Analysis Overview
SHA256
f5ce66d163d1d30a1e094b7418c1641682afa855cf60fd4bb04fc0e21d4d9a23
Threat Level: No (potentially) malicious behavior was detected
The file 91d36c77c762667a3a0cbf298fd3ef87_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 12:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 12:42
Reported
2024-06-03 12:45
Platform
win7-20240508-en
Max time kernel
119s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c03ce4a6b3b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000b10b8a8f9695b4c3c583493b2d606773347ab95a871b93214907740e1d2e04da000000000e800000000200002000000008f26aaaeb7eeb3669c8c77ae46827248c70fa35520390b868df95af670eec3b20000000f97a54a12bcf180adcb6e263fe94bb4315680cfd9303216ab5b1c257458b7b0e400000002384022ae2092ca0ba8d9c8e8e468a63644e8ce44a6ef23ecc9f39abf3ebb4f49acbde3d6b17a5a30498e1f5a31868c20a7b603a80d75411a7ada3823678842a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000f0fbaca8638c5997e834ddf76a5bbf4157fd0d7a46ec50aa32009bb834b4334c000000000e80000000020000200000009ff412762fde29e47f9ec457863a2d379e088df4229cc44cda3304cd5cdcd04b900000005c5253c83e12aaabaa99611af482e77a61b1e490a0bd54a881a07ea32d8c256eb65bc252f01d39e4cf45dbb75a9748ba3c6536ed6a47fbfa07a34c9d101513e75b587e7b9c8a5661b748a42f53677805f2bea2822ab4b4f4c7b4240f67da5ee06e4bc31f2c7f30ae1c186c990b2d24aaecff33b774794199fbbb5d00a757fa16cd74808c4f37e90f78e524fbb2f0327d40000000d921987ad43ecdde5e956baee00548c8f7d474242ef56ce33366ae8abc884bff6c0f9de3d47933faa2edf67beb09eb6df2e444692b9ebf0f9dac811aebb5d67d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423580446" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CF02BE71-21A6-11EF-AD44-52AF0AAB4D51} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1856 wrote to memory of 2740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1856 wrote to memory of 2740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1856 wrote to memory of 2740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1856 wrote to memory of 2740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91d36c77c762667a3a0cbf298fd3ef87_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1856 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | chanap.com | udp |
| US | 8.8.8.8:53 | secure.gravatar.com | udp |
| US | 8.8.8.8:53 | i2.wp.com | udp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 104.21.69.149:443 | chanap.com | tcp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 104.21.69.149:443 | chanap.com | tcp |
| US | 104.21.69.149:443 | chanap.com | tcp |
| US | 104.21.69.149:443 | chanap.com | tcp |
| US | 104.21.69.149:443 | chanap.com | tcp |
| US | 104.21.69.149:443 | chanap.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| US | 104.21.69.149:443 | chanap.com | tcp |
| US | 104.21.69.149:443 | chanap.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 104.21.69.149:443 | chanap.com | tcp |
| US | 104.21.69.149:443 | chanap.com | tcp |
