Analysis Overview
SHA256
599f6b1d344994419023d5a984c624ce6ccde06447ced012e161794722098d3a
Threat Level: Likely benign
The file 19cd0c54f12a6b7762c7620d92dfb040_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-05 23:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-05 23:58
Reported
2024-05-06 00:01
Platform
win7-20240221-en
Max time kernel
134s
Max time network
135s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000cd36d09cf9fbe3a3d2c349cfa0e32900f1498b94d5a56c2d7f3ac3b31c527221000000000e80000000020000200000009731fe0598429766a45680b190f5ace0214f33d0cbf1b81cd1d66adef1bdef78200000007a3711c8ec5fc3bcedb9d181e863ce0aa8063b7a95356cf55999ec2970a273a8400000006f9a853c6d27f04e8f13be634c04457d58c59a5cb07a0eab6787b1bd3deb2ba30a5cd079dbd11557385fed6e964fca28ad5dcb86bd19a7d256c872f54f831282 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30fb1447489fda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6C78F891-0B3B-11EF-97FB-6A55B5C6A64E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000002300ea3b3390dd4d5991dd0ce7d0ecd4a11c864f1ebe70b0a9e880a26e75e20000000000e8000000002000020000000e2bf916ab50b3f199d16a154163a5307a5d1e81aa9026404c6c1267de7e5da9890000000f675322f60f9075a1137f3c58b3d8d282cae0808e8f012a7c157734ddcf65b426aa9a472f8ce4f0ac55094f066c49a642e04dbcb12379bf5bdfe3e75033d619e98b990fe6500cc447888a0a06b5cb3f09c2a7543b33e4f693f96d89e3a80621eb5a5237fbf792db4dcb21b587cb570e16e2ca5a9be962cf4797aa31f594bfa2dc7feedc5c9622c5f91f5282601a2ef3740000000534e61abd9d85ec2d4d74e7ec218d81113590daefb1c61a117ead9cbca95012e53dec711177eafba4f62c288f731294b14397e54216d1f96db66dded0bda6ae1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421115401" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2648 wrote to memory of 3000 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2648 wrote to memory of 3000 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2648 wrote to memory of 3000 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2648 wrote to memory of 3000 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\19cd0c54f12a6b7762c7620d92dfb040_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | secure.aadcdn.microsoftonline-p.com | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 8.8.8.8:53 | ajax.aspnetcdn.com | udp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | portal.microsoftonline.com | udp |
| US | 13.107.6.156:443 | portal.microsoftonline.com | tcp |
| US | 13.107.6.156:443 | portal.microsoftonline.com | tcp |
| US | 13.107.6.156:443 | portal.microsoftonline.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabA363.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarA375.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\CabA50E.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2228ee1a435a72f13be5331274d031d6 |
| SHA1 | 21e1f5e06806c90d17e98d90d2f3b658aa63fc6b |
| SHA256 | df357e92c3ac4b0c7f9d4f7a8d0f1d654e8ea72e391f11807544324526b8e5fd |
| SHA512 | 6b3c82b3eb5bb21a4af5678fd4f8b600caadc8f42fa3a4658a279ef2425fcc62544e22c0bb7e283a5eccad57719ea991bdda034056957fad1c44f6b9ced687ba |
C:\Users\Admin\AppData\Local\Temp\TarA548.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bb7d8b29a3322806f506d12412d3ecc |
| SHA1 | cbe93749ef0579f9276fcbdb83a5767198be03f2 |
