Analysis Overview
SHA256
38e051091e455b1c35e025a8a01cc30f066ea6c38d0ca7882b677a54e3292482
Threat Level: No (potentially) malicious behavior was detected
The file 91ec3d99a84a6b51da5d439b819dbd1b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:17
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:17
Reported
2024-06-03 13:20
Platform
win7-20240221-en
Max time kernel
143s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ADEDFC91-21AB-11EF-AFF6-E61A8C993A67} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000050601990868bd446880a5754f8b1782a0000000002000000000010660000000100002000000039c072eb39a0e327877423c066fbcb5a33316dae969bb03dbd33063b87cb0cfd000000000e80000000020000200000002b45661f65cbb1cde3d4add117ee95967703c6d21e98fa9cce5fea5df5f2c08220000000e89fd542ae50b6de89b9998b3e9dc6fffceec23a232bc46a83ca37d7110b38ee40000000fcc52654e9103e531f54450288ca33d6f5c834c3946040b4b68fa09a0fdbf743d5b951209f27026394cf068eb0747632f72e456828e3104dda3a2ad097362688 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582541" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000050601990868bd446880a5754f8b1782a000000000200000000001066000000010000200000009fdf82f005a36f53b062508a16f277f96024b35cdbd147ef02fe509f2e4191f1000000000e8000000002000020000000aee86c4218c2d0aa2cf72dcbcbe45a3520cc3e43e7d40130a891b9136aa1fee8900000008733cff1c01751b8458eb13154d4975921c250ae408ac45de46defd83508a4eb3529a6b16add832719ed2cb577b8f5bb1a88bdbc8a95bab3f44a1ceb35d042b88349d8cfb4cd03f3a989c22674f791b3406859d99f12fa517c7cfb3afb36d1689e4375b4d5237db22e5a6c3e90080b9cc2aee5de5e17e3157c603ade5ebeef7a194e06b55b0d93e228a870e7a36a6a9240000000b5e9589d851806238bfa4a84416cc87a628d124139e9bc0e50ef8433fcab286b306f3de914f0bffdae377e880386113899efc3520c5a164757752af3db9bf5b0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20183e85b8b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2240 wrote to memory of 1404 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 1404 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 1404 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 1404 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ec3d99a84a6b51da5d439b819dbd1b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2240 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | i155.photobucket.com | udp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 3.162.20.24:443 | i155.photobucket.com | tcp |
| GB | 3.162.20.24:443 | i155.photobucket.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 219a0f7de1969f401a6f850ecfdb5d5f |
| SHA1 | 45abaefc1f4e8aff976197ef04d3f0f359ff36bb |
| SHA256 | c6526adcedaca88973482f5c0cdbcb0eb1b8f315856da33b734ada72bb7f1c93 |
| SHA512 | 46731c5e7739dd4dab7ad2dc95017e170d447274e51840e5905923231c91adc673abca13b7062982476d376ad694c29c29f0d7d37d7fce20626859260b914e9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 13ed5e0369cedc64c8437eb9a493a981 |
| SHA1 | 880053c91809fef7b2a3d688143f554d5a05c0bd |
| SHA256 | 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454 |