| US | 8.8.8.8:53 | s1.voipnewswire.net | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab28B8.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar28BB.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | b7f2d9f3ecf708801c11d8d291601520 |
| SHA1 | 335e0efa3659edcc2e71b373a572ec3e15c31e65 |
| SHA256 | 378830ba5a4dc6b1d9f3c8686432ff74c01fdf44bc7888006490e61f5b5238a6 |
| SHA512 | 48ea6c89dbf2b250ab79cbad0fd8c32abe84071b001c695a45f6c8484bd2ba99b090ff4afe8b641c80f806758a1f241b83809c496a37cba264d4ac6eb7e2677e |
C:\Users\Admin\AppData\Local\Temp\Tar29A1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9305380961592c746b0e42cdfce21e5 |
| SHA1 | ed47029499001756f351929b8485f265d265f53c |
| SHA256 | ab32a92553ef8eb63a964a1d637adc87dc03859db4ffc1adff755f3c257bedaf |
| SHA512 | 9141edb3b94784e51046d8994d79ca76a65fe5dab34ad560fe947a1e4910f8c2063d1c35e889629eda45dc96440671e80bd1ddd935b18f6b6d8311024a902ace |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | 303c1a8542d1dd48c4a43cde553666ba |
| SHA1 | 44d85a138bbe87b1ebc78cfcc6b3bb3ffe628cb5 |
| SHA256 | 0ee791d11f6a85c4df62403f43330a3a4b05e019a53d69e8c8fef576aa359030 |
| SHA512 | 78d98f312580afed7489aaba1eca4c4966afbb0e79348bfb49a75e65aef3c061553a04721659de214079bc1cc42c5c7bdebde3bc4775ece2537a70ee44ffabda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | d4ae187b4574036c2d76b6df8a8c1a30 |
| SHA1 | b06f409fa14bab33cbaf4a37811b8740b624d9e5 |
| SHA256 | a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7 |
| SHA512 | 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a70fbbbfd434f2dad171566064176dc |
| SHA1 | c82c612ee2b6cd67c1c6423c8a9c5c52d57c9b4a |
| SHA256 | 4efacceb38106dd1489afc3eb86be2526a45d2089db9f4689fbc0214a2cdc328 |
| SHA512 | 793573034afa3745cd9ce9c8b777304c0a7d162a33555017d9a2e8d581a9c4f8b46365854d55c7e6a08636897d32ce03b5782fffdd146ba52a90d6784abc2f19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02b56416f2f2279c4889f1055103f166 |
| SHA1 | 4705df4988f648de07dad7d641e8d0d4790d0594 |
| SHA256 | fd9748d09138292739c87c657aed12a71c8611c8ac0798f113a3ee428e7e84db |
| SHA512 | af2ac82ece24d6448e668c5024874702bacc9e74018ef512d1164429546affdf5baac4a6e4dc8a0e06008d7d11d25d8b7f66d4990022bd7500d147b916d6bd3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b4977fb2db4fd8772595fcf89ed07ef |
| SHA1 | 1e709e5d4559aa1beca81dd410092befd284a782 |
| SHA256 | 49360cadb4e48d153a6b724ff0d93d2100fb058517bdf0688a1b8c638597b8d3 |
| SHA512 | 547b9855f2dadaacc6abd376e8c585c3621e8a6fed4c915a132f981ad4f777889a8aa57efea8eedf1bba97b7c21749b701e2200308dd633c7dfc6d4e1f8a7d98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09e53f0095c47a2c3f43be3383163155 |
| SHA1 | 32c562db079d1d4b206f9bab60ac9873f3555bda |
| SHA256 | 1dc68081cb98d8dd6bfad18d5549e1acd7b6bfaec5fdb976a76bfa758c0cab3a |
| SHA512 | d39d15dc2f2b1074dfb81d2792596b3da7356f05e2f373700e6d2f31c3ad40b585cbc2d5fd609d35fc8aac0802cf8f7f908a00eaeddef484b93ecb46d55a1819 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02607c953945a283a8cad3a53d581134 |
