a82a27d084b7706431b25164 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b7dac1e013caa9a3e21ce36c9cca08c |
| SHA1 | 3e065e6ceae37a9725a2a5a4b1a7ef517c24aa85 |
| SHA256 | c6b7c0cbe3867d72ccf29c28af77a8671ce1bed2dd5c037474af262b41e80ef9 |
| SHA512 | 2e7c8cc554db9f9c28685ff83befcd1b4c04fe109b0d5c4532abba68a45904a5445f65050cee233e3f252897549ce6471093977f4e30318854c7978fc45b650a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00cc648070d1a7e7ae3fa642c89897c5 |
| SHA1 | 6b0c0db2092a1e96d8652db9a24d14e7c0e5d378 |
| SHA256 | 13f46a059b7fbe783d1a3f1cd1977e0a9f9aa6f77517abda84c2ddc452909095 |
| SHA512 | ed3c694dd997afec1891add1e92f86386c9c919327a924e699826f1e3de7401dff856eddc8cfb08780e9924c825b3a96d1c994763f4ea88bed48d5187d23b8aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab3cac8577bf638a21129e78755e01e7 |
| SHA1 | f3c777a06aa8eab5230c5b373a3ef82e3bf590c7 |
| SHA256 | 31c2a1c8660f396551d33969aeedf1c17eff9414c6546ffe7c7977fa92094e4a |
| SHA512 | c7c8fff817fde4cf88bb6a75c7f6d867eef430a20020862e3bac88fc858df574bb435456f608c1c2d67558000c74b5a9b8d5f28849cf4e139efe8dcce7274751 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25e50405f890f259f910a6fa53c38aa6 |
| SHA1 | 6002583764a98a45a895008fe6f1d35c529b6d89 |
| SHA256 | b977686665872bfdbd9f37b984886c69b1759aaaacd95a5f157d7345259902a1 |
| SHA512 | 5ad06efb06d44cff19148ab64fbccef5e9fd76650d72ed3f4636489696ab25b4faaa9ebf00320db8872274afdd0987411d8669799db8eb3d6b01fb74ec5eb4e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 454b5a6d04bc56867b739f1e41654ab6 |
| SHA1 | 8a6ab6b5cc1d144e74f777c638fa6ec389f1057e |
| SHA256 | 924c884977ff0ec8839e4f368e8bcd12d7f8a3983c2f868b482dd0afba1f16f0 |
| SHA512 | d4f7c72f8609788ed7eac2b40cfbc2d68436aaed5bd2fd656e8777ca9a3d6c8410d88925cc47d8f4fb9b2d682262eb2ed10050f17c1e2b687f51b5a1895fbafa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40de9694c2077f5731551136d2faba6f |
| SHA1 | 8865ba1a7f9b80c7087e29427007c39596458541 |
| SHA256 | 4fff69aeea9bcae6fd8a8a410d75fa4a094b246f643f28635d7042c0f4b150ff |
| SHA512 | f5df2663d693f8f7b15f40530c9692350c80ca195c3606d5864a64215f2d52ca3fd69c1b828f6c73f1797e9157818282379086ddf4d6d2e9e8bc388cffa27216 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99daf9115f3a7059548e98cc57a9a134 |
| SHA1 | ece0da9222d92a5ed0f20f621662efe8c7009c49 |
| SHA256 | 1a474ea297594d331690ddbaf4d4b24f73cd7a6e2f9b7cb9fff8b0bb2cd60dee |
| SHA512 | 3ed1a5dbc10349c01be1a4b7909e717f6c5b73c9b7446d443327aad4a1d486085a19f690f1e7e53b290e096fa768264fd10a7d3879247c201b6da768c3756a13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f72985bcf5b0debcc821b1ae086eafd3 |
| SHA1 | 94fb43eb080a8e607dbb6eaa7f2b1fd8561eef72 |
| SHA256 | 132cc4d1df77f29bc468ffc178f2efafac761cb834595faad7111d9197157381 |
| SHA512 | f9694c362d4ca0ca99157171d3a03051d83562729bb5a9eb7695f4816e8f5998bbcf0621b65ce20093ede63c1e1f183f735e125c6e9d0c6a4cc55cecded982ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48b70e78454e09c569eea090bf07e876 |
| SHA1 | 5dc581e54337a517f14b7d8fdcc63f1b05163522 |
| SHA256 | 6a77d315d2c3f989556953b1dff4745043ab4d704c32ccab67a9f1c73bd21007 |
| SHA512 | 4e1bdf56dd9a074c3069c946217a30b41b546a37fedc4753b79e0f77cddfff325cbe28ff45d4918658a9c135f2f28bd8b79b4d470e4784c1e1a5b9ba928b4335 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8df29bab31a876b4c2c004969149b3d5 |