| SHA512 | 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | c9328c7c31416f4345a31ab29273d5d3 |
| SHA1 | a11e3c7150520417962011a29726faff33307618 |
| SHA256 | 27b6c81a36ab7b8a82f9a7d5116554d79f363efbe62487a780cc43dcc939f868 |
| SHA512 | 024a81934125174a5917b5a96a445c471df6dae85a4c367d2010c1940a89dab5eb3a3141d2b771fa6385e3b261434382b5ea3709e4bfac3b404cd351883b623a |
C:\Users\Admin\AppData\Local\Temp\Cab8C0C.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 0ef056f3ba2d86515ec3966978509407 |
| SHA1 | 215e0fe0d3eb62ef0b06230fe106fefaa04ff795 |
| SHA256 | 17da734828fd0474c93057ebaa01a6c69ac58b26943230f4a05745e3b0a671f8 |
| SHA512 | cde99983e5680e0fdcb6299a3c97289235d3468d7c9f23ecf2792d5f95488ca46da09902e024d263532c615b141e62f08c092afa759f03ea0cbc707e585498a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 0f3cdd55f8d1bb896dadbcd6e0e8e32f |
| SHA1 | ca87f2938a2c6642d6e3cff5a41994c9a08f6b7d |
| SHA256 | d0f604f2ef3907325929c04360f0062caa804cd3be2897d6fea2605e3f6da4b7 |
| SHA512 | a87cc77c6daf6fce017bc5c7c68e0d4c9df85e82a3bb19e82e7bd2c936e146d44b07ffa91e3816b3361029d80cbd81c3c27a95fce732b512dc45c015bc22bf60 |
C:\Users\Admin\AppData\Local\Temp\Tar8D37.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab8D48.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar8D8B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08584a0fe9eea8012863726d8641a8bc |
| SHA1 | edc8538fcc513e4b07380d548d0fae51b73716fe |
| SHA256 | 92a457420c363527737a667ef4fc8a4f2b5545b805ad8a77d737d1a101fa34d9 |
| SHA512 | dd4e3b686c16dc70d51b9c3b39bea883fa910c920e56a650d8f358c778b2620bb1790286ec353177f4f4c37446fb927192c564677a76e4af2c7c61b109c1f891 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_1DE53A40D87952CFC53E36A93B17FF42
| MD5 | 7492d35ad49dfbe46f01dc01c7af70a3 |
| SHA1 | cb20561751b1b306c8cd3d8fb9ddb66efba6c8d6 |
| SHA256 | 68e1f6d45ebac9608a34dd41a0c53fc731905d21fe953608cf858d0f6c5897e6 |
| SHA512 | b7b271a54867b0a1133bce09e7166cc19287877f8180759057c220f6a462a3e79a7a239ea1e727006f184a696c476b79dd9589f1a610f4d63418c7b88ce3be8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_1DE53A40D87952CFC53E36A93B17FF42
| MD5 | c2b06f1eb916ff81cc40db4683e42685 |
| SHA1 | 92f8f8244b5f0d1c677a8e853cbdbadace06e949 |
| SHA256 | e74c480335b4cc15cd1d8f2960431e7d08fb03cdb4c0f7852347bd1850c167ad |
| SHA512 | 84cd0b90bc3bc2f48c35bd041f125ec94e23cb3f1e677dd4564a181b0eb0df1723d8adf8072036ff0692bff322106f7a3b0386a5f48ecae25ffb6ec9298ddc22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0493e5e6f5ae76e7814acdfcfb391c9d |
| SHA1 | 6d5ea423c1ed4b2eb01e89b2c6e4f3287639e399 |
| SHA256 | 9550110cfe89a86dbda2be8e21ce93989096c1b85d603daee62f1fda63ecfc3a |
| SHA512 | 753623170ecbab9893b644ba79d8c8a4f99711c41f7f9553062b453512d68a316d509756171dace17e485e1be616e86e9a7295fdc7e46e6330f1ab0f63f1aa7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c1c4a6a541aa41ff018a2157011b885 |
| SHA1 | e0064d0e38a6042e415e7c4b95e1cde1167e2c18 |