| SHA1 | 8b0b61564ea73a80c974427fd4deece5faf9cf4e |
| SHA256 | b2b0def7481d21ea7f4ba497558ade7c07fa5a1c7e6f84191c313f2ad2fead0d |
| SHA512 | 2985225c21216994dcbac2eaf6c74dbee4b1b2d22fa9fbee4ea2993ac6d4771b97085a07538482d384e12836221911d11ae696f3ec12672f4860c2dcd9ce29f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | df023b32405d128cba055193291c160f |
| SHA1 | a8cad060fa35634d1beb87354b64d3544a50c0cd |
| SHA256 | 55eaf5e3bd8f990f75018e1c29c61e412cf85c89df80d0f73b9a471161266565 |
| SHA512 | 9cb972dd2f1b218c893c9ae5597394bca3e433529729fb08d8f207d9aaeca50c1d531470c474ed0708ed8216b54bc4d9eb514effd7171a2fa7ddd1bbab7cec24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efcca8e1b1db2a59ccbce417980945d4 |
| SHA1 | fcfb6c076885b76169d3b119759098813308e8e2 |
| SHA256 | 75c32f4ca2c916905780f3326c5afa0166d1c67ad74bb407965a69a4fbb101b7 |
| SHA512 | 3485005339b2d6e5c21ca34f205bd76808467564374e1e4a2756c3021f5365eabca6afe52a9b50925340c8b65b52b29d9d8153ce331a43304df1b703d1d351ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 76d4d147245ce8da3cf3a4aff0bc5611 |
| SHA1 | edf7b96b65cbe3e3ba82799502871c790d9ebb78 |
| SHA256 | 46d3ed9486f6c000d1e52b27979054fdbd340efe906522441306ea0c189276b6 |
| SHA512 | 631a6e44a0b135335bfd4cba07fdebd7bd688379f4012b0d3219f36680d1b735572e69601c631d9a1137aa615a4afd3bb91087d04bde887bd1a1130fe46c5dd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 7623bd71df94f93ee1bfc908757c5bac |
| SHA1 | 3dda5602ac6cee2868ed3abbeeb50d7d0178bc5d |
| SHA256 | c2c3078adb660017441cb1e6516feee9334731e08d99d270b8f8965430ac3aed |
| SHA512 | 96558b68604c4bc7dfda4cabf7ee01cf3bd54561fe73d9952a02cd61b037545a80f7a0188f89e9ed02b7b7109d2bdd4d5ec9653354ad250adc440a8585836ae4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 059a8d6a50cbf1eecbbf994973094273 |
| SHA1 | c56e6aed299116d9d5d93d015525979408000bf9 |
| SHA256 | 2cf2f90417a839c12895109e7ca82e7e86cd801d132d10a8453197027a3b75c7 |
| SHA512 | 5b6ab12e54b6199a55bdaea4ab03c63120d3e87bdd0f62b1e66a994bbeaaa5ffd66acf06b028dcf2d23fd58084a9941ea583d5e1647e451cbb38d83250f1a25f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61
| MD5 | 13ee07d8b0a81f15d514b9870c6a857d |
| SHA1 | 4d0fc9121907bb7ecb77b5decf92a0a7992df9f7 |
| SHA256 | 325b1b996ecb1f728303476979fd89ae6497f9aad33292751e996868f6e59eb0 |
| SHA512 | 1c5498a5456d29089871590455c7a6291068199cc95edffe37158f40316d4a53dde90c179ee607dd15a3e40441bc6d6dae9cc943d9afe4e061973ede00a65a8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61
| MD5 | 5ae8478af8dd6eec7ad4edf162dd3df1 |
| SHA1 | 55670b9fd39da59a9d7d0bb0aecb52324cbacc5a |
| SHA256 | fe42ac92eae3b2850370b73c3691ccf394c23ab6133de39f1697a6ebac4bedca |
| SHA512 | a5ed33ecec5eecf5437c14eba7c65c84b6f8b08a42df7f18c8123ee37f6743b0cf8116f4359efa82338b244b28938a6e0c8895fcd7f7563bf5777b7d8ee86296 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 61c060748daca8556274bfabc587f30e |
