Analysis Overview
SHA256
43a55dbeaa6734fe20bb8a7d9a0520176f000347d90c417ef5a8b9d297add732
Threat Level: No (potentially) malicious behavior was detected
The file 91767d93ad551213272940d40a5e3aad_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 10:34
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 10:34
Reported
2024-06-03 10:37
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91767d93ad551213272940d40a5e3aad_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd711f46f8,0x7ffd711f4708,0x7ffd711f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,1046354263336101804,14607049753955921199,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1892 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,1046354263336101804,14607049753955921199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,1046354263336101804,14607049753955921199,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1046354263336101804,14607049753955921199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1046354263336101804,14607049753955921199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1046354263336101804,14607049753955921199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1046354263336101804,14607049753955921199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,1046354263336101804,14607049753955921199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,1046354263336101804,14607049753955921199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1046354263336101804,14607049753955921199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1046354263336101804,14607049753955921199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1046354263336101804,14607049753955921199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1046354263336101804,14607049753955921199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,1046354263336101804,14607049753955921199,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1360 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x1.scdn24.com | udp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| FR | 199.232.168.84:445 | assets.pinterest.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| GB | 199.232.56.84:139 | assets.pinterest.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | profile.scdn24.com | udp |
| US | 8.8.8.8:53 | www1.xmediaserve.com | udp |
| US | 50.28.32.8:445 | www1.xmediaserve.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | afiliapub.com | udp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 69.167.174.99:445 | afiliapub.com | tcp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www1.xmediaserve.com | udp |
| US | 50.28.32.8:139 | www1.xmediaserve.com | tcp |
| US | 8.8.8.8:53 | afiliapub.com | udp |
| GB | 172.217.169.34:445 | www.googleadservices.com | tcp |
| GB | 216.58.201.98:139 | www.googleadservices.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x1.scdn24.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | i.k-analytix.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 172.67.180.67:443 | i.k-analytix.com | tcp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.136:443 | syndication.twitter.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 216.58.213.14:445 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | i.konduto.com | udp |
