Analysis Overview
SHA256
ac7c84c33dc733f78a6ce9bec4f5d08e1d8988bd27925ceb94b2ff3861ee7fc0
Threat Level: Likely benign
The file 79c8f897d8e1e89f0a6489433243a364_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
Command and Scripting Interpreter: JavaScript
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 16:43
Signatures
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-27 16:43
Reported
2024-05-27 16:46
Platform
win7-20240221-en
Max time kernel
133s
Max time network
132s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dffb12e452fce54fb53e8c9fb036a992000000000200000000001066000000010000200000004ef75278d9782eaf92e8d087274ea5bde9391352574e3e036602cd6b1ec66f02000000000e8000000002000020000000ab0e8155dafc1128eea8d333ddce2dbf55564d2949bc2675bcded19239b7215c200000001bd1a315411e956ca6b375b3e6cbe2d6e0d24cd1d92dec7a98967c22063607ab40000000bae38ddbff16c3a89309c7ef7afc6fb6089d21359b188c259236f274b9dfbc1dc9d64d30cd8e49bcb2a4806028522743960985f9794ca2b272f63afeacbf8693 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dffb12e452fce54fb53e8c9fb036a992000000000200000000001066000000010000200000005482211b89c25d7d0520d351755bea6aa80da5cb14efb394dbebbf3a77cc3a32000000000e8000000002000020000000cb911701e89cc20c674d0c5ecf802e0c02e07e816fa7364d71c3d8659a23969190000000a97712aa35bcc4c92e645e610d76448d1521f8527cf77356b3bfe7727e2ca37c00a420e8c876f3b12798488e204ab0e270d1bc41abbb23de88825001a6101c6f0bcb28371c3eb5216c0a2f4cd2bce02f75cd123a55b4407fb72af195836be6a09085a55f51f6f5ea04d284bc1c33e2a7e02a93c09ac93562b5b5ee4b3f7556c121182c4b705f600a9351ac7a2f013ab240000000b0030d76a80e65f37b9abfe3361158d7e61895cbd8714fd8f0837ad2502831c95ae4e63daef8d2d41065508242fd9f9a15af22f6892eb3e727c3edd2fcfb5578 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4B15BE91-1C48-11EF-A01B-4AADDC6219DF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f09e971f55b0da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422990097" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1616 wrote to memory of 2512 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1616 wrote to memory of 2512 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1616 wrote to memory of 2512 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1616 wrote to memory of 2512 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\rebrand\index2.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1616 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab27EE.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar28CF.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f54a8f56aa08d4185f287965b808f3a6 |
| SHA1 | 49041e027df6392e4d13280d163db24a2902f1ef |
| SHA256 | 6ce76ba9da02405d79fec3ce143327317949d5f6c44895f8739a1079f2d20afd |
| SHA512 | 36139215f114b47f9607a0446f953b168590262010e6b8d556eabb6c71427d5d94553a8f752746e868d165af4088690da1213049ed48a943f8438589ccd8f53d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddd270d65921251d4d5cb893c21eaca9 |
| SHA1 | ea90c14b044da2279d79169ef23264834305e40a |
| SHA256 | b7952faefc76c839ff1c4e256c01dcb78e3f14b677d0628e4bcf31ab8af66866 |
| SHA512 | 32a29d263e6e646db543b7d0a32e9b133d75459f35637fa3f24a7656fb03a990a9910e99ae5d1d90b95234b47fbd25164cb412263f9b573afd89b549b951bbf0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a07d873cb880ee6ce461c19d62b5163 |
| SHA1 | 19890dc92c0fd34618de29ad1ec2c3edf59bd5b1 |
| SHA256 | ae326c000265039579366b4e57c03fe1c038177a956d278007d0efdb03993fcc |
| SHA512 | c933954c106cf86baecb3b72b4f784d8fa94dcfb434222348b2928e33e12a113234734a1a18221542afa6cd5f53d0ff9abb0f608a30e72951dd3cdf22a4ca113 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17fe0d562e767fe9d802b96e18afd623 |
| SHA1 | 77810ee63ea77681b251b16998ae6bb444e3325c |
| SHA256 | 6b7c3abaa11c8fd70681bb66afd8f61657a882a86ec7fc6e5e3a39a1b02818de |
| SHA512 | 733c06e250dab5fa9448c1a1c2baa1992ae462f92a748ab8d3a128fc50e639e1446d7111c3f3bb7f561791718ec506fcbcdb5abc7c02e56a3b790ddadb160414 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b75cf16b41070be8686eb745ac66ca2c |
| SHA1 | b5cd74024bfde643b7a6b9a333848af5986667ce |
| SHA256 | 416eff90bb2aa3f7845da04d9996fc71876a579497545d8f3c730601e9e995e6 |
| SHA512 | fe298dae0d1cd52fa330175f3d7fa9ca15446c0316f34ef12433041344aec8476a87ca6963c99d040f4b8196ae2d354845f465bcc20acf93d16e05f0c9dfe01c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4527608445ff2f9fadd47f0bcc910e56 |
| SHA1 | 3311552491521a18ee2b668eaf7c95724306dac5 |
