Analysis Overview
SHA256
8b7af7ec27482f1d0053514dfc5243bcd43862bbcae65d43d8f2e5e1c9791a62
Threat Level: No (potentially) malicious behavior was detected
The file a2fd5315d6763a8ffe1445a823f42ffe_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer Phishing Filter
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 23:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 23:45
Reported
2024-06-12 23:48
Platform
win7-20240221-en
Max time kernel
134s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer Phishing Filter
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 804679a422bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PhishingFilter | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DF88FEA1-2915-11EF-9CEF-E299A69EE862} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424397807" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000517fbf4a0ecab4ab4a8f97ab894332e000000000200000000001066000000010000200000006de2c2c7a3398775053847b4e52c00247e79a0b65c8c3667ae6f11a3ee1145a9000000000e8000000002000020000000b5c3d72e78b4b2d43f22584e6e38e5fbf64a9503097aef71935c764f0d512eca9000000004dda677becae6243f4a16763b2a386b78aae4f395563cfe67daaff2dc0a611e41d4b234c6f4f41f9ea9f60950f9968d0c1d123234f304df0bb8baf0a59b71deb4d57857984dd66447c5feb4d8c5cc7efe3f5098d08a61cfbb5f8d43d37ac5c14aa6676f0c14d55e549744c7a40da79409a21eaa2ee9112f7ac02540252c7a16b95d72afa2211d805dd4b514dfe742184000000043b48bab639ae99efdadbd8f4077cfdaefa00fa1a37c2188894ddabe66fb4da3695ea6b7042ed10ae38df160ab732a8754f20dc91065a3c634de61d133d6d43d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000517fbf4a0ecab4ab4a8f97ab894332e0000000002000000000010660000000100002000000008aba5828a8b2b7b9cf3792e27792af5d37337d9d846f47e7585cac543170c9e000000000e800000000200002000000049629fc35b8d1d6590646e4ae5a6faf1cebf3f715b92552d0288a94f5714b1f120000000a2efbad63e8516942658e6faa51be5a22c4273f4ba3cb33b128ffbdf31525b3a4000000018198f93b07be5f0ec3a893473f9b5ea17e76e4d5701ed61811014002d737165ff203e481918bc8000c6162827313eaaa3fc07174e7e38129459975599cad35d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 705158b622bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1096 wrote to memory of 1760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1096 wrote to memory of 1760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1096 wrote to memory of 1760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1096 wrote to memory of 1760 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2fd5315d6763a8ffe1445a823f42ffe_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1096 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| US | 18.172.112.104:80 | static.mackeeper.com | tcp |
| US | 18.172.112.104:80 | static.mackeeper.com | tcp |
| US | 18.172.112.104:80 | static.mackeeper.com | tcp |
| US | 18.172.112.104:80 | static.mackeeper.com | tcp |
| US | 18.172.112.104:80 | static.mackeeper.com | tcp |
| US | 18.172.112.104:80 | static.mackeeper.com | tcp |
