Analysis Overview
SHA256
f0695b9596a35a6265734aa87ad6fb12184be35cc3f2270b938ad447292e066a
Threat Level: No (potentially) malicious behavior was detected
The file a2fb1ce96fd246122ff1ac5eccb6b173_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 23:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 23:42
Reported
2024-06-12 23:45
Platform
win7-20240221-en
Max time kernel
141s
Max time network
141s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424397648" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004754c02dc5de7143975c2afb8606bcd00000000002000000000010660000000100002000000072ef19e4cb105a6f7046c219a004882a0641f4c8bad0eebe189b3edaf1cb8ac2000000000e80000000020000200000008fc57edf3e44f427b76e5127e31a7f248dff2227803e95c6d80a415478e11ca6900000002e82ed9072b1a26443e6957cd96f7503e6d1bb1a46b0c93f174794dbe42bad6749e0a2f93d622768d45980f59c026a4abc901cb9eda02c91e82f32768efc50fe727ca9f5aa487bbc7171d931761de28c674bf67e65b3890f11a47ab916c853da24b8c806f89cc3ac63b0c244152ed4376932eedb002fca3911c77aa16b4f538e5effede6c3b9e87b98aaf4b0d29c46d4400000002c965c091e54b6d4848ca54c489dcdd170c8767ce94da5c9d04bc674b302a1f9ee047fd8b7d2ed9af22d50027662ddb4a25f6bb21b1d0779527026f6d0652073 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{80C580F1-2915-11EF-A5A1-E299A69EE862} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004754c02dc5de7143975c2afb8606bcd00000000002000000000010660000000100002000000057f05fca345d8f82f688eeda1bf3fa800ae9dffc3344f0e4b8b612f2a1ec987c000000000e80000000020000200000001c76c025692d5b016f6713caa26cd623aa3e13bf5019ece4833dfd65cdee7f7320000000ca434b7673d5f67acccda54cb6298c042b8a8dcb490d62cb0bba8ad51b32a070400000002a922f28c7e6b06db2ff05b3c97117a00d973864206a1dfe54d87df84132b8c9cce637602d1c2ef9fd5151cafcaef72069e63e0daf1356c1fe94197d1dbf1c57 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10f1865722bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2112 wrote to memory of 2644 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2112 wrote to memory of 2644 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2112 wrote to memory of 2644 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2112 wrote to memory of 2644 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2fb1ce96fd246122ff1ac5eccb6b173_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www8.9anime.ru | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | defpush.com | udp |
| BE | 104.68.81.91:443 | s7.addthis.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| BE | 104.68.81.91:443 | s7.addthis.com | tcp |
| NL | 139.45.197.251:443 | defpush.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| NL | 139.45.197.251:443 | defpush.com | tcp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | tcp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | tcp |
| DE | 185.53.178.52:443 | www8.9anime.ru | tcp |
| DE | 185.53.178.52:443 | www8.9anime.ru | tcp |
| DE | 185.53.178.52:443 | www8.9anime.ru | tcp |