| SHA1 | a20903ed7fee8fab9119262e9b67608416fb688b |
| SHA256 | 1a5bd2c47b300462f0388d43308490b8e8bccc420914afae415762287c9f074a |
| SHA512 | b1ff8fce9a97998750ad58c4947f1671173a7581c42f2e002a65603c4abc3022abc4649fcbf53bc2c7b301fcb6602f87c1b27a81c3c7fc5b6e06171b372d5291 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34a606a2fe7bc42a28fb983b9d68f24f |
| SHA1 | 15a0810533e12bada2545772913eb9dee1533021 |
| SHA256 | 698015a782b36f528b4d1ce7050d0e537bf428f7a90d2680c2cfa0a463bddb06 |
| SHA512 | 3a63b2759e60eece0521e8238b800dc1d3a2ad6d188b67008dc76cac6fb4597e1a0754093740ac11187775358074657feec7c3e9397da237cd7e7a4ab8c438c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4f2a255c83722c3c300748f47e6457e |
| SHA1 | 230104461a3a96936e0bc1335bbf5622b3b7d2ae |
| SHA256 | b7246d86d750e407bce74622a28881a522c472a87656a84ea8f1428fd892f3b7 |
| SHA512 | 1005a6b05e152ab351b7b58d624721a64e8c5d7602a03dbf0ef05c96f1c31933bb2e70b4e159e4406b3487bdfd0d63fda8a3afa1d097f087e3096b2ee5258f9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc027a7b53bf228ca134b2d581f921d2 |
| SHA1 | dda4e3828e609287783d2d5c45046b5cc446a0c8 |
| SHA256 | 2be22494baea033a86a26b805222d23108548ad2b256f79acae26a9c98f3e42f |
| SHA512 | 7c0bf724531ed8306c14ce452118fefc280017ddd7284b6c367bd984392f9513ada202332123b1148f61fdf0f27afee36cea7ceb1e612a8b01c2169496786180 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 012bc8f9ed5b8e762326c38ba282bca7 |
| SHA1 | 5628c9b327822b5a321824928908b8e38a1541de |
| SHA256 | 73f097a74472ae0f38ae1a29b41cf296e9a4eb5383326bfc954629c2c9afb319 |
| SHA512 | c2c582fdd883232f9748407265ed97f468122ff730dd9c40dbae959ea91aa6461a7f2e3a4c17feaba1f631e8fab1b88fc2e367e190e19eb2b908734c353bd60a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9e9c0eeb8c9e97d1dd767355ad2224b |
| SHA1 | 77408b3587f5f9c6021655901f29d5c4eaa7b215 |
| SHA256 | 9a4286b90733a1840bb0ef5b50ef3f8e96ae5c9ad297c8e5188e31b5bba2f53b |
| SHA512 | 0e4bac07fb26959bac47ca8a5a4701dc39b5ab12daed0fae66437ae0b1720ab7c60add4cbb0b997c665bf6e31d1c817ed9842c20d0d93ecf085d11a3d4ba004a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf4a79510870c4932713d878d74429e7 |
| SHA1 | f018a7903c80fa282505591c4bc6d035d7a16955 |
| SHA256 | 3aee7529bcb783d6a17fcb86d565085d0fb67d45458683779b0633478d13adbc |
| SHA512 | b958799c6691e431490bb513fdb6cde44d65dabec4ba3922b686bcc26902661a91cbd43ab83b6f389fa7effe5e884d05ccbc29d85b4527da1d2bd7281d60b83b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a7a5130b8611f2764e63d9c124e95e7 |
| SHA1 | 828bc980f341987bae8da08bbf538830b55f72aa |
| SHA256 | 58434c81bb31a399f5c2c1ca8362353738d9f63f7b8bab0b92464c17806a798d |
| SHA512 | b6641c4d776bc7cbc4c2d496fe84afebf6c4a2ec27bae3b9d58f05a7c60df76baf7322465505b7cde1539f6ea2b2b8a90918e1893f0fe921f8029750f7233a1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c9bf0f594ab0d47bb1fc1d718825cc6 |
| SHA1 | e5964f74fa50db7dba28bd8c1e7f6572076acdbf |
| SHA256 | ead448b65e56d545de8dc621ef2fd66425dd89e2c214450b52593f0fabb23aa1 |
| SHA512 | a63b1a78d13d9c0e5b3c1a0dcd4a455ac9d27af8fc6d905b23d750d0bf80bda5351b5aa59507d60d4592b517ff2bf4731253eb76b3e9f2260e7dc9950729300a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 3446568ebe691e08094adbba4b509901 |
