Analysis Overview
SHA256
70c51fd0725ecbcbcaf1081d6d945f064e319dd7fa2bbdbc52f717e3a1f139c9
Threat Level: No (potentially) malicious behavior was detected
The file 877c2a1c2bf4b7eb3771f870d2977014_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 15:30
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-31 15:30
Reported
2024-05-31 15:33
Platform
win10v2004-20240508-en
Max time kernel
141s
Max time network
147s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\877c2a1c2bf4b7eb3771f870d2977014_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe986b46f8,0x7ffe986b4708,0x7ffe986b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5005940064198831507,12274009480578406010,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,5005940064198831507,12274009480578406010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,5005940064198831507,12274009480578406010,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5005940064198831507,12274009480578406010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5005940064198831507,12274009480578406010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5005940064198831507,12274009480578406010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5005940064198831507,12274009480578406010,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5005940064198831507,12274009480578406010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5005940064198831507,12274009480578406010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5005940064198831507,12274009480578406010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5005940064198831507,12274009480578406010,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5005940064198831507,12274009480578406010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5005940064198831507,12274009480578406010,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.251.17.2.in-addr.arpa | udp |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| US | 8.8.8.8:53 | 89.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_1180_OHESKIKAEQMDFRPG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bde4368617c634dea6e981937d9c187f |
| SHA1 | 81e1bcbb4cc809cfcf5860a4309a65e4da96900a |
| SHA256 | fe86db4642dfc6b36b5841237ac5ca34bcbbbab987c2e593e75aa07fdd2aca08 |
| SHA512 | 278ff65c34ca8318aac07be5d338c4db3cfb7278e09a67b5017a5a0686189d1d0f2df6bdf54cbef19f1bd6144690db6d8efcd9a2fe956f84685c089db9c08082 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c2008406d84bd287e7691d1ef3c7430f |
| SHA1 | 4d58e3eb9f676e9c414ab2e3d9aeacd008ace185 |
| SHA256 | 2cd790f6c59c304d77c17973be572ff5eb74540fd57000f2017edb48c6d08bdc |
| SHA512 | 92cc4e7c765e5416dc9967ccc272c26a09b3901d777ce94a46a7fabe5b6c5ef793f61e22a005259775f74817993b61bfd0add1c5ca7c9d432b0b4c77ceeb7e88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 981bd52d409a0f13eac776c9639aed40 |
| SHA1 | bfbb4dd101e35014f844b013e38af3e8bae2de31 |
| SHA256 | 30cae9e93f8f922cfdcfedcfe5ec37c25117eb28d4d6ad7aa0a87f6b3b7ab6ed |
| SHA512 | ca05a1a367f2fefe5962f102a39f6ef3045dc22586f008113bdd196b205bf85b00f9a6df03fb12afb31dd1964d219480c592efd8de48593e548138eb1fd4561f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c406fc3234e736d9f3ad1727bea95122 |
| SHA1 | 044745d3e3755e5c57f30ea588728202ebc0d79d |
| SHA256 | d9a78769066b437fddb119f7edb7f6a0a1d39579a1f4f083719bbf408575c101 |
| SHA512 | 79ec02d6e773f50db35f01f5513e2a8a88ea14bca4e15eb663b9097ec7761c40151b75a4a3c484e2e325c64afca6c9832616b3aed1017040582684db63d9a3cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4463dfb0fbce3076dc6273079901c6b7 |
