Analysis Overview
SHA256
e82ece11caf0859ec19df7ff64b9cf8c380b38babc49b80c2241e911af348af3
Threat Level: No (potentially) malicious behavior was detected
The file 91dd698a60e24fe8eabc02a6a36557a7_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 12:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 12:56
Reported
2024-06-03 12:58
Platform
win7-20240508-en
Max time kernel
119s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000000ca4718f98e2bce61846aacc43e92d2197c9d3e3348b0cbc1d2cede20f6103fd000000000e8000000002000020000000b5eeca78bd358c9f6feea9ac1549ab48c3bc69ebdc84cb24bb8cbf70967ddeae90000000a94234348004d2e5f7fb27bbf2b899d0d34d1eaee850057ec1966e8c1ffa9c6aad66e8986c5bc6c58cff7e3498c4c0e09bd0633dad77dc9128903c609d1c1e0951d772b6fc4e15867504c8cebf2bd6f8023b082e62177e84718a7e48aa70e43a51b670f7069f1376d47798b2e564d1029b3873f21d2a73e254bd54c939253ac18c90ea7b0fb26064509579bd6afdfa764000000096dd60366be3cc09d70491b0b5234a7ea534dae44527b52e51db89406419f81b5d050c672e24a4e9636e892fa6a23a55a3cfcb5ad02a847b1d36bc956a25ff7c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000b44149fc9b9603bdca4ac680f9f74523d9bf8320491e98bf7b54b02fbfe2565b000000000e80000000020000200000005364c2ffefb8ea63a57c97a3c739128d9f8193b3319dbad9500620ebb1b0b5cd2000000096f73007631b7b32049932ae917cf44d9de3764d27ebeec43fb03f2102faa1ea40000000747cd37cead2dd4900a0e64d0665c930a773c1b8b96ca339aec78fa71c80efbf8e574dea12678deabe690f1815c00208c43b6162bfddc4d6f7ae600a49b640fe | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ADA92321-21A8-11EF-A5E3-DA219DA76A91} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0a39383b5b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581250" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1748 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1748 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1748 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1748 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91dd698a60e24fe8eabc02a6a36557a7_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1748 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | afeld.github.io | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.204.74:443 | ajax.googleapis.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.1.229:80 | cdn.jsdelivr.net | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.1.229:80 | cdn.jsdelivr.net | tcp |
| US | 185.199.108.153:443 | afeld.github.io | tcp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 185.199.108.153:443 | afeld.github.io | tcp |
| GB | 216.58.204.74:443 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 185.199.108.153:443 | afeld.github.io | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | zotsell.com | udp |
| DE | 207.154.196.225:443 | zotsell.com | tcp |
| DE | 207.154.196.225:443 | zotsell.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1190.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar11A2.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 13ed5e0369cedc64c8437eb9a493a981 |
| SHA1 | 880053c91809fef7b2a3d688143f554d5a05c0bd |
| SHA256 | 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454 |