| US | 8.8.8.8:53 | mackeeperapp.mackeeper.com | udp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.225.68.202:443 | mackeeperapp.mackeeper.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| DE | 18.245.65.219:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | event.mackeeper.com | udp |
| US | 18.244.18.38:443 | event.mackeeper.com | tcp |
| US | 18.244.18.38:443 | event.mackeeper.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\cookie[1].htm
| MD5 | 4aa7a432bb447f094408f1bd6229c605 |
| SHA1 | 1965c4952cc8c082a6307ed67061a57aab6632fa |
| SHA256 | 34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a |
| SHA512 | 497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\Local\Temp\Cab2757.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar2756.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2859.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9861a331832d3c85658af5e1e2328a94 |
| SHA1 | a5ccf358dc25fa5e4096e4b0934149adbb25ce92 |
| SHA256 | 64477c137f017a6c56e9dec3c60c7019a8c1ae60e9cfb2e1c9569ee75a87b515 |
| SHA512 | a7f4705996ca90cc18fa64afe2650bc5d039c72660018bf4ac8b063aef23b991f0d8943dbac9dd698caa109bf7f2289a03e75715479230f429159f0c0f9eac86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b2ffc2a4cc1a6044d24359f694226c0 |
| SHA1 | cd1268c7d50a07fd80499cd2a34aa5aa8fa2f3b6 |
| SHA256 | 3de5bd714ba09d64c183305626cfc3524ede7d39a3c8b8b0adfc1c87194e469c |
| SHA512 | 497a75332ab57c17d29267adbf2dc5515a2a3c918ce404e196955fc2324be62877d7efef5cc20e800c85e42e525c5116dfb5c343a4990802b069c4faf5d30b1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 7c694a01c398d3986bf60e8be64e77af |
| SHA1 | 5f2f6c16061ccfba73169d57d7559d3463709845 |
| SHA256 | c699188e60729dd64c9040e552b386271854094698be1d9132a458c57e143b1b |
| SHA512 | 026b8a5ac823ead69b5b18559e393494b05cec3cabe1873052b9b8c2115c053ef42ce2ab1bb10cc3677ca80f90e1f5684fa56856408244cf4e755dcf93ebdf20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 957307a403f4eeb5e44c8f153d2fab7b |
| SHA1 | bb44e9a98adeea4c3f6b3c3de56b88848cba34f3 |
| SHA256 | c822e736ff13fbdf48e7097643611022218957efeee8a951257bcc099afe1735 |
| SHA512 | eb107ba1c63d6ee1d135360047d5a9e1ce23ffd418f068740b9be66e7ee8e90b56ad921a50f840f221a42a0bdd88a8379b258ad0f39a2c91efb9e757702f030a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2982a3e09d0c2a62ff45d5056edb0fcf |
| SHA1 | f70151f4b7d061f3cda1f470a208ffdda9674977 |
| SHA256 | 1d30eabc7482a323840b7f2db819f45e9e6a554c070b0b5ac2a92899d1995d57 |
| SHA512 | d48b59f7f719ac4de0766a93ece5d3cbab9d6503412192d8985c9d97ad664194007b3ee1b22590904004371a303c41121a3bac93914222929619416556d36295 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39ef3b24358bed7ba67724d80f65911b |
| SHA1 | df3ce2131d6db1e55d22d7e0de873bbd2233390b |
| SHA256 | 1fc281b9d1317c0e5ea7f39dbecf95da0e4595a0025fd8b04f05ed36c2b6bc01 |
| SHA512 | 569286e61069b173d50841230a859bd920afefa510c17124c7ce232a17712b97d428b57e152df51bcb819b725de748acdfad71f1bd00331385476501e51520bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a40fba7162129282b8d252de7b1a548e |
| SHA1 | 2d145e4d3f5bb81bbc8faad07d0c4ba405a33c22 |
| SHA256 | 86db7f10f51c40fa184d6bf089715bdc0f48e9ff7a9a0526f06bc9ee5dc1988e |
