Analysis Overview
SHA256
5a0bae48a90b16815ea379ec86f692c56608e40b8872e920e6774916cc6442fb
Threat Level: No (potentially) malicious behavior was detected
The file 8ba244f891f8e13b5aaf3ebddaeb6a37_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-01 20:11
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-01 20:11
Reported
2024-06-01 20:13
Platform
win7-20240221-en
Max time kernel
121s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000079f470248f815345a227bf51894d065100000000020000000000106600000001000020000000c334b3941d5ee587bb5512272c9b779c59ca18669583fdcdfdf38736d9968e92000000000e80000000020000200000001d0c68a58020810f3d481d666d09c8587219c5817a74f9af6e6c213efee140a090000000407396a568734973cd009388ad1d2f0248f14eee4f28fdace8f792e24c440f4ef150f577fca78cea13a39d69a1fecd418a957c7d8b062ae8264f38adcc02de051c0c09b61cf311d8c169ff96befa8afbe9454613123e78a0a2cffa0d34ecdc99e68872d2852e6ea6371c53e232e8c0778faba4ccfc6f4f53a16347d8d748bc89dc2ade386f338468091c4d6c49e07a9140000000146bb14256597bfe3fa5ce5c802d7b54979b721dc11246032da8661c5a0029ec31a53438bbcd8b9567e1cdeaff3119ec6899db0e38214189c6a9fec58390ef21 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423434541" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{183E1941-2053-11EF-995F-5A791E92BC44} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000079f470248f815345a227bf51894d0651000000000200000000001066000000010000200000000e7dfb4cfb009f3dddc5ed4a72099f4baf4d5ad584a14034199d4eac6a7b9954000000000e8000000002000020000000e34096fc020b10b1736bee411f188af947e473af41a814076fafaa295f80cdfd200000005e3a494bca80f6827aa8c2fd8fe8cfd9e8d1e06e6d4430773b2473bb3d40af28400000001f2db4bc86bb162a44c2b50aad30f810e4577d16a2f495e5f77f6f6fdac482957e9244c84cfc036a0250e84026582f619efd62ad1e6ce5bc88a85a3829dafd5b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b02ca0f15fb4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2292 wrote to memory of 2484 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2292 wrote to memory of 2484 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2292 wrote to memory of 2484 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2292 wrote to memory of 2484 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8ba244f891f8e13b5aaf3ebddaeb6a37_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2292 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| GB | 18.245.143.59:443 | static.mackeeper.com | tcp |
| GB | 18.245.143.59:443 | static.mackeeper.com | tcp |
| GB | 18.245.143.59:443 | static.mackeeper.com | tcp |
| GB | 18.245.143.59:443 | static.mackeeper.com | tcp |
| GB | 18.245.143.59:443 | static.mackeeper.com | tcp |
| GB | 18.245.143.59:443 | static.mackeeper.com | tcp |
| GB | 18.245.143.59:443 | static.mackeeper.com | tcp |
| GB | 18.245.143.59:443 | static.mackeeper.com | tcp |
| GB | 18.245.143.59:443 | static.mackeeper.com | tcp |
| GB | 18.245.143.59:443 | static.mackeeper.com | tcp |
| GB | 18.245.143.59:443 | static.mackeeper.com | tcp |
| GB | 18.245.143.59:443 | static.mackeeper.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| GB | 143.204.67.183:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 143.204.67.183:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 143.204.67.183:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | mackeeperapp.mackeeper.com | udp |
