Analysis Overview
SHA256
b73f1af672bf1e66459664235a9d586ea284ec622887bd1c589017b2898308b8
Threat Level: No (potentially) malicious behavior was detected
The file 91f4ac50d7f48c6a2bbe014fc1227710_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer Phishing Filter
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:30
Reported
2024-06-03 13:32
Platform
win7-20240221-en
Max time kernel
149s
Max time network
155s
Command Line
Signatures
Modifies Internet Explorer Phishing Filter
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PhishingFilter | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 10567532bab5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b7034e53df7bb41b08bfbf11ebd4e71000000000200000000001066000000010000200000005eccbea440ed7cf4159ebc3a91a487f89145fd5ed07a6d3401f999fc728db621000000000e8000000002000020000000e9fde14dc91d71b2fcf5f54b2963dc420bff2371f17f638b582a00dc280c8c2190000000f18370e7bd84799fe3e1a61083cb6e59b0e864d340c57c54df2cfbcb8afc25d767722f8a9bd1be17b5db6815159e68b0977609f1d017ab95b7e2c410b68943faba27812a3ddde6728278224bdf621ccb44b3a16bd6cfd68d5667d54e7e25c2531cc3011811f81a6fd5afbedff3c2d3c1835159bb2acc9c01105613b92dfc872210cc1975700a93605588dbed8052350440000000dcfc9825a0b76006a4bf167f70aee1ec9b9f7cf1339a3ae418366d2a5bb383b2d28491b0687365ab3b72dad2a377f06a46b6ded6bf1956ca2579c9cfea8a8231 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6BB5D441-21AD-11EF-A7EB-E60682B688C9} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b7034e53df7bb41b08bfbf11ebd4e7100000000020000000000106600000001000020000000074717ee74aa8840310f3ff6c00af5bc901d43c4aee350d6722df4dece8e5f2b000000000e80000000020000200000008612a833cbbf6ba2991290d72e40c607a9c9714baf74cc41ebf62805a69029312000000001bb191646186b052c5db5be3fa404451d9e2c4163f5a8418748d45c109f73f7400000004a74dc9ea6744af017400dc20d676d25254baf157ab3d169212a5eeb1e313f948091c29355917900f83e134ba6ff3a911370e1fe1497e1750f647f2f6a54d8d8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583287" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0cbff44bab5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1400 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1400 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1400 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1400 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f4ac50d7f48c6a2bbe014fc1227710_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1400 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| US | 8.8.8.8:53 | loadus.exelator.com | udp |
| GB | 18.172.89.58:80 | static.mackeeper.com | tcp |
| IE | 34.254.143.3:80 | loadus.exelator.com | tcp |
| GB | 18.172.89.58:80 | static.mackeeper.com | tcp |
| GB | 18.172.89.58:80 | static.mackeeper.com | tcp |
| IE | 34.254.143.3:80 | loadus.exelator.com | tcp |
| GB | 18.172.89.58:80 | static.mackeeper.com | tcp |
| GB | 18.172.89.58:80 | static.mackeeper.com | tcp |
| GB | 18.172.89.58:80 | static.mackeeper.com | tcp |
| IE | 34.254.143.3:443 | loadus.exelator.com | tcp |
| US | 8.8.8.8:53 | mackeeperapp.mackeeper.com | udp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| GB | 18.172.96.64:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 54.230.207.189:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | assets.kromtech.net | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | event.mackeeper.com | udp |