| DE | 185.53.178.52:443 | www8.9anime.ru | tcp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| BE | 23.14.90.91:80 | e5.o.lencr.org | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | zap.buzz | udp |
| GB | 199.232.56.157:443 | platform.twitter.com | tcp |
| GB | 199.232.56.157:443 | platform.twitter.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 172.67.213.33:443 | zap.buzz | tcp |
| US | 172.67.213.33:443 | zap.buzz | tcp |
| US | 172.67.213.33:443 | zap.buzz | tcp |
| US | 8.8.8.8:53 | xml.revrtb.net | udp |
| US | 174.137.133.16:443 | xml.revrtb.net | tcp |
| US | 174.137.133.16:443 | xml.revrtb.net | tcp |
| US | 8.8.8.8:53 | www.bbsaving.com | udp |
| US | 69.10.39.162:80 | www.bbsaving.com | tcp |
| US | 69.10.39.162:80 | www.bbsaving.com | tcp |
| US | 8.8.8.8:53 | bbsaving.com | udp |
| US | 69.10.39.162:80 | bbsaving.com | tcp |
| US | 69.10.39.162:80 | bbsaving.com | tcp |
| GB | 199.232.56.157:443 | platform.twitter.com | tcp |
| US | 174.137.133.16:443 | xml.revrtb.net | tcp |
| US | 174.137.133.16:443 | xml.revrtb.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | ebe537541f49202c8e4cf07ace4b24ab |
| SHA1 | cac9f0496ca48743930b00115f5bf3f57d3ca624 |
| SHA256 | eab7da3e5c54dc7d1732286bd33d63f266254097396e0cb239d70b8c530a197e |
| SHA512 | b9f7074e8269e5ddefad3747642bffe96f072970c396c5b408b14d94c49a3202d1356d3bfb329c159383a1971da0311c7da0465bdcbebe2f766b399ccf3201a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e56e8a78c63bf428e8186c359188db32 |
| SHA1 | 4b93123e24fd5fb6ae6cc24cd34f10edcad3c366 |
| SHA256 | 923d62615b366a5efb3ecb1eb53d50aa7639815b1d6418fd44f619d810709d59 |
| SHA512 | d4d2d26ba9ce9fa36de6f0c34ee296a557fe8ca8258a003fd8df3555f3448cb26e64ab01ed89fb7888e9cc0608d6502192052a1d52d6030f192f6096353c274e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\Local\Temp\Cab1538.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd520d6865a3ef73434453db4342496e |
| SHA1 | bc1b0abd9df8860e9f70563b93211a5257efa4b3 |
| SHA256 | 16874ed0fbe2455eeaee30e5efd6d207390de97e893bc71b15fab3b2d90f3425 |
| SHA512 | d1310653dd59da183470e57ff4a71f1ce097702496db8551f53c38462dafa1d0b7552a1617093935d1e0d51c2fc8ce6db1369589c6f3d677394d47a39a267697 |
C:\Users\Admin\AppData\Local\Temp\Tar154A.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar164E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8668d69886313ca7ae2c69dbc01e4fe3 |
| SHA1 | 6e70145e6edcf22f921dd0b5a38433bc294a4ec3 |
| SHA256 | 18a38f3d728217f89de0d8203b621324c9d14605bcba02d2e693a27262e99fdf |
| SHA512 | 39093bea4cd8dcb85745a5e4a8facbf4ceb380039519e2db863809b8f7fbc1d0b0313d307569c5a9090b73f2a159b4c04e46f230f9dcafcf70866f1e61735ee2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3cd6bb2e3bdb89da4f65eb31fa90a875 |
| SHA1 | 6c7ada3d81bd6615adaba40a33d9d319eec2b245 |
| SHA256 | bcea05c4efbbf1584d9ed6a7925812adb84b8c998bc131ca904b9003ba39781f |