| US | 34.210.242.237:80 | i.konduto.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.14:139 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 237.242.210.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | profile.scdn24.com | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_4272_DHEVJFGQQHCNMXPE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d99cea5d-c81c-4689-97c5-cb4a674863a4.tmp
| MD5 | 35e71a8c3da02922b778e985c88f2ea9 |
| SHA1 | c09e84e10808ecefa7ada77f0d1a5089b208a029 |
| SHA256 | 20d46ac9e4649d032d736a521e68f0d9e55c4f273616bbe86a48a891c0582b74 |
| SHA512 | 8016efda1039a45905bd47f78dcf5ee42e1fb99b6d76163aa3753adfa5a3f30b6f8c060a57b7ae1fe9a36b421cccca59317474ef84723603dfcfb4fcef836a5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 11fafec59b7f34ebdf33ca1ee2b8cf4e |
| SHA1 | 9c373ce34f2ece8a9374aedf5a5d04f5a1d22c5d |
| SHA256 | 36d0fcb20abb6f75220eb2762a8d6268844b997ca535464419483ae3a0337bee |
| SHA512 | 90c60e58655a8698e54254878ec6ce337a7491fa479f95a98f47afd001ec92db0b2e1927aeebf217abe26b33a8cccd025e02bdc03a16688dc50916a463c4e7ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 18bb06cd8dbfbb4776c031bc4921f965 |
| SHA1 | ec0ddc3f3e0f8053a02340deb02937a9ca2791fe |
| SHA256 | 589106fc7555a0d679ae129077cb00b79c5cc31cb8db020370a52cbdff8f420d |
| SHA512 | 7617c6e210930eb9288a669470cea6053e4d50ef7e43a51eb01fc8c08a78fd8326366ad0ff7ef54b425d5cb2cb89911578e9de1318fd0e49629c66963d9001c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c319d4b6f1c31ce1def09cba93a578dc |
| SHA1 | b1cd45c565ecdc7b1ed1bbff5ffb9e82228c6f8a |
| SHA256 | 51e9e135725c74d1bc1673579a48ab2e69ffc93be6ac78e39c8fbd1aae9c53e7 |
| SHA512 | d5aab467ef623503a7259e6778ae70b8eee7e18aec8d65a35139e35314f8f57de3fd70b580474eaf83c5129d212860ebcaf2663786dca6c90936d405f36c8ed0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 12b7137557d6b0ca9b75317e2d2a91c5 |
| SHA1 | 1e61d025fcb6bc27fd40f21e12d9c7082d2fcb11 |
| SHA256 | 8b047e25d7be2dd923f7b91352985a1270d8a24440950e20ed7cfe26e5d15dcb |
| SHA512 | d3d3b9bf43af9b598d8651f3524562e9be2360ccad561367a3df31dfbcf0f953f8223a109a81ddd12d4ea57e2da8a6ea5a187f946b95436503ceb9c9e6ca11a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | e1c71f7c04be834f5587230db2ad24b3 |
| SHA1 | f3bab9cb99d9f343bf7ed3981aaa7450515d2424 |
| SHA256 | 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899 |
| SHA512 | 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f65c4a20905505baf6c1de21d362fdfd |
| SHA1 | 5b7e91924b730a4a8fede4f1c1eaf4fcc73cfa05 |
| SHA256 | c835ca07874bf1137b54703c667bf9ce06a4326eb9c1480d0327eac3dace228c |
| SHA512 | aab386d08e1340b76dfd3fa9cae358481186cc9b2d374ad664a456e31e56bb73bbf8cc43fe99fc54c079ad5d0b5169113a1738b93e9e8ea71d223096d5e41d2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 83345f1032b28ed697c5e0fb2f852a03 |
| SHA1 | 24f469d544d71563869d4c79ad2268be6158ec47 |
| SHA256 | f3ebfb65e54466992b928686212277d13ab45d28ffdabebffc62d8c371d034ac |
| SHA512 | ece788e44a027e7459c0a6aad094978c4cdb693cac57ee244007a41220431a135ff1202858ea63ab48233507bb8d91b91550d969a6f3925b9abdd22926f82da5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cfa98385b749f142b4faeaf2fe0c609e |
| SHA1 | 46a98805deea61d5a159e0fa34c373071d9302e4 |
| SHA256 | 3c3a8245d06f776ad6cc767e4cc6320375ca5a2cbb28bf615c2e38a3d85ddcbb |
| SHA512 | ac6ad7b29e08050794b815eb7cfb428a870727d4e271c01779786979a806547c3b2e8197d7cddcb6ec2a068125efd51d71e2f962c21cf882750b033a247434c3 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 10:34
Reported
2024-06-03 10:36
Platform