| GB | 18.172.89.113:443 | event.mackeeper.com | tcp |
| GB | 18.172.89.113:443 | event.mackeeper.com | tcp |
| IE | 34.254.143.3:443 | loadus.exelator.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\cookie[1].htm
| MD5 | 4aa7a432bb447f094408f1bd6229c605 |
| SHA1 | 1965c4952cc8c082a6307ed67061a57aab6632fa |
| SHA256 | 34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a |
| SHA512 | 497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e80b71684bbac178bb49d1dac06de33b |
| SHA1 | 52917e2ad14f23ad4ec0696bb81747934bff132b |
| SHA256 | 89c093879b605ec0e27be9cb9fad22f5fbfc665274e04fe96ea941a54534d6af |
| SHA512 | 206b30901da398bc133ba4513a7f22691ec719d2ca6c004e4447a0e99e20f7cafea2969844fa33a52c3e0158ba04c6ab46208b746f584476e145f836fad1e0ec |
C:\Users\Admin\AppData\Local\Temp\Cab9687.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab968B.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar969F.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Tar96B3.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1eae5d4686e0d33fc7f287595044986 |
| SHA1 | fccc29e9dea040d51b03465eaeb453ef48194542 |
| SHA256 | 7ab309baf5342bf7d3950f3645722946d503817fddfa9c801d0a8c3b5159309f |
| SHA512 | d6ecc9d5eac36d1500b8fff6bd9e7370aead81c2631d4a9e1f23617678ea1ce6cc408e9a098f7199758c140c148109995801f68f263d5b8121d766222494f61b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45399982fd8d153196aaa4ea0cc386fc |
| SHA1 | 7726aedd866fc6660b39ef0a21fc73bb2cc8f907 |
| SHA256 | 30fc981b40b1c330810065a5e0a1ff047886fa5f7190a8006cb7ff1bb84a6a74 |
| SHA512 | 9caeedaa1a0266a8941a8cd38dea223797e982ccf48eadd85d71a6ca0ac40b4576c2611fa416962aa6bcdc8dbd678182c16e04fb8bc1a8d793f73621af2cc5c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | e4cff3051db6e634170250935aad7c67 |
| SHA1 | ae931cac24df53b708aada009112655df239c102 |
| SHA256 | 811af343d8aa7ac9d1edecd40045ec17ef8d393d09c03835ebc6eceb6579bac9 |
| SHA512 | 1a34874d99261bc236ad132aac8ebc0ed66e0de21736a2c664e87bfd4f8ea236d879f365cad218e7e3e3cf421f94c82aac9b0defc76b70ff62f14d235e4406e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4808ad2d5d051007d9652a665e36327b |
| SHA1 | 31a4e26a8fd71ee7eda3480477a089c02ba538c1 |
| SHA256 | 6c4ec1695529976715ced4c76f59c71eeb3033d79db8eb9ec35e4670403fbc65 |
| SHA512 | a61beb05fffec7765edf5dfe96dd804f830a905043dd375561b6036ab3f6282e89748de08bca755f4e6559c77b7e970857bd17d2f30f37f942b0e78790366047 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88aca2a57437e6a4de4fb37cb51fc9ca |
| SHA1 | e18ea5f24de0fdc9408e1bb0b943139477bae62c |
| SHA256 | 725031ebe79471b0b475ae8aa53d1a01df761de8ea94dfc754483846218bbe4f |
| SHA512 | 6bbfb3b9c691902c33bb803cdf4f6b883582878246b7464784e43caed3ebc87573504dfde3ed9228124cb71d36880e2e9aed2bddc7640f24dbd880874b09ed49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66bb02918d28e8b6df30cfda935e81c8 |
| SHA1 | 9e78a71a58f763f2933cfdd51c2a42ade5a3bf3d |
| SHA256 | 19fb4c69d4a1053da31e3cd45bc925f1af0bdb84e370873a1b463d80b5e09f2e |
| SHA512 | 403c1371aad75d5fb0e63e3f86db477d2bd5e897d00e10fbb52d8e376a6ebe9d59b5548e35ac6a8f9eba233dde53cf5874744a68fd632e924f83b76f6942faeb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9e6f55cd0bddcb2b3666442dc26f519 |