| SHA512 | 93fb2c9167abd679de055652ac89f741c82108c03250166271ecf5872326e889b4b74acb4a9069915d2b449152f4b981c414e0453d2a880d3f9c7c422829ee75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 411a3a4343bfb28fcde2abc6ac6422d2 |
| SHA1 | 87bd6cbc844c690d74fa7d8eb06141622c8ff5b4 |
| SHA256 | 4645522f6940bd9c9e288f1113396c39271521f20ac2d2707ce2b02ef21f0a37 |
| SHA512 | f0f4991e74a2bbcfbff9ac9541e7f38d7d8916bbf09549f37250a4ec722481c0cd7530f67c2fc0dfe5bcbc479f4ce0be1c8b9dacb843ef4fa0d098a9b9541b4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0dd31064364f22ca1ea72509ce4d26ee |
| SHA1 | e6fb4307620b876dd51343ee5c24fd645bbd3db4 |
| SHA256 | 0a98b35a0e77f149e91a46383d1afa423ef295fe1b52615439d4db495058e173 |
| SHA512 | 47c1ad03269f675443359b5c05a98b2b63cfb7303ab29f07e0031c942f6b9db644fc3a650ddeb86f250d96e16b3a4a3d2e9befa00d33b3572eeb7d6253ec06f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0983581f4ce1ea2325394c59a57739d |
| SHA1 | f13fb0a88438e8f3f99a588da15a706ee76f6a12 |
| SHA256 | ccf5db8c81f5b7d7d1babe8db2ba78ee7952e8fbe3f2292fbc87154a14bae5e5 |
| SHA512 | 77d4bf9bfb60f2f2a81e6dfbeaef4d13a3c966a83c650095d1ac328c9ab9e22a666a30eadbe44b580b29e4c6744f6191c1cd351639cb4baaf42a0b6bf082419e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ce99e86f554f01a48f822175a973c90 |
| SHA1 | 8b25e329839d880f0a1c30e13a579d4d2b9e9b09 |
| SHA256 | e78f526fb73921e0995ded99114faead74c0cc3ac40d0f2e1c5f25d965cb9f01 |
| SHA512 | d71742bc92c3bab0e9a50eb4b7d12f024a38373407e4d60553532e25e7343871dd17b8f87de5f27a5feb337af9cafc9fb797d2fd9112f9c58d830be094ee1296 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40d645c17f1f30a030f84c1db3730f36 |
| SHA1 | 32be5e5f18b6b1a421ae5fbddbdb5fad4dd26411 |
| SHA256 | f98548f8b18edf9f8c47b1bd04d2b4c5beb937ed68c7d8790fb78063f7a3dafb |
| SHA512 | e68adbed4fa5cf11d4f1da2b7af81bc38f3992d8de1a3f28f9bc1b580ebdd2974bbdb1613f479d9b65cf1b0a30a5c55cf8c516cd3240205501de8be99c7d71ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d72cc3999b8abb2f9a51c49e6a8b8002 |
| SHA1 | 5b6606e0836f127e667a1cea6b289ff578db3ab6 |
| SHA256 | a096e0b3da373015c6ce31bfd7f649136fcd45074bd13a2c0c91cffcb1c07fc3 |
| SHA512 | 58e58b2cddbbb52f03d902bb3bd14f1c2bbba3b553ba064360b1ab50f385fc514964ae037baac7e2c57e8c8556ed5fa83bd3ae217f0b551988f2ebe923bdb0e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89d18defcfc73763b881db13b6263c93 |
| SHA1 | 5aa8cdf6ac26ba9f371643fffd15677b1dc568a4 |
| SHA256 | f67e482e95e6fed77632e6442dc96be3f108972698a36c28eac1a66a4d25112e |
| SHA512 | 320bd579b37f37f03388a02bfdb79a48fedf18a830bd9a2965836a8dd1f71c47dee85f41306b8f5c92b78de7636e459c2ccbf3168ed9e593dec80a06e5036fbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea502ee41bc816c2fcebad036d18b9b1 |
| SHA1 | 90078f1515ad299f792470915d3eb16855ecd5ff |
| SHA256 | 7b74b7262bffad25cb9c048bd2d305ac678f43bf0caa4e23f81f1c455f9591e2 |