| SHA1 | d33b66b77bd1765bcf31e58cbf151e669feaa1b1 |
| SHA256 | f1c65b8030f15a62e4356c989147fa2d268ef6713f09a6a1c49e5265126c5662 |
| SHA512 | 556198112b012b97886ee39a8e7f991f2d6e0097d785c72f2efbf5c72c1088d36b7cd605e7d1da46fe93d37973b41ba0048ada18baa462efac9bdc92c23877b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a55855d26447ab2d4af80a15acea1ebe |
| SHA1 | d278695676a9717024ce85284dbbb59e911874b0 |
| SHA256 | 427ba24f4d2b1b7c2e9a01e660d5584fe374c9f5d134a02a76b1a5d80d21d77b |
| SHA512 | 8a2b1e3f8716c43043867dc38abca848c4e926bf6923440ccc476c858db60a91a05d06fa2e07bfd13d4f0641c63701dfbbfd450bcb531c22ac7c3b7b8a484f17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2dd37a67bb32d6e503766f82300362ac |
| SHA1 | 93b1b391dcd9184d44aab2ab2f018906e44be63d |
| SHA256 | cc7a48cbcd1fcdbc06edffc51bd870b2b03ed358b50708e321387ae4bf4d18d9 |
| SHA512 | dbb84b6b2cd1ef8fefe9b5d74b4d932f053ceab1bd558aecc9263b4193b5fec6db112c539429ac775038924c8fd71627b8e907b4d6bfcf23f319955b128f2149 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5cb8d6dd70ce4c649d5f8b3f0b283c9 |
| SHA1 | eff4a3478526891239cd0d72157f4c7f2be8f16f |
| SHA256 | 1455660024b52005208dd4ab69fae14006f9e1183c7e901360abc77e09f93298 |
| SHA512 | b0338598fb30affa123679af8b97df89d8f37de325d58e81b844b169c685a96d7731564045b778cbe7ee4b4efdd2b995a36a05a5e7fa09686a9201a7c040e23f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3f915d17329289c30b155fb4aee31a0 |
| SHA1 | 56ba697c83d50095dcceff1fd1e32804483ac190 |
| SHA256 | 4eace1b22247f0d9ddcf2ded37efcfe91ed48ce8483daf4e8e373671ef044140 |
| SHA512 | b5fbc6e03618d6400b4a91fe9a9f442c714f67d4a407226279266e4a06223d050549d98b1efd75ab4856ad9bcada4cef1db80923e6474a0d70641a4de316124b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32661886f9b143c538ee3092768e1913 |
| SHA1 | 6d7526f1ef2e79509cdb0e1512a11cdb278dbd73 |
| SHA256 | fe33ea9aac5102b616084fa6053dc47cfb01aa260b37f12888ceba7444d03ba8 |
| SHA512 | b629eefa2a97b6f0b5ccc621671b562d845984c5f7e3221afb09ec7c1ea50aedccf2c644fbedc123d255b32b722db98660cdb8fa58fd5674baef0964ea997292 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 218b49f18872ab96521ada70ef550499 |
| SHA1 | a17af54c89bebf6ebd785409e5d9ad690398eddc |
| SHA256 | 8f3c9beb907610ca2d5462e73f1caa5bc153ccdb055e7d2941d32074d36f0e02 |
| SHA512 | 3e358fd52a6508a7952e92e43203c2e73f6dc47b436a35b0f166dbd5908e2baadf342250f0eff9a4c7dd128707852245b567336c9fa01c0efe21e8b5377d9dad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 692e22559f6c9b1640016f278e91bf5f |
| SHA1 | 3c908f592abc1ba54c3b22dfc74679f78a37c854 |
| SHA256 | 417e8335ec8c0515f66bf1227d75e341c9973cd953861dc1b2c18e4588b2bd1a |
| SHA512 | 981dc162d4dbd0095a8fa03880433b2852a86ef60d630056086e193f86b301ffc5737f4851f8cf4b35989b1005ee00a95b9f2e89fcd4fb569c867f45edcb8406 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13eb1e143c3107266234b5c113f98e3e |
| SHA1 | c45516c78f7246c2ae3be2279d9127631a994c57 |
| SHA256 | 34985f309715bfb00a5a0e3e4da0129987980b6b0024050b5f8c9423ea38fc08 |
| SHA512 | 475a0311d04ff95a40bbb652695a36b116a7671d8fa6bb91473de5b8fea93c48003ca12986c9f11e47ed559521f6d6799e364dd76bee244995c6a446c3d9f40d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1938f7c2ac875c0cd37d986fb3705898 |
| SHA1 | 64a039d43bc16af5cf4383fa9d957bc496b5110b |