| SHA512 | 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d42db332f71b8ac44bdea1ca4b30815a |
| SHA1 | b0403309d2493b545a57a2b5fc271b4962d7e2ce |
| SHA256 | 4fc186308491c1438a8ae2745394a1197024b9c8312495e0ed8ae73bfbdc387e |
| SHA512 | 62b9431ada16b06a99f1c3fcee6b6c6c84e87c9f5e0faf199ea9916e54233a614310dba3d07c0e9629348c70bdd8afa823990db1a29a41092500e8a3d5a402e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | cae3588ca1583fbca5a5c647a21cae5d |
| SHA1 | 25441408434a8ac330ac6cec3b9766e10a5d773c |
| SHA256 | a15489fa10e471d93fba08c7df137fab7021f781227a33ff77d0ca774472bf3e |
| SHA512 | 42db6785a02f97aed47ebd1b441515a05da1f6656c5766d2283d90acbc0012010162facb3f0af82945ae18c87307a42d9b9c97ff63eb092cdacc864845664e3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | b2e8be365d17e4fb0bbf2090a5fd06f9 |
| SHA1 | 8870af8767d33d814b6588a3c97afbc670015be6 |
| SHA256 | be9670f50a38349909126e6cd6e4e62bd0349a927579128aaef2a26c2077c131 |
| SHA512 | 94d9ec9a8a4c241feca8be4f665eff096d25b65644dd8ba86c9875fd2aefac43758d58d83c54abfc8571a1197e62168f0b0c9120fdfe1b5abed49e6bfa02e5b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1256.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad3a0e1d4ccfc6cf47e53a9199bed138 |
| SHA1 | 0616297f522cf0213cbf1e77b3a700538b1b5696 |
| SHA256 | 221a570a46d8500e7cadf5d24c18cd783b188680150169d45153d4184a3a50c1 |
| SHA512 | 1de8621eae2ff887b7a950933c889cb47b6e7570b848285973aec48cc87e7123f44032f804cd144e0437858951c8d5ccb68a75af5b1ab6c9780b5847a16a7375 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1
| MD5 | 259ef48f68dc0da5e37410a50a5a1cbc |
| SHA1 | 6745631f2767256440499b57cc04c960044d5fb8 |
| SHA256 | 3f402ea4d9762e49d0f43408f40c3ec51ee95c34cc9dec2fdbe00fa62ac52d3d |
| SHA512 | bd846ac87e32af8db368e0321ee4c59bfe0f9b0756ffdeabc7e18cbbe397022d683809e730f8757e8d4531e050e3ad60b805d667b3340717cb9cb6e1d846d730 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2e7f7cc3f139e5c304bb7861df0bc50 |
| SHA1 | 5fc3d8215e393af3f41abd9e7bc4802930af356e |
| SHA256 | 7e84f094d79cedcc8b970d02ab37f861c782082da7967ba35efa22c2bef00eb8 |
| SHA512 | 8f46b93750a0800f6e5896369c601f0a55d9b8065a7245419cda345920e23e37ed577e12230328e6700ae3a6396a9640efbecec24cd11db79fd723d3b3fe4452 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_798B036C05F381321FD6C3F00885C62F
| MD5 | 6608804d996e2f64c48e96c3f4738928 |
| SHA1 | 04b62b221f8bea13f4a910a8bc905a85467bd007 |
| SHA256 | 44949d6ea59e35f84a9a9c4c99a07a4e97f96734392f6f11ae4a1cb018c4cf03 |
| SHA512 | 809df8f8fbbd851512eada9976b2bd6b7c74b0bc3dc39ebbadffd5c11f47cd78720c2fb1068ee883b22eb2b56ef8639a886ea49e24d187c0ab8e2ec136e309b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1
| MD5 | 3cbd995f8bc61a3669d6dccec2391d8a |
| SHA1 | 39e5903bb99f1d045f6b0c2429b43ea8e2d551da |
| SHA256 | d302d7266945490d5d06e91e1c2557830688004c572f39343357dfd57ada50e5 |
| SHA512 | 6335e0e9db04d46564a47818a02c3ed714ee705dbc70ecadf252f2813ef62ed14bf739ea545d69e3214d21600a2d9257013545ab3bd7eeba17fe1fb07b2a22ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bb771d398a93a963a102a6155b03075 |
| SHA1 | 66848ae0e10a94bad907d986574b5f9c6e442c8c |
| SHA256 | 9b3a51cf041da6dd92f32877b621d172a66437c52480771dc09074bc4a69a477 |