| SHA1 | 05bb4938ff0e72244a65c105e87dc372a94907ed |
| SHA256 | 45dc690bb0d2966a11554229836922342a0377dd1b0519a5d1c296fe5e212c5c |
| SHA512 | 2826eb539964b702d179e80b18f4a53fc81f005f13f9c4cd970f79b15d95363be48f673280be14e4e4d0448c54b4f0022af65a91b4b6118c4661432760889ad0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 401243048f1abe0c6883390ecd9940aa |
| SHA1 | cc09aa4a13db992444f01b418a40738cf607dc9e |
| SHA256 | cf694d95927c527dce949efe6ab65f2eb5e95d1df2673193bb50176ae86ef257 |
| SHA512 | 7b6c55c37ca225c341c9157df49991176c4157e235f9d93540940cd48fb696ae348b8f3143de24ea90b6981ef7d227ad85480130606685d15952ec2b59445cf1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | b0a4fa0b1000914f89c98be680efdec8 |
| SHA1 | 06dade4c0159256a39deac1ad895e9c648c0bfdb |
| SHA256 | 4cf6346408c398afbc7cf81ecc8319101a81002b53775cd7f0bde763fddb0035 |
| SHA512 | 416ca8bfc4d4e5004a876dd8acfaa1fb5389e7d115c43f37ddc6be2c8638730d69e64d1c8ab6c186416e70a19d0c6b6805a21fcc0fd0fcd1773a9443ebecf2d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 22d0bcddf87d20ef09293ab586e69db5 |
| SHA1 | d7b4abb218147bb9437b7a2ba7dea76d561fd8b5 |
| SHA256 | 1bfb2ec7ce4282ca339de1f8ff9e27b3543a840ed077366fb99b25ac9a664774 |
| SHA512 | 2daa4843fd455a37f49aa0d9e90ed98237034be3a868467f9a88728992bbb1b24f871a9d233261e4e64fe4fe14e2e32c39b7cba3b09322687fb8f9cb902097b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | e5e1c61f536253e33b3e55f0110b3a37 |
| SHA1 | ccd84bbcf91d1f221d3ccc4f3e1ecc9d6b82b4e5 |
| SHA256 | e6118eb5464777b6aba2a930ac1909cff9a6a784926ae82a3a8bd589a9694e27 |
| SHA512 | 827ef417f1b5bcef432a552bf2fbc6bb6adc7a714420e4f1df79c4d6c221582b8ab8360966d30265531aee9d474557ac71c60c76636b823058f783af038ab241 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | d92b3cf50980c4096f7a5a80a261fb7c |
| SHA1 | aa19658b2c370f646499642a7f1a2c432cb07c19 |
| SHA256 | 4d33393e2c895205e1d943b3c3e223411a24a9ff7bf101e4072c518979638432 |
| SHA512 | 740a334ad6e06c71cac6ce5ea38bdee2e5f82969ee61c3913d325561ed26fb19c2bd6052810817916a319c1369073e415f20c182d90d0bf88d86616bc5b900aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | aa21607ab2fcc0dd50ef86abdb006854 |
| SHA1 | 094db8b60a62b15eb2e9a4da0d81125d8075854c |
| SHA256 | 1e172da314fe95fce53f9bfa0dd1e1f1a21af2a0d4d40dc264bbb681d86d9da7 |
| SHA512 | 0e7fcd29386c9f60c86edf7f9a72c275c3db58ae2af8a01f7cf9601eeeea405d43426b09e902db7764303267dffa2d99bc44162dd001e4032d44fe77a8830a45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 053ace766eb086415bf5323df641df32 |
| SHA1 | ea09c3e3a7aa8041dd915689b319cd19c4d7dcff |
| SHA256 | 69c3ff60569c7032fb2842e082edcecc71a59c5fa7b4d1769ac5a9a77bc6b89a |
| SHA512 | 8055dd4b66b79f1084164d59c70520a7a18ce0a61b0f1f8c5b353bdf376f8094e99900130a437519165de45859fa6611afe2dd65fd0aa1086f3c8acea5ddf068 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | b8ef307036c46dbf60e3cd642aef8088 |
| SHA1 | bcd46987913b23d78fb1603cc90ff45faebbbd28 |
| SHA256 | 33e73d0b64df9c9bee5dac4367e349882629d698f0e2281ce07b022b3c6ebc40 |
| SHA512 | e3d7ad14313e3538480c33c532d64f0e8d72e2d4f2f20ad34bcd1638bf217009810ae7384e9a2efd9c982408f5cc73fa5dbfefaab3462d70db188b4a501136a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D
| MD5 | de02d1161c83d4e11e6f7c5788772fd3 |
| SHA1 | 3c6bb666cf71b4085b085c9cbb64b162e6a5ed44 |