| SHA256 | a1ea2b575f992f33b843052360c1073e2160d084335d9b111a864b0915c0bb7c |
| SHA512 | 6ca0a74c1ad322e32a2a3fcfa7793a43b40c61ad8c50679e1e23119d2f0dc2d5320dc627f3be5aefae650545cc92906265542b626bdbdaa68f81d258776dcad8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 7324c7e1d67e4e2e0a35506109685c3c |
| SHA1 | 4ce4f7c3979f8f9bbe486ec9a0702ca99a66cf90 |
| SHA256 | cce3bc6abee56a4e4c28349a1ddf535f8f4536280214639b8346ae52d8717c9f |
| SHA512 | 0b3690d2c17360715c7e48d95963b80ac15912fd102ff594149df692883ddc52aa8670d4aaed3d185ba4a970c5efec2057c2ecf7225b8cab4596cd1615402b9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 329333d8d3acccb68766e73961a9db31 |
| SHA1 | 88b411bcda61cf432afff0bba34e1b87d81938e2 |
| SHA256 | 7676f4bf3ff736657a83d2fc5ee3e8c4b83edea3f6d09a1febc120ac52cfdb7e |
| SHA512 | b8b584f1a20f0c2e8f695db06898a12f2d3f0999b2e51d22b48c2afbe99c9e83ad80405ef5ab1cb1cb0da8fcc6b698021a7c57ba634050f8f280520d6ad720c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 696b35b5ef7d44d6dc6bc4d8c01762a4 |
| SHA1 | 3cd2c58a5406df6658b8519aef63972e3899910c |
| SHA256 | c402faeb3e3fc53a84dd504efc7dae56304cf710316c62d2ea88900368c2fe46 |
| SHA512 | 104e83298f4991fc668aa6e16b9c7eba9580f0d1569cc86c4eee14a5e201f802a3d1dad22039d65bb63222ded1abbe87f0b351f8c76b9dd3fbf482accbc3970b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\f[1].txt
| MD5 | 94804e450d1f5464f3ea74f8e31d068d |
| SHA1 | 101a69476bf5d31ac29797e4345a00c65a8019f7 |
| SHA256 | bbd458dafe470e3c50014fb7f73cff4cee77951215126ca3769c454daf04dc7b |
| SHA512 | 612c1526328ec2b01c6b5f93c126842bb7cf171cdaa6246e3bc166a1003690742d00a4404f1643ca57004f4e5203f4db27d15ab2f0b86feeec5a43bddaf004ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17ab5106b60334bc51862a0108cec488 |
| SHA1 | 42c6a268315f19e20aab6fa32935eee9b71652e9 |
| SHA256 | 0579d1eaf370f2e0c3b0bd6fd6a97ab8bedfca2bf7c6afcd89ac0bf3b825c7fd |
| SHA512 | be52642fbf2fb8ff520ad7c2c0b90021626ef864fa29320b25f1fe302f841d66ec89b48ca15a1afb51be8322e2d42563497ae5be6a0e2b0747307be3b2f06b3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | a96dce32e587817a7bbf9270237df506 |
| SHA1 | b7501eeb27eb8cf5a6c0a0a843db9b800e873d0a |
| SHA256 | 4ecaf8527d4ce1af0c9b5c0a833e7f5f2d441b36beba5e70999527ebd9b575c7 |
| SHA512 | 79389812d89eefc211e9e0352d496752e87d78b8964731e086ddfa54afa80caee12a26e7f8c48d79aaf343c3d8a57233188c0aa427e122fde43f788fc85cbf50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\analytics[1].js
| MD5 | 575b5480531da4d14e7453e2016fe0bc |
| SHA1 | e5c5f3134fe29e60b591c87ea85951f0aea36ee1 |
| SHA256 | de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd |
| SHA512 | 174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0678101c77be93661780535348414d6b |
| SHA1 | 880d6718c1a2f5d39054601dc97ffc28b0940fde |
| SHA256 | 61dc826c27fbcfebdb7c7f2bb9398aae5c695d36de535730d40d0160c6e066ef |
| SHA512 | 9d8d4e598abaf24fa377ee76768141167bce0955a98ee535a4fe82ced1f1db46c81e7d54072ef36d4eea48662deafb5693cd4550f7d94980163afcc6474f3959 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fc6508c7aa55f0e1dba140b81455087 |