| SHA512 | 326014d71622db98a91cc06ef1260619ac90ec573494a26e4d0f618e0dade45f1405945f5d639729637ca8f1e498349a7447b354736d0e879792bb535479ffee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85f43f0aecb76bc676033063e6ff8e31 |
| SHA1 | b967042f5f23fc4f6451322715c6851f88b781c5 |
| SHA256 | eb2980e471895efdc1c6326bf83a613b8d19ae3d1433fee2aed66ad8e73eb973 |
| SHA512 | 430dda962b8e585c27153d6b767080073759406cc8ac5605a1d8cae2fa8f20df380701de9c45746d522cde42089641a05252c1361acbaa50ce584863d1e1c58a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a6c211ccb1d30b069d04b5f6cec4528 |
| SHA1 | 421a32338252fe1f8ff0c16d8e71321fc2f03979 |
| SHA256 | dd4e6dd3078ac283d2420f4c0a512bc1b971ee69c5e9d64befaa2e44e80c80b0 |
| SHA512 | d41bac5373b0091f6f3b1745ea99c0afbe89a42ee27729614668bc1c5593b9022d27c664274eb33e01967b1cb6c9ce3f388e65be6f9fb69499c68c31542cfb97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3eb33e3d3a1127a4eaae12b8244eebf |
| SHA1 | c5fe62bf2faa1ff84ccd2224eef2f161b04b9a01 |
| SHA256 | 438a353776cfa3d0771b8f48de5dbee43a28a1961cfac6bc83a72655808ee161 |
| SHA512 | fa8bba40e30b1c7e04cfed8865a043e739069fa154ed4dfb5a1b470ab04cbeef7c6e964cce16049daece7dbf88a9fb4a7f283ad189da8cc09b6b5d81f241a893 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c2dc50f1a306696869c4a412873990d |
| SHA1 | 0c6e3103abae2ec6c8bc9d3f4642100dc987a510 |
| SHA256 | c756a0e5b3a2cc91b8a0920117a1221c8f5ae0279e846718c757cae4a79be755 |
| SHA512 | f2a66b05c0510cbdcaeb79758b7d3e3a9d0c127b0e585e7ef8753bd27b9f2fa3f160cc1fcfa0378d1747b970aabaa992d919303411d82a1a6c01de28f68960fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 561d75559631900527f5d83b76b93971 |
| SHA1 | dbf5a42df601975ec4e8f46bafa68b0330d08c1d |
| SHA256 | e870c66cbd8722cc5a90c46c508998a3f8cf95c69df2542689cbfb56c183e9db |
| SHA512 | fa26dd8d894370ed24a1e89eea85649c943c6dc7dcb605f371a9d66bb990253b643c3fb3f9ee6a9c02c3ff0c2e1f47b30237736afc2bbaf8e0ae77a77dfa2ea8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f8689d08376819b8fc61ff39f92d7cf |
| SHA1 | 8d7473f2b1b52f5230671d830f734e3567c096e7 |
| SHA256 | 1c9f3d9b886ff97f1c1a49118b6598fd720c8860942cd40760fec93882d74604 |
| SHA512 | da928f4a7e3255ed67697b4b14452359a382e93ed5df49c1c3968cba2f55c41dccca2bb1e914ee86b5d4534cb9badb0e1c1c52aea941d917234c8847774dd0b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 159cf30aa0ed9f9a3583a51ec19101a3 |
| SHA1 | bab9bab5224058da7326b0e717594c1a83fa79ff |
| SHA256 | f9510e2751e91a3aac9e2f98a4ed24d61c20ef3757e184738d07955cf48d5ed6 |
| SHA512 | 3a0985bf8888604814a4a3f59680c83f0c47fd7d312c10df1e2f4e2856107b4b8298b07433b6ea7fa154f62ab1337ed2990bbc723cc69267c2f4172bc69ba6e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 772c29bb9ec0ba71b5a68c0a2ebe4dfc |
| SHA1 | 5e99202ebd6fc2d2ade05deadda3ba4b3f7c347d |
| SHA256 | 79d2f1c07fd6d37bc36d44546a29fa0c226af2e83f9069555cd4c7d615c9bf6d |
| SHA512 | cda0ac4059002cbc97efee9ed599b64ca889436e9b6971cbd1aec08b5acb2efd44dee6212e68cc7c4abdd7a7493e0c0c67181f0af1707fe01350f330dbd24ac3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe7a08dec27dd889edb49a430b477e7f |