| US | 54.237.18.11:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.237.18.11:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.237.18.11:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.237.18.11:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.237.18.11:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.237.18.11:443 | mackeeperapp.mackeeper.com | tcp |
| GB | 143.204.67.183:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 143.204.67.183:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 143.204.67.183:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | assets.kromtech.net | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.clickcease.com | udp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| GB | 99.86.114.23:443 | www.clickcease.com | tcp |
| GB | 99.86.114.23:443 | www.clickcease.com | tcp |
| US | 8.8.8.8:53 | 6102726.fls.doubleclick.net | udp |
| GB | 216.58.204.70:443 | 6102726.fls.doubleclick.net | tcp |
| GB | 216.58.204.70:443 | 6102726.fls.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar1AC7.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab1AC4.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9dad14faaa31c6b9cbbcfb33a179ff00 |
| SHA1 | e88b23c22a8178ee840d4f399e6f572b234d33e4 |
| SHA256 | dcbb9445871155a2bf32fe92b7af27ab738050c3c8bc1704e8c88fe457b3025d |
| SHA512 | 6a997c04ee4cccfe1301dd76be006e31005780e821367b2bc48087412d9ead55643f3e5e2bb8a43fd0e49034d8babc3465d9122c35c024b41281d123028a3962 |
C:\Users\Admin\AppData\Local\Temp\Cab1BEC.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1C02.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94918644b6e7c525083d692040df0c24 |
| SHA1 | 1e257572149171512e9849d49e2c897204a1bb50 |
| SHA256 | 36c212941ce3227a284d75ffdfd569a8bf092e51b2fac45cea788d60449bc084 |
| SHA512 | 6aeb1b6387eb3cf362b2a2586e428ecd893b0576f90879f1693fce54ef3e7fb782bb43cec8575100eae582af73a1eb80652614cc08d0a6ac033f4e0d406e00d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cb0a6ceaf200e7d05eac946c1740dbd |
| SHA1 | 1e6ca1bbaacd2abe569653cfd7aac5ba32f4470d |
| SHA256 | 5c8db98a26daf329c1b66392a41ebb4c06644435093e92140e0a15f84a481ff9 |
| SHA512 | 8afb9b7a952b34c72df85831dde9fdf4a466306bbe33b3be2a7ae832a7683930e7ccbadb0e8aaee19d1cf13769b6d6d07c4435c2ba2a148539f58f2b01f44ce2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f1bdd9f9d64c70b9d6ebb1480194fba |
| SHA1 | 91f2d1f2d3f84728682275a0e2f53848379384c3 |
| SHA256 | bd2d5b2e40b3880c7eee0aa51fb0b95435ff0707daacfb18ea5d7e237ebb5d26 |
| SHA512 | e3693cad76882eaeb5ca2706ad1a2d53b6988e95aeabe76c22df2dd745f1606215e7a3afc4d22dcf8ece627379615f15ee1d66fe8e9dd9f70796786011f8d48d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 7d0f1881c823f21bfd62dce2524e5913 |
| SHA1 | 9a1b593acfc1b299d73182848ffaaf9fd7086176 |
| SHA256 | f904bde0c2defc9dd77940afef562ffaa6a37cf8c043dd9b6b01c4d4c519506e |
| SHA512 | 701f74f53b589ac9edf039632ded44ba57806ea701513cfdfceb294ae9fc265df781939c006d4340746ffc248f3712a781a0d7ba4e290ce15ed4f72050c55d69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2030e5b736535248ef1f27b1212cbb26 |
| SHA1 | 7d19a8c05f33a4810483b7feefc5c30af2a4668f |