win7-20240508-en
Max time kernel
123s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a07497aca1b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000153d3209a92f10f2b8af82a080c3389167e11f0024db1493b18c0f6431ecebc2000000000e8000000002000020000000f42db4ab9fe97b25b182e8fea71aa8c67166d47e77d7cffab4c2de62b2362a9920000000f9e85008082766087fc5d211e1b0c3f8626e01027a0af5ea59a2af2758c5fa34400000009d1d62a9c59111348f4aeaaf0beae0823663d7b57575f6bbd5be6418640d7138a151e7e7675164295559efb445e7e54a35b9933d16e0b2647ea0f6d9c18a9620 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423572730" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D7ED24B1-2194-11EF-BB21-6AD47596CE83} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000094427c4125b7296b8b01250b557f063c707582864d4d1e73f7124b31b90cb47000000000e800000000200002000000024239b16c7b74a38e7df2fd1349a597aef542f841bc5b7a0232a3b52cc9d7ce8900000007e21ff61bbfae4f3cb43dc6086b4cd39ce007b0b968f09a11a771661e803e45f0de87f279001a6db59dd919cbd14e6820b06335e76844943b222604b95b73e64dcb8ff422dc9751e3f1abfa4646112ba64d0cd367ad3619e26af34058060f9d6d1beb35352092c72cfcdc49a1e61044cde9b778fae37be3e57b19f58e9bfad750e740cecdf6ebf647ed99cb97040cf21400000007d0ad5fc68b4db39f5ce7d7f64b95aaa2258e88abf70fa206efb36c2502e39ce488bcbbd2ef3b3a2ce4f09e74bb7fff73c143a11933748e37dcdb4db73173cb9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1700 wrote to memory of 1228 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1700 wrote to memory of 1228 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1700 wrote to memory of 1228 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1700 wrote to memory of 1228 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91767d93ad551213272940d40a5e3aad_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1700 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 199.232.56.157:443 | platform.twitter.com | tcp |
| GB | 199.232.56.157:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | i.k-analytix.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 172.67.180.67:443 | i.k-analytix.com | tcp |
| US | 172.67.180.67:443 | i.k-analytix.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 199.232.56.157:443 | platform.twitter.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1C95.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51ea94d04b5b6a74cd6a4a325292715f |
| SHA1 | 2715497a5e496033c9a7b741dbaa7bd4e62e9c05 |
| SHA256 | 10389805784deb41f4ce3e35722e53d47e5e8974b17bfa89166db77c64ffc25f |
| SHA512 | 37781ffc288561e301f53828da9832741e27b6fd54277fd3617cfe57ff70bd1999346fdc27aa933fa9946d97a9acb2a837ca7bdf756b7ac54bab0718534c15ff |
C:\Users\Admin\AppData\Local\Temp\Cab1D45.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 1cb6b2f05812597641b0a1e4eaf91f0e |
| SHA1 | 430562379120c6034058411662aeed8aa6a17145 |
| SHA256 | afc7e18a10af9bd9918a1ef003526c97cfc776487b7aa2a1cb9810079e838af9 |
| SHA512 | d1468611e550a90f718307e198cafbd513d76e483834dd8942a2dd42b1da4dd42d0fe2b9d870b7c94786d4410e4dbf2be8705caec6690777a868c41f6940b189 |
C:\Users\Admin\AppData\Local\Temp\Tar1D88.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44f56f3fa20c061ea119b51a7259cd4e |
| SHA1 | ca42538f88b9c4a56ee111fc561e29ebc1dfa268 |
| SHA256 | 5e8b5f9bd4a787bdd341f04760fc740950c5168d7e0fb933aaee6b58e23801cf |
| SHA512 | 0b3f69c056d085df2b6e5ab192b3cfceedb7ea7fdbd2212c4582cfd20888249a9fd737331ea50349a72094fccde295a5521379632bf5d8b5b4cb51a86742604b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e9ff9fb8a76d54cea4d6fd861a562ba |