| SHA256 | 447740051731ba4c5dbb17c3a3da266d402369ab2bc876530bf2a6f38f757e02 |
| SHA512 | 6244ee4e2c147c0f7cfc4b25b7da18675b2ce77907ea35efbd9e2ed6d5ff5c1765594460cc9b27114a2ce7d3e678568053e5636389d762ca641e3a8f91144891 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1955e35b0c8bf3b32caf94ffe32f73c |
| SHA1 | 5b8452dcae5667125b7b6414c64dd2b8bd1e0e97 |
| SHA256 | 43d38fb3e8638ab3b3c310c805c4b128cda86a0d4e17be70a6041bde871ada3e |
| SHA512 | 125ad313a503cc7922913eaae6773c7ca26f5bf02186b008077c62fcf5f121a60a8a62976d8482085486d94c9d0c2f9debe66d069b51ba5fafe20fc3291ecbc6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3df0e3414be704c8d70176955b875a5 |
| SHA1 | 0e716e687933422fcb876b97b3da0055fab7b72f |
| SHA256 | e796dad7cc9d26897d44866970fb4e97d955a284407d6e6179fff7cc6bb4eb4b |
| SHA512 | f6674b7d260e1aaf1ba9344f1c77679118348046acb388ba44eaac8c7dbacb241ae5f72c2388910fdfb562ba03cea98a14f108a2190c3f4143a4703571a2845c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b503c3e938af08ceeb5818b8ec68f5a |
| SHA1 | 7fe30a05d11469b1b41a18b9b49a8dabf4a3945f |
| SHA256 | e05202b782b64c5a562645bf87b6f5f631d37a8851ace67f3c1cf9496582b4c1 |
| SHA512 | 25f09e3d4ae064e77bea824a809f48aa25f15192108fcff1efcad9bb23f765e9f759567261865429501e827bed6bb329f7af97f0e0590b0dd44c5d71b3cce255 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 581a27250eecdeef6ae8f125823e4682 |
| SHA1 | f6ec5512edbe7d0b9f2f8d80218268c141bb4253 |
| SHA256 | 8fe297f95ac4adeaf69f9b27c25896a23a42ebae210f1d95ee9725387420399e |
| SHA512 | b0c350bf1fe3f0ef565302d154512959563612bff28f95b59732ef3649b771a0cabb30ecd1085e3b93411d3170b8e4a5b6e7677d32260c7616d9202c6f29d2da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec0413a0773a6dbf495121b2423b567f |
| SHA1 | 919f9f94ce9a6d61a285517ff318683c2c92788a |
| SHA256 | f697726f8b8917779f9cccef8f4c6c7438e191099251205a5d914f0fcc6bf8fb |
| SHA512 | d5544add5a92b6e92e7bcb3b695f15cd7c42f4e28caa050481b1f810cdb5da54b6c7bb9caa8566dde34e3f62f4caccf3ace55757bc3abffacc7e9d2d59c6c2ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eca493649d35599a9cebf098c98ac070 |
| SHA1 | 2da833c6ccf425ec5d15c9b77314973891d20ea7 |
| SHA256 | cbb20f70e4004a23c5d50e8f78d6ede5d7fab96d144a01668f8542122c1646fe |
| SHA512 | 0d72e713144e99a9919be72ed361f35eceecbfacfb00bd7e13d6ab68697ff27b8659918811c978c2f3955ac65c5e230815000bfe42ea2b9e06b0b63026540d40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96eeae45b78baf47e524dc97ce4eca36 |
| SHA1 | e85296396a109d979b1e59a3826990d840ada074 |
| SHA256 | 6a463456a04d86bf372c6c55a2fc82b42c5db32dc6fed8d5908c8062aae49924 |
| SHA512 | 8fe949e3baa9529850474833759901bfd852ea9554f94f7391e66a712594fbeed5f31f268b530440313b6384eddf276df277f03b0dbd4294c05636edaeca551e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ac381edc6891b188354355a138a7c77 |
| SHA1 | 3346f86de9da0ca56b92010bf6ab29ee909a575c |
| SHA256 | d2fb3fc67c072e66d17de40c865af41e30c99127e9db442995c080d59b711d44 |
| SHA512 | 37831e345573f62f9bbf4430fab7837d999153e322567450e659a819a1c1c244f74b577647dee50d74a439e993ef632940dd3817ff1c438f71061713371f927f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1afff7754ba96ec579b6605b12cfe34 |
| SHA1 | 4689e1f5074d93dabb0ffd6818fe8ae0c4c31f55 |
| SHA256 | c93a954cd1615c4e268045a14eaa0a50e3d2a0ed88b7ddac98b5c59f09106ab3 |
| SHA512 | 9834a7b528177b58cdfd862e8e736615fbb33579120deae285a14c9bf9a93f1262f8a785cb83685f485c5f4977f02b2a7baff94ebd0e4d15d12183146d6e2096 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 361e488e6aad59790e3abc47cacfc370 |
| SHA1 | 196edeafcbb470bf19a06fd1f157b04114c9a72f |
| SHA256 | f41ec8a3a61ea9013372fc1532568a91714aa1e6d8889001a7cfc05b7f14ee0c |
| SHA512 | 0fac48a188c1d750e7d3778a6b3e384abf997d95db1b63375c312e8d9f70fe7f7b54e73f55557f2e2bf52c50bfc0615681eab4cb7487a51a6ed76ad72dddfcf3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2d0c0f26bba60606aa0638f261442a5 |
| SHA1 | 2a86015368d587bf7db4950b37af24d3eb25528f |
| SHA256 | c07028f7463dd3764b958ac6703b5b1681fd62b78964c3269d8a1f0f0edf0a7f |
| SHA512 | 0dd96e99857e893004f777178234e6294aadbb8e46dcc0bbe5149d1d9fe24ae327c78f0a2f23edeae09ee3bb3dbc4365597ae067224d820b1386ca0de005d835 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 863da1a6a7a8353f32769afc732d0c86 |
| SHA1 | 7df4eacddbae0cd2c8d9ed19c7d3e46bd363a0c7 |
| SHA256 | f04d78ea9d05c4fc001947b7d7c0821a2647d84e32db3c73ef220560315d0bf0 |
| SHA512 | d15c0280ad4bdfca9bd5109d08927aa67b73e2807db0c098bb790572be4ee1b66da2d82e4fac6a7d9dd38fa8c88a0ebfdc917ac62a09f400ff06274d02f1c4a5 |