| SHA512 | 5330749e1069a6ef8cc4073115d77919d1411bc451ebdd3f7a43ed31f9129534e4dbfbc1793e32d10bffb838b184eb2f6fa21d95e6e87c8712aa3e76f8bfdd33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | a390956de7da6865d319ab7de33182a3 |
| SHA1 | ec5645ad24a551c8e308c577fc83d155090a2a48 |
| SHA256 | a156365095ff729a263fd4b2798b988961dad2e8b2f6d101561e2d547cf31c77 |
| SHA512 | 341e91f6ba4b8025ea8f8838f899396bfeea4aedb7aae59b63d1d848abcd9758cdb063efcb8a3ce4cb4565281a22453e1b8ab3feade92266d3680cff217f7882 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | c5dfb849ca051355ee2dba1ac33eb028 |
| SHA1 | d69b561148f01c77c54578c10926df5b856976ad |
| SHA256 | cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b |
| SHA512 | 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 475418e21c14af9b9340d671bbd2c0e8 |
| SHA1 | 63a4113d3beebe1dbfd25cf10cf9ce64dabdc92d |
| SHA256 | abffb6db0c5cabb8c4d4a192aa7ae4d4db7fd46eef75df26ff728b5004479020 |
| SHA512 | 0aaab7036f8d99ec672dcf99d9a20829c420476270839bbcd54c5ed4cbebe01e5b24d5fe331e457fecae241d0ad7ab708e4b8bfc2522ee06796f606dcc280d4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d74b689026b6543f8f7c4260f0137b6e |
| SHA1 | 7a9bb691dd9972a645aadabcd221f5ec21e1d9c5 |
| SHA256 | b873b6fd01ea6dfb0b9f4ffbad8a35a1264e9664671521cbd395cbf0b52a778d |
| SHA512 | c74d66bb8b008647cbd6f87593cbf30b4ee2c9796cc9a2e462419843d02dfc6aeb904e6fb0565eb2c771b5cebea440ae6664d12a6e682200a48c3bb692b126c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4ba08593bd735aa18e0b4ac5b914e61 |
| SHA1 | 221b3090120b121e2fc338591671fcf4b1ac2522 |
| SHA256 | 8d50696dc54bb1ac91d2722535fab3f7596305711c5ac3da46737cd662c6b197 |
| SHA512 | 9eca7fa8bb20ff970a22e6b38a7e5131c00bac433fa17b46fa0a06561bf727b0ea17a15b538d7028aa136e2419e496925f222a11c6527acee52028bd6f953a79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66d1857f769510901b6cd68b1736f4c6 |
| SHA1 | b26f5794f0b8140a6695ca54f2b7a69da4a8a59b |
| SHA256 | 1098597c1b7a0137e0e157bff91238d0911fe140a812a00cc6bf549645a3e834 |
| SHA512 | 88e0c4535660c193e5dcd84451943f821427362d158c9a4895250c613c67ab42f48c3b4f85f91e55ab5adaa3bc5da338b8e54140b07841d8e9cb5c5df866c3bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6f8c5b4d68ed7aaae70d831fe010099 |
| SHA1 | ad28c663f879ef1aea421656879c9cc56bab9736 |
| SHA256 | ea4b1c42fa0a5d27f3d4e2e02d8e5fc041143185c4ef2e7cce465ccd0a8c3548 |
| SHA512 | 3d7da7290dc8d5e5c9b1c1e4ef2f95959f4fab0a1404720a8954a8bb566c6ebaef254283481e1d472503c4bac847733e8679508b22db48415edb2bfbe1fe26c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4044c7ba165f27a942a7b3cf10afbfe |
| SHA1 | f73a875208ff57756297e78e80b64188b11e55f4 |
| SHA256 | c7c8346d84a0c6fca8bb47a63aba10e642f89fdbee13f314285e1b3acfd2e125 |
| SHA512 | b3fd24e3c6e25fc232dd31a0a7070acb4e6d2ac7b386b84fdfc683e279a7ac37bd68803b05eddc04746c6ffd93aa1bc6132e81bc8fbf6678803d6ffa5111fff3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae83d351122d4ffe850587000e3ef146 |
| SHA1 | 4c0481891708d215ec5de4590b0a2219c6dbe891 |
| SHA256 | cfb53415bf44bc210db5f0eec341c1819ff9bc3a11e8f8fbb8a6b42fec107554 |