| SHA1 | aee7ac3ee3230f2e8ce7bb74647190c2e450796c |
| SHA256 | fb7f83daee4445ff0ed2dfff1ab0b495957b9a841e9c432af1547d6f4c14d07a |
| SHA512 | 91fbacb0e7535c336136a508ab88c03d83980c64a4e8a0de02378118669f4a8463de83117087fd067c1a0b06b5afcf9ec3e2cf8f8feae5eedfde2dfe6ea1335e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc0b577e8098b911a272d6d8b8fc42f5 |
| SHA1 | fe77363f28e8f7d6eb202f852f79a46c9cd9bee4 |
| SHA256 | 0dadf9d157abfc083523adccda88b6eb7df5ddf658bd104907d24337b0179796 |
| SHA512 | 05cab5b6eb881756add72f5bcc6cd21550c9ee823e6791102676024e73aacf7adfca26dc0428213472729053787ab4c4e06d0ca45f4396a34699587285193ba8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a14170ee143aee43077b98d4f97eb93 |
| SHA1 | 4cca5a6023a4548fd2253d821e3c7c7b0e6ff11d |
| SHA256 | 31103a90cb8eaaf90200d6b62b6f41df112efda1370315d09f7ea6e613aa757d |
| SHA512 | 076daa99011bcddc0becd2f904625bc69bf82b1d370799478dc048847159c5f207e33a7c3f3c3a0bfe5f2fa423d88a746f7aaec9c21738e46e5fbe423ca6e71e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e61ad90fe0517a3281e7283e8dbab7d9 |
| SHA1 | 8ce996803b0866c8aca78a15b21f66311bcbaf67 |
| SHA256 | 572b983df78399a89de7cee699c89c4e069f64674d0f8a6d565153dd5226a486 |
| SHA512 | 3df99fd7e76937c580de3e6bd0aa2970c9506a9d52d73816e0764db9221597b30889c54a1ffc795f334482657fad656c62024d233c41b6f4403fb6e1770044c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddc45d2435ab851e42fe71dcd01c746d |
| SHA1 | 2d929db4425e2d95139cd04fc254849cb0438802 |
| SHA256 | 2481fd9ac7c739572b077e2921045a20277468d56c3b87b7490e903728b607ef |
| SHA512 | 9859e94c8fe8f1430752e69457cb76f7acf0f133833c15ea538c18f298bde93e42146289bd46282943f011187ebf0a0eb229e13c9afe72996e0e5100b314629b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89bc85e3be3b76c7cea71cde86fdfb1d |
| SHA1 | 0f193c621d246f31b930d48f48e5b579ac96e2a2 |
| SHA256 | 7a4b5541807b71d61dfa861dcee06d130325afa3c7eeca6d42c978d4ca348e19 |
| SHA512 | 148b172984c8404d1b988c1347a58288a74354add084baf9fd63ea66a2d85a93f7314718734876c6a5504e777b8dec170fe974438edf5c56a759dab484002816 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fcac64da100efcb7accb6cb6a0abf810 |
| SHA1 | 3b6954f7f97756e1a2b4a309f94836f6d45489ff |
| SHA256 | 8cdb7ae1b50e17e58f4712d9e85da493e97be62172b469a486641b90ab585a88 |
| SHA512 | 950a6d01e4c4347b155fe247d84222acc93b7fb65efcbe3fe70db5d11ed9d5181041a118a06a1c7b4944d27be6b32f2aeac7df6abaa9399c1c1e07141d778049 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46d744834c512fcd8eee3cbf06ed9c63 |
| SHA1 | d6bbbaee3c02ca64cd6c4c8c32a28497cad2115a |
| SHA256 | 684f52229dc3d968b61e45d987019e8cb4c4617f7a66e72021fe398667311355 |
| SHA512 | 120f30c932f28a4948e6071a15a352a1cf221b1f4ec2bc2815fed6e78856f7061ee68837abfa65ebacc22def1aaf7f1b8687a2deee7ae058c07b9d931b77385d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\cb=gapi[1].js
| MD5 | 0fe383a7ddb9bbaefc3105b3297f5583 |
| SHA1 | f80c9d789f251909c7560bd91a9e1b9a10c26362 |
| SHA256 | d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683 |
| SHA512 | 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b45ae28e5defbb5496088015c5a78f74 |
| SHA1 | af75e53b5757031bf0b336b3043b04daa3b59dc7 |
| SHA256 | 028a507c23c18296710ab84748317960ebe0824885eeb3d950163ca8bd7314ce |