| SHA1 | aaa62bb2fc454770eca27000fff03b3d5e08d654 |
| SHA256 | e322e2c69cdbbd7e522f95b98a7b4d02ce740287175dfb2c59e4bbc7c6cd3a16 |
| SHA512 | 31a44c945244ba649c92979ec773d157eb9d46dbf3a8d4caeddbd137cd5ff38cbc4d33ab12bb1ab8210a5f2a60400ba8cebceea331ea085d9641b99cd817bc34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1027f021e51db86eb5e5dfcc2ba27e10 |
| SHA1 | 41e24f2a31e13b5e5308272bf78e7fe949ae0805 |
| SHA256 | 770ba8756e70411819b3e3e2a18bb5a9f5a9fa8d5f751249a4db6453f49f0b4c |
| SHA512 | a8c27e93be2848f850f3b6d9daf977b218add22461088235dc89713254661187bb163875c1faadbc18d723eda5f8e71a5956e49837e5787d3dd22581122a9d15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b503.TMP
| MD5 | 4b5220bc7a6ddee267ed3d8e95def231 |
| SHA1 | 6dac5d9628da48d1dcb91d228f7ad6f86bc0802b |
| SHA256 | 3d36a4ffcbb6bc80340cbda7c41ce6227d9542d0b8fc113113a0eb53ac1ca88f |
| SHA512 | 773d8bc399da288e991acf64d58ae8006d955006dfbe8fdac5f4da7472b9cf3e3ee838693e821f1a1123f505c396342fd323bbb5fedc00d1da0550c190429cce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 15:30
Reported
2024-05-31 15:33
Platform
win7-20240419-en
Max time kernel
149s
Max time network
154s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423331297" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B615C9C1-1F62-11EF-9F9F-D600F8F2BB08} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2424 wrote to memory of 2632 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2424 wrote to memory of 2632 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2424 wrote to memory of 2632 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2424 wrote to memory of 2632 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\877c2a1c2bf4b7eb3771f870d2977014_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| ES | 62.97.115.65:80 | tcp | |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp | |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| ES | 62.97.115.65:80 | tcp | |
| ES | 62.97.115.65:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab145B.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3042c5faf4a8d690cd1fe38d365c7b9 |
| SHA1 | a2027264c0c59b84d85f85f73923f066696d7bf8 |
| SHA256 | 4c1090f64c5048a833733ca6c25d7a07b26a179f915a45bae9b2947c233c0416 |
| SHA512 | d12c04741c99b958360cf1baf0f3d75b7f83b5f2b65affa21eb8da89e615e4678b082cb18a295ca50b29a15dd076d86a4d199d4cab6dae808efa56705c6fb7d4 |
C:\Users\Admin\AppData\Local\Temp\Tar147D.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar159C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | de0485f56ecabbd52728c1143da6f892 |
| SHA1 | 5d16d3d044a89a4703e59169b1c432249183694f |
| SHA256 | da275289d83595b958791e495f4380955e0fdb069e9e3d5cab35c60da4411b69 |
| SHA512 | f8d9af902b1942e2e13f905ba81b74dc43e33ef75233424081bec0fe55c9afb014d7e7d1e9e7b78cbf380504aefe57df06633d0a4565730ef1d159a2da8456a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80b3117205b03f64619ab9fbab86bdd7 |
| SHA1 | 30c6088599d2fbda2ca7acef758d5311c4c5438f |
| SHA256 | f42558e188952f2bc0095f2f0a2b263aaaf6cb37b86cb906d04836090f040471 |
| SHA512 | 352cc2ffa78ea96e190ca8a28e0193323e4e5c8531ef801a3a75ffd44d42a159aadd087b72ade0080def5f2cd8d0bc6d5e6eb72468359f61372df1a8d0b7f8d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7a60cf0e1ad9bf7ff8b098a38e0a9ff |
| SHA1 | 6af12c14119b6998fe42e4d9b2fe5cffc8478c1b |
| SHA256 | a298d57ec3932f4988df648b1f8479b52b9606784de30105fb57d6919ed94e15 |
| SHA512 | ab3e7d2a1ee3fa8424065a492ff78ad101c402301f2e4297261504427a4b985d7bd221555463fb880b2bd653d4f50860ea0cac86c9be29c22aca9f42e07243df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a307d978c398acf00dc8b2738e3ecb54 |