Analysis: behavioral8
Detonation Overview
Submitted
2024-05-27 16:43
Reported
2024-05-27 16:46
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
135s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\rebrand\loading.js
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1316,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 16:43
Reported
2024-05-27 16:46
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\rebrand\files\element.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-27 16:43
Reported
2024-05-27 16:46
Platform
win7-20240508-en
Max time kernel
118s
Max time network
118s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\rebrand\geoplugin.class.js
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-27 16:43
Reported
2024-05-27 16:46
Platform
win10v2004-20240426-en
Max time kernel
93s
Max time network
95s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\rebrand\geoplugin.class.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-05-27 16:43
Reported
2024-05-27 16:46
Platform
win7-20240221-en
Max time kernel
117s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\rebrand\loading.js
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-05-27 16:43
Reported
2024-05-27 16:46
Platform
win7-20240221-en
Max time kernel
120s
Max time network
130s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000610f1e8f8f0244b96005254ab5a977600000000020000000000106600000001000020000000ee309125defd01704c8f990b52e19cbd4624409060830f59bbc11e20c6f53dfb000000000e8000000002000020000000755d431736145e1c5a268e484baac2b1522717debb6303fb2c89c6a3c589344790000000873e64e517da57b806f878e5424ec79198adb1307e2d4d5bd1ee3bab8714ef1ba3c1ba164dd872b9ddf7dd76250a08e26437986df55c61321ec922228ea778e28cbcd58801a447b96f3941c2a50ac3b39e93f81bced93bc8aa2f539e54742790f3c9ac53d1526de87f34eea4f962868c30494eeed6f9b3ed0c6ba376630ff69d7f9b39d67a8d05e1a39455779934ee384000000097784e8aebba21d7c9d841db39629d28683c59ceefa966a691651fc77db7d2058375d94bc7a8403779f535468db9bc27d1a87814155e984fa7481bf81029377e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4A69DE91-1C48-11EF-9340-6EAD7206CC74} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0b2452355b0da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422990096" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000610f1e8f8f0244b96005254ab5a977600000000020000000000106600000001000020000000f586d7557c84405904fc8d1d8c2668b964875cfcd2f2d26981a84a6a090425a0000000000e800000000200002000000078558d340064e19c26d152cc41562defc38c86bbc712bafe8cf39c66558a1101200000008ad2f412e7d51dc9eac551afc8d5c79acf5daf5e7913b9ecebeb6f98cc5133cd4000000034403264d559237f6c5e9568a0f036753123cb704bf32c3521023d6ee4d2987cb067fe47b2f0a75e8c0f29d8ba9bfbefbfc819072ce5873a65637873989f43f9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2924 wrote to memory of 2760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2924 wrote to memory of 2760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2924 wrote to memory of 2760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2924 wrote to memory of 2760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\office\index.htm
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2924 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | secure.aadcdn.microsoftonline-p.com | udp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar159A.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab1589.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar168E.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec48ef97879c8f37f1abb921c74ced4f |
| SHA1 | e0c567a9776db4305979a2bfffe71a116eaa80b8 |
| SHA256 | 3a15740098747615c45c14fbfed56e26a6d152cae52f629d962dbfbbcc7481a5 |
| SHA512 | 285e0281edeb01041f54ed75f16101e1706f457e6031df642d8d83a4aea3de32029b93c047dc30f9b5bca63666efc4f0bb953b335e6db5f8b0d677540fb9d2e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 238640e38c644cf380e145145a8b7c87 |
| SHA1 | 5e23d0b0d8865db954b5e059e014c6a0f1b3f2a3 |
| SHA256 | 4f8ff8d537ddcc494b244bc83190ec3593423144d2b1adf1afebd379ddbb24f3 |
| SHA512 | e167a3960c752bdfa8991a3e5e208febe9f7f38f2d3b7ea1156aee12a827de570ff69bdd98eda6a73ee191c420328c5e960e0fd713fbc072bc777011749abb7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 411ac01dc07840b6f0567498656dd96c |
| SHA1 | df2df7c64ff3275ae5fb4bce6c5cfdc7fd319352 |
| SHA256 | 7dd75533a790002705f4669603f572770366a4fe1d8411f4b99b62bbfd279ae5 |