| SHA256 | 742d8ead9efd40a05d10c031819111b9e86ea0781a866f8f59cc7db56dc42937 |
| SHA512 | 6d8d2c26532173d05cf10723008abac789a3462fbe56a1ed6dfb811389a5b39baef53e8dac009de22f6bdb6881c92618135248bfb71c597f399023a583f37223 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55f5659918cbac2972b25ccffed682b9 |
| SHA1 | c5ef475c45015d9e5338cda71b72313c3dea75dc |
| SHA256 | b0d3d4d931ae0ef87ff87d6c303d62cb10d9465925288e05cc04a4f97ac1f29e |
| SHA512 | 2833850b8bbcdfa696a6c91dcb0fd2543dbf8b7071aa32ffdeb3147f784f2d8addad71034fba52030763950a4fb22189442aa1a85e7b65509d107e5e89738e5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90bd82b225b29cb5e24e1b3702798e1d |
| SHA1 | 62111d5619c15193ed9ad41a9ded40d756dc0a19 |
| SHA256 | 8eb8fef824cd68cdda639c7d00d2dbda85b4b0feaa885c347a94d1b5da1e1c5b |
| SHA512 | 045d84a3a62a39feb9ddd79eec7d5ffe1c3b0432d18de9558b6a67192524c0b993b9b411748fac866a23b217bcb637f45c5eb72dc7dc2d6733639daaa7492232 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9f389a66f56756fef6a431ffdd28544 |
| SHA1 | a99ee103eaa2c33c4c153bd5d2edc35c0750de54 |
| SHA256 | 72c8e6c6f930d71f7417c62606e4b46f229da8c6353d54002b750e3b564b6064 |
| SHA512 | bbcde9101321da76f86314df620f207186b307bdc93d1ff0ef0da7b26b22d0f9630a4a99ec9b37358d56d1517e68a74977a92ad69a81e848da1707e8011da222 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22a067fc4c85a38727d43ba6fa975c00 |
| SHA1 | 48bd56721537ca2bbcab322bd094309324cabee8 |
| SHA256 | e0e1723647138ffd9bd53fcd24dcfe220efbe58bf6a7277d8a40dd6e1ff8dce7 |
| SHA512 | 7b20ad981c93c3f940ee1dfd700697704909e22f45bac818a124556f25516313592ee6b2b7a96695ff5007d382c7725e26f6d576c284e27d2301dc365e0901f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ea59232ef5acdf9deeddba7d3d47f6b |
| SHA1 | e8c1749640e1d5ef3a00ac241b65192b5467c258 |
| SHA256 | f0127b390f977b6681618ea36ad8fb857bb1f1d1dbf4d8b4896ccc48ba534cec |
| SHA512 | ab5a98517b77c23c17fe39ef6d65771ab6ab0a9e1b96b99f6ec32856806500c9825e2533d829dced58e0bf929c04cce8a8ef94513b3b328a282fec7385f25d04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 270aaaf532b14074129d3759f53df199 |
| SHA1 | 6144c55110cec3c10a4bb3cb64632e8fb028b1fa |
| SHA256 | 381063ed3d0bc875227ff577387bb3d1686b7d7836f80a7da712cbf048ca510e |
| SHA512 | 4b3c18f8885251a8b2e4172938ec13da73e88cbc75d3d2806c36e6c8a15bd7c23fda7185efd013e2cdafc0292543f43df610f85c73abbb89edc08ac1f765aa2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21b5eb5febf029589a4f2b52b78ee006 |
| SHA1 | 25000a0ee195506abbde9562ae28a8437f87c285 |
| SHA256 | b8a29537c1235b9ced1302a2d7b6e981df4bf8c4e4044dad6ce6e49705b5386f |
| SHA512 | fbc45742d202bc7490cc86e463a7f753b97d1e9e5910c59339cf3babaa3659b2f23236df6720007e0fac7a139ae00b4d445d9592fd03529a4e75c7dad8f38c08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74703e81774151e9f889c58675de506d |
| SHA1 | 77a5735d39aef0bc02c007767f2b71517c7e60a2 |
| SHA256 | e0008462bd5376144be4ee183df4c470aaa1f2b45e8dd2afdf3d18ed965a438e |
| SHA512 | 5d861ec85db08148025fe25471e183bd557626be0866edbe986a9f4e3d731693a94a9136c9a1f0118b922de97cc1839965fb7ee21d9215373ba707007a38f121 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8c7f0c164e08c6ed905eb394a43f506 |
| SHA1 | e115d4608b08a82d5ca6c5ffca966284b957d4e9 |
