Analysis Overview
SHA256
00a7013042dac16b895e6d8762e893f1353b6b2f80b96f8f4471b211d5ef5788
Threat Level: No (potentially) malicious behavior was detected
The file 877c47df35033e23c676bc6ad6686a81_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 15:30
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-31 15:30
Reported
2024-05-31 15:33
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
156s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\877c47df35033e23c676bc6ad6686a81_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffadd346f8,0x7fffadd34708,0x7fffadd34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5008 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lagudownload.net | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| BE | 104.68.81.91:445 | s7.addthis.com | tcp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 100.8.8.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ww82.lagudownload.net | udp |
| US | 199.59.243.225:80 | ww82.lagudownload.net | tcp |
| US | 199.59.243.225:80 | ww82.lagudownload.net | tcp |
| US | 199.59.243.225:80 | ww82.lagudownload.net | tcp |
| US | 199.59.243.225:80 | ww82.lagudownload.net | tcp |
| US | 199.59.243.225:80 | ww82.lagudownload.net | tcp |
| US | 199.59.243.225:80 | ww82.lagudownload.net | tcp |
| US | 199.59.243.225:80 | ww82.lagudownload.net | tcp |
| US | 199.59.243.225:80 | ww82.lagudownload.net | tcp |
| US | 199.59.243.225:80 | ww82.lagudownload.net | tcp |
| US | 199.59.243.225:80 | ww82.lagudownload.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 225.243.59.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | afs.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | afs.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | afs.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.140.123.92.in-addr.arpa | udp |
| US | 52.111.227.14:443 | tcp | |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_4964_AIDYNUBAOJAXMRJL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 19d795352b202de2303b9110782becea |
| SHA1 | 6c37e405540d3fa8e0fa3f23e50266d6f97f11c3 |
| SHA256 | 424e2f6a886c73b6f56b789379bd2745239bfda4b0763c7fab4f5ebee902b355 |
| SHA512 | 2d5ca4cbe2442ba9d29d34d7974a33c756005f7f314e29ca85fbea4ebfc4e401460ecea7ae6500a4e820707ce5ed61ae31ff057247b71dfab9555b821b2b8b63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 59fb6ea19211796e8b7629ccf8595293 |
| SHA1 | 467f4d6cc781a0341d6c7265d5b1f23942cd1a0c |
| SHA256 | f7666386176f4ec0dc935f03d7b05484cf149a44b2a9165ab349868c937b2dc6 |
| SHA512 | 8c257c45316e405952f99161428d2b5a05f5be0674f9f5cced206afe9a2aff79b50976cf7c17768d7642513d9090689e884ecc8d929d43b9218335b7662eb872 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9553b32c-1c43-416f-9b20-fcd43c9e2155.tmp
| MD5 | 430ecb57c7e07ad6a0622e1a4d951903 |
| SHA1 | 2f7d6a9c5e791f6edef3c653b98954b24408d159 |
| SHA256 | 7fae255f1bbf7f3c6cf1ca0fc9140376bbfb520bdfc6274542dd9650644a0918 |
| SHA512 | 087bfb77935710918136aa9a09d1553ee46aa3dc99aeaeff076ba357aee39308f71193f4f363d1ab8f5a9e04616aebc58c033d89ad9449abda11105afe17d39f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1e7f2e7ff22f4845bcd2ecafaa9f574f |
| SHA1 | c70c79dc5b8a19b91ca5d4d44ed56744fa2b9dfa |
| SHA256 | c1c5c5a917ba2d80c48728c8f595f024c02f0ba23046dfc6706b67bf3c6234c6 |
| SHA512 | 6afc4f8015ada417ef1241ed4b34a092a3d820628b89f7a4063f1fcd0cefee9d44c752a1e2b199cf67a509c622c81543e8ad300675413d20601a67ea2d4695a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2b7dced99e1f936fa0c4ba310c7b89c6 |
| SHA1 | bbda25fe7050cb253e9f7f3381484dc30ec51560 |