| SHA1 | 05b5c3bd691071c2071f7864a15ba98f60cfacfc |
| SHA256 | d3a4273f83db93b4afe9c06918806d71e6268a4b8b41cee65e047cfaa1af548f |
| SHA512 | 5a8566c72fa10bf6380096f57f5b3c638e347d4b40adb8706a50f84095d0047c39e72f1fe413f05c819cee4f84b6208d9702e2cbdc2f52e22321bb204edfc4ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 8c2c74eaf7a1ef6a9567fadf9f87d8bd |
| SHA1 | 2562d85df365882467550fa7ba84104f59671ea0 |
| SHA256 | fcd0e5c846f01aea66e33c6c104d36ace037fde3948620bc97236efc2c199787 |
| SHA512 | b3eb65b3306d306d72907b85ddeffd131fefdd134ef76256c2c8abe4070ee124fb2f96c3b9025b19506ad8b19031bccab6f4b26adba2b374416f9a1f07b8ac0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 23981453dddc144fcdc15724723da75c |
| SHA1 | b5053972fd6eec2c2a555938331878b9641fbd13 |
| SHA256 | 9133510bad06802e9495dc02445c669322553ad5a6029bb301fff00cf307789c |
| SHA512 | d4c53b6ab57b1aeb4e87afaeb0280121c01d4142e4130cc4394215874a3bff45dd38942b35341dd6e2aff997fbf41da521c94f5e86265d31db14e786a53773f7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52G8PVLC\wp-emoji-release.min[1].htm
| MD5 | bc5d7401f6c20de8a9f027f4183758c1 |
| SHA1 | 70632f7a3b039ad2ecc3ccc496a8f2f41b08e897 |
| SHA256 | 602098d6059420561c3fcf143b5b986bebab2aff986b9aa0258bcfbd9bf86c44 |
| SHA512 | f69339795dd0e8abf4ddde1d3d9e2a4a3f58e386e1d4a3ca30362eff1a70e538f236b3745616597979fed631bbcc845f22e40f3b790dce3ab8e0d54078d96d9f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52G8PVLC\wppg-frontend[1].htm
| MD5 | c0dc2a9047679a8855c0284dfa42630e |
| SHA1 | f7e6fba4152c5b932c3191d508b29432b9a89310 |
| SHA256 | 9d9c364efc40460f66a6e73150086c19f1ba9d3090ce24a332273f5bdf709be0 |
| SHA512 | a18d72b13602f67ce3df8f97b3d6cbebf05270cff3024e70a404eb1f8b1350ac4591ffb838a7b9675cbe776c2ef4fc4a0c66330453c69c3bd01e6da72b55a50b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\edd-ajax.min[1].htm
| MD5 | 521e076947c6140baddd734f8f249d8e |
| SHA1 | 69b6e46c69157a8e947cf2631e06d77c8d4a00c6 |
| SHA256 | 5ebc67c51b5e67d7c448a497abe7116b852cac34036a72e019a9063f9cf3fa73 |
| SHA512 | 555c9d71adf89a133252bc1d8185922e50ef4bee7e4eee3528f4bbf39e6d4a7f377205564aff7c3488678861bb206a24087bc3fb6ee8242ecd4345c6a0955996 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52G8PVLC\edd-free-downloads.min[1].htm
| MD5 | f512fc9d10283affa197e6aa02e698c1 |
| SHA1 | f7dc8780b1193d0748342d7dd1a5cbad4edfe0c8 |
| SHA256 | 87971931c09214b9fb2ff7146ddec3613dc0ba85164176a69cd18b4060682afb |
| SHA512 | a0e87adff22ccb15850f69d7033a0e5302f801c425e219712bb1018c6c1d180e6efaa9eb13f2be70c157c17a9b34c3ae67418e35f2bc07a9e247728cc889aefd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFTDE7Q\tagdiv_theme.min[1].htm
| MD5 | adde20989f0d3893e56c756c1ba2334f |
| SHA1 | 43b2ee326f18fed90c635f0457109f14352f04b1 |
| SHA256 | c837507db4123cc86c2479521c27ab68bee098a8a5b8c0d3fa7044f099bcb34d |
| SHA512 | 4f7671e8a2fd8728678a95aebd782c9d2ae47437ff5700205f2f43c675dcbf736e49ca4b5c47c4bb489ccab0c84b5c153e03c5094cdf3d4b37642c51734f5850 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\christmas-trees-1823938_960_720-218x150[1].htm