| SHA256 | a7790b322296fc10e1e52de81b9038ed1497cadaa66667ccde325eeae30b0584 |
| SHA512 | 09963bbc48ef8c9810a903e44264e2350c2ed83afc09d30d72d7af9aa44fad9e5411daa3905e2a60275ee4720bf0cc53dcd7bc31be4bd4bf40cc4f65f18c2f4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D
| MD5 | 744c3cab6b748a4a8c7495b1a82cad6d |
| SHA1 | 8c52f6c55bced86a4385e3b2eee851e107f4be25 |
| SHA256 | 41e565abe63b473e2a9055f1c7d6b980f071021a8614ee75959a4625b759f8e6 |
| SHA512 | 56c1b4a058e0cbc6d8413e7246555540686ee164fdaf94ed40c61443a04f7be7b4d10726513c9fd9a72a0550ac32035c559173be5b19fee63f2be66eb7c474b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78cecdbc3ee08f7732c8f94eeb4bb1ed |
| SHA1 | 2e366f70df4d035d344dd21a85b5e77ffa6f48fb |
| SHA256 | 0c2ae8aef22069c070bf5ff23614a4ee1813b3b70d8a5fb518b8fc465b21fe52 |
| SHA512 | f39a3784ae8b49dcaa57faaa4c0503708cbe819dacec027a18b10ccdced5d9b7416746ecc95e4a69f5ba7a448f727f1c5ea64bdc9cf4ffc1742527fe42d89c5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fa56cb5fc5923dc4c5456fd4acbcdc3 |
| SHA1 | 0e93668103b5a8e18bfcba996416ab12399c93df |
| SHA256 | 969f586c438661d7ec8b792142039e5c48e7a5fffe51663ebb0c712c2e11aa19 |
| SHA512 | 8f5b5ef8ba7926a03337cfa7b4f995d159a60abd1d7c74fa5e0d9bf8867e180f71c3b910abfce727457d4191a76718f9d66b4eb57395974c5712c110212ae0af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9004a4af840bc34a704ea8b78da2419f |
| SHA1 | 00a8e1cb2528495a650d7858b4c26c463330cfcc |
| SHA256 | 337543f11d18be3f1a83d4bc251ee652846f97faffa886d8203ec9c66d252b11 |
| SHA512 | 3f8bd15a7c403c31176d4b45b5dc2798f116a056d68bf415bd2b8598f3a15f7b65a888a599c1b99ee6057b79bb3327f520d414d765ef7b01916cb70e4c2fb797 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d29e549079dc3f22b0045aec40a5c820 |
| SHA1 | dae68e259e9df27cd104b2976618c1241c320513 |
| SHA256 | effb2fecb10529dca4eba95fcf450116dd18236bd8e19724aa62a9052f4b21d5 |
| SHA512 | a82298199b5bbac161dcf1a3ef404d112f10d89330b8cfffa434bb17141254dd162886aa1bcbe2082e6081281a550a4df5af438d53cc8e4ed3f935a986bd3e2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b75bb657c741787453cdac5b67cae122 |
| SHA1 | 0766094cf752f7984c661521c5f49f3552098ced |
| SHA256 | 69bf1ad50afd491d2b439ca55b7fa113891e6c315c2060d000cc4b2d93277352 |
| SHA512 | 58cf36628213de8bd147fff4934d558fd36ae88787795ac1208db0eeba688a8dc4ce6f594abe4e9981001ddf0258b15d8bac3bd11b5b899824a023d5da3dd4a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32b3e7348b6cf09cd7e25ce5c6c40c73 |
| SHA1 | 27986ff0b93120d761f737c2c3aa6aa82de2565c |
| SHA256 | 63809ad11bb68b2fc9769d6591287a3c57d17896a271693970e6308033901e2e |
| SHA512 | 6e9def4888dcc5b9da3aa0f15105f104f252d15a6752dddcd40b799fc8d13f6cdd8f310812ccc113745dee2d74251913372a92a8aa44ebdf0730fb186111650f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00e72e2f15a5626a285b781988458c20 |
| SHA1 | 1e6caa6c7af5ac3ffbb36f23dcac5d239a7127a3 |
| SHA256 | 2312b5e459a65188905dc2b0e64d02cfa7682a4d8d8f803496f9b2153618e11d |
| SHA512 | 49f35b63eaf2f492f8745b250c4201877ab69238820b0af06477da22117df023c73fe368845b3e608b6da04a5f1b012df5e3b851dc5d7e3542987928c7b2fa31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3eae502ffb65c77ca9632024ebec7ec |
| SHA1 | b4338651e42e9f8dfdab73a25d8a20a0e6c0b26e |
| SHA256 | 3b84f0c1f52b798975355184306f7912ee4ca854edf7254191555291d155d350 |