| SHA1 | 91a6ebef2cb4eb392588fef23bd9fe5c44797592 |
| SHA256 | e705d3474ab88023afa2ff35295dae2922101e9a652292b8cd6295e05db752ce |
| SHA512 | 1c48d5230ad7a86fcda23939b555e2079924ac811ce9f3a9713edfb16f0e06f4d3fc437f89c857ea10b5969af34b8439a281ecc77d685d73151f3c58ae571bbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66311ba86176ecc0490cd9065bf9ef8d |
| SHA1 | d54bcaa62839cf02468d731457b059b6450d94fd |
| SHA256 | d70b9f82b44f0d45ce34fbea2dacf421713ab0df0185fb53fab80f1c7ebabbf2 |
| SHA512 | 75fe53d84bdd1c2c04c04d914de5fed49dc2e7096901a933c4b1102e0ecc2da932453a15ca6ed7e65f12def13220fc78d25f0d1ce817d57d21db85f2cb5de317 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3388c160cf0a264fca86a84202d33db8 |
| SHA1 | 43595b7e4d45a330f03a1344c85805c0323f25ed |
| SHA256 | 3969ef3b4b0d1bfa96ab03e75a4b4352b128d3b947fc40c9d695e0eca29badb4 |
| SHA512 | bf6f6c336932aaa08663819976fe67b91ada139f6ba9c7f4e08fb23f02adc0608652c432d8c233f6f6cbccbbf50d6de8c863ba5bcc47d2ca88e2df658dc03fe2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5a0cf1824940af55922791f7cbaeeec |
| SHA1 | 77050aad0aa036ade158bd4204c8e85da56af6c6 |
| SHA256 | 7d179f364ed7ea29388d2d00238c630c3a50909a9053976bd645b569dd4aa2a3 |
| SHA512 | 05d11a190a8e236c53ac773756a032bb41cd77f19cbcad0debea606d77a5e59139972ae1b311cceb7dc87024904f35db728abd8d1535b2d877c576089a310da2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1b556bf386fcb5a31c06fd594e7ea14 |
| SHA1 | baf452a58198783f0ea8a399b74345765f0ee3e1 |
| SHA256 | 9216ea94e4b9c7e5c9c5d9a40becb755006d2aa58c7f31f06a0089a2031df5a3 |
| SHA512 | aead8c18e067d01b098ec6fb31cc761f1af10609ff13e2114935ae4acad449e925f4f37656cce759cb726600cef83cccdf6ef796c460e52d1d71c2415185bb64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35e6d59a4e79c40405a70f0597971858 |
| SHA1 | 2c3a058d79f26a1a5c8f2085d5d77a3980f32891 |
| SHA256 | 0ce80c2b8fcf0906c7c5ddb4ed9be83c3a54f570bcead06836b9863640fd670d |
| SHA512 | 813a96879d003d7641d87731210ea3f2f8ad907fc7384b56ad2e3c0320921883412324822df7f037a3378d5e0da1a3f010c6faed2ef35bb57b5b84113755790c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46c8b82c187ab5f67531618cdd6b7a7f |
| SHA1 | a2ccf0abc8c830b683f2919da0f7e0613d4825b5 |
| SHA256 | 9c4ff56cb43e8f9bd6efe5c08067746b992992014a7b0fd6212b9ac55a73028f |
| SHA512 | 679e828ecf0883f6ab0ce7eff7d94812052cc69122f9beb94abbd0baa5909f8533bf9b6b2d291808710729cd19bc9da9dc27b4c2e06f5b8aa5c2b573cac08b11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b006f7bfd05c1e2cdaa688170955800 |
| SHA1 | 2c7356dd4a359d24af9a6891c24b31517cc52a1d |
| SHA256 | dbb15992a116a857d564d1b2dff28f16befaaeb87520148f6670788aefa378cd |
| SHA512 | 59556e0e3ba077f776a21eb216731e8c8ea64a750ab69a8dd344b1d58915b16800027276cf605675ccebe965795f21218698f2dbe4dd49b233343c5cfd0fd5eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73655279b9ac95efabbb96272bf511f8 |