| SHA512 | ce0dd789e2a49458633f6c26a96c0823176c38d116ac084341adec8457ece863d182e5d9ed1ec1616e6bcce996bf6bb57c5e349acab3d5f44542aeeb44afeeaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81c802e31b725028ba2fc98ced11b48a |
| SHA1 | fa7b9983ab98eddb689645928eda7bac47bf8f64 |
| SHA256 | 8201fca5c9317724f7b0fa208dd3fb797ed5258fc44e3b59d45345a6b99b5691 |
| SHA512 | af69138aa7839e3f4df611470f4dca46ed966ee8adae0b5d8a2a2f87ea335b18aee2fd22bde71d470dd9b042c78a17a8401839209bf5a8b5c7ec13e788c2c93f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cb7c24f9b79cee0b45022fae37e2c90 |
| SHA1 | 88d597050605b6b93364599011f4d92bb8a062bc |
| SHA256 | 538462cb615005fe12e8f05337bad66c889dad1b7430144fd373c03828ccab20 |
| SHA512 | 8e8e433c27d4e1b9663d30846546b830c3c4664e4ca59101b595e54148a3ac76c2da82b0d0f921373586534e76e349028ae5a70b13a773e0d980df9ff603405a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d60a427168880a5b659ec89ce018348c |
| SHA1 | 513b3aaa97e24f15b30aa474a876247caa9c85a9 |
| SHA256 | 9ac7f8918e39b2a061d11ece39327b89c1305d80b8203793766b7f7ceca812a1 |
| SHA512 | 8197f453ffcb89e56371408455e8d568e6ef99713539aa1f9ea1eecb2cef48913fbfe03a32a081c4e04f232e4df168b23f5f8403ef26d89693e64c18e5568c20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae6243f0f464fd8f5e462e0f0e488463 |
| SHA1 | 0374c0a223b56ff39ccc3592f62a6bdca54e3b6c |
| SHA256 | b29845513142898f0105acac24eaddc856c040ffc3c63eef53f821667090305e |
| SHA512 | 157ca1ee7b4f4f77190614ea23880ab99b9cab522bc24a806279213b4ed567a0c3f3bb7ecc6355c94f2e2636ad02bdecd6a2d75cbd533dea1752f5fd543bef06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25ccba516abee83b82b2f2a3e5411640 |
| SHA1 | 4caad53e35d082cc3e2338df90344bd9d20796a1 |
| SHA256 | da32e9402f79221cefcbf00e4093f6f88a8ad9a72379a27c439c7788df4669f5 |
| SHA512 | fe8f0c80d4ce69ad17a6b3fc08a54e5f71040ce12c8141790fa8f294583b2adabe015368a81f8f861ebfd66645c9957dfb98654ad5bda122df850964d800b97a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 271d272b8be2763731e93035d3d943c5 |
| SHA1 | ac157560914ef134e11e7fb4785d0458100bffdd |
| SHA256 | e3767c1e51b6ffff6b1bad29ac5ecafb38793246486ee207702549a11a08c978 |
| SHA512 | ae98d0b77f17cbe53b80921ef330e3adceb44d0600e7f9269533c8961295d9c7fcc8ab978a3f364ef9b1fbd51194e997d41c7a06381cc6b8013c25f6a5c48881 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24144af90ff12f8c9bd62eee16ec61a1 |
| SHA1 | fecfe4ad2df4836eb01154549cdebc17997e7310 |
| SHA256 | 35b3d0b8e92f273f5ff71dfbae688717e3bcf6b20b662b5ec2639df5b5ccc040 |
| SHA512 | 762bf69c3510b906dc2df94b778e6266aee218c7b8ab23a4a76d5bda39cf0ab2d762e87bd30870a0f8b5c1dd42315925894e82f43633bcea7d9f69156d897e39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40170afe67eb5ee3ce478583d6b7516e |
| SHA1 | e754658f84eebf3f678a8aacb915270837e36faf |
| SHA256 | d87bac3a5df2fdadfdf3abc70dde006e916dd50bf643094a37abd7f8b3dc891b |
| SHA512 | ed7474f8fd6364055b8036394041d54db4a4e93fa3e1913c2fe2e3979f64e86fc61cda7ea77670447d961a50707811bc15dd796a3011fe137112cab1b7037593 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 819e57bc0a4a7ecf489e3aeae3ab9316 |
| SHA1 | 77777552509a5afa24a0677813a0eb9b086dec4b |
| SHA256 | 6b0e0d0489a05d7a005c77fdcd23c60ae2858928f7057b2085db972ba39ede02 |
| SHA512 | eb588b5f6380a5ee5afa528cd50dcd9a1d7932580c5a58baeb1be075c407f0fbbe3bd1c2cf938e39cba491adefda12c162e2e59db6a01ef54da78f70833c4823 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0569f0aea1eb0db42e73a58a25b3bb9 |
| SHA1 | 7e6fc046705420ec4836c574d3aa38b68c0069e0 |