| SHA512 | 396fe54272262bfa1170c1646cfbeca533758dcf84f07663e349a02857ed5bfe2c1720952ec7192cef3bd6a7cee0fcef061eaf9909aae1775f1c4f5552415078 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | d83d6487dcad0b0879703505cc5b57f1 |
| SHA1 | 6fb675be1ea7a9300d6c5f02b0153aa50448c310 |
| SHA256 | ab88dbd445477b770e6f12485bdfd1afea682157a83ae7b8204d9dbb6f571dfd |
| SHA512 | f61e57927f5024efb5d529f8fe8897596f408e3bb65e70222acee717b7bbaca7e8367e5842407f8b158bd7dff8483e66da5b76b5a47690307edc6bb91abaf52b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | b371c9c587f11076c075b18b9506767e |
| SHA1 | f997523051005c86a2d77ab78f304e809ae1f639 |
| SHA256 | c2ffd05d58da83b73ec3f33f11653a35cc3f48a2f58f5d7cf1a82dcd9c89d53f |
| SHA512 | 955e31b80d84a73c51091a59630facc6f0a461f49d024a4785f8288d7d720863d8f1569285697abb038486fafb6ddecd3b7fc7ee326ba627142db0c5a412669a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | e412421ca38d144f9890fdacfe815f3b |
| SHA1 | 3ca07f26ffb1d2510af3eeebade69f980aa84205 |
| SHA256 | 9d0d6bcb118aa4d329dfd1da10af7635340d310d8af037c3415a5bc9df4314df |
| SHA512 | 2ae27c989005d469826771f6f1927168b1009410d731864a61ffc9162e11a8a10c41c3a25cbd8199d097a964809b86f254e7250d80a978bff8263e53944a6b2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 8afe37836b71477eccd3292c1b96f28d |
| SHA1 | 7a740e0db91f2f734879f78180e3b61343344c0b |
| SHA256 | 42f4e5ecbbe5a4e83c1e4cf3de80aaf1f98f66063fa0be0ce4505d1a924249d2 |
| SHA512 | 382d3619761176247c7a6e90c69c93742eadd2b18003eabaacaecbded58f465081c8004f733e50cafd8c3464257378317d12133fd6f414bc7cc67c6bb3bfe5d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | ead250826d9195db918ceac631c9c8cc |
| SHA1 | a7b2860dce42d56b0b0caef10d38cd3fe8834aa0 |
| SHA256 | e7ec7f704869377f90bba4e4669be24ebdb7671038e5e4fdeb42d7472bf8bf78 |
| SHA512 | 4d251a7a905f542417e1e4328cd467c4d0af86ed73a81381f1403592b253969c7e8c7299a550db59879fb993f8f93e571052ebe9b229a333a68de960a9186661 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 58747b472e92dff56d4f422ce462e011 |
| SHA1 | 7287ccd77d2fac2c7e391dc5df0646a700dd611e |
| SHA256 | d8513499b3bbb132a12753fa0ea44fccfd13a9c055bcebd27643de9fee6e7620 |
| SHA512 | b3c6ed895e0c65b8a6d3046bf8b768f0f9acf732df8fc925be1a9830600fa2e694710bbc50a7659e526b115ce615e6d8f2e24cc5c04d09b15c76e99df74d15ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 1271eb3fd975b67a284f78e71de0c1e2 |
| SHA1 | de791615cfad0094cd23489457cbf2828e2f1ec8 |
| SHA256 | e530f9fec634c89ac5e84d310e633e552a4ea3a572a10113885fc67cc6823ce1 |
| SHA512 | e249ddde692cf556b861ba60f12708468a2f588ad3c8f595ddfd5a4cd52674363ea2be1389a7a88a4fda75d836ca6b5b6989936d0b4ea4b02b5d8a23535ce3fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D
| MD5 | 760cd3d40f345d36f7facbc6511b5e86 |
| SHA1 | efaba60746570e85a5ecff762bb519311fba7150 |
| SHA256 | 339d35e67eab6e527b6865c2e7d176e766d675f5b7695f38bfd059932bcdd359 |
| SHA512 | 775b32119732090b6b3b8145f0b8ddd60631edd0ecb249b8503c71299338d8f88ec1467e939d71c3bc1eeb1567342212b0ce42f2ffe207fcce36180f999369af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D
| MD5 | 2b42f3374758b3840a2c30032f94060e |