| SHA1 | ac9016b842538575096d70fc615064e864071737 |
| SHA256 | ef5e74abbd47b11d127252796b3512d715caaf6dc82f9e39a856c1736e736e12 |
| SHA512 | aafe2be42669a413fc0e42e5ae9f65e6b99b4938f12bbfe83b0916a5d9e4906ca6f7fe68e855c5b9c3365a38a7c0b93dabbca5be2559c882f71aa1f187518ef0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a7be4af13ce72e8105aa8ea3a4f8f26 |
| SHA1 | e1aa9b478c263403eb9d43568400e5bc46485c1f |
| SHA256 | 6aaf4215733a0601498d5977c58170ba9cc1fe891e050fbd6ef0e09814f2a8c6 |
| SHA512 | 6e4e667b80526badc3ecf3afbae57244e92a1104a937b6db5362f9cdf2f945d5c77bffd18eb37f7cd907e12ff342a40fa3f3fd4d3c3e89d8276e4cd2e427274b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a69c6516ca3db59a1eaa8f7ab3f72645 |
| SHA1 | 264a2f718fbf81bf62b91802478c13b09cc5cf70 |
| SHA256 | 675c10dc4405937bf0abb2301b13d62f66b24a0aaad282907bd29445e28319f6 |
| SHA512 | de3ca1dcd36166624ff1a6312d73fd33c57cbf05977b87c8a38f811e53ec5245d4f11b3000b08c545cba5571622a55e695db062817eae94371dfa5d4309ec5a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d780c98a373bf13697e2801fe5dd0cc |
| SHA1 | 1dc1bab3ff446c7b825e33e874101f341e7e3e9b |
| SHA256 | 63eeda08ff802a0468e06092e690b545c03e52bd7ea3dcbaf2f300f30545769e |
| SHA512 | f79436c03a8b25cbf13aeebeae187a4e0fd179f5d8bd34c208d05083a06a0757d86fffbe7c012102d4019d62e8bba3e4dbec45dfe8185de80b6207ef8e06601b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7983ae7be97b5ffaec1dd4c2c95c324 |
| SHA1 | c769695e6961104172ba346a78a4925d9fa25a74 |
| SHA256 | 38812acf3a5f5353187895cf52f530c1721c418ee213857b960bd8e76a225728 |
| SHA512 | 96da1435acdce5a9d857aabda85fe8212e5be3ce93ecf34d96aac0b4df8abe659df520e0336c51604fa979cae7cc79d00d176bbb10a680bb349104d0c5ef767c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2c9677e187ca4108c35bf92b44853aa |
| SHA1 | e60c9d6f984204b3f4d24a955a36297c00ccf28d |
| SHA256 | a6a47fe0505698e82dc196f380077b455aa7149f703447663f2aafb0cf468c40 |
| SHA512 | 305137e78cdcbb291361bf59a745da9e9600b8862d38bb3e0f3322f5e2e89e411d894621929c7ae4eeabd97ad1c285c0606f12d9667fc05d7cf4373651252c8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4bcb3f5fa0f1b2a71cb62f3afa90672 |
| SHA1 | 59e40833a6b8624d558e4a4cfad434a1a4119106 |
| SHA256 | 13ac6afff98e55b9c014d31bb02e5b01737ba91714376ce8a271e55947900cd7 |
| SHA512 | d59decb29fb503d4a4279d0461a1267c32ee243d2f39b85f56221654af60a4d081bf6b6c75c8885372b509c2ce5cf19d3f2bbab62a9e284a29d5e00b8b445432 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 534a13e413b46b1517440c54be6fcac7 |
| SHA1 | 17d8e892d211dd5137f67115c0f411f2ec201a7d |
| SHA256 | 8d908f6559470570d0ed8c5b30df084cb4a8332895d6e8be9a43882cf18d073a |
| SHA512 | 79da2716933485011d4c61e0002e7f5491df55f53362893bdc42956e3bf87d90af498a8babbc30d2df30910f2d76c9a8db19828b1e7d64bee76e30a6cba48227 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3231d2d00c859fb32ce9c0e4c098d22 |
| SHA1 | 35f7125c8f799725f4df3bb16261540cd7187c1c |
| SHA256 | 589abdbef0f69284cbccff17d8995373879a52e437f10c7e3acbf1fc385f234c |