| SHA256 | 5c7bf977c1731bf26b8aad8e1e31a47598bf97f64a6381c36e9a11563764aef0 |
| SHA512 | b408011428dc859753e8abb8dba2eaca4485b54e2de3483c2f46ea641f0a68419c4ae2e0c322f4e03635a0f14d522cb1e95a2f0c01c2df8de50dd8413e8cfa85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 161c82ef8c82fb0bcfae215707c890ee |
| SHA1 | a0703775104d7069eed9d944b6dba5ce77ed7155 |
| SHA256 | f2ccd8d28f0844c7c1240d5d756359c17c3289c77f6a5da8a63200557179f510 |
| SHA512 | 3e125a0e21203608d9596f77863e43962fa7d20a5e3fb565d2b5e2a4176b41630d1326419c33ee274a7e2271b346a4e29da15650aa9b49b43d08585504d2f468 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98e1cb96d237353b8f0b324b6760b3a7 |
| SHA1 | c6ab70e97486c4fdb4d18eedfc2c551ccdadbf39 |
| SHA256 | 7de4edd0f1fab868fc48aa27d4018da672ec4f97896511fa00368f67fff78580 |
| SHA512 | 8e85e574630392cc3bcd72eed825f640b62b46640013a0b90ad6759c4cca9b6df427c560637d0108a747e6a7fe8f6753476eae3f9b158937daeafdcfa2997951 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 060e87e3e9ed0da3f0cd4e8454662d1d |
| SHA1 | cb2db6fb7a91a59f56d79a0d701eded8287925c4 |
| SHA256 | 572226217f45298d1aa6c364792f036a78ca38b7da170c9b9da700c5f268e4a5 |
| SHA512 | 6d0e445ca4532464d8bbbc2de260917dbde29d788f93928f651a681004099526e28ce2dcc96009e4589adacddc323335d83e7c41c0cfefb0e8e4de25d9349e2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 4c8fc9761e5cc4de1295bc5cac7ce792 |
| SHA1 | 2d7fa4b51b807e79a76905d94592d6f71e56c5a6 |
| SHA256 | d925084627410368771cfde6cf65e26c2aca49c02cee373b052771e217742b04 |
| SHA512 | e0c98bfe0526afc1c9c88571f53735f9bcc255be9cc266fb9918b28c7d11c4ea5561e28fca1d98911a97dbf83b3f2fc0009cefe673c5934c3c584ec91f06d242 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 764ea831aae7efb7174bbb4df14b7649 |
| SHA1 | 0d34384537c931a886c1bde38ff9f1a2dede7938 |
| SHA256 | 2130c1f9ff83c86aaeb445279a5a1e3c270d93c286e2fd3afb508c6a9d5a4721 |
| SHA512 | 9e81b4d1ca7d306b61306ce220574455f140e92d248866b98d8f249558bc1eeb2fc7227ea556947db6b8fbc8afce0ce729844e74784ddf46e89e0bb083210e8b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\proximanova-light[1].htm
| MD5 | 4aa7a432bb447f094408f1bd6229c605 |
| SHA1 | 1965c4952cc8c082a6307ed67061a57aab6632fa |
| SHA256 | 34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a |
| SHA512 | 497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D
| MD5 | c10bc02860f6a079db30a20c7952757f |
| SHA1 | c88f444c52fe63bfea2c3a8fbd7b9f2355cdd35d |
| SHA256 | 7a252f62ad5540bc519fa565a46b4cc5446d90493f73bffef2a0cd9ed195c99c |
| SHA512 | e64f164891d571d84c5706da0705a022d077a5bf4b3b1cd28d536fca654474943f8d8c2979fde2b68b3721b42059e2fdadcc9500a597e4f56a83ed4050b0db15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b1119b42d3425239dc498bdd7e11960 |
| SHA1 | bf173e147c9647fe15b7a4a2ed36b193943ebb52 |
| SHA256 | 4da9e135631cdb5f4f318a2fdc9c875f16d232f515de0a77c670c3d5ae108e82 |
| SHA512 | 7a6fed7e2db7796f9457f8686c9b6b2cd4381f0e00d0352d3c31f86898c99f3301ff2640b9b4db3c03acf9f55b5e396a2b5fba99b4cb7ea2c182a7ea548ef9eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 870b1d41b5e4b365bac81020c30f7be0 |
| SHA1 | ca42bce6957b1631bdcc57ab8061f680ac69498c |
| SHA256 | 5d0ff9d70d464092c8dfdc893bb729f89ddad991288f35be808e8ecad784ac77 |