| SHA512 | d42c0816a937f860064e2d61f693c9d45c7530495ac236c6133c45f8e8dde365356ef027709673bac9a7c83fc32fdee8afcedf740d86022f61de2183883b50f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 174dc70043d36fe5ab876b81c97e3132 |
| SHA1 | 521e59a5eafea60b2ecf1235b738d2d686293ad1 |
| SHA256 | 78270775c86422a4e50ce381328a25ec400c68a77e32d55442c71ed472be7951 |
| SHA512 | ebdbdb9a144b870c4c249b6e53db5d9fc34bb80ebbcf8bc26d073eee535f78e0e4d2e77de55b74ccd610bffe8c7c9544b77c750ad2a9c1ded6c317c465b66b1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97ff3a4d8402199ba189b57c858b4401 |
| SHA1 | 76883959594c3f91c7473e5ed16471668c5096b1 |
| SHA256 | 02427fcc9b2520380b30041bf32b1b3793ff2635333229186186ec064a00cdb6 |
| SHA512 | 2e6da1bb48bafd7a2f08410958dbd8027eec8f88fd131e91acd5772b48eafdebf49d30d82125bffb45e023dc355068cb2621e4ecff26c070f44987d904cba333 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be1e69bd9aa715ce180ad6674e340800 |
| SHA1 | b7017962422be00e4ed6dbe3015c374bac321463 |
| SHA256 | d1e5c6b8da3034b435c7f5157a7e5f6400d8a0e6ffcb7b0a3e1621c294d0228a |
| SHA512 | 535017f1c5ecd8e2bf24019e6083d31840799e8ebb2939a1eeb1b18f494ae8ab02a7880edeb85aaa9e8d1bd4d11daeeca98de624f1fee72608df606ebb6fec22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a71665064f57d83fb8c59cc71c6903c |
| SHA1 | 059c132e397177efc52ed61b1e050502a7cf74db |
| SHA256 | 96b7ad5ac8bc08e35d89c60f4dc86757b3580003598118984fa82f60b40664ac |
| SHA512 | 980ccb8f5cee0e43d0366694bcec76c29ba4a2bb13027dbe9b008a466d77f92caef07d580f435049ca19956bde67c23f0c6dbb59031e570b37c09ec001d1807e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b4537457972d56627c495047b6206e1 |
| SHA1 | 4e6798a3c40a72a3d0c3dcbd5362d0057df05e06 |
| SHA256 | 500771cf5ec8869192b2696d88f8a6b3d49f9a64a13f05acc67af64f8e85bb41 |
| SHA512 | ffc81d4dbd74905294b71c8e9197c9a0e91be51c3164cf7303c2e5b43025f2277c7c633ae3f97a928b7b727b78d8b5b6989904c59cf197e21b2a19838ae1016d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa87c0d60dc29c75f4983f0f696970ec |
| SHA1 | 321554432a6b8516205ea2e345b9c6fd861081de |
| SHA256 | c5a6fc9191f313157b92df4d42c78bd44d7d0a3bc295c403da0169d74b289c03 |
| SHA512 | 2d0206ed6013959e86965c6d1c71d0b69688498ab3b4d57692d7db4733c08a90d8d670f69c7fb9b92eac12b770dcb408e352743a8100c9fe16e0c2958f0b5bc1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f6f249581441d62b87697e762f9de32 |
| SHA1 | 8d5e4362819ac806f5ac298b2bb3a989e2c49390 |
| SHA256 | b884091b5f466cc150d1cbe5a7a3602192d6b8a305424f6ded88c287eaff52a3 |
| SHA512 | 06b5b0483b9bcc9068cc8a1b88c520b2b9d782e7259988b4d678eb76e269d359a566c35b4a702b13a6fd88659c290e8b118a1bc94c627df169e2d9e9bbd5a88b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31c06a1809990b69b76d67108f39cdc4 |
| SHA1 | b336ccda092be7195ab7de22cac60c3d74904b76 |
| SHA256 | b4058cdf09802546f5a5396123183b73a1068156df5d17c8a92ed02966d6bb7c |
| SHA512 | 7b49d1912903f79453afc3e948ef036846a2737adfdcde0949f94b4b381d99c83a45d2ad56f4249ee2d5d6be5fcd408c92a6a73794222558fd0c5bd5651999ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a383c63193c5e276ed76a819b33e98e3 |
| SHA1 | 2e95862eefaec3d76a72100d15aa8ab0c26f2f09 |
| SHA256 | 96f09cf11a356898a826faece49ad9f756839429ee7f95746555b89488beeb10 |