| SHA256 | 256cf673e9ae2955817144aa3401674967d307506d213e1a9276e6acf5d6f27c |
| SHA512 | d96f32092a384ea50b045869b7a61bb698c554a5492fdf3fffd08a4017f5bd492efeeefaa829ad4b9c484f7c872d38b7eb290cb7268674f5f3e09285bac4f1a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9c2ae21899d5ee6097e2fe30e803bc00 |
| SHA1 | 0c5934ca3a4010b3ec46232dd4bb0ceb0dddf120 |
| SHA256 | c271ec7c071ec8c1b03efa1c4f07283a6b960050b8a6a1979b09375a5638252e |
| SHA512 | f889eb5b403cfd748dbc82ec23d0158bef7d35a860166032b778ee0148d59324f370ac6117672a9ad980cb1f2434a541ad7afee8d248608d7965c3df3cb92185 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 15:30
Reported
2024-05-31 15:33
Platform
win7-20240508-en
Max time kernel
138s
Max time network
142s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423331295" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B5768C21-1F62-11EF-B27D-6A387CD8C53E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2944 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2944 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2944 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2944 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\877c47df35033e23c676bc6ad6686a81_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2944 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | lagudownload.net | udp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| US | 8.8.8.8:53 | ww82.lagudownload.net | udp |
| US | 199.59.243.225:80 | ww82.lagudownload.net | tcp |
| US | 199.59.243.225:80 | ww82.lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| US | 199.59.243.225:80 | ww82.lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| US | 199.59.243.225:80 | ww82.lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 199.59.243.225:80 | ww82.lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| US | 199.59.243.225:80 | ww82.lagudownload.net | tcp |
| US | 199.59.243.225:80 | ww82.lagudownload.net | tcp |
| US | 199.59.243.225:80 | ww82.lagudownload.net | tcp |
| US | 199.59.243.225:80 | ww82.lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| US | 199.59.243.225:80 | ww82.lagudownload.net | tcp |
| US | 199.59.243.225:80 | ww82.lagudownload.net | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 50307dd5a05eb1be118dd601a701c942 |
| SHA1 | be4994717eda8765bc6bd57384b314dbb1b42866 |
| SHA256 | 003b0019192cb0ad667e934ed3b6b76f68e95a62aab33f28049a919a52d6d608 |
| SHA512 | 92e0a914dd04769499f889160e66f4db6b771ed8fb583e52c9b7dcba15a908f590098d233c3f483c9f8a3b0662d2c5b652bba81888dc9e6e1707ecb2c0cc3277 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\capcha[1].htm
| MD5 | f1b98b4b21b505f3c97a94b30218e26d |
| SHA1 | dc78db861db16ddc3db9779b8f13a33876f9f3af |
| SHA256 | a1e319b2b07694e26389e7837caadf313f897aa4f1ec159686eb23da7a21a806 |
| SHA512 | a4ed34b37eb5e653cf429774908faf43451ef9d76597553e8b1c9057abbd5e467a55894407e60a93a23d3f3f68c5d5768d1cdbbad85144e25d7db7bb2d83388c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\jquery-1.7.2.min[1].js
| MD5 | 186d86b12ef82ec067ef688d14baffed |
| SHA1 | a936cfbd349e2d45e352bc3e0b24a0973e8ab407 |
| SHA256 | 105e1b4db63c43261ea5123232f6504b7c152be51f1398019fa8d7de7554ba38 |
| SHA512 | d46e450b22a61f62b8042f89ff117f94804fe07b99698b226141fa90aecd64ece93343fd6fff4eb4f4fe25308a978a69e080586f9677ae2e915c5e4db4df27a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7085ef5b324ba43ce1cb63b030de08f8 |
| SHA1 | 8b14e000b39b4b63a3aa8dbcf7da39d2cfcd420f |
| SHA256 | 00f4243355e93743e0daf2c0d8ea13eca67607c888536af76fed35f577cc51af |