| SHA256 | 0983034d2e2918ce2578b24a700e3d6afc69e07d395ede64f2f56e84f26481a3 |
| SHA512 | 7112cafa192e1dcf5a8601cc308a248f74084ba10d9069b234c79d2cab8399ee12df8c1eb6bf9730bd64f12059e6c850de42ac880538758928c2fce1d3e62355 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 556e65b51b513ebc08ec0fcb28edc109 |
| SHA1 | cc55cd9f1bf1ff6f544575ef714b0f07b16dd7aa |
| SHA256 | c9c8cf42f20a46f164e1e1e3a08f4a6de41a15260fa068fe788a4346f40c23e2 |
| SHA512 | b4f8e5fc74864c657918dc6e8ff4834bf217c487ca1caf0396e0b091848332c269de1446ab1e66fb7966099b140956c4010067ac6f693461508a052b04db71bd |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-04 18:18
Reported
2024-05-04 18:21
Platform
win10v2004-20240419-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\13e9be4756aa037b5693dc6cc9a14be2_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdea146f8,0x7ffcdea14708,0x7ffcdea14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | secure.aadcdn.microsoftonline-p.com | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 8.8.8.8:53 | ajax.aspnetcdn.com | udp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | portal.microsoftonline.com | udp |
| US | 13.107.6.156:443 | portal.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | 156.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.23.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 919c29d42fb6034fee2f5de14d573c63 |
| SHA1 | 24a2e1042347b3853344157239bde3ed699047a8 |
| SHA256 | 17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141 |
| SHA512 | bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d |
\??\pipe\LOCAL\crashpad_4876_BSYOWFLGHNGTWCSV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b2290ca03b4ca5fe52d82550c7e7d69 |
| SHA1 | 20583a7851a906444204ce8ba4fa51153e6cd494 |
| SHA256 | f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2 |
| SHA512 | 704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e380cc8cc05b5b93b3a75060a776bc19 |
| SHA1 | d5972aefdc74bbfa7d4e2f9675ef2e0c53e0bf9d |
| SHA256 | 82efa7799f3a2fd146dd42f8e85121816b3c8eb2f2dc722aaa17d3dac22137d1 |
| SHA512 | 2fbc2546d25bc60ad85f37804a1d98922fd78e546cd64c70f776baf5d7dd85ece05b381da34c165a94137ecd359136ab6c977d9255cfab4e97da7428caaa2d65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | aea1f49f357c8243283b01e1968d0715 |
| SHA1 | d32c1b0f9ed01c324583eb641481ca5d858c830c |
| SHA256 | 982548f2e69a792768efe58c0b84a7b51b63f8a0147b3f81061371c822b1396d |
| SHA512 | 0ae0c66f0a8b30f1eca62260c0c138490582f3c5580d12160693f7706dc4e531795812363d3df15eec62d892232a964c58d91b333232dc6e1a24e7a19cba86c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3607e2f12d23207af05aa3a7bca4121a |
| SHA1 | 96708388ac5b58ad9f168c812c66c0120f7d8cb3 |
| SHA256 | 74ae9f324bc62f8bc88e403457c5cff8b025214892f46de07b49b55327d64906 |
| SHA512 | edd0ed9da9fa80f8a65c1b954bd681195945e6a8e63cebbcabdd1e175155f7247e308e50418b3f0898564dfee235162824d865b623d6a51d909200d8642f33be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d406b808db03486c92a1a59238b1e5b0 |
| SHA1 | a06abab63f4139c38acae4c4321e8c1887bcad58 |
| SHA256 | 53f8cbcb57ccf678366099900cbf010017e5ef1e8fc7ca60d70c6f15eb774570 |
| SHA512 | d3281d8e015fdcdd8808e586bffae6c63555eb27fdf1078c6d9dd52f804f34428a5880a0bcb37b82ebc110da6d91242775c54a53f8b0e2819fc46580537ec649 |