| SHA256 | e67038bf5ac3f955677bd0985eabd6bff7108984659be17eade27d4c3207c05c |
| SHA512 | 3e578a41f2043ce4e4790da5714d9fcc75a1a60f4d35bc7cec3d8891e932bbb410ba2327be552a4b08ca3d50c1c635c423a0618189809533f035652159db843d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8222491ca4be2d7b784e0d3611c28ee |
| SHA1 | b237c7aa69c8c700719abaa2bc8161555beb2166 |
| SHA256 | 028c20459f15f90c9d77335636d74c155e6033f52ac8128eb38075c87bf0b20d |
| SHA512 | 8ddefcb76178cf698da3370b0d7265b56976422b7fb876ecc165aa936a652b86de46b40991948bf9e951e90b1e5bcc9d310a76362fcafd669e2fe74ea88aab7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd0431f35780e2cabc9562af013513ad |
| SHA1 | bec40a69604167d4d8176d11f48362eb81dde074 |
| SHA256 | bf3bbc7dbed64212becbe36fc766f6451f187a5bd019d45d2ed69d2149c96b02 |
| SHA512 | 59ee4820e411d53be970ba1e88ce90d9638ba095d8776aaf49c947e571bd55aed9df6348a1ac005142698d9300c8b1ebfa981eef7d12182b70493accc14dc782 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6fc409ed7474199ef89db53cac642ce |
| SHA1 | 6694fe8c7fb435444282bb12b9b862aa637fec50 |
| SHA256 | 10b61c7115ccc34676926145c6dcdcc3d2c25c3b2774203f3b8ec82321364243 |
| SHA512 | da3f8f181260d72739bf354ee4a4d1084fbc89bee75268b66684c4c6360a94bd8970520fa16894a8951b20fe94251663071faf5c0d46e31cd4a302679067f1b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6bf36052593d4827ef322ad97c3ff15 |
| SHA1 | d26d563448cd6bb670c3e03137b05b83096ff124 |
| SHA256 | ef9f7b288f8608df879b017271e4d63eeda29fe0146ed69507a7b9898084b523 |
| SHA512 | bd2cf0ad785d7e23fd80ddd87c7a229f5688c95dd8272e20606d53e0d6706ebd2accfe3575ab378516b187bc23c4534de86b9bbe964c9042b467629c8af672b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6cdc01ecaa39451c2f5fdcba1b7f4958 |
| SHA1 | ea3ed400d60c34475a45c5282ec05aa5b7c27d19 |
| SHA256 | 83cf5a137d6732480ee0c085e099ecf1d2bfe9f0c7757c831320775fdb43fe3f |
| SHA512 | a05eb83fdc922f3c904f99c380d0c574639430fe8f83f9effe17df1df534deb6a2b1ae2bd35df047422ccd65d6b52e89e9a7e7896615a8efc859343fd19505d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eaa3dd16dcc1d8b8a9a71192c96ed234 |
| SHA1 | 5b8d5675defb3bf884cef3f62a66625af8af5c9f |
| SHA256 | f78e2ed5b332ca53d6cebdcb292c185ae77b881ec9e1030f56cda86dfe4ce0fa |
| SHA512 | 7dbf2ada9c13cd9ee67909b19b2a6dfb72f7c70cdde55560f2946c88f8ba5c9718b67985feebbb668a48ca60b45902a8b406650d88d11f9c2314c1c354501f4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe0ec2680b7766a3534f6917ecac62ca |
| SHA1 | 321368e65b1277908aad20246c5b13dd9a283ccf |
| SHA256 | 8d6c1c49ccfe8c53ad2e7b5d0c9b326364f3a0f60336944e3f6d9f7ac61435c6 |
| SHA512 | fdc2311c777ecec714b329e40379ce52edc68fd63476a2a6b5c4e849e9939c51203c5307bb7ea2c27adb7d901a824cf7a59dfaa118a5616f3f96d664b006b915 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e15a115bb0ddc950eb46bb0fb3a2e438 |
| SHA1 | c91160e88d4ba81fc589ecba1348a4d4100f424d |
| SHA256 | 760ccfb091c91597a56e579ac8e3f759dc8f889af967af9572fa6a22cf7d1017 |
| SHA512 | befd8cf1574525b5d3b055d62202a8ac26a00bb06e0d492ffda1109b75c392a48c422d8cf86b2c94bf1f198869bd554eb5c16783eb66263a11c8fc3aeba7cb1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81fd931ad8f379979c57f830e5638bb4 |
| SHA1 | 4a9f3c8ff45d75fcd5e1f7ae41e6520d24fe0d55 |
| SHA256 | d96df0fd68a3656aae142573e6a796ea1a85a2b2101e004659d79bbdfe540a80 |