| SHA512 | 823900d2b85fac510f8d1cdd1919ecd1999dba0836eb444da83eb1ac94bfe0bf20aa79d62e7e0d1b571421158a0f64beb081205c28e9ae2e1d9f636f2117a7cc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\js[1].js
| MD5 | 3ba2ad30d0646909813e5cdb399070d2 |
| SHA1 | 593ceede74d7fbe368573cd64d58d8b21d51d0bc |
| SHA256 | efb4f41797175fc4b6c215615afc9ffdb67d87ae29a035e9c38fbecad1bc7542 |
| SHA512 | 69903c2373fa515e228a6b84e2df55ec3636795df3bab9caffeb501c2190270b483a6083dd8db43132244428c3fde848f9be4bb977d9049972234c563bbbda39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_63F40B816FCC2D8AE14321B58D77EB6D
| MD5 | bc1acafb70c473ca6003d1a359643271 |
| SHA1 | 97bfb9c15c3d39c197d89975b8b4c3fb2d334ba5 |
| SHA256 | 057a2b107f746c5c394fbe9cd54f7a6f9f7c520315e50d9c5a102a3ba5132cca |
| SHA512 | e16c68d92915f7da8fdafb4e1429402410440b86bed6979de14335216d6c725dd4c84354504d6de9f70095f2874727c3d012477979edf2ef1bb15d532d648b8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_63F40B816FCC2D8AE14321B58D77EB6D
| MD5 | 5d407170a35fd0d35278be775667f0f0 |
| SHA1 | f51a4ec97130220b3c9f0d8fb083e562472e7102 |
| SHA256 | 27efa25cdf2177b7351bd604bf9fb0a20a77b7bce1dedd792f671cc463e28156 |
| SHA512 | 9d1df7a3a93be8c4b9f1b3e6354ca6c492b612919e06c67b3aa480b19cd27c00fbf070fc5be46accafe918d74554d4466b69ce54ff6b02546de38446d5f26ebc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74550d924e8e611c7d2e3bc653ea5268 |
| SHA1 | eacce784983795575c498a6c4f20fa95104ba18d |
| SHA256 | 46c8f6e43c9b30e0731c5b00038aceb2aa9d9a33db99e369be419dffd7c9328c |
| SHA512 | 28e73547627902eb9398dad6c2a3d4cfc48cb99bd702020ef9a46e4b4c3eeb26aae5ed2c897a66cc17d978b135683e065bc0ecfcefeee6f5c4e2aa70e4106d5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e85ec602b3bda9b8108ca9e11fd0dd2b |
| SHA1 | dc5274458e9a97889130b70965dc10aaf912caf1 |
| SHA256 | ddde719a9ccc3f6c1ddc492b29e5495b5bdae2127ede3a349a26bf3dac78f72f |
| SHA512 | 5f8b03fbcb9db1ae353e873424ec1e62570797feead2c2ac1abe65cfe5c80829a703cc11acfb0fb47ac58a091ab9b86e8b24cc63e4bc1e58c0f7b4caf3f51359 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a53d27776b3fbe9fbac2248362563ea9 |
| SHA1 | d223a6b42fc3ab16d13b03f854af3978cb19e7e9 |
| SHA256 | 4c35a3bf8dd978aae1e2959b97151006714e146c4a11a0fe8f3273080b75269b |
| SHA512 | 5f306b142a369f9b21e3e61cf40f008343fc4df7d4f75c93717ff47a46b973d687c307e0db65f5f6cbd60cc977a88c32eb11cccaa0beb311e7c44c85bea17de7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da09762a9524eec9352571a1664b2809 |
| SHA1 | c0705cc1cb7b78aafae4407c3efc14e1d6a71c52 |
| SHA256 | 44f0b278e8088a0c6c539d6cb03faf930a7faea6d6cbeb0424a88938dfde7d59 |
| SHA512 | 51d23d74cda5433dde1c89992367b4990f2fafd6710c4a63b61677c67b43bb6964a26fdad59e166951dcc0c26ddd83e4c1da2a914f11e9ec77a40031467ad36b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b11d16668147854cae33bea059726787 |
| SHA1 | ca3d7bff890f4c25df8e9ab2ab1497cb218035b7 |
| SHA256 | 033ccc12147eb3f6a0a137184a20f7a797298787603daea49d78f6308b0b2bcb |
| SHA512 | f4ee8609009c690caf4ecb7a86cebe82978346fda49ba0203d475b86e8cda0b41e85e3ae8a7458036745b35da121b68dc524cf100c83c5c63d7b32db8ddc916d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65bf38c489eb3ee701fed75bc401d746 |
| SHA1 | d1f661495e8814a782526b09496c2c815b9688f8 |
| SHA256 | f45bedb8d22208b62fa495e6f084adeecc1082b811be5b611f9348a267d80047 |