| MD5 | e89f75f918dbdcee28604d4e09dd71d7 |
| SHA1 | f9d9055e9878723a12063b47d4a1a5f58c3eb1e9 |
| SHA256 | 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023 |
| SHA512 | 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\js_files_for_front.min[1].htm
| MD5 | dcb2e07ea6d28c8f7487037fa4e0801b |
| SHA1 | 35759cd705c1d4736c92239306de54d0dce397e0 |
| SHA256 | f2ef3778ff53ffd520afbafe3e7dafeb4b3470a5342ce345d2bbe869d9f222fb |
| SHA512 | d455b19f184e4e0017d613c04b19e4a8e28a7b99464526a42f4903bdfbe2586edda9906ef1937b8b71d25c64a7376b1bdce249f53c78701b2bc6f6b53ba00966 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5959e41a0a4ae4b0cf6512fb4a3b402 |
| SHA1 | cb64722cad3af93e2a5c95a208991b4b9f410d0a |
| SHA256 | 679cf6dbe4982d8c1d5a031be5543c1082abd25068f1ea711d5244beaa7705b3 |
| SHA512 | 6d6674da826823298e125ca7004832847e5c82100577ebb7b0ffdd40bb30e715eef840ef25b5e9d51b61ed8b36d1c7d8b849c9385f53e91884c138ed7514b44e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a158f0d36814ed077a0c2ada117b34d2 |
| SHA1 | d356870a39267edf8585d3e1f75b9575a48cfb69 |
| SHA256 | 603e3d7775c171b5e0bea4d3e84d763455d7e1214d8c15b374c4c0b99a639812 |
| SHA512 | fbe718f58e814098327ffc8100b647db07b2eb27228e84b541b440b9329f6cedb1cdeec0ae813aef89816e44c017fec150a9348d2699dd18141f6eb2c1d83e8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e2c558d478e5aa8c279b0eb948b5b53 |
| SHA1 | 0ef90a477be37194d0678700f236d18fa8f6af6a |
| SHA256 | 76dd2bff67fb5ac231c8204d3f947654cf4993ed7482e6feb45bcc4963519f1e |
| SHA512 | 52a8aa255d3b32db142ea892bc453611c7a00682ba58211fc379ac9ca43b33175ee84cd8577be4b9531ac8a3f0ed60e1ba8b1b9162553a3288012beb930eb76d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a432a1c86e181c730d68025b4e8080cd |
| SHA1 | cd440583d3175c638a11f5266fa4c7f27f814a19 |
| SHA256 | b7ff99d3662e62dcf9f2112c71b50e000a08807446e9bab60cbb98eb63daf2d7 |
| SHA512 | 45ed7e72b353e9267616a3252e42efc6dba7006460888a3a46efd5a915000732a93c5a5c127b972798946491a800badf978a4637738660ce47a34d29df524124 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1db20331b74d483d66a4a1ba14679510 |
| SHA1 | 3b8634be23181469fc1814b890324b87420d698c |
| SHA256 | 098790e4a6aef7b79120f841d1053c1bca24ab6e29956a700db3eff0bee45cd2 |
| SHA512 | 94417cf6ca05770eabde14f7041a9614279c495cbe1eb98c5eedd56480ee9804fbc405950e7af1a00b2a64f1733b27b178f23e9a33b70274deec039dc3e5d695 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab521657285af9127387c8471d85e557 |
| SHA1 | f8a96955d724b453b3c2361f7cd902ebd226d0f5 |
| SHA256 | 9aeb9baa70236eda5b0aab650ba05e16c66c84ea3a5379998350455bba8badc4 |
| SHA512 | d117c4b04078ce2e01b6bda6c7809e836985e2d72bc6dfb126169d1343901d4b87f0fea6a69bc50215533c2024577cc00333ff5634be374b3fbaa3051c92cbda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f35b613c81c9805bfafb431d6fc941f9 |
| SHA1 | 653db05f8f694498d7d797bb064f5e3fae9f2f77 |