| SHA512 | b87da4bc99d068ed8442ed6b84151348d882a1f35c06505959fc6bb0c7ba00fc8ba33ea17e19ff1b13a80395492b40a073b0f85236bb631e96a86f9c740eb6e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2e3527af3545134b66babe8f838bd07 |
| SHA1 | f7132f8d8a5db8f63c4d1085a67fe7464fbe3dce |
| SHA256 | 407d7052fe6d6a4c4cd59dd3ac55f0749f051737703b7d33758116409c420d8c |
| SHA512 | cea5bc8263467e4fdda4b54d2f119b34663786abf8b327834e93a2a65981d29872f72b024397efc73c47a0e6316885bc506986a133ad70f02efebc6da8b7f580 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 479caee413ff75aadadf1d69326a2da3 |
| SHA1 | ff2de1a4c3c5b6bcfff156f2da06db157b04c361 |
| SHA256 | bc7d703a6f39b9b1fe596107063e39b7867d3f93c10ef625bed154c22ebf3864 |
| SHA512 | 149fac990cda10088ebd1885ffce81ef2adf7a2ec6b594ea51d0b365916fe26dee0bbed104f6c2c2cb59fe3fae29e47f4a583e240d77a03cd42e6368602338a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd9320fcfe5c1c9f2e8d77a2c90089b3 |
| SHA1 | 86b00b03bee4ca87d218c1ba1e87143169324e94 |
| SHA256 | 850a4f4f4dd3f2682b83f884816fbbfaf3903d817967beb656b361f05a846dad |
| SHA512 | e6b5de6f0616f35538333d9105b9137df8a2a48b44eb73284ada5358a4032c96c1a8fe43f592564d215b5c268325df5b97f67535f79915834211b2d45a6eb09a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac42ee124f5e6e4facd5dd9e9fd8f7bd |
| SHA1 | 8ef67348a91a6ad3d8f535c3328f631ed231b5fa |
| SHA256 | 25bfdfecc13e7e743bf3607afa0e601471e7f83f11dcdf2cdbfcd3ab5a524f06 |
| SHA512 | d24408a942fbd8419954fa64dc2e7f6f0d01d295c7d0b05bf382f6bd9b76023acb63d975b40d0a369558b03df0164d69bf6c8910551358512d7e727ab878568a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0037cc2dd4a93396e8d781cf61a44f2f |
| SHA1 | 40ecd526ac13e8de6290b6268c4b6fbea63a6b79 |
| SHA256 | e86147a7f37fd993cab763ba123132d0aa3a168e49571b09cd773c4f146e3e9e |
| SHA512 | 7dcfa8f2f09034e27655281b3e2c8bffdaf13762dd45dadf7aacc02ff6aca70a62f710ee33385906f13566aab2abcd91f20f9aecf6797f69f8b8bc30926d9acd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7101be30a1b106104eec1e44bdf3461e |
| SHA1 | 4316514008b5b8b0c46d7b4a5e0118efbbe20bdf |
| SHA256 | b179925b2fea26b1d4b732f8565e368f27daf8e23eadc6d02dceb88242280c97 |
| SHA512 | c41832415f7823d08ddeeec43aa32d095c1f73b750b3328bcd002f32815f083312f08f6ede442d09d6b5e83ddc7559e138690d8d7769e125dedc37c66ee996ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8945f547120e8918b43d46f4040fe92 |
| SHA1 | 722471ee781e4b5aea2171f2d1ab1734084f3512 |
| SHA256 | f4b62dbb9d571eb9842675138c6b06df61786aa23f9904e64c0ba03123ada383 |
| SHA512 | 02ec1a9f8c013072082de07b1acf14ed4bec73555b3fb251b477de88394a68ee2b7f87de2f401d4c0fc57bb51b33ca38022eb56faebd4127fd873abbd0a29a8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e699894d5233b940d6a896dfbd60075 |
| SHA1 | c10e9055cdcd492d79ca4cbd4cdebe7783d17b7d |
| SHA256 | 4271f8dda94f8506e87b03514b51ecf24687c7257013adccae6ca9279de289f1 |
| SHA512 | 3bd02733b142e31698175363d6c8a8441a5010f128ff9dfda48b333630adc50dc4c7012ce893ae8d967b3aff27b86a61baa122a0223753aff57ae34aa66f1d16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42c1d024b4c2f4193846a15ec4c7c743 |
| SHA1 | 9d60b89f1eb8a26a48069dd5454a9170d19ba9eb |
| SHA256 | 32f1b2e514a56a78f7c000ee75e6230452e293396bd9251e4cfdb414e84fbac0 |