| SHA512 | e050ff1a1ee832514ccf9393601bb96df6f7b001a72ae2dfb38390a60821115f1d937bc3371fb6c69c4cfba60652fec2cd0bc94e76e9cf5ddbedfb658bca5178 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1f2208602c539ab5b42c5bd4a916b8d |
| SHA1 | a7731075a3acefab250a0fd9700286e6255238f1 |
| SHA256 | f04696df2d9b401f8be9eec70afb0be1a215c574da36243a0cdf5ca25c4bc6a7 |
| SHA512 | b487ae018507400383439a76d49cf193ee0094ee2d961c35f870f6fb4f026c43bb6b5b13fac4dc1ef4549959ead19bd2746f1394bcaf0b71b05c56bb64f787b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20d9d9137f8241371ac803562220d31d |
| SHA1 | ddda4aee006f1c8519fe3fa2c361fe30503992d8 |
| SHA256 | 356a2a09502e8b69a307472208159bc1ade9e7dba5a2e876136a6b508207a984 |
| SHA512 | 0a2f9f38119081b2eb3198e90fc27f44d98f8d59b812a3bb20d988e710db87b42a240ca541e8e6a87ab379e762a6c4b84c7e1d56d3d32eddc3d8c0ef28d784d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81cffd12fc8de8c3336906203ac39e4b |
| SHA1 | 6821de8ea4067de58e66bd252f74e97a95e46bc3 |
| SHA256 | e42f560692acd203dcb0a5e24c48a8e8b57b6661e2e8b4f4e8f524c923689277 |
| SHA512 | f6a9f454d46c103e430c91230a9736bb390dc1ac0703978ae8a0fb52100f2b18fbb15e4499b269c02ba6f0dc90cd334d5e92a0a9775f50b334e5592480e6efbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 573378bbccf9debc4c2a0d17cf8d1e26 |
| SHA1 | 0cf14aa419113f0b22bfae7e9a1f6f59b1496e91 |
| SHA256 | b26fc7e2432b224f3a171b1db3d4dc856313956947ed78830565eda8840c0e47 |
| SHA512 | 668a0ad9179617b7f44ce0de8acc7f6877e8a453fb5d007200f92577fee4bad4838159a3316295c79f72dba6272a701753d2ef024b189320a2ae9fd637ec2e69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1affd5d29b3285de29cc33886c82bfe8 |
| SHA1 | dbac8470929f0d03c6a1fe553ab92384faef71cb |
| SHA256 | 0782d320abb0c0466c03a2b2cd58bcd581d0a8cbc7452a7c3d0a70232d0c5900 |
| SHA512 | 0e0ec34aa7b347d8c781ff5868e9045f54325ccc47cb19f9eb451ec7fb22dd74f2f7dbfcefb45c4ac6335615775ec1ed8efc28396d861f955829cd4abd23b188 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | f583298589dfd7b14ad4929e97274a63 |
| SHA1 | f8515979058c148e1479083c0dddc52798f37653 |
| SHA256 | 87a00e65ff3d3d57c331901be93cfd1567b016a04e67f3d3b06777d125ba0610 |
| SHA512 | 8684b754660698e03300c01f1a0832215ba342640f4894b7ec720b7fece141758876b794cd77a522280278a8a29445145f53b216e32c7d078d1f82d11b34d970 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 956106596460d4e086e6e2e53bf6bfa0 |
| SHA1 | 08be182dbf22a62a1d4557a56b145809c397ee56 |
| SHA256 | 84c531f48f3faf8546d47e467f5554495bf7d240eb4e493dece7ce2dd02478ab |
| SHA512 | 194d25899f8201c7af57f31ddf11b4268aab9848d642094b69d2813ab78f7b4d176363ce962849d06319ede272978bef3d4454e565ec5da56aa5648b076c8869 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ef969c2d42061785d17abea857c3ba6 |
| SHA1 | ee8c69f8ef227626069f7ff8fd408bab380d2b78 |
| SHA256 | 267fc96a4876cdd990254d53d437a5f7170cec8072e693ff2feb9545adbe78ba |
| SHA512 | 16d2b14691aa79233cfa6641ca3497fcbbfd3928db8137e40542e650a585702f57cf0083349aa487746379c2e32e614adb7d6654e2fd4e24adc1a93a749a7971 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 53861d53f797151240a7b82cbd69e742 |
| SHA1 | cd72cd5e348738e057a6e6334bf144b8517badda |
| SHA256 | 1d1349160e771b8be31141c5fc0360038988cbaefa8a8610f91d6c2529b58f8c |