| SHA1 | 0ae13bd29f969d41c075d25bcc3f34d4b2f1a326 |
| SHA256 | 02e23bc02d999e6948358cf698bf18388efb9febe03afcf6844e1707532c85ba |
| SHA512 | 9fabca9f8fca8b5831c34c9134580f45407c86c323b48c7f7e4c7318009f232fe4a1a874d55f5c462d2716c429529379c1266c189b5c9e62401545649680b6f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 928d23c597f91c795c3ef4d37c6d4ded |
| SHA1 | f15cb4203b06077f451b0caf50b5f64e042aa5c3 |
| SHA256 | 9dabf9d0c5d9b899b524230506c2880a58597b3bc7e9ae7d5d2abb2a6ede3b10 |
| SHA512 | 96aa0b981553410a704e707d56afe72a06cd18bb4f492a1dd24d81394ef2caced29311a726fc8dc8d87111c9738687f0afc2f0495eb4aead38141c1b1e458625 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3980d6d806ba718d35bf9bd902cd3776 |
| SHA1 | b4eabab617c4704dc178913d62d06c7115820407 |
| SHA256 | 9b668db7de71e1fc9051ddb88c18cf142ecfd57e296dfa0c3daee41086ca2fdb |
| SHA512 | 943949e8a5e804af59e2c254bf10ea69de7a3b580a75f931afcaab57fbe7e76977a21c6adac67b953ff3b7946009f4ea13569361420b75b09a1e59d934390a6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13fa5f13db5cb61d61dc904bafc6fa24 |
| SHA1 | ef7ce85c3dfa6f5bb2514db4c45d1dbf8604d7f1 |
| SHA256 | f455c930171ed6d892a773d90cc816d1863628ec510144b8488343ee53a324b4 |
| SHA512 | a2431ce2b42c4309440a492bd7ebce100b6c4e3d3b477825fc7521293f92bcbba2deaef2f94c951995ea37de87b159b82efc6cd00b700ff3762fded78e2c3dc6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8aa16276879d425834adbec0623eb843 |
| SHA1 | a3cc034b3e1ac3df7b2248c556edc38028db7cb1 |
| SHA256 | ad9c246addf664774a645354b4cba989a99f1a74ec16b654d99ccddf4d8e53de |
| SHA512 | 95f98a066c936fafb6300324505e3c589f7640d9b34841751c75ebcf1d34a6743c21200eec3ce3c377c498a20a230bc162545b51bafbdee34fd78019a27ea58b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32750fc8a8b0504c20e4907d9a0d1e63 |
| SHA1 | f98abf4f253a20efb0212f3312cdb49fc064decb |
| SHA256 | 1190fb35ecd9e908f62848d8cd2a4de059df981a6b77806edeceb21a3002dda8 |
| SHA512 | 35c22a1e555e71b7ae5de5dde846dd2285a96db882d82e276f6ec5d10acf0d21342b91df9217482f0421b8edafaa54d0439faf411740fc9253c5e8ba5acd115c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79abcc6a977ce97a1b7bce7594f211f2 |
| SHA1 | 2a15fce123b789149ee871dcdaad30ca69fbcd81 |
| SHA256 | 57570ea13bd1542a3387253f87748572fab4c78a6151b7e29d916d667697d783 |
| SHA512 | b564f8b0174d4135ae55298c2c638921b07fab2243b774626f84694d45061a8eb8dcb394905915cb7bd76312f0e16d279ceb0b911e4ebda430ffa11ba98b5132 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9699e728ad5bd8a040b875482873018 |
| SHA1 | e6cb67f09497765cc413369876f3c55afa13da32 |
| SHA256 | 62ecd094acfe422e914a5e5597c93150b02fd8da37c6cb69a6cd3cc47db42008 |
| SHA512 | e226dd0d297d9181265deef3a90530566bc87de21ca11a824b31dbabb599e9b6a77da68d3f64d987ef53d390c63411a497d86dcf25c7453d33ca17648767e74a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3c4f4b33b661961b8ce78fed92cb860 |
| SHA1 | 28dedc53cdb817e1fe48b7e9372511dfdb4e8019 |
| SHA256 | 261071c1134a4e87a254c7f627a468c1c81949642e1dadf8f2b0784e02060830 |