| SHA512 | 409f088a1b57561102164cb3a33d87c9c7753f07d7b4b50f7e9d55b4c9904e68742ce8c7c0af0b132647dd66f8a99e3d727c0dda0eeb198aa89585519212cdf1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ababfca7e5ba1027807f5655170a0f97 |
| SHA1 | ae0b5b0542538f7099ad0b16190529d6e76f099b |
| SHA256 | d17cdbbf3a1addd100555112588892cc64803de09407c7cd49d6c553aa82b525 |
| SHA512 | c2041618631ecd0b854caff9b58418dd22604332102bf36bb2f90407f7ba8790ca0d1a57dbf9b5bc6a39143f0c624aa417e648f52e17a057b6a4edba42181525 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7650f5d87d230cc966685e64f651189 |
| SHA1 | a82794dffe6a64c818b169042c2930981d40264a |
| SHA256 | 39d2de120574c1a7705a35d992b405194ed84fb542348f79910a0c6dd06a97f1 |
| SHA512 | 9a0bdf2ee61559948c66064d200486f5d3a7fa1baa716fd6678dfb32515ba679ec68ebaa1988cce3c3d4435786ed1b42db2aef20a0a080f7d53afe34abbf2424 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b58f9daf1ae26178467c4bfbaab50cc8 |
| SHA1 | 1f36c6c91dbbdb438a086e37e3063cdf58e3d78b |
| SHA256 | 8c399c88c8de6c990f8e274879d04a980a51585535ccd688caa2fe559b46bcd6 |
| SHA512 | 527e2d5da4d87b573e3a3a8d673d3bfe85cb5a243986a909782d4cb9cbec888fe4418c75dabf26917efd8b22003bdfb9360d3a5dcf518d3a17e5326c19c4b6dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82960c8ce3a9972d3f0abf7c799740b6 |
| SHA1 | f5555ad4f742d5928ce89bbcd8cc9aa57423f7a2 |
| SHA256 | 26d40d29efbb932a0cf458dc4851e4be1b1c78e3c1a6ab4cb8b71beef82ae284 |
| SHA512 | 0de88f3b2fb1926c0f26decc38fc596727872bdb7364a01c86961cece88d8ab7f2b5ed7e72b22ee814306809523ab4084df116ecf6e614b74acd84f4a5e7d40a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0aa12a581e995ac4bb2de8cb0983735c |
| SHA1 | 48e554c751f69d89bbb2c00532f0f60b84ae300b |
| SHA256 | 80618bf94e32fb06d7dcf2e2cdb8bde8c22712652f64234c8e45fbdaef47628a |
| SHA512 | 275684fe456fdf550055c36d95a31738073a47c69f5243af376180c0fca75fc5db0fb4972e73c9dea4d4a0658035fb7e436281d2de8064ce63a13de4e3ee51c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e97efa40e18715b57bf2b17b78a33700 |
| SHA1 | 6273e0573fd0e81faa4bdce2aa1426d1e3b2159b |
| SHA256 | 565a3bbb68279a50865d9313dab0f3d7cd6b70c487e4dc87a326e74e62b65a8c |
| SHA512 | fa179e7d44da56ecf147f12422d0c235601c765fe8cf5d4cf3650b6cc61cfdc85449a0764a685c70015d6b212b53ffac663055085ce0cffaa72a1ca66b2dba95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 252d455928ce09a1e561d8676676ecd4 |
| SHA1 | 587afa1f72edcaf056d7ff07269cdc6477352503 |
| SHA256 | a78a4bec7bf9f1cfe7e8993e870c05222179932d627a43c3a792161cdee1cb2d |
| SHA512 | f76cc239e85590f592bc8eaec0b616d5e5a2646e7ff4a773b22cd31f72d797aa3e29b5ec59e5c387b457a20d2349e7e40fc3db59c3fcc4ab5733d8c12e81d794 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0dc0ce0ec93e10eb4ef1f127887401b2 |
| SHA1 | 9b093241758bb07d7daeedcac3507b708605447c |
| SHA256 | fa1ef6adbd8b583988088df453d5b98262ed614cc11a2d96834ab5521ab6a4dc |
| SHA512 | 645946ffcf7c0194bdef2b6ef06fbfb423ffe3a70171b423d7c87cd959b73da5f5e893347fb16b6476ecf5046e3e91ffd9d44377dfe53d07fdca17e42d28daf4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb15acb756decba29710e23bc40d319a |
| SHA1 | 9c72fa193bd23ff004ff559ce5190802f77f3564 |
| SHA256 | 54bc1f9861233b8f4aeb1facc8f634abac89d85c78756c9ead1eee1d6d1c17ba |
| SHA512 | 5bfb6c5766dbe3edf33b5c2429e3785a377131be36a1c9609d950629fa64c5cf987b0e8f160555c23b6b68c263580a7f3bcc0742e0b0e10705948c5fbd4885ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7da6a116bf9bc4670cf2cbf1925ce229 |
| SHA1 | 263cdcb0abf91513e5a7ea299f6942bdf7511282 |
| SHA256 | 0974b7d95c9b985acceb51e7a4e017af13902be8c758d18df1ee8b0f3ed4137e |
| SHA512 | 7762bceeb2083f5b7453ed2b4b12b4295509ff8006b1f20e17fe529c1b4ed2146ea9962209fd993cc9d2eb80f369c634bc585626080f05776fca71742a86f46b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed6e54dad5a635de2bc9062b2ffd4f9c |
| SHA1 | b786e601bd93d49499d4533db6b71f2480d69bed |
| SHA256 | 9c7772634b1cd1fecc94ff77575fde9b8e2fe0aad9688c48962b5b844374d6f1 |
| SHA512 | dafab442fc7b9840da7eb2a97f4ba970d65d74f3716668ef86834b2f87f121db7557bbe0ebbbfdafca338d6ab60339c1249a5ccd3432f87f75178b2c9741b585 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d066f8be3910d75b054895b294dc99c2 |
| SHA1 | c88e227602eee5f2fcfded654e367693fdce9ebf |
| SHA256 | 82bc66112eaa4b2efb34ccdecebf5115f5918e42462e3b22ac7e83cf40f34b47 |
| SHA512 | 8c36bfef1ef7637f77e6125776d85a8cc36a7531ab2a2cda2f54c10b5330a3d6408b48132742f9ab895a7b2e6b610675acdc671f246f9a4b869fb7851afe5c38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 687ab2f00a2b0b65dcd047b18e3f9a5b |