| SHA512 | b7183564f5097eb764175bc0ee934e63217c5c17bf70fd704391e72c7b4d0f3dfb4c17c9fb53e60fc9fc5c2665627d5f36652cd983b10c2eb744ca320d30fce8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3afc0cae4d504d4d91a93633d3b109d9 |
| SHA1 | 67eb5874a11cd21355e96918933aa9c20344d627 |
| SHA256 | 4a3b67e4d03cb848d1eb0532e5e904dab47107e6a1f7fc2b1bda26d6326d464c |
| SHA512 | f6d5ff930684f199d4ad842bcf9af6dcbdd2e79ff45f0e062df4b1c9b7dd407e44d509e003e1869fe93ed77baedfffa3b19b2c0501ef832ba609532af864ba07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b67a426f0c910f48d7e90dbefcfb2e34 |
| SHA1 | 8da6703ca6b1783221540358cb0b17fab8963bc5 |
| SHA256 | e41b65df0d767afecab0de7b4bb20be5ffde0b10366f916844a54dd8dd1d6a5c |
| SHA512 | 036e4cb97a4e90f6f79e0a2934ab058ace37a019893fe2dd6ab6f8497b94263b31dc75d0d9408edd3917751487b48c6e370c067e86f9b30233d2ad5ef0fb5170 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5072b487c6aa8f5e0e7add698990304 |
| SHA1 | 0e18c57cfe6e7b01f69bfa0bd89878567cb1a6d7 |
| SHA256 | 6badff52cfa49924d6787fb9b39e4ed68a2d1bf2b846ff79822ffe062ecf9303 |
| SHA512 | 1bfdd2059c9b805ea0a6f0778dd8ed0b3bbe6e0156f9e8a7e3da6736d4c8e1c939bc325d8ad4a0aaa7c4e25b7090d5f5b84d55894b65118596ca5f11399674f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4565f3db09719c4c4ba1a34581f344f |
| SHA1 | dae6c43f155b5a527102eac2b46df65d534415d8 |
| SHA256 | 8d64d4b50d910da1538d73cd0d71cdfa54733282d70fb3523fc31661750b77b5 |
| SHA512 | 98a16d029b79a61b9c427ef446ef2f6e2f219d1bf311eb1284656f8cab6be7f29c6c73c6955be25675a64a070d1ad997a221f995898654101a312f0f0d679558 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | bb60c0a256a8e668d5cc7902f516d88c |
| SHA1 | ba47d6c8fc6e9cd121d67ffd421d3b608c4ed3fe |
| SHA256 | c6d2b56d67c739e3f0408af7d9242790a9a3d382017ee56f9a3dc3de783b9a64 |
| SHA512 | ff94ac20df8d1682e7ee418606bbf5446e082dadaf60723df65e89acee8961d5143ff0e763e04ee1524e10c14bdbe699fd51b841924e3b659173c98fd87bf38a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 099a0c3744503217a25efc01d048b3fd |
| SHA1 | 089959d74e38ad017883f1d27076568f4b7935bd |
| SHA256 | 3cf78f54bba8fa3085ebb43c3130bc9a1ff039de3d1e91280a12b48710c0ab72 |
| SHA512 | 44fb7401486a4284378b603452e474c111e1f66b58f2bcf643c399e9b840db79c654ffbc8ea117d493265f06712f25a444d6a8f5fac812657f5b18546d84df59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64eb26342152f2538448b85cf0ca9a54 |
| SHA1 | 5d9bacd93fbea1d2f3b8ac0c38f087884a025d11 |
| SHA256 | d07276604d707e4799d1bf47682b7ed35b4111710e8bf9c8e504ef5683717e26 |
| SHA512 | b387d8891fbbf149c27f534d4df1c713d1c91f5f221efc2e0c57f1e17d1e6ba699bab05ef1969aac985e831edc2c95592bf08dd683e9345e9c3930e5036d0874 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff42e0ed964de61fc5cf7dbd53134aef |
| SHA1 | 53dc81fd1cb536bea8fd74eec1efc6f93aadb2b5 |
| SHA256 | 96eb5f48586b64986cbd002eb8d4a90a944bdd8021d1c6836fe317773e27c19e |
| SHA512 | 38382e265408463ded082916c550be89fc21945bfe80d2359742e14d83e39ca8cc6e392f2edec86191fea88d31eb43aa33e49402b2def619b0fa2dced124d8a4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-01 20:11
Reported
2024-06-01 20:13