| SHA1 | 031efa63b9415fd08befb45c0a46ed9777852ec0 |
| SHA256 | c51377c35dc74cf21eb7b2d3a477a275621e1339a189dad6c118527480dc0e8b |
| SHA512 | 76772cbde30b3f0a4880c9db0973f0ec1dec857b950728d74111ff3c34ddbb3d9335977fef41633d982a5df0b1819c5f24c74f53762cd8f759b6bc18ab5adc1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9c201cf9faa6ae9e8ce2b9069f06f8f |
| SHA1 | 6bc1023c05051cd78647cc5018aa0a376b331794 |
| SHA256 | 50be09c4950e32f54397affe16f771968993786400cb4b70c0c126051d6ab37e |
| SHA512 | a0c6fb3c63572d106a27b0cefb59a4f7cd8f734bf884ce22b7aed8d9022ec294298fa90333a776954df632a4e12abba22832ed37022d847fa270f07515464137 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d21513a447214591256d7027f1807aa4 |
| SHA1 | 7f8e4216443c8f4afffb6853b861c3b5580bdb0e |
| SHA256 | aca0aa9f3118a75acdd484a4a2c8601630d09cb7233524859166c6594e84e5fe |
| SHA512 | 5c6b1a9f371489c9b4c6632a1ab144cfb1eb77ed8b25b8111c9e834517444859e47514d4841688183bd2446121e519b47e92972ec428d056d01418a0f41754d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76181b5a02a524f82c1f6eb7e0a26b49 |
| SHA1 | 44632c194222a0dbd35edcc73a2ea771e8821107 |
| SHA256 | 3a21348f1b5510a8dabbbdc8532268d47d427a343cb5fc48f65901937dbc05ae |
| SHA512 | e9414a0e94f738c8ec4d6252e65260d1332b4454beb82b741acd34a590f4afda7f148349d3a939ce22582c30483c91f1505b14fefebb1c603c144f1f369ac12f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 967a27c0fb203fb9ff7faa28a0247886 |
| SHA1 | 086f2b941765642d5161fc69337f70918cdb1a7b |
| SHA256 | 7be1d8a38a738b26198a55782f54c842971afcad8c6e577847487e6c86b57c4b |
| SHA512 | 6fd191ad5a8fa39a9b1138158d6ad3453e633765e003e15d242660549612cf1c990b39f4f13b97a796c2fa710dcd39932704c1cd79992d37c77815ab79b80ff7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 166de4ecff3d22fed2e19ae2bc3d62bb |
| SHA1 | 0856fc521754fbcdd6b60ef4901dc48565c04df3 |
| SHA256 | 22e001b295f44d86b934c86335cf42c64eacfffb8757823fb90f13cbd8d694b9 |
| SHA512 | 2f5a1b0ae4712f96815e0c2d0a3a2e695c94f49e2197d7322361c1cfa7c03f31c7e5726b80efb8df7eb9fef9649db849a552535786fb6a9ae30275c262961165 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2176890f53e7169ac448ef4a7cbe1dd2 |
| SHA1 | 2b1a588e693501c2ba64ab8260fb5f3e7c9408c1 |
| SHA256 | 5a386399d654bf60e7e57c62a36759afee80947ab7b7218c9cc66c73cf2a1894 |
| SHA512 | 97ba5fec1d86e94c15b5daa4fdfbe51b5755b0715084b83fbae7ac79c484975cd01797bdbc6c56b92bea65ce55f60fe5277cc6d5516aaf48eaf5e9d50825d6c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d108c80d794864699536d9c578139718 |
| SHA1 | da3ce5632d252a1027ebcafcfa86710a2bf44f11 |
| SHA256 | bd84e51ef16a8cbf8704b27464fb0f4a7bd46e18d39c5c0986d7eb3d7493f541 |
| SHA512 | 43fb00ed920e6b6ec1186e61c78a92c2fc9ba676923e3187e1526e8f1fee5e8b9cb939f3101f11bc1660b8cde4a98245fc8d44003ad9f24c23ca98ebda8ba43e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d991130da2ed9ba7ea490c13dfe8beee |
| SHA1 | dcb9bf6ff773659794b5035ed18e4ab206f6f781 |
| SHA256 | b6e0a10ea133a4fb0cf44912d4e47a372a20d79cc9612b7d4ab303cfd9eb6476 |
| SHA512 | 77c957940ebce8f6c57980ce0b0884ebba09a6b52c8745d8a6c493919d4d9f045ae445dcad3fc7d9044b94cb15e880a0e7949c7e67b223d9cb93b2ba08b9b998 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_D727CFA7BCFAF501CEA426110263B756
| MD5 | 2753c190e428d17215dfbf76a31a8f5a |
| SHA1 | 88841e4588e66699984208aba5eec476a5c4ff78 |
| SHA256 | 2d1d928113ccb955373d281844a9c9d0baf6d3b9d0aa2ff3af92ff52b0248a74 |
| SHA512 | df7a540f32bb39571750b26f823b4b8d802ef11874a5d8534fd42c296d8959f95faef4038370742f23555d54597ce4b03376fa28475263b8d2070a0157c00144 |