| SHA256 | 39d62919bbe0690ffafc8fb7343898c5de1a8cf0c16c6dc27cd86990feece9c8 |
| SHA512 | 664db817307b8d0b36c9e7a0bfa9e1531c13cbcd73f8ed29a9c4faf46517d19d8fd816049e385bed845be025c45e97148c24cedc272cf4afe93dc41a30308288 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 096f39a3244c8f9278c06c7803176266 |
| SHA1 | 0d3de4f3483f0d69067868c075d48be488e0f4fe |
| SHA256 | a3b79ce901ed6863b4ba199985550b16375690994cd698c52572b9047dd21a6d |
| SHA512 | 7100b971d2d67adbe6f30eb54abb2ddb352e406ff25c259df53f5c56af17b0f6b7eff53d0a725b4e7d1185ed6e4b6638a3aab42601243a411cb1a4845ae274cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c1c3397e0dda458b33495668b369bde |
| SHA1 | 163a466c6978a7815405fde0bda1f7058bbaed4f |
| SHA256 | b65e0187029f67840f0af1c7c71a63fb9ddabc9e7d774863651b129ab8c15c0d |
| SHA512 | f649cba646130be855a6534e915b52e212724c1edacd3f34a93e4d998b7a52d9ca310b0306af99e09650e1c26f3787783d8d3e13abfb566e15982d2b7117e4f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab1fa1ed8ef21b7fcddacea72e5f3dce |
| SHA1 | 28f26ae1250a5e8ca1afd8b1408a5394ed4fd496 |
| SHA256 | a6da8a2491092be4e3408959023102fc23d4e07c4afdbdb4d94ab3d597618ebd |
| SHA512 | afa253f9f07cba583e6324631fcdeec6fd478e6cac8ed0c116f7aa0a6515d2fc2b6fbb264fd839445e183313f702eff4618e8d08adfdeee0c0ca520a8929e84b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b8c46cf0c098bf5bb42a72a888a4a58 |
| SHA1 | 0e83d4bf7fa36d35e7509e4730fdc6e409eb757a |
| SHA256 | a8650180ef4153f2963c4871984a2b1575436f127fa7bb12cc9000f15eb33a02 |
| SHA512 | 2896b626cebdd84abbd082915783c4179da109fe26b5f2186042dd422096704e66910ce857476b6527e93421f605c88af8a7dafc8435e7a53f034d189db4a6e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edb1a82fb3b7dbe9215ddddc426c7f5e |
| SHA1 | 2c92013c8c3f83f184d904e9e464b0bbe470df83 |
| SHA256 | 95c163c756ac4de04edc5d0779103ece5e4c4538c1c8a59a9f2789eb95c3043c |
| SHA512 | 83b7573d6657f3ce139b1beb9bbf87414f4dbf064a96efa89918e6427e1c8a70b7ab9e536ea8fa40196d9407a2f06047aac116ac6a624a9f441f5351b63078ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d2511beb60f569393068ddd2c6863c2 |
| SHA1 | 7651e0d4b7d838450b52ba20c60ea728ea088f35 |
| SHA256 | 8f2781b0cfb63faef55ec046e7488536d08c87d9c7a5a62f11bd31daee6e22fe |
| SHA512 | ae0b0a6810a7240a76e370900cde0aab97856d6a964931de71364d0c4f4803f3118c212b079634f57d0c2c2d0915320424f34366541aa6e3a6d635086906d9ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aadea3a5a6aa9681e66801fe8aa1874c |
| SHA1 | 472d98af57a658958362617d9c53ae9b1aae2473 |
| SHA256 | c8bed1123f1af401e6e31421410c616642721d5ed9ee69c1704284bf3d8aeea2 |
| SHA512 | d57f8efe4494185186d6029249503153980c362828795a04660b8e773f24478e872ac7129bb42a003f27efb983aa69f7a6db7905e88dab34c95c0beb44310391 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4aa7a5df3cd25fc6e6c33b354d044d15 |
| SHA1 | 3210f9e94b441362e52f4fc59e0640e74c14be2f |
| SHA256 | dcad0f67f8e5541292d973151ea79c90e75caf6780cb1d5af6178130040321ee |
| SHA512 | 5445936436a6ca962682c778129ec1a3f99bf517f436bf6862e958a3dac6c2fa16199084ea4faa39e0da28fa54d2ffdbef20c92e2f640e6444ce738ffacecc77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e48ecf657127a66556d4b8068d02573a |
| SHA1 | 011db8646f66b297e8de0947e247671704ac538a |
| SHA256 | ccdc95ca0c4ef57405887cf28e5fd237658b8304846fcad7ada1af553ab96382 |
| SHA512 | 0c572ad05ea68646f6c93e91410ad68bcc0e608ddb0d43b59e7b4d001d5090140c91a89912182b9318040f6e21209a439f75b6a959c89315f17a41dca30fe2f8 |