| SHA512 | 2a761ebb80ed03707d2869c35aaa0d8f1cdfbaf192659d5611132e47bd80464252757e9830a81784fc6c7bfe2d9a3b31e1713500bc7c2e68a85df91a0cca6ff8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1baa082036719d52f71223c306725f53 |
| SHA1 | b746e242581da5f80bb6c66c9dd093bbd6f069e9 |
| SHA256 | 35731d11f9060a6e3b6dadf70171d16384a9833968817876e668ad8c45640e99 |
| SHA512 | 230ed9fcb5c7db72db6a24f601875dcd891ac8191175aeca9774802af0c64f6d707f5792808b388d5506aff406c654dbd9585e88f74783aa0b53cb80e01b9a13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85592886224e067bc6a78930607b1f78 |
| SHA1 | 392499653bdd2d4c6fd9272a335e27ffa0168e6a |
| SHA256 | d7afa6d30d16465714514d33b8bc01d66e7a4cd86037dd8354fc7c4ded215fe9 |
| SHA512 | 76e0511ebadec2d3387296967410e136a3eb52754a5857d601a93ef9886a953c911bc14b2f9712dbfa2c8d45bfc622b93339fe15438617cd6c6053759d37c31d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49d0730446d85e935d2e36e93ed464b2 |
| SHA1 | 155ba27f4d77ceda7a9f5498567f6d32a7b404b0 |
| SHA256 | 809996d3fde2638f97cf8afc50e60e8b49c8efcb78e4465b4672c603e7ef796f |
| SHA512 | 825d70c3cdd3251495898897620290aadedbb8d014000a8e4c287e85ef20d6248a0ec56958e25c002f4414f0e63e95bbbfb4a9757ff5e6995c64a39a609c8726 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3edbe4695daa8d35d4cc31d3627e10d7 |
| SHA1 | aec1dacc321e8451e48bf646db91f91e964f2676 |
| SHA256 | de90b29dba41e1aea631e87fa266ec3aaedb6f6d346b2c6e21f99a47335ff0fd |
| SHA512 | 127205567227c1c180bbb7f7f88476644ce0d5d19d563c3a5202877b6b1d8fc3b13012ed30afbf230b13a905d5e5ee50ab1d6730e3db02f150759236170a1305 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cceb3cb8864b9a304c974fe4d02210f2 |
| SHA1 | f7fa53b567131c35f625cbf8c8b8f75faa1ba540 |
| SHA256 | e18ac5e975f7636f59ebce5fc59e115c8e5b1b5e0abc13e3515ac491ce68f681 |
| SHA512 | 1934a651528377f81f47f45e755e9320543afcc008b87809e32ef4c8f5860658e3b50fcf84cea2c3e5aead8e800907d784dcb0439ced87bc29d72913b15ff823 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a50a9bb6ef999ff62bf2537173a8cce2 |
| SHA1 | 2effb5a538fea630f71ce0ccab5aa3b61f16e4dd |
| SHA256 | 8bd6fa716dfed12844c7d0cbb9e69fa047ca93c735dd5c377f991a6ae2ef49ee |
| SHA512 | ee9785f28a098d2833990d15642d292279936bed642f64f3b579af8df1f29966d4d92b76b68a701204ae0e37a5c8c5ec7122fdd0bdb975c76d69a9c654252929 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4298851495caccad99e6519fc2ff4ab7 |
| SHA1 | 8c7fb0903516072e1a039047a9a77b48906593c5 |
| SHA256 | 8facdd4f53aeba093ab7bff0bf92d239de38bf26dfed15fa0f3311f792803835 |
| SHA512 | cfc62d639e210f56e8f03a1704591b42a6ba6a0e21a12fdc05e8b7eda0858edbd03a020a758789e93d2b83a66b074251339c7e8c6a1243560b35a3af7a1377e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b73c112b021b990ba27a0e9d3386796 |
| SHA1 | c292ec4bbd4d3495876e172e94a60e05029ea304 |
| SHA256 | f4fe2d470d4d53669e14e422109732b66c2efb69bcb518f93a7506a80cebee23 |
| SHA512 | 96ef70e7d5df276126ca4c4c82abd1794f3e4d32a841ee2c52d12086025e9422186a6cd381b5fdbb3faa85578eb939e80222a14748cc8f716b53d7ac33e041a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6de139fd4e301191ab5ae5548cf74083 |
| SHA1 | d5f041ea580fbf69fe8ac57af20949e7e2d8403e |
| SHA256 | f0fef7ce057821d93d2d2bb4104da15b7d8797ebd358442030a5aa3da271c61b |