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ba244f891f8e13b5aaf3ebddaeb6a37_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f93d46f8,0x7ff8f93d4708,0x7ff8f93d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,12511037854815971566,1376895039858917798,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,12511037854815971566,1376895039858917798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,12511037854815971566,1376895039858917798,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12511037854815971566,1376895039858917798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12511037854815971566,1376895039858917798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,12511037854815971566,1376895039858917798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,12511037854815971566,1376895039858917798,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| GB | 18.245.143.20:443 | static.mackeeper.com | tcp |
| GB | 18.245.143.20:443 | static.mackeeper.com | tcp |
| GB | 18.245.143.20:443 | static.mackeeper.com | tcp |
| GB | 18.245.143.20:443 | static.mackeeper.com | tcp |
| GB | 18.245.143.20:443 | static.mackeeper.com | tcp |
| GB | 18.245.143.20:443 | static.mackeeper.com | tcp |
| GB | 172.217.169.66:445 | www.googleadservices.com | tcp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mackeeperapp.mackeeper.com | udp |
| US | 54.237.18.11:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.237.18.11:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.237.18.11:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.237.18.11:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.237.18.11:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.237.18.11:443 | mackeeperapp.mackeeper.com | tcp |
| GB | 142.250.200.34:139 | www.googleadservices.com | tcp |
| US | 8.8.8.8:53 | 11.18.237.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.kromtech.net | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | 6102726.fls.doubleclick.net | udp |
| GB | 216.58.204.70:443 | 6102726.fls.doubleclick.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 54.237.18.11:443 | mackeeperapp.mackeeper.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | www.clickcease.com | udp |
| GB | 216.58.204.70:443 | 6102726.fls.doubleclick.net | udp |
| GB | 13.224.245.87:445 | static.hotjar.com | tcp |
| GB | 99.86.114.124:443 | www.clickcease.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.114.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 13.224.245.27:445 | static.hotjar.com | tcp |
| GB | 13.224.245.89:445 | static.hotjar.com | tcp |
| GB | 13.224.245.61:445 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| GB | 13.224.245.87:139 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 204.79.197.237:445 | bat.bing.com | tcp |
| US | 13.107.21.237:445 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | 97.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | amplify.outbrain.com | udp |
| GB | 2.21.189.145:445 | amplify.outbrain.com | tcp |
| US | 8.8.8.8:53 | amplify.outbrain.com | udp |
| GB | 2.21.189.145:139 | amplify.outbrain.com | tcp |
| US | 8.8.8.8:53 | cdn.taboola.com | udp |
| US | 151.101.1.44:445 | cdn.taboola.com | tcp |
| US | 151.101.65.44:445 | cdn.taboola.com | tcp |
| US | 151.101.129.44:445 | cdn.taboola.com | tcp |
| US | 151.101.193.44:445 | cdn.taboola.com | tcp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.taboola.com | udp |