| SHA1 | 9114f0415458060a54c9fa415952ccee933e95a4 |
| SHA256 | c4c969b409d82a1e752df67245ac2401bdb293e114c6c638b23c91202b1c542e |
| SHA512 | 75d221e11f578aa632d7ea384a164f441b2d7dd11d7448d66fd5963bc87a4f834d97650d0f0c46980ad6c7b6b88c7ccfea386e14f39f3945783abed4b51e94c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c460b2b6615d328c824f1fd419286f5 |
| SHA1 | 89d8297c1ad2323b229dbd3d7b953ad7d928fed5 |
| SHA256 | 79ce848925fedb60e4a9c3f7181e3ab2f49d2d554c8116fab68dfb69c5802d88 |
| SHA512 | fb64091c22dc1037a9b0db43d95c1f8280c45ad93af2873984512217503f4e6fce4d51f4d5437a8d69cc87fdc661eaf293f69f689ff671e317b3f320846b3ca3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efbd1311e38082d873dc4d5b777c5ef3 |
| SHA1 | c2cc14a3d159fd8489b89e4ef69e92b82c4c5094 |
| SHA256 | 196ae1369c5f0c8381b06369abcc3efa9bc7217a82d763d7be3a498491f23b57 |
| SHA512 | 3e62be553f82fbb8a97b333d3e55b7ca86478af973e3e258753f45983d727fb8a43950b9c545098366e8359d01c2bbb82b7701c73ce6aba427985877a5f1948f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d93fcba72870f4455bc0a31a4f95c9c9 |
| SHA1 | 46232212333a59c7c3088f178ebae7eadb4c51dc |
| SHA256 | c7f74aa31fe09b15ac7f67d553ecbc1d29d94b5c48f3a651026a4440c1fa3e78 |
| SHA512 | 7986adffb752f9712b7877eebace580fa22b412d5a86473afd7fe825a697a3273fc284fd4e8fdf946110097a1fed421ad3aa5b88e735e62a4058903b670b3478 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c917921e9dd68bacc4090166c644e18 |
| SHA1 | b3b6870b0f4d99a120bd2ae2ad662bbf31ec4048 |
| SHA256 | d3e84fed1a5fb6ab63106ebcb942e658a1da66a4cbe40e2b114b203cf2a1321e |
| SHA512 | 74cfddc351ee75d254cdc3c423c616e41575c11bbc7d1bafcb13cfebeb708db87c2427da9c79b6fa438a2b921147d9d068185281137e4def9ecc02f4436e6370 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8442e23d6b0435b83d64417fe2da7c75 |
| SHA1 | 5391917afd31d0478e96f23a59869ad0721e2f45 |
| SHA256 | e090767794f1b09d80de5a1cccff305c3dbdc1978d19d396e455c46a26991604 |
| SHA512 | 8539b49cbef0a72de4272d1b6fa7a07955a5181b1139a8377706ff5cb5803efe377ca107d4e95f41ce94ba7ba908d7b478f847c390103efed116c80de01c4aa3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96130eda9e15e6f1de7e44849e4ee830 |
| SHA1 | f8cd81080a90f2db3cdab1a5d30579f2a8ff2c35 |
| SHA256 | 0db4af242444b5c477241055c2aa51cec3f7ad869f475e48d02bce934bcea693 |
| SHA512 | a9f30b750fc6d75f9afa4814743121ca8e8bfbc28be7b770988dde083e4eda92df506554933c86054b8d83f803b7cde7bc513a6340ccd730eae56023795e44d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b92fd1494575740c46eb86a05cf2812 |
| SHA1 | 63cfe8ce7f9cc21d74a31c5fa0df309469f2c503 |
| SHA256 | 577a011a6f769ef112cad5d5eff92825926abde617e26c09e839f4ad69aca530 |
| SHA512 | 3881368cdbb87e920b6e9e3c299b8a248459b7c515722ec5eaa42eb2528534dfd17cbae9375b63df632dfe30ab5119a92235bc07626e2186a909279ca679065c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce3dab16bc0b2afcfb7af9b0d5de85e8 |
| SHA1 | a4fa5b47b9d92b8ad63bef1e3ecd1ee4329f689e |