| SHA512 | 5be25f5a651f978e12934153e95c07be7953fa394c855ab88b98ee6e6d4b77d5791d9bf3fa3754678fa741531d33bee9651b2b516125ceca4a7d3ab360e17367 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1052c80959e57de225052c285d4eb66a |
| SHA1 | c958157cb3e1a458fffea3f4e54a626622bae438 |
| SHA256 | 15febb4fa45da944db9dbcdc3934a3f2768cd55daae41760fee6f1e4154dbbb6 |
| SHA512 | 3ca40a92939d7df32af11f5ab11ba2025abec2525f0ae87cbe2ebe40b36781366afe4e078f1ec6f5a44448c2ea9649fba9d696fbf1eb02dc2c13cdbd66948e78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46d1f6b376e427f9a19edf6b57376871 |
| SHA1 | 713a5b5dd71fb15d5ca88c0e102b10e4ff43bca0 |
| SHA256 | 83c610f97a79cd5f4b09bba105706183eedd05f7c71c7247692e3c7914e36e4f |
| SHA512 | 28cd9472f7be14bb3fa68bc16272b16398343f7414c988cc431a3ebc9dc3eb9252f49b5e7947e2a83a030b799f306beee27adec6f30f2c879cd8f461936b789d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bdc5cd1431443357b2f891fa5888506 |
| SHA1 | f09580cc1ddc9616f4c8edf81b9fc6a39b90fdd1 |
| SHA256 | 70fd883df206a9f366a12e5614da60cb0552184db2fabeae5f1147fc1ef8c03e |
| SHA512 | 2d142690e32a123a705cf9098df8cd608f00482fc721d6b995ac584010484da46ed85380f9287f4fd38b8d2e26a0dcad9f5fc91278fe01742fcd1f819fcffa92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e179bfb5aaddad3c9224e8a8f01d54df |
| SHA1 | 5e247baed6e0012191cf9e938f12c3d8d19a0bce |
| SHA256 | 56e9c3a0f219a9d109861b682167406951e24af525977990d636272e2f86d8a4 |
| SHA512 | 8bb7bf40d2a0f6d979d1e624ce141da22689f21eb625e1649583d8709ab01dcddb69348caaa6a33af8f0f9e5e4f23c0b2af1018723c603695b70aadb7263c535 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 0af0b4a0008c98962655252a79a69928 |
| SHA1 | 2797ff96332b45601e25aa2cc5526efa363106f5 |
| SHA256 | 8ed3750f619336e27643064c4d638d41eefb43b28dc733790e5ef93cbe2cc8c5 |
| SHA512 | 87fee5aac761b951a468bb1980ae10b086afc25e76e09fc65a90cbf52b4c8aabfcdb7acc7e8221cbc41e1d78ac4ec46c651879057c57634649adfdd36e4a26d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05e0cc3e52c0084933bc45a368a5a7b3 |
| SHA1 | 714040e5897a84b99b887e8a9f9a5179eaa24529 |
| SHA256 | d20198808b4886a78647ee8c286c29e3ecca8e605db6c6417ef81dbc988a7110 |
| SHA512 | 9bd62092937c9fb6206ed8ca482648940d717ce416356a1cb6d8b799f8e670386996efc91ccfb7d2a409289548b1fe3e4a52f7a6c68a317753610226e43a2d2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de68e3e43e01478943db73a3c7399f1b |
| SHA1 | 62b39c4c0d143f18fb22af782d87d8983269324e |
| SHA256 | 9c17510b6b084cf396f486d3d44495e9678851eeb460359d715447a305a0440d |
| SHA512 | e5f0bf412f2e970d4733f9b902ffcfb135f3fb5325a964e05fb37775e54c0c3fc610dbd6c4aed40245cfaad7e09d1c77f66e270548d5dfe04a9e0f6387661aa1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 478a27bddf93c323a7f5dd8326a0c291 |
| SHA1 | 64ac5d637ab3e39e6a6c4ea85781244ec850fc5a |
| SHA256 | 3c5aa89ed95b6280eb74c9fdbe79af9d878ea204a4e4a07668fa0fb311f40e8a |
| SHA512 | 735e1d10c5f6aab7e3003f789d56c1b54cede9009f328e156c1a1496f59d3d96e848907b23a98414edfba4a048eed9f6a31dc27358950245747b4229b0ee69ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13d1c14331f54b5837bc2a6a42d7b475 |
| SHA1 | 909b7d7ad43a9e176439d440eeb62ce6b7686759 |
| SHA256 | e771d7be1f25c7b594673bc85181f9fa7616a3da62f4f8a16158ac1eaec4215d |
| SHA512 | 17515b5391e3d8447b9b9a02f1c74e7d6fbf87d4e81e0122574dda8fb6e3b6526eeb122d8bf43a2c835e8745032d4b67b6fd97df25a2ed0bd51223544340bd4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 71a0a4e1e1325b1de13ef6b7f7799d51 |