| US | 8.8.8.8:53 | mackeeperapp.mackeeper.com | udp |
| US | 3.225.22.167:80 | mackeeperapp.mackeeper.com | tcp |
| US | 8.8.8.8:53 | 167.22.225.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f53207a5ca2ef5c7e976cbb3cb26d870 |
| SHA1 | 49a8cc44f53da77bb3dfb36fc7676ed54675db43 |
| SHA256 | 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23 |
| SHA512 | be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499 |
\??\pipe\LOCAL\crashpad_3216_VLQGIYUNIPTISLDR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae54e9db2e89f2c54da8cc0bfcbd26bd |
| SHA1 | a88af6c673609ecbc51a1a60dfbc8577830d2b5d |
| SHA256 | 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af |
| SHA512 | e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 131b4dc323ac9390a11e5746652deb6c |
| SHA1 | 410890575473896491c3192ec1907c57f49f3c68 |
| SHA256 | 78642eb426e91ece24d4f6da93b8ad9449eb06c802cff1ae13c2f4fb2f8eead8 |
| SHA512 | d922e19eabc9ad5ac4ab3639cc8d7c6b5f08c1ad13c12da821aa7001eecdf4cf5a2de6dbd371881ed27ca91d5f493e774b932d5729a94fc7bfad4376d964f901 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2d6f3f7fe9a2a19a6b9074dee4b7634d |
| SHA1 | daded43db6e374c799a16f8d8dd9edc208cbcd4c |
| SHA256 | 4a5191a7dd6197bce87f662c97e485478027b60688a386910c5549e3ea255c86 |
| SHA512 | 79456162ecfb4ecc92460d61c1293831608c6492a9d1c8029067bd4bd65e578342fcbc2f331ef94a8f111a029715538fcf4845cfee32499fa91b89bf12e99fc4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a80f4894299a007e122052cd0cec4414 |
| SHA1 | 6be0047e004deefe9560292c7ff6c30d9324a22f |
| SHA256 | e59c8d244002704ddf0f23894d8ba35a2d1bf2d557391fd64ee0843d9ae9edff |
| SHA512 | 066ae67feeee3d6d0f7de8262d92745990b2946b76c083480a084dca7b6f37bac9b82a2cb4f9a73ea8e69cfdec016675f10dbe49d2d76998a77320983ea8ecfb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 50556942e55df45736c9990ae25b9440 |
| SHA1 | e4319118d3b1b2d2ea7b104b18b9c3a2ccd21846 |
| SHA256 | 1ea6664640641cb4e794dba1d2ee7b0a6503b8f0702ffee1f67ae638f3e145b3 |
| SHA512 | e4a6d843b3ed19fca84118dafe1d0561ca6937626ea1776bf8fd6ad8d4c7c05870d58f20359867767b9e4f529a3c71c557ef6bbe2cc90adb1659be601fb5d58c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5798d5.TMP
| MD5 | e1ada7b7b994fd97f7371be65fea3a10 |
| SHA1 | 70940ccc4ff78a4a4f3cdba8931e1e35d73d040e |
| SHA256 | ea098ec3e80ba6b2bbeb52a09b385e8a1e54024ab8988b916eca80d27e76075a |
| SHA512 | 43b20fa6674133da9d2ebfff057c411a1b6664e95d173c322ef49dc64d6d618f7b0daab9f9fc3260afb248cde63cfa3003dd3d11ef7c27e448ff13798a2ed797 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e074ccb23fa8ae4dfd7da8b5fdcebc1c |
| SHA1 | cc7c46fe781824ac85d82a7e84f437b745bae796 |
| SHA256 | 5430deb3c154546cd2c5e0a3b0d5683354f925a0bdfa879f3a0d8e1f3b95927a |
| SHA512 | f8ad6e5ab0efa9945df010ec9290ba50a3a9c1d2a09d62172865f16d6f19b7aac9a0fc4ed3551f7aec3e3aef8d72b00978ad5a0c293427c8f807c0530e7689b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c3cbd5316a6f93eda446561f8c589680 |
| SHA1 | d649871be17bdfaf8bd2bf9a86a765a81a3a1537 |
| SHA256 | ed7f433b1c3ec8848814544caffc4d029949b29a3e94ee22173ab9db6a36c557 |
| SHA512 | fa8f80847ab9bcd370217db1019175b5f4b1a4a9c8f721c72ef16f8d362df73ca8ff02da7c7acafb0563136abcde477c5b81a8521ea9cc55c9f2d7019e8acb12 |