| SHA512 | 7ee9a29ccb3f1db0334d632a1df7be4e523963321bd4b96f216c2796f29dc3f1468d2c8ff68493f34f4dd4e3e9f384abd3191546b994f20dc5da8ebb5ba4f027 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 311ccfd72f19c5ec07e23d7064b7aff0 |
| SHA1 | dd4baf5010e66bfde069da54503cb2a26c11d0a1 |
| SHA256 | 690a64565e73c507871f5a07b676af1a81fef76a2b8cf2a764071b39a1cc7782 |
| SHA512 | 726d2c4a618cc393583234c7fee129b8bbcdfa3a0e9c2748c0d24c1123a0bca2a48698b179960e8e4fcf70c393356dd233b43a75cdbac90c789f3f1f3be444d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df2bfe31478c820f14bd3c4b18f061a8 |
| SHA1 | d48aa72c51523b62a86d187decd0972164f1a8d6 |
| SHA256 | 76e80efdbd33d0aaed9ac71d554e9fede38a4d5b0df198e013b3829110532816 |
| SHA512 | 93d7b78c9e04633b9f2de4a5ef058555ead6e08a2bdf19478a5ab77ae91389a32cb05c39865ea682a35dd39682328a1ca6db6898eef18b5be487249f6579d628 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6aa0abc62f705746bbc1fd4143d40564 |
| SHA1 | 871231616c6a6acbc63c40e6b926a2778f8cb6c9 |
| SHA256 | 1e7725b9d00dc20f70c4cb71a40a34b6dac659b068dd06c2f0cc637f48ac411c |
| SHA512 | 7c46a1ef83275c32d83ba36075c3634e1c4197d512e391e7280c5ddfe46f31ca45deb8e13a77eb32c9cad7713912b074fbb7750b4793a5c3f2418096ac5c93a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df55f36bb9c863a92b9f3ac9623bc7ab |
| SHA1 | 16e3fff37e24eaaadce10a81710959398c304662 |
| SHA256 | 9260b1cf850fd0009dc4cce50e1818189700a7dfc69c00d55029e620c8741fe7 |
| SHA512 | 55da2608395d8d79f48228927c2ba860a1516434901816e9f1a3f7e866ef4be295384d526ae5764458946eb3d85637ea43788c698d66f69de898d24fcaab7faa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2543b9b3eadc7249311f25f8bb23ccbd |
| SHA1 | c6852929e1b60c3588495185849946a3b45aa2c6 |
| SHA256 | 74fae9e7df1e38c72fabbce928f30b5827aa6ba9c6e234b1534c2af8f7881d0a |
| SHA512 | b736da55f606f6595b0a2e9da4151d9610b8303412768a58af655a33e53b24c95443a9472c85aedc76e53ffd024df27bb4d4f0cdf33d54daa0d8d4a2e3fcccdd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 221ed5d68f215fda32580d072bdd939f |
| SHA1 | b9bf6313eb83e229e2576b074fc0d5d6fc35168d |
| SHA256 | e243409628b19aa498c1bbccac2d7e1b47da18ecf1c722524caeb057bf2d9cf6 |
| SHA512 | b925ceda05c2b39d174f46aefc982838665cf9a15a7c43a0a3847d9b85cd592973568f26c6967e9c5c1219a4a54ddedc25c0e25a511911647f66acb9f3a1c051 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b53aa04b79d4316105dea99e7cdf3f4 |
| SHA1 | 7c6f296f7d551ad0dbeb9037e73eba5138fd32e3 |
| SHA256 | 01347893a2c77c9c17233410254977390f971b888e2ad1e5449001cac3d839d6 |
| SHA512 | 19f0dd06509cd7068f240a1f70eaf00a96d361bfdf9b9a33579dcec146d5bd9839fd9677b13db9d690d3a84b01853b8b07a892441df1b42279be230a73ff61be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 087179ddc161fdb6c42d1b4b52739d6b |
| SHA1 | f96aac22f6aa15713246b65d4cb0c8d9d6ae7899 |
| SHA256 | 5b59b01d51260e7f2c738c61fec584121a24344980a110314d3b1048d562fd1e |
| SHA512 | 5b2ba14b2440fa783e41ed772b0eeae70f574d9a4bcb37804f6216b33d09df077228adee86d3fc84b4b85a625895457ccd0ed592f9530048283df41357829904 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2218bcab90221db2a8330d071e95dc7b |
| SHA1 | 8644ad316b3c7469e504886d69d16be79f91aa57 |
| SHA256 | 1d3ff89170abd8ec968f9228e94c162cb55f61970ede85f1a3db31f3923954fe |