| SHA1 | 939f3cdffaea672257f9299ad9b43213f812eadc |
| SHA256 | 50131f37c1da4c13b11a78b88ab05d651e10c6d92a9b9115a57604a55feeeb95 |
| SHA512 | 0c49675ccf0c4c223440ad36e3e2985f7d84eccc7dc8800ec13e244c7d3743979528847c8057add6bde6b3a7faec43d14e7b866c8c52981c4ff1d1fb57b619a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7c1fb473b893345a4b4d72238c86408 |
| SHA1 | e3151c3d104a3cee18b439d7211a87708b1f614e |
| SHA256 | 890e867ad62ecc2d2ab0a043018af10b8ca4500985b530d6e3e8b7e36ddd04b7 |
| SHA512 | 7bf79c9e6375d238ffe4cc003cfb6444a99a978c65c2f6ac3669b1cab8bd96e0829d66008430645b735a7adfeb785830a75c377168ab32b88e8a8220ceb3e025 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86852d513f5047cf9746fc008e6626d9 |
| SHA1 | 58d1fa7df49583577f0c8c9fedcececee42d972a |
| SHA256 | a7c846cad7da1c859e645be6b6850420e8249ba26f18ca234dff5a29de77b4c9 |
| SHA512 | 33869d467252ae2f02c39b8368fa562b4d0faaf3db7a915a86dfa8e50fad50a5af569c4a9d6b2357b59f023b37c5f87a4f75368d50e7aa85d5f68e29f4b22ffa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc20b03d354983ee8bbcf857ec55eea0 |
| SHA1 | 063c2730b653b6245d86f4f83735a430d7a271d3 |
| SHA256 | c59fdb28f1edc7b7677e27dac2148cdcb21597e6d72449a22eb4fd824a4265ab |
| SHA512 | 378fbc1ceec9dea1a8f9dbf6a6b665e59cbf88c199c9d360b47bb40d8bcfaca3b2032adf860321c00fd9a2199182df9d01c8645f41d9f9f6ee83b0177b902ec2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7741e1973103efd385d928c659fcf72f |
| SHA1 | 94d3193f84e44ebeddfd77eaca636cb309d52c9b |
| SHA256 | 857b8ba3f369cca23a9e462836373bf5f0c2679214f0ae2a46187d7483406307 |
| SHA512 | 1d0791ccf3fb7d475ecf024f83a08a497e23d419bf7a46b18ea1549b668ff3560c10989bd559c00677563dd92367c855f8bfbb68c82232cd50a30bd60d3b6fd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5338427839390265a58f9f026dd89d9 |
| SHA1 | 18578ad1a5980e042df90bc8fa26b8d3cca4173e |
| SHA256 | 2d9fbdfc7c0941b4da496ea9ff1b88dcf70125b674daceaaed93a63f91b45724 |
| SHA512 | 38de681ef427a3488913fa88430b15c301d6b79945fb4abfbdffe7098a35ae508eb2d16dc082aa4ae46ffd8fe9227057c53c13e3422226d0365afa91f3b921bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97dbf7eb43e5ac095452833e2174bf70 |
| SHA1 | af6f926e71c8d0ebb2d7db62444e750bd4e76f5a |
| SHA256 | d10107371abe3b85b2cd329a137c47f9442a15ccac601d6346493f5bffbd05ef |
| SHA512 | 2be6fba85ed3ad7c1b56c59b9781d1cb9dc3c3a15f74d92f663011156d5d9bce20be411d2a6cd8323fa45fe7b91c119c23da15111c3d3a2fd3ad6f40c3b18758 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41ea4be6c749b03c24fb4a93d44db3af |
| SHA1 | 817f8146e573818756dd7ce3418ca91697108044 |
| SHA256 | 489256280ae6744b42a13e102d0c07b33986a418da86896d61e909be7a9ba5fe |
| SHA512 | 0f9d90bd930406a3886be288565429a9513431af7581d54811b9fa4ece03e0be49e7a690d9a271f859d92edc7c80f82b084aa3b8494f7cc1fe19136114a85721 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aac9c9b52e02c399369f9053f716f5f3 |
| SHA1 | 181ae355c34622311aedaf8777d37572461c6544 |
| SHA256 | cb2ec494bc5ebdb1d93eef6951a30af0934b6bcf8d62e9d8c016041f1ecb7f97 |
| SHA512 | 4063abf4f369d9dad47aa7c5871ca214eb29930affc30dbb3500fdac6c1767589899c25f0e113173225cb45e659743f91586afdedc4599f07c7c184f1851bc1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfe3e77c89f7a5e6fdf584a528001cd1 |
| SHA1 | ed6ff2dfc4a574dd4421458ae1520369a514a1d2 |
| SHA256 | 7733de47e7f7c3eb9014acc24fbfd007d260f4d3b0e59d2090e83bab765129b4 |
| SHA512 | 0d5c15bb32b8f95fa29be03773a9ac2a0a7714849aba32e9e3942ccde0d4a0d6a7bcf1b755d20d7422d39a5a727c1236285d9bfe9030e972e62fe36be13043c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cea97646869e4187d6007c6430d6232e |
| SHA1 | d20d3fb4bc2152d50b481087c6cb3453cb30e2c0 |
| SHA256 | 7ddcdbb88029871839f8caecf72e3ce5ff36e1bfd14c38420c61a417060b9a4f |
| SHA512 | 81ae36269d74572df8a5c8d4d7ceeacaa1ba3cb5b98e8a1a3b67dd168131f04b4bd182e1d558879e77a9fd218ee5d210cb64f828a5ac38fe758fedc010aeeb99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 531fc09c7f5615432a8603cc3f12c1c5 |
| SHA1 | 8fdf65225dc8f64b6b802066d3dc260c69b69306 |
| SHA256 | 9df0d858cd1b3eebbc8de8109df9ab27c7b8706ddf06fe48c7461bf8523f3892 |
| SHA512 | 768ddf70db12030aa15baa5edab8e22b0989b65a0183ce532b1f360c50e6c455f74ea69613611ea298a6c7724f78c045c5b8da37cf886b04c4cd28f616326116 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e8e6b004f540addb6a805797a6be331 |
| SHA1 | f6fa6fd3892a2f4842d53b3d9c0f2ad8f6df3c47 |
| SHA256 | 34345bb9342634ff55dbcb9c15bdcd76d693c3c72d65777f568e868e00fa8dd2 |