| SHA512 | 7c54c97f84ce20c00f7a55bfbc37910ca0dfee49abad1fce4a576583c89b03c290103d6a71d4e2101f5496eef3ff65b90d36a22a40d5ca75a0b016db9a253683 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17c07ade74d8a42131c6db278184cf4d |
| SHA1 | 37949057686338bc0b1d846d6924eb816decb345 |
| SHA256 | c41731c25b1db688c4686b84e7fc9de91ea71eb49d0900398c710fc1a3fe3c5a |
| SHA512 | 7aec1e7b5280879a21d08fe9c15a3c0be50399f5218f5874f9c585a8cf2da13e881beee15ac1f2407a17375941bfeb25297d4417e0393fc650d039e71ddd0463 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6788d8a5e5c3bf63d2f07237fb1a4ffe |
| SHA1 | 4821f5d9059dfafa822fd7f16b925b8d44d6b69b |
| SHA256 | 654d36faeb908f00f892b42d7c5db451d4f707696fff754af5f399917b53ccb9 |
| SHA512 | 191bd4c5bc2902feb22d5053863de6ac62a7893b2d0a13c5b43c7443d14822a9521a554b9a68bc06083b0901e49ee29283ce15af666e96fa78fcc1ba1ef9df7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 486b171dbd8fadccadf79bffcf3db073 |
| SHA1 | 9c3cf3bf91bd0f6eb41954cba00c60410126fb9c |
| SHA256 | 442866b8f4c47342f5678a4814172241f836b10ac0bda7485d6cd4b825c6d34d |
| SHA512 | bcc84a618da85915e92e755204815b0af6533a592b3a79d74261f07774f695635ddfe10fd2ce7a2303721a8517ddbcd16119e1b7087f4c7b5f1a9e6a8913233e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | b6fc61371bbcf9ac89d449b3079d6968 |
| SHA1 | 3c99cf4360603f299337593fda680deae165d8f5 |
| SHA256 | f6e12f04278e6a6255d5017e0da58b1ddf3d246fe78d9f7e3db3a0525e75f466 |
| SHA512 | e908d5ca24909e4b5b842c025cb9e05c6f2f65be101e1479287193faebd9310f245682ce74e4daf50cacd3ffaea04245dee2366afb6ca879743ccbc64ce0b5ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ee9e9f86a9a49272c22d27406fb357e |
| SHA1 | 7c07e2f5728dd7cbe2d8771a19e70b54d647e9fd |
| SHA256 | 8df99d0426ad67b911724c37a682bb308d32eb109116c6ea6dfd44eaf7ecf902 |
| SHA512 | 88b11419495fa44ff4893412fe7d2d5b0692c50836c7526e2be46b829af501b22d0d5355d6fe250031f62b5ff1f6f9992e8cb235fde00332e4bbfa2975acb6dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7df16ef64a10761ec2e547d9b64143e7 |
| SHA1 | 9cfb25ee9f80861345d3b76a9ac2e420c907e217 |
| SHA256 | 8b4ab8c52e8a55fc1406b630bf09b2c621de8f24e6ffdcc585b421ef4a328c10 |
| SHA512 | ae049f813fa5fbcb03ba7511ac39013f0c084c8fe50f8eca9a6d26e7e816fbcf0371ad0baa13bb63f6b2187a753b8df48c551df1ee1f9857fd5f5059fcab882c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3aa4c199d25c91c093c63d4c3f3c37c6 |
| SHA1 | c55369f912b000275cec232c6bdd3720378a1b61 |
| SHA256 | d96bc16ffcfa776febd81f6f366152a728d766a6606ce2796103ea0212d1df96 |
| SHA512 | e186fa5974ff15e3972d4b955fe68e69bc593a460ff3b9067e9a69b77debfedde380b934ddae891cb3b6edf4f9faec77a8de36213615c60d4d4012fb24053c42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e840f8193135056271d7199f24ef8fe7 |
| SHA1 | 182841f896439cdb5e9abe6f1a39e2c4ea6eb4c3 |
| SHA256 | 7dc4b29ec881916c903733e10cdcdd134d49b31767bfbbdaa869a14d5e0b4b4b |
| SHA512 | 00649dbd072916d63ad1b950477fc2b9adbaabff189dcfe80896260d6679a22cf1c59f6874edc8aec972c5ba5621ab31bea6c88ed4697bf6485e830ef4ee1ea8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 0793a1679ea72173fc981ebeaf974e88 |
| SHA1 | 4f9446a004a888f348ccf64f938d6072c7585749 |
| SHA256 | f147f35b9c959d296e3f6c97c2afa9fa1a6c091d3ce1d0e852557cb4bfb10078 |