| SHA512 | 5931182e9ed6c6833d79796ce5a47e8ed22b207e62c01bcc518c259fb00592e49bc97d29a451c0a5a54e30d0463750ac756ac040cc7f544e02f6bc4225abcab4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | cc49e1fcfedda2baabb15762ec30efa3 |
| SHA1 | 44c8c7f263b90246037797ba93fbce5aa5c33fe5 |
| SHA256 | 004a2caab919b77b1f95f21647c9c1e7828f574f910c3b0ee5797c545726d5ec |
| SHA512 | 04c337621a8ef4bd93518fd2e865f0104115e24691dc1d2859d0b2e85795aa5a2b7681e30febec227f86fa0ea0696c40ff33eeb695bd323bdd271a7dfb39d634 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 332804a5d8b7b0500e49fb729249dc98 |
| SHA1 | bd42f2015d4733b4cf8c522d6323301ae08fe9fe |
| SHA256 | cb1f6612c7888d7996e1d4d4ba78e80edabcd185a484033b9b8067f79c40d063 |
| SHA512 | 3be7abb3664f7c084d50adb777173252173a7209db1073b141e23e8850a2504d73f3fad8585b89513eca0fbbaec96b4502a9de9ccf9be6372630d1f725033c81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a23ee813ffadcf510bfae4e40f8691e |
| SHA1 | 27055b4c44b40b89a3fda8f574ecff26404fd728 |
| SHA256 | d1e8f0d665308f32304517caf59bc03c53d16ab56547f744146cac34c6cfab3d |
| SHA512 | 93e91e194730f33e61f101084b8fe80928a7c6ad886287f00735f367317b00023f64b10808bf2b7ac364c408c184748240ebdc69fd3e7580f5716e92a0644854 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3fb43134d0ea6cbe4da4029148ba422 |
| SHA1 | 3648d79f2b5edfe64fc999c2e83fba58eec74962 |
| SHA256 | 910fdc6195cd16ecd4074b0ca7396987e35a64dc670d25e013f018f85f18bb38 |
| SHA512 | a35c1e24226a11bd77b5891989f7442d454925a80cca3517fd476aca5ac146e4a7cbe817c5b805458b3a645bb1e11037341aa33484caf1973746a09862776785 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7faf33216f5e590694ac4be0452193b5 |
| SHA1 | 399769608f766cd253e1f7db55673d2375d3cc1f |
| SHA256 | 5858960769560edf1bb145a6eccb72bdddceae91a88a9ab3098aeab8cd2f30c6 |
| SHA512 | 5218b76bf8aace19d1445fb8ef8afc17179aad5de4276cc82421c8dbea8d30f928e7d185c3374bbffd806648177f98208f9a8841c72336ecaf678a6174b17a18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa87a4de909f15befad259ac486ef36d |
| SHA1 | 0f3a94fe66b0712552a505e7514fb29999f2400b |
| SHA256 | 6dac4ada607c93d35e0605408dd67cda756658d5dba238be2f29f353fc51b39e |
| SHA512 | bc7bb10267ae8305a6ca1094e3f508b5a49efaf7cd4ebbdc5b750383562ac8389c93921a2c11bffddec8ade1b0392dd232cd1a18cfadc81b0826b1ed61c2b911 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | de9d95a095adabb0441bbbf448d4111f |
| SHA1 | 00ffcd75139960e002042eaf6a2571112ed2f066 |
| SHA256 | 2ba2b27dcb2d15eff0632de459b193d1c8dd20cc114e6c081ed2ef2709d32945 |
| SHA512 | 3aa13573b39da56f8267092be04347dd0416a8e6688a1e65c7b1f79ae88b2f158874ab2d1eccf08325da0aa730c68524eed940ae775d7a083222175f1a39f5e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2e71ec6f8bdf4ccb16d2c7c3bdcf7ee |
| SHA1 | bc4465d19be3c680e6e927dd8dea60ffc80a9221 |
| SHA256 | 8cf00056cce6fbddb56b4a9a8fb043a923e07c20f0305101481c2ff7e6caa90d |
| SHA512 | 5b94e06e3f9dfee72a5ec475cefcbd0d6baead79ae86d5194a30053406b97c142ea8b0df0ef1251071ce84fb863ed20a5e3cf6dfed993afb8b33199f9067fd9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f56d7605eade20fe7c331ee9fc361c3 |
| SHA1 | c89f95ea1d15231091e378229dd6012cd961a133 |
| SHA256 | d96087683b9ba9154063d349be9bc02293390c760a3002cf3b5e54158f22c610 |