| SHA512 | 1a06a6f91b26f7f4c5395d67fb61a5f44e2868d81629b9cca8b2e80c89b04e687d99707b385d5b7e5df51e6b59c0efb512e59ed5527d2e299cc167598b1ffeea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13941d3dead4656cd851cee50d93940e |
| SHA1 | 0336b985f24004a2da47a24ba6b8ab60d0965f3d |
| SHA256 | ebf9d57e938ab4436740893b9f8d851bf61a052250e55e9a56c91530021aee0c |
| SHA512 | b92c21d6e43e0c3fd032cb764e3ffb69a75e4fbdc6d422c7d68f40368801273bb385d7bdf74406281f2fde57fcd205a4e15f0831cea5957b848a68d66d52bf43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 629f08ef3ab5a2a13c90d1e709186ff8 |
| SHA1 | 7cc4c5cd615ea7e5a4f406b514f4ac8bc898a58a |
| SHA256 | 656d08b72e1d036d0fd86f3da569334e2f793fe68a66c733c99d969bea854e73 |
| SHA512 | dd8562dbca902a9664cedf00b101ecc12ea3fd728c72addbbbef17035be338560705918e88785eb033bacc71bbc3bb22ca2d166c4a33518b32d7837a17c6b8dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bcb0f4ec4c8e4dd538e2080d8fa1faaa |
| SHA1 | 24301123625766d5022da0fbf3749d7dd77c2610 |
| SHA256 | c25ca9e5811b955d71b94b07651466469dff5e39c7e40de4dfef31ce153ecc8a |
| SHA512 | 8fe84e7709fe560d46dfa59a9c38704cb6cac2f8660ef8f466ffd3eb6209c6bf2821377eb0328e30d3fc32be9b3496020720700d152225fdf5b28f505e9245dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 186bb49af0a4ef63e5fe8fb9420c34f7 |
| SHA1 | 521ff3a0f2724b4d1b92154fa01d2c696a356743 |
| SHA256 | f8ec736a2c84dcdd32437af7de6a68ae5a320af3ba769d29a7fea57be504a60d |
| SHA512 | e21897d91d9544902496e299b1bcf0a6eb9e9dac641f6bd34e2f54982ebb7bfe33bc15b446f276bf8d681f636053a6c8901617f543de78cce75afbcbfb2b148a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6eaac0406f74a93e7258704b24bb7f3d |
| SHA1 | 5dac8ae3ae904c789402361dcafae2fd75fd1db3 |
| SHA256 | 54e6a52feac2deb4c389eff46bfa40842bc44e02da48b887845591efb67cc4ae |
| SHA512 | e9a0ff5910049e6d3088b6bb79eeb0119b2021e0caff3ceb6b8fed800630e9d3129df77f1660510b0a9bdb7ff33c8c906a99a0668b121e2d5532be1cf523b6aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3043028aecc172844fb5c34b6cc38035 |
| SHA1 | 0cd40b37e05e804b1d5f21789ca3692ba0dcd490 |
| SHA256 | 2c9164f70222b904df74e7401be6382003cc71aecf8944c3db381ced323f3644 |
| SHA512 | 2615c351da273a24502a21bc789622f21fcfce97ecfa7cea5bdfdc5254959e03fee3d17ba44bb72867accd9f04d3701a30cfa8825246ddc0096021cfafb66101 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6cbe59a266b4ea204e46d839ee1ecef3 |
| SHA1 | c3b5793b03be471677e32994ec630af42cc4d564 |
| SHA256 | aba8cfb4f94ee3d44482100eca5b248ad0fcd908597c35a44b4b0abf2bc08bbc |
| SHA512 | 5c131731dabd08d2a3433124517e95ce8d4b33f21fc86f45c97953c563cffd040a055786643459b0187dc6dd26fab45f2b1d8e2d5b1d0875f16d5090725134eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45bd2d625a4bad08594838da9c0dca55 |
| SHA1 | d83f6e3b97af8eba74168102554343d0aff18876 |
| SHA256 | d6c2633bddd13d170d4a70c429fbc683709b0449db10d9e7e96ae3e84a1f6969 |
| SHA512 | 9c0921882adc040eef2eefb1102f4e17e8f10b370083c67b3abcbe01a0fff6409f37fa568963ebded0ec05ca23fb18943266c662d8c6eabd84829c243fff930a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | beba576c311482792a9efbe81e5b87c7 |
| SHA1 | 881271b8d6191f15f739783c8b6f83e24b5bb82a |
| SHA256 | 5c6391ec6a138a3e7305c9619461cbcd97deae682c2545a17e73df73e8ce6f52 |
| SHA512 | e3bdadfc1b1ceb128e8a7549056661dd4bfb1f065b646d44723919264fbe52489006241c5bc8c03af82ae8152676e8ce0a5533129cb0b4757ad59b7e9567214a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c77c5e27ca3c6654d0739c58fc3b9dca |
| SHA1 | fac0acfd4c7bd7683bc74eb9af8d2b967d69c9f5 |
| SHA256 | cf81de5e86336cc1c3fd6420e6396df2c854dd0bee71a4e6c5622c0e227bea08 |
| SHA512 | a8be523753d26eb0b3d6f1e02d7a72d4aff2a1519c1be75b6e44c7fee986c8d48b86082df17939428d2a5a60864d183a955cf43336c9264688bbfe55498f2444 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | daa7a6a943af0664be6ef3938801af34 |
| SHA1 | 6e814e7a5fe82dfd35af2c89e710e0db847c48e3 |
| SHA256 | 95c85905501713fed7ffdbd72c9cce00738bbeb33bf0d9be032aa760826799e1 |
| SHA512 | 7345aae8c97a0b48cfef6002b260d905d6cfe2090edf41b9fe20ce3337d6fb9a9877061675aaf8c983862d7aea33d9ba79ae67c164b5ede2644cadfb88bf3534 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d24e2ce5de1299cf92371ac8cea176c1 |
| SHA1 | c7eb967e12f75aa170c996cff657f11eaa8d95a0 |
| SHA256 | a676659e0215f1957cf17e7b336e0e3cfcd11a727293bef2a10212ae6abef9d0 |
| SHA512 | 7671e86c66182d3ce36fde76ed109237508e2e52d2e4095d6eddbd5b37402cdeeb3ea491b6b9ed0b8a4fae8ac71e106d814a9c5e467b14fd2e3c73e9af63d886 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f8f16478d79b51ca47cc8579ce90ffc |