| SHA256 | 5bff6732c7c7b692b676ff8d5d9ed391c26f9dd539423bc91df1e0898d125c4d |
| SHA512 | 9b5681e07beedf7cb73eb54cd5e16add111b2dab2a8818dc47247ebac82b0c275aaf7407469db390e78e2c0261d150005aa817062959b318a3ab2a0712861f01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89c4ba9e615163629c1efc2b2d6750ef |
| SHA1 | fc3c75340d35280a377060741012c23736ca106c |
| SHA256 | ead3054c983d39130a3eca40a7b6a12fbac3c2e40f2413681fffc6b9dbacdcff |
| SHA512 | 5a5089fd05d8e8708508c0542afd7764a15ced0c5ab3434452f6e7563163da1df28c9d9c039b2e4e01a486cdf5692b45b2df2014e04dfcf3fca18e950418eae9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 9491d2ff2ba23c0bf568a8c7b49fcc2a |
| SHA1 | bd582c11c7ed8bacc915ad40bd548e71cf21d659 |
| SHA256 | 753551f5828f3612389b7ff23a91e14b34c97153a5827bd295b3a7d27f5d2967 |
| SHA512 | bd5234ab1e0ba2628fd979ab005b503050548120e51fbb813e0f01cd626b44985a032a3cd2f2e6cdaa0a07379650c50d99121b141288f346313cc0e530779e74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5ff606fe662e810fb4e6660179d9050 |
| SHA1 | 5f9e843984ee4e2be254f5053ebb87b111ce20c6 |
| SHA256 | c4bc712e698f5d694375a09ceb6471344092dcc787ceefd522584ab52862e4f1 |
| SHA512 | 4fea4d5da89faa9804fda9afa82b792439a730d3b888faa41b0be32ed2ecadb69857537f5913a037557f16e97d084d88fc987e2bed1f788aad75eabc5d7b1543 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2e517afdfe61a2572543ed7ad28137d |
| SHA1 | 05d6d503c7ff7eaf97d4385fd1729067028ca98c |
| SHA256 | 2c545f6f8fed2d4cd29d4d1aa5b32a618e072646a942351c1752f96fa4318a45 |
| SHA512 | fca5d948c547f0df29eb1cbf3530896811e2ec1c19ed530ef14dbbb540503ad044b5c15b1f4bd1352a92c402e1ae1959ecd6b128dbf3b47ef0e05417d084f7ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94071828c62d971686cdbc63f65b7eab |
| SHA1 | 536f3bbb95d81fcf4b5518e636c1db31a9d43bfe |
| SHA256 | 324029741f15f3ad7df604cc496dfe0a9c020ac8c9c19f7e4e71e392631fb504 |
| SHA512 | 838dfa8590a004dfd59df9f4b53b1faa305a1720c8e5a6eb24de72e3c55584bcd5e796b4af6d4dfdd3ff482080b2bb9577613a402c2da765713020d481f2c445 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 484e400a242459b072b83c809c415435 |
| SHA1 | 35e3a06a43f741de7008bcca184c6c89cae3cf84 |
| SHA256 | 824eb0dc9af043f10eea0b4d8915f41dc1e16303be339743cbbc9c2ffa642e1a |
| SHA512 | ca81e2bce60f27e1bc10ffa6ebb02742976436c656a693c227e382e43a0df7f3582de5f6b081457c825ea8ff853c5b4c73eac092829c270d7fae0b29116b23c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2c6464d3a210f5a3ef46d15a79cf3c0 |
| SHA1 | 2ef6d0467380116c306e53227ad9e93fb4882696 |
| SHA256 | 809257bc12adddc7df59fe35a1132388368014cfc3d429492934b951c8f80cfa |
| SHA512 | 743ed4fd942b9c1e1fcff14d3846c7a4a25497e2dca97e02be394112b284eac869138c98ed353342af269917ebefd9c0a8bf389bf561c27e9bb2cf069f1df1a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64f1c96d202c9f13b4732c7bae4ebc75 |
| SHA1 | 398e445180ffcbb12ee4c7a8ad285fa63f4da41c |
| SHA256 | cc21181b4ccb1be267494eb95a372b7ee0273e2a610669a383f6c0570f7d9a8b |