| SHA256 | d21973c7b739585e33bafa0b4062e61b467fc47a032e6a01c449a1459b7fe440 |
| SHA512 | aeefff2791ac2076be9180701e2f1b607edc776501255b9b8e53c01e870d81ff7f8ed52c1e0c0ccce60fd265effa176ce5664e2a01e2495ddec0dd2c78869fc2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f69099fb2fe368aa916435f7b27841dc |
| SHA1 | 48c1f5c9147d495b25e5d01c9bf07ab4e1894580 |
| SHA256 | 9997caff4d6a952ce0574b6c9b0ad9ce7ab1d6c9609d5dd510751f5c259361ef |
| SHA512 | e2c21e78815b939eb8d170d96633f7e2d825f73a8f9ff1c27ce6ac23d6877c39fc3173caf0b4fe5e487a412f7935aec58870d5a53fa411ff5494796d3684be01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 912becebca5b32201a4da7502c826052 |
| SHA1 | af17bd842a81d074ab214ddc290091aa3b737b6a |
| SHA256 | 9b1bcb04d2c38cd7b9d14b7e71414f82f6f17d128a7bd65b5397c2144cd4ea01 |
| SHA512 | 981ecd32420c0893e71a32366c845920fec5a01df50af97c44f4b5419858dab5f99bf335732a533fd71679125abbd3afd45fb48027b6c201f63f8037ed75713e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d0433f5a38a2abe3bc476230b890fc5 |
| SHA1 | 463f24dfec2cb0cf5973cdebf3ef784fd49942fe |
| SHA256 | 6135f136e9be840fa8f27bcba21106322fe5bd4e795a19ed2f25b3d8821b53db |
| SHA512 | 14bd4d303b5e95773a6176638578fbf2ef613c308145a76367565aaa001176fc1c9d405b62f5a6b6fe59293b1763354537a3b37139d6e7fd2f4279469c2f6e6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68a5c2739f436e43d7a79d6b80f4eae4 |
| SHA1 | 4da5386a77e8edb4e92709e245d6cea0a57835e2 |
| SHA256 | d587ca91d97bef4b16733e1b972cc92389d7d309776e79bc9abe5b2841fbd898 |
| SHA512 | 14ab1a635ad8e2f0fba6504a4e924e75034c3f8d0493e40d6454ee9d43f4d4219604e0083c97586ce2c4d9695651a66fe6409cc6594deff99d571a20ab9b49f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53a55c69344f1a2d4082d35dc5a92bdf |
| SHA1 | 6351cefada1059bf471580c3d0b4f66a10f7fa56 |
| SHA256 | 40db5e6e2b4e53a76039c01fa0e065ea27a376838504d475fd11085f4f867c2c |
| SHA512 | 2f09b4edfd4808a2432af7b903923af797702888d41f16c2e807ed1c7073ee2297bab10b8be95bc1c9aca908cf835bbe4b8d4f023ac7e921f5cf99c281cbee11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09ba8d5a9bc69f838cd075d2dba9f7f7 |
| SHA1 | a5e41559dfd629e79c15b5e2b56cdfa7ea779b8d |
| SHA256 | 9f949beab23da81b002d4fa420a3e041db77ab45bf7327b06795082cf1b3fb7f |
| SHA512 | cd63c99065be0298d734884cf4169f9044fa7016173038a93aac9fc751e336d3943e2d978c5e2ebd86915a8e3b895e89f55ca062621a83af831b34c773adf77b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6744d96e58ae67485dcfbdd77ba87fd |
| SHA1 | 4bb6aff4132d3afdfffdb9d0da8cdd19c9e2b5eb |
| SHA256 | 87d4c6fac69fc0da0d739aacf40e82008780358ef908ac406f1539c4417671d3 |
| SHA512 | 36c9c231d40d181dabba4d7d0dca91ec8e8c9fae202e5e7055dd5a04ced3427a224409539c8df0ef044eb6c484e948094c45b27a7a9a33b25cf055b37b753464 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04af893b0001798e8717072b1b71c76e |
| SHA1 | c7df4b6922486ce27274506d50ad9e3486a8c608 |
| SHA256 | 316a0366df5166fd6dbf7d1e4a760fb6da9444f01539b5a972f732b90085337d |