| SHA1 | f4cd0d5244a3e179cddb820d851307a69372139c |
| SHA256 | c2eb1371dba7323d3a3bac4f3ad111cb0c91c5d122e74d589fbbfbea60243ef8 |
| SHA512 | f2f7318c2361c42856fe64853b11a085243bdfc0b36807c6f3db0458d646ee9b92d1b817882c58adab260d2403ba86a4ec4cd90ff16b23834bcfb797d7533dd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb2aefe50e319c41415e752b9521232e |
| SHA1 | f1e1b5a04c77d515a51fe871c9852063957f903c |
| SHA256 | 8029bc44af9f8f1ab17895be8543e6a00d6c01a1a9c6a582dbb8da175151576a |
| SHA512 | 3c1e75295abad3fab091a5d33418a0d444c397a023d9d5820cbfd5cdf9976e65fe49b22f828e8d105e5978fb5a9773c9eaa3888899406c0fd567f971bc378052 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad11483e14cea1aab2ec39f0882bf43e |
| SHA1 | e3926e653653824284f44535f39b03db28f8b7f1 |
| SHA256 | 63baebb83ade73958c92c08dc3485ed9561f1d94c2bc3d9667ae0bf6d3832e35 |
| SHA512 | 6b8c6dafa9d0c1decec3500b4a8f69da0e5421e3c84e830a6a7cc1fb8aed49c45a8fd32b5e13dc1f773672d1f9a3d7b23960a6d35049958b93c6ec18c09f609a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84493de2c257ccaac161c114e29a15e3 |
| SHA1 | 4341e19d41232ef6316af8b5321dbda90d47b61e |
| SHA256 | b291e9e983e274d47019ea4f3ad38f5a29b98df473205fd1b412b962eb95426b |
| SHA512 | 3e7199400c7c3901db7b66b4bcea45b122be5d9197d738a4c44a6dacf5daac9ec7aa400d3f42789d1829356eac92b604b9e5ee072a547afe7067a6f08c502b09 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:30
Reported
2024-06-03 13:32
Platform
win10v2004-20240426-en
Max time kernel
146s
Max time network
141s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f4ac50d7f48c6a2bbe014fc1227710_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2e0646f8,0x7ffb2e064708,0x7ffb2e064718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15202795272144517704,10324792525799813594,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,15202795272144517704,10324792525799813594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,15202795272144517704,10324792525799813594,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15202795272144517704,10324792525799813594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15202795272144517704,10324792525799813594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15202795272144517704,10324792525799813594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15202795272144517704,10324792525799813594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15202795272144517704,10324792525799813594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15202795272144517704,10324792525799813594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15202795272144517704,10324792525799813594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15202795272144517704,10324792525799813594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15202795272144517704,10324792525799813594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15202795272144517704,10324792525799813594,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| GB | 142.250.187.226:445 | www.googleadservices.com | tcp |
| GB | 18.172.89.102:80 | static.mackeeper.com | tcp |
| GB | 18.172.89.102:80 | static.mackeeper.com | tcp |
| GB | 18.172.89.102:80 | static.mackeeper.com | tcp |