| SHA512 | 8e7f57b222a051f3e77ac76ee2cd85507b6743600ff8d2cabf4940f7078a30db9a33fa6694c1fbb45da21b7b9402b9958624cd05e11c08281b3b2918d510a242 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e78533d0632366848c6db545d9d8b46b |
| SHA1 | 0deca12c0a9c5018750e52e513485e8ce20b1dcd |
| SHA256 | 143672703cd5eca562396ea31ff5ad3da925c869be993a4325f9850462e93eda |
| SHA512 | 7a3433d54f031da6189ca0fc4bc4e52c7821b3a63ccf9a4c12c3c8b552091afd956a179e74ca0190dc7c71008dc084a5a6eb9a847a5f5af0e366e195ab9c73c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 2c37fefaa8c6bfcc6a836385c4b46ae9 |
| SHA1 | 2cec620415d0b6369032b7dcd6975be4ce591720 |
| SHA256 | 47adf46d96e402b60eb936880da3ab819665322a0267f6f924d6fd7f42ff0911 |
| SHA512 | 735087e511e49210c9f09dcb3218cd474cde8427c9ad6e3cf0adba3ebf1a725021ad5093b683734c619948883e41e517d1626f2583ddb66ffcc0224685bb28ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a09d8a728e0c6a1b5f773e48b771ce9 |
| SHA1 | 73898e1347eb40e18ef24c636eb424f82aeaace5 |
| SHA256 | f6574c6e88987f66039a5712c23f1f61e7b4b0277d7377d574b72818aae6c7f8 |
| SHA512 | f28c16e62b56697fa3c6b5537f882ee8c756eb8a72237b45d356f6ebf6122f9bbb5eba65943985364047225ef4bcc0658f4cef5e42de1b6f2eb1306724b0c855 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55fac2dd0459a51296b6b2141225ddea |
| SHA1 | 5656c749941d8dc52ba471406aea0ba4c0d39081 |
| SHA256 | 6102ce3e985023469de131ae39d713f3f215f07f0631c74502eefecd30f37377 |
| SHA512 | 391ea522e29c4eef90a6b0a61179394c9a5df1382f122d56eece6f884cf2834238f7a42f68ba3dd7dfd84029f17acc6dd417e5680ae010e540c7e1cfe6bccc47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be852c1d6e229497edda825633f3aece |
| SHA1 | d4731536e59a67e0cb971ed66063192969a64c30 |
| SHA256 | 38cd2ff6de72e731835300cf721c2b631151a08b074c0e4e344228fe485c721a |
| SHA512 | fba64c01a2eb53c3b4de6e7be65468c4779ead4bf3bb4d87782d873d688056def05323ae66d4f9126b159f5da24a3b59b2197bad21323b2a0059e55b53e1d382 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1285a30c3b55ee4580b11bcfcc23968 |
| SHA1 | 6e3f05359b176021d706496a613f15afc24ddd66 |
| SHA256 | 0aa8123f6ae1d2ae18b74965426a26ebf4706662c70844097b0fcc42908f0ca9 |
| SHA512 | cdf9eed2cebf27d5d85ea87d1cc7bd2294956094a776c3da723a7e2a553392ae8c402da3e68137203cbcf3df53754b9cf6c16a5d576fbcc32f03bc8f82e4234b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9357d584a611977ffd0ad6783ab776e |
| SHA1 | 550d9d1027cada668a5a9caacb6c56dc5d5463a6 |
| SHA256 | b6e56312686227710789595bcc04ebbb5f17636d558079e2136105f73448db08 |
| SHA512 | 378086e76256bff6bc7bd394732328b771172bab2245d2db9845073c702c3877a08fbe1ee9578cda2d1d672e0d2836ba96230bac92f19372930aa4466459a76b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 9bd9581d61905e0445855216785134c7 |
| SHA1 | 4f4c9982737026392c740fd44e3f2bdce01e14db |
| SHA256 | f3e5a41f1a1f0f8826cc5a71dcf8b555899c22a72f86bdfc3de0b0dfc8ef595e |