| SHA512 | f83ccdfe44baa2a76cfbce7fb46522e1d7c328e518c9c46faefadc6f8ade055b11f578d79ebd18e7e8bba3f9a68a399db4d106b319f644d8c56e325521d893bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67097fd51851ec954cfe6d5c11ce3253 |
| SHA1 | 28dcd04a4008d8eee195966336892a676892c0b5 |
| SHA256 | 0ab35e0f1e8a1b257caa4b6d66785d62cc0ebb7bed8236386282410d5099f09d |
| SHA512 | 45a175df0ba07e03a194513d64351ad6df986e3512fdd8e7bc4ff1fad61b7c1dd5ecd415023274094975eed1802f5eff5702e8eb746c0259e03a79e92541da31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdcee14364530b17dc2ed26b92ddaa53 |
| SHA1 | 779cf5a7c4a755f966ce44687dab50695bae027f |
| SHA256 | f739fe67655755d654c6cb12131be9b5c367fd09dc2a8db6ab411359066d3198 |
| SHA512 | f834c8371dd940dc939f4998872cc1929199fd872e69ec19bf5ac9f04173869d18590e9f83d56462105de371e21b285fb8f07b20d25989d3d9f96a49fa5ea6fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9743cc836aa14ed71660aba5028984f7 |
| SHA1 | a1a965ee8f3df59eec29446cf4a5be6015eeb726 |
| SHA256 | 4e5f98b15122687f87bef1b6691ff76dd789deb058c2d849148421e52e6376d2 |
| SHA512 | 564fde4575dbf5611037e5326ccd75706be8efd610750ce99b1f85dc8445ae83f1b66d40ccede82fab18105b7dbea38e5ae3dadd3c0db47cf26d841b6704edfa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3a7068c3532694f062f2ee22c5f18fb |
| SHA1 | 6e8e77cb573fea8c21959ea43362497c99eaa693 |
| SHA256 | e3f3be2f36e619a7feb9ea710806a9bbfba459a544eb720bb3313bb08669126a |
| SHA512 | 0ef234b844e6ab5a4afb870138bf1c411c292df3830b65601642bca87c0298f1b92fd3b79bf56d1703a5ff62df24e193cd0073c3ad77d3536a77dd4fdfc7d33c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58f50cef62a709318012bc56bb7b799e |
| SHA1 | 42ab44475defdb700b4a9d9e05f63f5baab44f10 |
| SHA256 | 333ef3db5ef7ce1877b706688dda7d077689e5dbcf495a8083628993dd957c50 |
| SHA512 | 8d1751144a38a39685f8f2777dbe97d50c742ce3db6ecc2de75d01fdb55c0830477b63298ef36de373b88ef5ed84b542ea16c006262143ca22fbc00c14753622 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 12:42
Reported
2024-06-03 12:45
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
141s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91d36c77c762667a3a0cbf298fd3ef87_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff825a646f8,0x7ff825a64708,0x7ff825a64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2306466270065248918,14733716344390141634,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.202:445 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | secure.gravatar.com | udp |
| US | 8.8.8.8:53 | chanap.com | udp |
| US | 104.21.69.149:443 | chanap.com | tcp |
| US | 104.21.69.149:443 | chanap.com | tcp |
| US | 104.21.69.149:443 | chanap.com | tcp |
| US | 104.21.69.149:443 | chanap.com | tcp |
| US | 104.21.69.149:443 | chanap.com | tcp |
| US | 104.21.69.149:443 | chanap.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.69.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 142.250.187.202:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 8.8.8.8:53 | i2.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | z-na.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | v0.wordpress.com | udp |