| SHA1 | 1a43198a6b33292b6fcdf8452e241e1146b03837 |
| SHA256 | 906f28d4e548c5417003bcd6ef85579a7c03407041e0fa708b8443d1754f2b11 |
| SHA512 | b137ddabdf861e76b26871dd142a636ea8e9343ba2256209ff544bcbcc709a9915373c4d3b7c79b1b63ff520bc9a7e3834f8f0df404150c28d9fa826a2345a1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c19115a8261214ebf94ddebb20e21410 |
| SHA1 | 118b646cc93c1cd6f478032c565cb82eed83c521 |
| SHA256 | 17699913fe0d781072bbce561ea39426f42c65cd1b0ba5a8e410c53d17047562 |
| SHA512 | 0a65009130f8ffdf72b9cc18beddb2505c5274a32b025928521fc1f00501dd190435021887d97f5212472212e747ae25811fb9e20e40f241b4725cdf86e0b7cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7416af9214ad532e10e1c11cdf0665c |
| SHA1 | 3ccc8c0972f8a04373c8515976f62b63311d40c3 |
| SHA256 | b8aa6ae48308944c337847f6420c98896577ddbea207f6558966740202f8fb50 |
| SHA512 | ea754e4c2c712665447b1d23d2bcc30e2dc74d96432b9c3da992c17c5888863cee0b1057020aa4f99ecb9b4c8901679bddb0f275aded5a573c3b4ffa9234dd84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 801db75be79e2a7a71cb340c5ca829dd |
| SHA1 | dfc5565ec45c093f9e26f65ddd0e61c5e51898ef |
| SHA256 | 7325697f9d970ac7f72fe87b9c40f2d621c0c3245e2edecb1a99b9ea9602cd35 |
| SHA512 | d940ddc9dfb6d6e4dedf9005edc39b7eca8c2032fd0311da009191a9df9b65c6ee42a9fb67dc9fa69300c4bfcc6496bc24df1745259dde14b402115a69d24ee1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8057adca46133bebca1a40ac0eefbd02 |
| SHA1 | 16b4431e53b9a70fa4e89e360c48eeb50a21638c |
| SHA256 | c86ef59355fe9c5f5711e423d36a5db3ed3ef98fcf3ab3b2e7bfc5536e28b55f |
| SHA512 | 6c4f81094812b5a8b184ed53c4434bf3dcc55cc620b53fd9e07873345ae9a36a7ea6a9e8653a81aaa46b7d7dd029dfb30149417b70d7b6f6081259f7eb78085a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33e2b929a42e8e05fe23bb0887d6e0fd |
| SHA1 | bd736bd67bfbf183c55b9845a7fc4cb889603baf |
| SHA256 | 5b2147d32e2536ea315c3678e2e6becb9926746cbd10768ef9c78754c4ead87c |
| SHA512 | 2fb21d77cccab82175436b3bf0716e7af55af9c3c5e1e6b44cdf788b628a0cfe8711ffac5c8673295a1b455035b6f30c6c9e933d6de7fca74eb9a187f5a699f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d4b745d90c5fc11ce89751c01b9da8b |
| SHA1 | af82cdce5e72eff7760f418142c7f521718a121e |
| SHA256 | 0df0f9b133bf3911dbf1b88dffbf7a54ee386165dfc59426be1ad9bfe2b53642 |
| SHA512 | d7b4f8defd6d9f15ac1cf51997f6124c3a1096330e18b8af74b391b438c1735a43937567e90a06c0bc3557f686b7b7dabd54aaad21eefdd3dbc9d057653acbf0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46947f492af5fb9817726e760a26c85a |
| SHA1 | 9863f22e63225e14b38f65c9bdfc24e45ad953de |
| SHA256 | d9f72d08deb9d08ad1926b2fdcfa97634902d722284fdffac1001be9634c46b1 |
| SHA512 | bd4543478084bd5487297475a2a191740b7a779d6bbf59652af00645ca1c3741d21449b61c39de3ae2a3752d6cc3c9afdb1d91e0555bd235228f6c2ade152ba6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff5bf70cf08ed134dc01e6db2c8a43d6 |
| SHA1 | 1bc2ee6fec0554b82379f7fa302ab5ac74036360 |
| SHA256 | 120e5c7d08e094c422e2b651a9caffd4fd2b72d89b55bcb6e6f1287587dacbdd |
| SHA512 | 838ca7622e32aba122a17162a90a5874e0be97128c75d52ddf0e86d4c1b8e7988b95a7c8bbdba282147129eaed164d80d9193c372564febdf80ddc7403ec2e16 |
Analysis: behavioral10
Detonation Overview
Submitted
2024-05-27 16:43
Reported
2024-05-27 16:46
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\office\index.htm
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e77046f8,0x7ff8e7704708,0x7ff8e7704718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,18236799078358810562,9914845047621368910,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,18236799078358810562,9914845047621368910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,18236799078358810562,9914845047621368910,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18236799078358810562,9914845047621368910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18236799078358810562,9914845047621368910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,18236799078358810562,9914845047621368910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,18236799078358810562,9914845047621368910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18236799078358810562,9914845047621368910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18236799078358810562,9914845047621368910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18236799078358810562,9914845047621368910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,18236799078358810562,9914845047621368910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,18236799078358810562,9914845047621368910,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.aadcdn.microsoftonline-p.com | udp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.143.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_4488_CAHGPMMYQMQLTKQO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2d19c0a4f78f4896e086d7aed54558b7 |