| SHA512 | 5483c988dfded446d7aa426d7a791f5b5bec71098042b1a7856307eaec1d506d4d372b5f94b9fd440a776dd0e19f6669782623cac62207d5deac9db57cc8eab0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aaa12a510a6ba58b9ae8b393be3639b1 |
| SHA1 | 7e23611375df8e4aedca6fc0d55e2f3553b0131e |
| SHA256 | 118172a8e28db429ec475e6d1d0b37b8faf8375a2c76a78ed4d860814a1178af |
| SHA512 | 3753e5eb025d1df183d98958f0487b8806b817da7ddf7cea29bf1603f09d40c181b642ebbed8fb76db3a2bf11d343eb75c624d8a778050646fbd97c47f83eeee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92a9f29363d06d5db3bd557a23cf6c6a |
| SHA1 | 68442bcce4461abf05ba714d309aaf37814e0683 |
| SHA256 | 9722680eefd7b2249d561db0123a482e1e2ad5640dca5eca7cafdc3e18e6b6a7 |
| SHA512 | b82287350ab717208b6fff4f911d2b1c7bef9f5370d0844f9166fc483e50c9e1e31c7c5e8736bb5908f4ab8963deafefa3340979c9540c7d8f20cc5a2de296d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a77b8adc9aaa1ff0d0712929d81880c8 |
| SHA1 | c0880026df478fc0f339392f74106ff5c00ab225 |
| SHA256 | cf4eb74e2d85f74bf30eeb9ac943dc7ebe38ddfd6f43d6790ebf88289e241b49 |
| SHA512 | b30c46e0e73aee2e84bc2dcc78a7213ff81388c7d549721b6ccc6c38837dce45ff32a35cf13a281567f5c5f94f9d18db61ca17ba5f39e2cc104f007838752cce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 4a68db41418b6202b7b21b1bf946455d |
| SHA1 | 22b987d3e498425f136d86121b38f65ed5f69908 |
| SHA256 | fa353bd3550593d4d1af48e706f13e46d0b3ed5cb07937a497978ba36e5b9631 |
| SHA512 | 08afb19d43d3dfc20b387ed907c9df342d74182d6a1737f4a63c6b768cfd8c6367d7a0a4f55d96bb4ab772f4778c4dfe496be09d445633b0492b23d800e11ee3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:17
Reported
2024-06-03 13:20
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ec3d99a84a6b51da5d439b819dbd1b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc06ac46f8,0x7ffc06ac4708,0x7ffc06ac4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4255250589120858584,1161485911195470063,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,4255250589120858584,1161485911195470063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,4255250589120858584,1161485911195470063,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4255250589120858584,1161485911195470063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4255250589120858584,1161485911195470063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2824 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4255250589120858584,1161485911195470063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4255250589120858584,1161485911195470063,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.200.10:445 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.1:443 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 4.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.180.10:139 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | i155.photobucket.com | udp |
| GB | 3.162.20.115:443 | i155.photobucket.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| GB | 216.58.201.98:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| GB | 142.250.180.2:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | feedburner.google.com | udp |