| SHA512 | f63fd536340c6ac6a1e2754076a106f682e46d93507789fc46267f1a369868ef8ac215e44b853b4a5a957a1ae147c967a6cd8380c27c38e69c4a0834207b390a |
C:\Users\Admin\AppData\Local\Temp\Tar1642.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Temp\Cab163F.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1703.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76dc8580954cd508d0030164a4167c21 |
| SHA1 | f19e9d6cd8f7f5ae0392bc7781d0019cc5a5c5c4 |
| SHA256 | 770d34b99271b3b357de5d592ae5603d8554194899458f991c0215077d724fb9 |
| SHA512 | f40f90f6cbcd22726f3e84dd0b8b7a43fe9e93420446765004d806e21fe63dcfea22f7b88590b3f2cc707950d0c379247c7fdb75dd26d16edd5be704561f7428 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab9e5f9d3e095ea69e0c1b1854564c6f |
| SHA1 | cec4c3939327e2613d4008953b9b0237439bfddf |
| SHA256 | c495b527aaa30b06fdeb62722cd5101e29234db00c603d512e0897367ad1b3c2 |
| SHA512 | f9cd9e86ef1dd86724d812629fbdfdf1cc367f8c96db1aa5558603103ea9ed2c267f7022d72657133d79606c3808b0ad8dfe08a0d9dfa0cc451847b73a58b5b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d7a8322f7caa8a3567e1b3e049229e5 |
| SHA1 | dbf22f5888c21ac444066263a7bb25906b33e454 |
| SHA256 | 2e21420c7647bae4d2304382cf19d3408df447da4b9936ad1cc6ed85fe666be5 |
| SHA512 | 25a7c903b42b37aa4da45bd529b9676840482bc39c14836e405d42476dddfabe6ef46e7c14025e8235054586e9ebade57826939d8ceb5c9a7d44b4b3e4afffd0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6cc2df497204b3d6ec9bc86f88e35c73 |
| SHA1 | 18f9982c6c573e61872ff0a56cd22ddafc42298b |
| SHA256 | 70d042363cfdb7afe5d6777dc6758642bfc917113f6b655aae483a7f9f53136f |
| SHA512 | ffd57ff089eee0987ed0af5412ce64f14d5258221c88c4c3925e4974cf701cd9924f35254ae887af3828b98c369eb6bb19eaa025347c561cb62441698e420cd4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e7ef9a934c380c9bf7dfd295ec937b0 |
| SHA1 | b6a5873d3db16ecc47b10e3f3d56f259d5ff305b |
| SHA256 | acae9f6a008a81332b718d823416f8216fe7f6ccf23988c81afc2e48143bc949 |
| SHA512 | 89ce3c169f767d0297ef2b7bdf3f21486c8cb50a91d2e262e06f17eb11246bdaea6618d40b644530376330bd1e958e6fc26b98a9efa5ca3969dd9b1a1fa19d49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c56438fe2a8e06ceade21275e6d3187a |
| SHA1 | 13dc6205aa8e601610059be924f4d78e5292a6ae |
| SHA256 | cd12659969c78d64e97e2a156720ff0db82c55dff540dd0d2d030d8d51f6ba53 |
| SHA512 | 5f091cab93caa427c7dbf8e465003e464d3b8b29e58f7fc3aed1ac86d45681bca9b4f65f87d33cad032c5bbe1617108023cc8098dc1e0949b7f7c5b5952935be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08be68c94fa4106f8ea2c4ae804760e5 |
| SHA1 | 812e521f243baca88405b6479bee60e1ce6e8d80 |
| SHA256 | 5419d2ccbf188a0fcf8dbec2e51b62d5f5cc38c038bb573133f3699da73fd864 |
| SHA512 | 3a5a2db4f426dfce80333bdbdc24693a64272e1a3408c30d5d52ebd7c14b9c068a4891f08d4660a6b5df8694716ea39a42bdc259c01c0fdaf58c9f894c780e1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5a3c4979efeb067de091d846a728c12 |
| SHA1 | 3a12cc11eafc80c5fc57c76919d4bd3ca8ee183c |
| SHA256 | 317dbd4c0ed5d12429f952438a38e154eb39c6b929b03a321588d841ea3fbc18 |
| SHA512 | 88d882a1c1d47bce9c928241e761e64bc5b7d971b8e809bb7e599045057ef0dcce2fda7baf871b24ce35ee9ce29e53dc3b9721ce30e2768fea46ab61f6ed7693 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 935962fcdb89dc63a397a765fa1d0019 |
| SHA1 | 4302d7d0b2b640c212bee6817d32f6506564e8ea |
| SHA256 | d4296740def85168cd179370b48f026300d3d390269b09344dabd49a2dc38641 |
| SHA512 | 8d6b9264b96a4d06ab19fc314f94a7309ac23b09a9b307ef067a78e4d63478874edca03db058323c97b2c8c355f5f905c98115f6d79cf25a2dd5c9e6d7f1eb0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1476376299eb48090843b4a6585cb000 |