| SHA512 | 31eaaf7d0beb3f989076242fe764af0e662752c43d5fdbed87c20530a619feaaff00aa574d3ce3987179b0258131d7e4275f951bc9d00173c8905da1b897b873 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aae7705d3e2806f2166a2c91439a2e1d |
| SHA1 | 18828d43f285a636c8445e3ed7d225bd99391835 |
| SHA256 | a6d1fae19067615eda37487a8dc567ccdacb014ecace2576e3a24b51035c1be7 |
| SHA512 | 93ec7f9c048f89304332b4713ff3cf2b357d2158eef891b6c08ff967bb67b37e54f6d1262c7cde105f3c3c271114aca90519655f551e901943bd72abd204036e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83120eb8d36e0c41cb5b31dcfea6e498 |
| SHA1 | 70bd109eed766109bdb3f3decbccb6f1bd7cab4e |
| SHA256 | da21be296b6e05e0ff6475ec82cd1d7f712f6c351362419c95088a8c80d76a38 |
| SHA512 | 3e1dd6b1fd09674204172b9b00714ecda31793a84010d06afa215a9b484468192e7b80f6685048fdb9177199601decd00947ece1274f3c7c7013e84f79fc6aa1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d537e73ecf861f4f817b52667585bb2b |
| SHA1 | aecb2e8efa52da88b599af4274fa668e2480be33 |
| SHA256 | b974f1e2a8204fdb7f6fa342ccfbcd38d501ea326a5d34ea7cd3ba820044888e |
| SHA512 | eafcdbbcdbb6adbd9cfdfa30b7ca4484b7fa961356f236b439a9fbee8d788563d67fcc550e5846eaaede20e8469e17e58f6e81846dbc2dcd43241e5dad1ddf24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac22a9c0b2fb322336a4a41788add283 |
| SHA1 | 13c57cd09985a4e2d008da6ef16998fce4dbabc2 |
| SHA256 | 1148d3a776c6583aa79812d031c9d3a8c54ae67096871a0f4906e33632eecede |
| SHA512 | 4e738383ba5eb9c9036f10e8142ef777f23618c53011a8e273b6eaa97e993b08d0f5b9e520a38ead5f9efb6c674e33acb8b57852ddb70d7eb74ed8850bd928c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7680a4fd3a6e7b02409e7fe50928d6b2 |
| SHA1 | 05d0369ca54fbc6204450da043cdb1fcf1085bea |
| SHA256 | 3cf67123364602905156f15ffd878160c8a69a98bf435451eb559ff890f4e43c |
| SHA512 | 2ff580a4fd328b2380c9dc5bcde93c36e6b8ade6a1a0f0a0cec3264b9677c6d8ee8391601611d5adbb488687be8c430c491f08efacfebc8ae42129b8db72ef46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33160992187e6ba0e6e77b92624643cb |
| SHA1 | 5160a59bf7ccda62c198f82c2a68fd791fd0c3ac |
| SHA256 | 774a33ad1395ac4212d89357795ea80ba8870407f3caeefb8b419079447cbf26 |
| SHA512 | b979ea50e670810f308e8f42178700744225030d3ff7c79906f4590116f267fbf21bb06cb8c8052e399960fa4372e505ae474944b7772780934c58ec5b323d45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91ef54b08e9800c44056f6a71b00b181 |
| SHA1 | 0b777fea6a6a1007bbc4740ae96c3aeeaaec75fb |
| SHA256 | 0274ba21c966d5849faea1ca7d438035417e9a78f04ed844c401d53a016a86bb |
| SHA512 | 76b6f3a54f2823b88316329cb2b7eb620ef30cd4bb0ed11381074a5e326c735397b18857bf35097dec7662bdd9155c8088633d7d1f080bb42c33cf5e630148f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8f15b66b4693797e5df3667450c8273 |
| SHA1 | 28d49fa137f26b700172c0f3a9fc0d2b9d90ffe8 |
| SHA256 | 30de92c4ca1bb6ac89b6dcf590ce2dca7544879ae4f87a761c120f597031e0bc |
| SHA512 | 4a82f8ffc2fc2cbdd5a89058075b80f48148bf88a2f0f64592d7f433ff84f4934b631e17f94af8442c7d01110ebf38990e6998d05ead675d17b713fb1a713c83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66a3844a7e6e43bfac9becd8623c4b6d |
| SHA1 | 402450e7c7288800038f3e17aa7eea7f35a00380 |
| SHA256 | b1ab5cd04a014dd9b647cee9d4aa98b48b13bff28fde2502f94a7180ca2b9edf |