| GB | 142.250.187.238:445 | feedburner.google.com | tcp |
| US | 8.8.8.8:53 | feedburner.google.com | udp |
| GB | 142.250.187.238:139 | feedburner.google.com | tcp |
| US | 8.8.8.8:53 | marbun.googlecode.com | udp |
| NL | 142.250.102.82:445 | marbun.googlecode.com | tcp |
| US | 8.8.8.8:53 | marbun.googlecode.com | udp |
| NL | 142.250.102.82:139 | marbun.googlecode.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.180.1:445 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:139 | 2.bp.blogspot.com | tcp |
| GB | 216.58.201.98:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.180.2:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 209.80.50.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aeb01eb0405cd717bbedee6d0a3180c4 |
| SHA1 | 278ba0b9bbc757dc0480f394abca7c2c6067e6ce |
| SHA256 | fb96a2f17aefa53f53f1131522a98973e3c5af9043d1572b5738afb43436b2e3 |
| SHA512 | af10c2efe93f22bdcf5c0b9d21d682d7ea6e68207398e990fa56b7de3a6a094d4becf1d4888549271c6f831d6e9c0499c7e70ed0ffeddcbc0ee3c3ffa74f2fc5 |
\??\pipe\LOCAL\crashpad_4424_BQBSVELDPBZOGPQX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0bd12cf2-ad8a-4878-b2c9-c69ae8247503.tmp
| MD5 | 086343e379ed4a6e9dec849728176e98 |
| SHA1 | 9b944f31842553b605e207954d10b3c42ce5f9af |
| SHA256 | f17b1300d532bccbc0f8d9aea0bd0afa1c381239bc53b033be8563ebca82e5a5 |
| SHA512 | 5e72d3bbcdba0fd7ed6a3cba5386da3b0396d378bddbdf9e2ad8c4b0846f3b43d17a0b60842eba70d485822466e3a44cc7ac014e23a2f9c9fa5336a3982181a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 18533bfea1ef76c90908354fe49a1670 |
| SHA1 | 4f34d6a32f686a2a1472f50473a05472b53be3ac |
| SHA256 | ba34df0d2a96afd7095947ffff6288607669a4f404b199e387d6f1d09762e0a2 |
| SHA512 | d3214d72fea308c56eb0539e1c5e4ffe674871dee047cb23890f42b42d052b9e7d3286f6ec354c4b48ea8154e55daffea1ef1108b93010c9143612436a67fbbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3832dcc3fad94b089c3e8093f99bbebf |
| SHA1 | a1a5291bc6f7bd1cc93b0058f74f6219cae68586 |
| SHA256 | cc57f9d4f12133e967af956360e485543d2171ee8d4cd1c82a4d0f49aabd37d0 |
| SHA512 | 9ca6c0cb8492654a6c8f556e083e01b012655f3c4744a872d2be34f024ad98d355732aa94c14040d12dc0e33a8eec60b4cecd21f6ae292b45175d90922f0db95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c5f0.TMP
| MD5 | db08c6eabad6cd469d39e864ee5ba737 |
| SHA1 | 61b2fd4b99991ffb5c33c498c5c7d5357ef01601 |
| SHA256 | a5a0f3535a58cabb960d65dacc4f5647d5728deb6cd389f343606033809ddb8d |
| SHA512 | 71f4b101aa11be4ebd203467b53dfa3e5cf37f257400adc85f47c0c9844e44711639f78f5d0ad301e16afa9fddee08a12a84e9915e6f58508591344ba3291a4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0104035a3a6ef09623a742cf3dff51ff |
| SHA1 | e51ea12c0e119dd18b00135c508459cd344a6d7e |
| SHA256 | 5726f66e010836a011adda4c1bf282300cffc3b180c4b5c18d40b57478f6c3ac |
| SHA512 | f6f34680ff016d75ab9e5f93d2628a1df020a4a2f14a2ec6afca342460b57e5b33519b0ad369a96a30b05cb9b3c5d457d3aa6c82f05ddae2007a8ad974fcf9c6 |