| SHA1 | 19e3e9f2b3bb0a89bbe103cfff6f4a6b6ade4d97 |
| SHA256 | 56660559e47b839b41fd56208c62a5003901c2f274a4a5e63ef3360fb6e02fe5 |
| SHA512 | af6d9c979e0f62e6a9bfbff039306fc03a2f6ada339f263b454f4ba93c91a1619522d22fe637e7e4ef72f383e469cce15e4546866fb851f7fb3266df18b95e6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b454e3cc354ca24446858e24de1e0214 |
| SHA1 | f723d3cfaf220c6f1b61096d622936be12991074 |
| SHA256 | 9e5071fedc71abe12ff26a1c2d456236b341d011fbcc2277f1c850d47e95c993 |
| SHA512 | 2853b02ee7fa76f0914e30fa0ce453dc07a0f4b1df7678a0af8310fdb077b210a0e97166d66411c6933b6986ee9802bff5cff58a451eb8eb0ff6bf744f9b2e46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e80b9f5775d26d2f4efa3c06a7814076 |
| SHA1 | e1cde30a6ff868355a222c30ffd594c368d0f16a |
| SHA256 | b9234a4e66fa885d3945ca69ed60243e8f705690708b5445636ef0d3ab927141 |
| SHA512 | 8daf1097eece5cd7f52a8d6fc8d47a31d4a3a5bb59e7752bb340fe42e5408678d05ee7daa37c71e1d8ca2631b8aaaaa58395905ba7198883d2d33d315785bd32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6de3252e71591dd9cde6f3e05b66c732 |
| SHA1 | 1b99f1c770f333b18c4f5be059b17554ef1d0887 |
| SHA256 | 8ab8fc45b5b1018394bbbfa02bfd891f1bc688d56e221b18dd8a96f4acf952f3 |
| SHA512 | 6fa6f2c945652d36571adef5edc678e52261e4c6a7f20d5fb5d66b4f162fddecabe3e0556385c78abb73c699b9fae81042d11dc98b7a6a998770aac933d10fa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0964bb1998f3a8b0258ee5d75541afc8 |
| SHA1 | b93d278f80973c614ec8b8ed4f7f024282b3a204 |
| SHA256 | 8b054a797898cca35897d912616b198a04cb20e46b6e010e72364f83194ee3e3 |
| SHA512 | f6348952696e0b565685f4d4d2ad29b6bbc47935e5e32486aabfd78c8b3fdc3d2c0937fd3ec9d42e918c5ce797bd86eee3ac70f09b1ed5f60262031855e72e7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bd4b03e66b8461afd8ab88e5441242b |
| SHA1 | 7115e6207c278792217689f4a022aed40fde866f |
| SHA256 | 3790a4f3b0d92bb62acbdf94fff4445567081a536cebfff0bf46409380e7356a |
| SHA512 | f90c006a8d58be787e5c5374fabdafec4a99fad60b91278d054a4c175dddd8b42561f6d16ed97095306a4f9fb9b2dad6194a337ebe830c7992ab939991131642 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28a0e7ee291a3da7536844a49b1162ff |
| SHA1 | 6421bb4bc313780ba4a23f7fea4a6b0c78ab3a59 |
| SHA256 | 497b850e82dd66fe47f6b8293f0a44804e9b98ce3d1ff69c7274e1439e35cb47 |
| SHA512 | 0f86c52ad837baec4671f2eb8ed8d750ab404a876d44acc873b80446fd0ee162c3bc81c48eddac2c809540d1c8f07385395135bb17e26612251ad2e273ac6b81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7ad6327056a461a3e21890de4f6cfdd |
| SHA1 | ea619c9e49764420241538bc840486ba964bf27c |
| SHA256 | 6dfb3c0df3542c395819895ccc25abc4893008a50f35923b0345605b704d6d4d |
| SHA512 | e4b7e577df933e01a38ea005e8e573f43da4874ba124e6e9b1b32b9bc0222d2213f9c54c7b4eb206ebb5758ab5e2bf212c229b99941b0baad2d50742e386325a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 648b836ac48ab8ebd60765049572b413 |
| SHA1 | 4aaf790feda71d609336afd8ccf870627f2928d4 |
| SHA256 | ba1c06e2bbbee6a9ab63b6650bde4d6ec9ffc3fc196907205a79f067a03555a0 |
| SHA512 | 87cf8148ce30bc6ad4e016245dbc3de2556ccfd62329c9631062f682930df52874c209bdbed35df09891bb3038ef0c5a207b377a1680a43ef0e1d9fec310631f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e4201565177f2b84bed3d1a1f235456 |
| SHA1 | e3a3bf109655e64c5a5e8e97ce54fe72fb6dcefa |
| SHA256 | 639e68b86c70e0ab0079cb508c6bd7c203632cb3bf4e5dfdd46e1726c16f52b5 |
| SHA512 | f2a33d6ad902b60ee993b854b6137e13d7701e9d1e93b49b116475632a26ccf86760601cf8ce88b83e328a18a1bb1a043ddb99c85c860c2f97f1c5c89f85b2de |