| SHA512 | 93611e53c2c7ce7e953bb4f5d96032ec890a57498e5fe6ad37d653a14e1b80d7e14c12b753deb933f584971762572a5d2a3791a951aedc5b26817ad8b1e941e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fd06c1a071af8d2af454829e0078602 |
| SHA1 | fe8d2416488804652409986adb0865f80860c94d |
| SHA256 | 00dc662fda9fbf067ac19657d52b169b290e3a7b4707a5f07c2824aa170c7c8a |
| SHA512 | bf652910cd5c99a5d267890924a44fd884f3dac2b9e626567a1c566405aa57e7fe4849ad244a4d99a30070a279080a5699dbb0933bf48bcd0d4e1a5092161bb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3551754da1b0b06fe057ab5d7f5246e8 |
| SHA1 | bfbcbc0cdb6b2e0ea8f9ea8f434cd5605992949e |
| SHA256 | 525ee1ea5d609f9a101dc89c8b07a304f78c2f6beb951ee75d78f79d7b5f0d97 |
| SHA512 | 6fce509f07370390abf8e6932417d01611d0408b465bee3b752e1b249d8277a7e98d7713ccabcc503232a59791bbf3f512c92bbb2f0de1d22ecb6161564c7a79 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 12:56
Reported
2024-06-03 12:58
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91dd698a60e24fe8eabc02a6a36557a7_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6f0146f8,0x7ffc6f014708,0x7ffc6f014718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,13323424106690795034,622878702904794077,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,13323424106690795034,622878702904794077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,13323424106690795034,622878702904794077,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13323424106690795034,622878702904794077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13323424106690795034,622878702904794077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,13323424106690795034,622878702904794077,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | afeld.github.io | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 151.101.1.229:80 | cdn.jsdelivr.net | tcp |
| US | 185.199.108.153:443 | afeld.github.io | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.2:445 | pagead2.googlesyndication.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | emoji-css.afeld.me | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 185.199.108.153:443 | emoji-css.afeld.me | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 172.217.169.66:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.fontstatic.com | udp |
| US | 172.67.147.145:445 | www.fontstatic.com | tcp |
| US | 8.8.8.8:53 | www.fontstatic.com | udp |
| US | 104.21.28.204:445 | www.fontstatic.com | tcp |
| US | 172.67.147.145:139 | www.fontstatic.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 104.18.10.207:445 | netdna.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 104.18.11.207:445 | netdna.bootstrapcdn.com | tcp |
| US | 104.18.10.207:139 | netdna.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 151.101.130.137:445 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 151.101.2.137:445 | code.jquery.com | tcp |
| US | 151.101.66.137:445 | code.jquery.com | tcp |
| US | 151.101.194.137:445 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| GB | 142.250.178.2:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | zotsell.com | udp |
| DE | 207.154.196.225:443 | zotsell.com | tcp |