| US | 8.8.8.8:53 | s1.voipnewswire.net | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 192.0.76.3:445 | pixel.wp.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_928_GRYHYBKZOOQJHXYT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\080df624-4b4e-4bb2-ab53-b56b4a43d0d8.tmp
| MD5 | 13363e5172d5cb217036d65b410f5516 |
| SHA1 | aeae1ec5b8a50aa78f2eb8a0dca0dc6be6b123cc |
| SHA256 | e57a1aff04f4e9dab4cff2accef5ede26e06447f6bb82aa6541e74b78dcda179 |
| SHA512 | 3f68f9c08138e57c4a7f44eb93b64694313b8ef2b3db2df79f0093d50c412ec9b4ba37dc24094c0ee6b3e6b2608b18d7e6f635c1e8e431d8166614e211c183cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ec607992de363bab8ede3d296a932477 |
| SHA1 | 8569bddee18a6588c07b2ce9b54f8ee6a32192fe |
| SHA256 | 15238a1829309b383d3a203d4e47b563effdb67dda385a35d50888fac54693af |
| SHA512 | 45cc3efa158440e86ff90996a8532e18ee3ac0052989a617da443f6a9d1f9a96e46517a7cbce2af730294578c54eee6a570b468980259b4957c0c541e7f790e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c738eda4789284c0770919fb0583073e |
| SHA1 | f29412b1cd6b90fbd584a5c5a9b59923e7113543 |
| SHA256 | 79db98862ed304f745e49622fb883352fb8207fef064c11f50097d99e15b1679 |
| SHA512 | afeac157ec248312a3efdfcb03f1f6d79974a59a79155af1079124e7c91b4333aa626df5cd13b21f3a06922e32625d036177960508964cb979ac4bdf248f0f55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5e8f4a7cfb93590c4228929c41f5d1ec |
| SHA1 | 1b79ad653f2e3f812b1b44ac8f5164e3cc4a9ac2 |
| SHA256 | 4f2ddd98cef1d9984d373110508ef9e8f9677287b291271ac7508301e9493c1e |
| SHA512 | 30fdb9a8bf4b8bc95c81c0846cd60797b80c28ca1c5b520a59db9b116fbde75d8b87f2c29463d44483062a9ff08fab675ca3e7d35c18f8225656a7709c44c55f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bd16.TMP
| MD5 | d135aaa83fb8ff3888dd1029cb45b7d9 |
| SHA1 | a060ec38cabf99623f65aefc15034bee3c39038d |
| SHA256 | f6b3c5300bb8c0ec777384db08f8a155697956efb69bcb222a12c4ca04a31c2e |
| SHA512 | e9f4e90eb24fe5c4f2a7fb5872ff1b8e4f21e20aaccc956561508dff5b27d5950fa26fcff3913995913841fbe053dd6c6bf8e24d691480e936572ad81c1af4c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9492c9fcb7bf8dfa8d5b58a98c0d253b |
| SHA1 | f155e66363244dba57aa4a9f2a0abebafc9fa180 |
| SHA256 | 70e89c4c274ac944834474a1e20f6b4c3319dc65e97c1419452f0c168f73bf05 |
| SHA512 | e931e5966595ae40c521c851376642a503edb4af46344192b9499932dd69555806a5a7cb798a1eb81225224cf420a6832211d26686a99ac1f1da155378caa9c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 364668786681fcabac60a8ae4924fe85 |
| SHA1 | e76306e8a3a825521bb5f76dc633c83c15bd755f |
| SHA256 | c65cc4ec9efcf0cacc46a5251f6d7d0504c21f07ff02193fabdcf16169a76a09 |
| SHA512 | a0d6053b6d9768d5062215969b42e814343f73e8617ee887ebb137de7224db29ad332d6eed8c8b27ffd297d465cb799f752578b27619f12022cac1b562e7ec91 |