| SHA512 | 7b886c658b60a2d2de59b70f1be526c4a96d3d50500409ad294a0e1d758586a84696e1a490eee909874b1a45eb8f9499d55879cbf6cf6a1637794d6028ea46f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33578264255862e47cf28147d503a639 |
| SHA1 | e3cba58d7ef6748e74109a5e9d3ae69b20743675 |
| SHA256 | 878f2e12ce776205fc5e94eb90dcd28999ce0924b5f833a0f1eb5632c2e1ad0a |
| SHA512 | 187e804d4b7b56dbba2c48722a61d40bdb4e848d1c2d984aa050bf988babec88ce853a1618b50b52026466ff5c3e40eac7374ae84a5ef0fdd3b934a8feb4c760 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d89e9cf9fd6b54b95c85c503a748889 |
| SHA1 | db529dd264564615bb10e204ae3a8e366aaa4447 |
| SHA256 | 3204625ac2ec4daf3cfd4a2e6ce564f30174fe63031398ef3684410a4383d3bd |
| SHA512 | b3cb8d927dc43d098a9957fda820086839c5431b53c66f976031741b20e9a122518a4ffbc3d63e550f5406ac9f0fce99fdb67af773664d2a22ba875fd7dc379f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c83cecd438b9d4b89d0acca810bf9642 |
| SHA1 | 939d59652dc4370a4c2291bae8eb69a450a0d3dc |
| SHA256 | f106095993c02365834bc6231460168a30b23f9cd3321e9d5324a22b0988d65a |
| SHA512 | 42830c6fd130e2221eb8009ce051c2b9b72b39086bf11eb750f0c593f892b4e052b59dcf30d39dc537678b183ad7601b019f5e81a1e70f282f0d7e0497d875b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 540645de36f87d4991cb85dc254bdca9 |
| SHA1 | fc9e33e78aa77dd737a048a8cd1c92f087bfd8b6 |
| SHA256 | 8a41894b787998f7bc601e9c4695ab117c3ca1cc015cc919669b866709157e69 |
| SHA512 | 62fc2640662244f8dbb4a74ff1525b61a6d0d51d4b83aacbc6d0790cf9c705c3f263a6637894893cabb89025a38e2a17f98979a37581b36fcea7637ff3eb8334 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 23:45
Reported
2024-06-12 23:48
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2fd5315d6763a8ffe1445a823f42ffe_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf08346f8,0x7ffaf0834708,0x7ffaf0834718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| US | 52.111.229.43:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_2368_FDZAPSEVNVQZKOOA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d1b387f50501e1e2ab35ffab01d8fdf7 |
| SHA1 | 1f8b9aa0944467d03aad9f5c53998d0d964de134 |
| SHA256 | c315623aa1aeba3d4308f15dbf96f839dc441bba26fb5686a015d1763443a2eb |
| SHA512 | 2910d3e1d2766d3f0387f683aba5cb87d4e56e5c551b02a91e93f31b925ea4fd121ddde06459c2d29f0c8f16b51637970ebb6005bdd51ca592d5c5f3a8628399 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1ed4ed3a58ad8906b8584ac27f097000 |
| SHA1 | 0ef78be7640a5a352b3508357a916c61900f1a24 |
| SHA256 | 11157e57b419c0ac40cd28295ff016fdabbe80b7f4b92465a004a74a0bd64318 |
| SHA512 | 06f70d1a7f204d51ed7b278dc71020cfb82767aec2f54a850f9145681e23293fbe363afb0ed92d23eb38e0c1e0b7727bd55352f54792b89014c4e353f3548fea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | affbf4030d3c5fffb2d065e51df53068 |
| SHA1 | a0ae2150bbd880b65d956ee5cdf54a46af08bacd |
| SHA256 | 31849f9a147e489eb9b886cdf115e2a7eac1b74bf9fce3564fe156b1963bd394 |
| SHA512 | ccb5f288ec2be19993bc5f53ccea0ba1c7d0f07f1da0d1823b5021313134d1cccaa08fa42b5e83b393c947e9b22731af7cb427455454db73eb4a9ec50169040a |