| SHA1 | 9e3c0d03f395f20abfadb4e7272e25f300d6fbeb |
| SHA256 | 135d0454db52d608a3a17b02e8ab417f53a4eb5c74b15185958fbdaafb2a41f1 |
| SHA512 | 0f23f916ee610a04619d09a2da88263ff3bafdcf34e8ce8dad03bf25ebbe5dbaaa1462a33f6f7afbdd94f51337d302df1b0e098221d793e1f9a4bdd408a5b80c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b643eac587894f52d718930bae05f43a |
| SHA1 | 184089ad748b7d19374a8a5ef69f4b0ce2e7e589 |
| SHA256 | 85b36f5bf958208a6ab0a1498e1d396e4b9d79db4aa156fdc41a02ae2e20b5ed |
| SHA512 | bcb9e86d13304042bacd61d4089e0259c2faa8651b3939fc16330237387f4c4285e922e1b83bcd3505c8537613e3a48be9a44de0aa75b73cf164b421a55a367f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f09fd43cdb0a5b906a35ca5f7e7f584f |
| SHA1 | 315e2e30d60d3de1f56e4e2d3d66e715a2ffb909 |
| SHA256 | dbd61de49bb459e9ae1ad0fc598069c9afae1d2e6bc646162a4e4723a27d2d35 |
| SHA512 | 6684b4b057714cc74ef65dd8dfd9972121bedb637b209c4d9880e7bf9945b37f82f6830a7ffb1d4462f236f17d91e83b3cccad12e63e20993c8554255c01a8ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7f682555b9a717fbdfa40e3e6a705279 |
| SHA1 | bf3ecf42fd4ecaab2a2651b44404f99c9d636a9f |
| SHA256 | aef3ac61b005edc44fdf0e7c664427ed0f111adc79e78d3d1aebc567b57c6b9c |
| SHA512 | 789156d84687970b385dde02666d53ce4e15f3918edeb6b01ec84869c2c993aa640e99bbc6881ba85500f29ea26582ad0e72f5f5e63087b92caaf3fb8fa68c0d |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 16:43
Reported
2024-05-27 16:46
Platform
win7-20240508-en
Max time kernel
117s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\rebrand\files\element.js
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-27 16:43
Reported
2024-05-27 16:46
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\rebrand\index2.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa37e46f8,0x7ffaa37e4708,0x7ffaa37e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,18437098129711378175,4959743979204690079,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,18437098129711378175,4959743979204690079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,18437098129711378175,4959743979204690079,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18437098129711378175,4959743979204690079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18437098129711378175,4959743979204690079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,18437098129711378175,4959743979204690079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,18437098129711378175,4959743979204690079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18437098129711378175,4959743979204690079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18437098129711378175,4959743979204690079,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18437098129711378175,4959743979204690079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18437098129711378175,4959743979204690079,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,18437098129711378175,4959743979204690079,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2812 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_2272_JNMNGYMJCSTEWNXA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 15ebfd821374cb1f8126b91c94323e69 |
| SHA1 | 6837b51158acd4d5520d2d6cd65904eec0620fce |
| SHA256 | 115989c39df016e6595229098c496970042b91f30971c1fb4441a8871c86b4e2 |
| SHA512 | 5d76594c8bb3dfdfbb09414afed43bbbe575f7f036c01c5e0788900c84145ad7dee61d0dd446f4f65ec7f31a2408d8b1de40a9b0eacbf12afa6f320271cdcade |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 346ec8ba18ee7591a4b18d66d9e07485 |
| SHA1 | 1d1bac5c21920ec6c29c25e29c14bb86eba81b07 |
| SHA256 | edbf986174c768978488dbe3e629ac1b613214c4fc506c3c0b29240308f294a3 |
| SHA512 | 0a13152ec3d715cd973074fd928ac8c0374afe381e288cf01265bf7f9f6eb7023517934d7a00de076e8176bbf2af2ff7de3b800eea3855ad860cd1857daf6f77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bb4f9c0babf14dbb4ba550c23c6e172a |
| SHA1 | c33c2e97151a2f14c24863655b587ffd5cf9ce21 |
| SHA256 | 356102c4b2a050d1dea2e14666a86269afbde95340a408b2fd63a2a3e02247d5 |
| SHA512 | 0855565255f1c0c6baf1dff133ff0a734f40ee1f7d07006ba74327bbf486e0dcad4db7cc988f1843ef72b6d0b37a58f90af73ba342fd0ddf5a51d2f92f332434 |