| GB | 18.172.89.102:80 | static.mackeeper.com | tcp |
| GB | 18.172.89.102:80 | static.mackeeper.com | tcp |
| GB | 18.172.89.102:80 | static.mackeeper.com | tcp |
| US | 8.8.8.8:53 | mackeeperapp.mackeeper.com | udp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 8.8.8.8:53 | 102.89.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 172.217.169.66:139 | www.googleadservices.com | tcp |
| US | 8.8.8.8:53 | 202.68.225.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | loadus.exelator.com | udp |
| US | 8.8.8.8:53 | assets.kromtech.net | udp |
| IE | 34.254.143.3:80 | loadus.exelator.com | tcp |
| IE | 34.254.143.3:443 | loadus.exelator.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.143.254.34.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | event.mackeeper.com | udp |
| GB | 18.172.89.90:443 | event.mackeeper.com | tcp |
| US | 54.225.68.202:80 | mackeeperapp.mackeeper.com | tcp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.89.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecdc2754d7d2ae862272153aa9b9ca6e |
| SHA1 | c19bed1c6e1c998b9fa93298639ad7961339147d |
| SHA256 | a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7 |
| SHA512 | cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2 |
\??\pipe\LOCAL\crashpad_3624_JQQOZALWMQVTJFOJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2daa93382bba07cbc40af372d30ec576 |
| SHA1 | c5e709dc3e2e4df2ff841fbde3e30170e7428a94 |
| SHA256 | 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30 |
| SHA512 | 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e3f22020b6e3cfe902b2ce5a21ea3104 |
| SHA1 | f33f96b5eac1852c6b56f2a19aa3fa44abb7b476 |
| SHA256 | 55e239aa6ad429e7dee92dce7e08d2e2d6e96ae9a949c09922e9306cf43cd994 |
| SHA512 | 8f969d2f401fab2742470ee4dee4bb6733ff920518672600165311a3aafa41db2048089873a1747b74e231c0ed2e2dc6a57b873835bfd8f85eef2bd2cfd3a3b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 06719fe629d6df4ca5a5fafa25673a3a |
| SHA1 | 93c28e428aaf6b0bd7b6563ae9c427eaf0e0d4bb |
| SHA256 | a1274fe96bdb19276663cc5dde269291d11997797bba7bf7010bc8aca19e6639 |
| SHA512 | bac46064efadf77c66ec90f1ecdf49ba8554643b35bc4eeef8d2802543a822d38479469953ea9852841dcdd5da576f2d4ab7e84538629d5e9599b3b47c35e782 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3f2da04ca4df479baa45ce1633640a6d |
| SHA1 | ec70cb6f9c2a5c42322829fee32f47356c3a91e2 |
| SHA256 | 92197b95cc68f905322abe9b595788731c30e0623de7b97dce912313a67a3ac9 |
| SHA512 | f20ff1fa896d75cca7e31235d5ed785a666a3ea40c27e5e75f765fe07cf513463a7df653096bd6941c3b2e285881418174a4db826be552b83491bd69cb2f77d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 38e62a3a7c20e6ba03ff8a7917d94d6d |
| SHA1 | e4f3eab0a5640d9e8a9e132764f92b594ef6acb9 |
| SHA256 | 3d91395877c7dea9b11cf12963a3efa7a4b8ea8585a66b044614cfa1cad6f3d5 |
| SHA512 | 0320ace856d6018970a9f29fbcee4d7a5e6b8aed3ae64bbff69d9cf2ee24d42415eca9014347cf26d92058d70cd5022389bc49d62a79d4dff5cd567164fdcf76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 94326870eb146b582ab8b71241079a91 |
| SHA1 | 9bb03a889dd1fd2c04d50ecccd7e579198f8a67f |
| SHA256 | 788e728abe457cd9313f329d475ee46e7b1002e7ff6db58f650ef9ad462cecf0 |
| SHA512 | 3f28c263da500b8cfe4234033195cccf9d592c7610b99020f1dd74616bd81b3c65b6bd1af2b5513100075af9c7514536018debefe66e2c2a7b3942a5a53446bd |