| SHA512 | 8ee7c7606c223122bdc59d295a36c7122576454e25065e5a8148a8995a8c7d2c6b56c562a4c4708be431db4f43d7f94de95ab532c84fa4e53f92fa7cdff80587 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5525e9a0da11e439dea15452b7cbfc45 |
| SHA1 | 769fda02c88bc2f50051cbe0235b0c065c82c59f |
| SHA256 | efcbd194e89364199ea2ac476fc058c1f119310e76513e7a7028fb168f0d7186 |
| SHA512 | 0aaa2463b01194de8f7065bd3357c8a5c61452476ea75590096d36fcc357ce25033b8176f49d0ff0ba1233c473449eec51d8f48d97265c291514cdcbe6ed2025 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af70392921530be98d69436db28eb506 |
| SHA1 | d9804ab041de58cdb2f1ddfd421b707a5827cce7 |
| SHA256 | 8102fbc0dc714bc4440fc6911746a3b8be8e00633402aac8481d652dec43ffb3 |
| SHA512 | f6192be76cf68e0067f2efbc7127f8b69ba44c8b1b76c1d68f3bd597516da2bb8a3a11ccbce9feb8d6dccc46ddc177b7a29e1c3e04bf610b52c529929cc8bcfc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8339e17457bddf503c8fda84de16807 |
| SHA1 | 1fdfd01b41361098e32a77ad98d0edcb576a1c91 |
| SHA256 | ee27946ca3533cd806c5a8f399df72b0b4b7030dd3bd7549b32ab300bb2c7a78 |
| SHA512 | 15c81dfa61d0cfbbf2287854138451134b44c6d66c350781a3f4f1b64d5f491cb97b97dd8d159588a3be2ec3eca1ccad9f0d3f457d7a9e9d1ea2d004596beff0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 23:42
Reported
2024-06-12 23:45
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
131s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2fb1ce96fd246122ff1ac5eccb6b173_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc9c46f8,0x7ff9cc9c4708,0x7ff9cc9c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,7834810517584140170,8756046961070063351,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www8.9anime.ru | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www8.9anime.ru | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | defpush.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_4088_KZVVYJXUAMWGCDPQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b922fddc8d6feeed478e8665f8d59266 |
| SHA1 | 87a05785467590baf05f3dc93c55957397ef0a55 |
| SHA256 | caaf20b57294911d32806cdda5acb407856cd75cf77048ce6ecb6b2cc21d935a |
| SHA512 | 686c30bbcb05b76d2fe20219e5db9bea4aebd89c0c5335cc01d34dcb8891a535b30595b5fe844beae9b634e2c37c18e1e6efb0e088cb4d4c3f3463332f0616a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3889e66d5259c96907e6cbb34fd0d61a |
| SHA1 | db5aaa4e02432336436b08cf2c0b20bae7a7a17c |
| SHA256 | 8df6a12b4a0ed152156a86250126ff6a385b46e213b69eda5e3b405d6e2c810d |
| SHA512 | 3113e0af00114e4fb934cf262e0c4e0f2c44d3bc8d1b5a1811e359253e294c884efd97140f1a9de17f6afc5cec2f7070759847743d2ed0b86a386cc67fd6e0af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7a6661751f5de8bb4d8875179611c734 |
| SHA1 | 842ae727f4feee7cd8dfdc80cddc82b3876a1085 |
| SHA256 | 09e56e9873aebb4055af80d1b37c26ad33521b3c12043361409112b087f7d354 |
| SHA512 | 49d44a333b19b5f4bfe136e49c0820926660532bb585bd1c405e19457e84f2797a698c95511d01b8e23f1be557a5853a556102de26720138d7dfceaa5815dccd |