| SHA512 | 26de1e88abd6004901dfbfabfc5fe61a85415769b5bd19ffa1245d18617ca5c64a74e7774a4d4b1b4fa9c8620bb83fc0ddf6777251921ffc9342f19400ac0c10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d98337e824224efa7efe473c8c035c2 |
| SHA1 | 7c313a060ed1789630dc9339c1bb727bbf11248e |
| SHA256 | 3846915d8fb170f76b3d3f626158a30092a95662cb359fb7bbdc085991555ede |
| SHA512 | acb26d201b249ac2a8729f17dd63d43e62587b6f9e3855cb8bcaf498eee0194e62185731991c9146a07249729359de2103b7f4ff50421be131f47139f7923d2c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-05 23:58
Reported
2024-05-06 00:01
Platform
win10v2004-20240419-en
Max time kernel
145s
Max time network
137s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\19cd0c54f12a6b7762c7620d92dfb040_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80ad846f8,0x7ff80ad84708,0x7ff80ad84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2736 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.aadcdn.microsoftonline-p.com | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 8.8.8.8:53 | ajax.aspnetcdn.com | udp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | portal.microsoftonline.com | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 13.107.6.156:443 | portal.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | 156.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.23.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1cbd0e9a14155b7f5d4f542d09a83153 |
| SHA1 | 27a442a921921d69743a8e4b76ff0b66016c4b76 |
| SHA256 | 243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c |
| SHA512 | 17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d |
\??\pipe\LOCAL\crashpad_4812_CLIIEAJXUJKBDVXA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4e96ed67859d0bafd47d805a71041f49 |
| SHA1 | 7806c54ae29a6c8d01dcbc78e5525ddde321b16b |
| SHA256 | bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d |
| SHA512 | 432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a62f6be65878eacd5c3cdf6bb5081060 |
| SHA1 | 4188464023dd517c72329331e409c48225176d69 |
| SHA256 | 77b130649540f8595e0ebfc0fb591a49361404d605b4149a42039f92d099de49 |
| SHA512 | 4aa413bea9b8b6f4dd8970dea55bb39679b4e284f2f56b15f60ddd48c146dd55b43a1581f645ae95a031eb35458694b6edcec10303c2527130809cafd785f35e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9908eaff50e0839f60bc619c99d2c4be |
| SHA1 | b29172cb0f4d6422b0f6224eaa1f13129ae7c320 |
| SHA256 | 0af892c5f38bc57d6afc2bf6f68b874f40e8c00118f5d268f2208673bbd8333b |
| SHA512 | 91c0bb326b9c3d1d08c6a5b13c0201d3d1b1b1687e26770d873cfd4206c91c0a4565706307429896c2ce741aba69141dad5c308f1a8d6eee416f94cfc3170bab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e8b1ea11aa3d54b5fa45ddf8e9bab5ef |
| SHA1 | 3daf1b7f92d3957d88d81c5fa7e6021dea905b3c |
| SHA256 | 83b21ec1952f9a897e0e3de184f8d4533562bf0e5ded161bafdab69cbe4e83d2 |
| SHA512 | f4434c9bc66bcbd9836579ab9ce467d645c46f2a396fea92df5e3af1456b33a917302de187c197ffd86e443975903138ed2a336345e17ddceaa396d71a2fd078 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d406b808db03486c92a1a59238b1e5b0 |
| SHA1 | a06abab63f4139c38acae4c4321e8c1887bcad58 |
| SHA256 | 53f8cbcb57ccf678366099900cbf010017e5ef1e8fc7ca60d70c6f15eb774570 |
| SHA512 | d3281d8e015fdcdd8808e586bffae6c63555eb27fdf1078c6d9dd52f804f34428a5880a0bcb37b82ebc110da6d91242775c54a53f8b0e2819fc46580537ec649 |