| US | 8.8.8.8:53 | 225.196.154.207.in-addr.arpa | udp |
| GB | 172.217.169.66:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| BE | 104.68.81.91:445 | s7.addthis.com | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 63.141.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_2940_ANPVHRCSSMYIBRSQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3c4fdaf7e56b5e5ba55a586fbfbde854 |
| SHA1 | 59b828158ab9e2b80da1e3bd50d577d0a154d977 |
| SHA256 | 15ff57af47a186d084b177c37fbad69c825117249b385a3a60f0c978467d0883 |
| SHA512 | d33435f87a80b2d3a03598a9aeb1c32792386e68f55b58b69deca042c51abeab647fbfe7530c14bae5f5761066cc094827e09273845a85c37e75f1dfabbd70ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f60ae7f505046f554f3985e4e59457e1 |
| SHA1 | 88b457c3515942d3eed12ae89ed3041b040fecf7 |
| SHA256 | 0cb3757b90235b9bf5d2b8d8f1226d95744dac3e8d57b6a6aa1ac17b9226202f |
| SHA512 | cc56ad61abb6b1b7b006a6017fcd5988b8257bae5580cea2555aff8764dadc5b0b868438df86cdbf3a73c56ca81eaeb058af75f53afa5d6e46b246b231a8c1d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3e9dc0e7ecb834de5d44ed815807cf88 |
| SHA1 | a29689997ae8f80a6d146625b996ec8b9ffe9758 |
| SHA256 | 42c52003b32b7d08c4a478db53d9124d5b908a3e684ad245d8b551373d27ee4c |
| SHA512 | 4b995d36f2e416849fbf514d1e9c56cba0ecc5e5fa5df0175a8c6c835b87d7c5f0a057e107c2cb2842b88bf2f98c7015bf19ee95407ffbe96f203436cb82b38c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d7430b7499be25ee45fb672ef01389de |
| SHA1 | c432218973e368848e3696c386008b0f650c2763 |
| SHA256 | 5e29aff21413b3a91dac90cd3e40738ac23beb65ad75c8a194d6f1755447d14c |
| SHA512 | 568c0d9a910ba7f8f1687ff84fbb97ca9d8a8f1b72e531b978b44df6ca040f641861ed9d4c315b5bf87df5b68b9d66bd39471b43513e256316dc16804663e182 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cff9505d7921d97ce1d8227faba06193 |
| SHA1 | 352def65a6640a7921f693b8c74f7efcd9d8da8d |
| SHA256 | 83b4e645ee535e4106937ee342589fa9c4b9a98562ce0f3866aee14a50b9d0d7 |
| SHA512 | d293c30b67cfe5cc9e1ac453a2c5b73877cfcf32cb9b4c892e95c4fb35caf8f53c89f7e32aa58af6b6938dadc47c5c5dcecafc835ec5c6b79b22588651f499ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d1d2.TMP
| MD5 | fb555cb0aa7af676441d7d8526681638 |
| SHA1 | ce91826579e2370de585534e8e30b98f642c8dd4 |
| SHA256 | c4906e99416e62751f4990a2f549dc2f567b49d719b925534546100b231dd4fd |
| SHA512 | ec3cdcdbc39d816cc2d87c2f076b99329cf4a441ee293bb1b23a833029876aed37e3368141a0cc0a8a975886b7ed832eec53e4679797adc9a1035e97d820f9d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4000863dffe29fa9ccaaa07fee1d082c |
| SHA1 | 9fa9da888193180eff539310c4e156373971ecac |
| SHA256 | 157db93c4bd7543183e0e3dce7ba84b55eb53ab753056c1eac026d7d098b550b |
| SHA512 | 746ad8a06d6668cc64437ef2c889253e86902dc0f80ded808f4f15d084471d7e61ed6dc7991a0c18ea3e4028ba7399d8a43028f66821d73f1cb402d73fca4079 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9aa0972467053d96257f11d38b940e20 |
| SHA1 | 4e118e325cd3e8f1a8f680c74960e0d94c93b73a |
| SHA256 | 7b6770ca52d9dff706b313bda9339409f27794200c0f1e5cc5d5548731b88b35 |
| SHA512 | 1772da8a5752ebefee709be102af1d2e7e175aba3c45b32275387638aaf6e0bf62bb454cf0490dea079f69316c56b7e479d6502ffb737791b54e5b79b3145296 |