Analysis Overview
SHA256
37ec4c426b916e9ce0ba8642e9fdb4ea90708d48608126b9dac2de778e5472cd
Threat Level: No (potentially) malicious behavior was detected
The file a129f6d70b31830a1cc3a8e3b8ebe7b4_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 15:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 15:31
Reported
2024-06-12 15:33
Platform
win7-20240221-en
Max time kernel
137s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0dd0cc5ddbcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007e085ba224deb8458d5eed8a7b9d5ea2000000000200000000001066000000010000200000001f44bf0bc87affd418a099390a9d52a1e654a196d02261022c89ee7450848406000000000e8000000002000020000000aba52c222a393f156a41377862e33ed89fb1f3fdb8efa7645be050eedfe0117a200000005fbf56bf0b710b2b1194a4d3590d67d3ce89edff5e50990b83186d1873ce6418400000006813a567fa4420f3aa7003a88971309e4f57095eb2345b835fc0f3f8a549afda93b7ec15c0e1bab23b4df09605741a8c3a8d43d5886e70295c62f4404c2c33c5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007e085ba224deb8458d5eed8a7b9d5ea20000000002000000000010660000000100002000000019e421de0baf2b58ffc6b31a6daa6a095e4589d0dae3d5ef77cc98d12b7be297000000000e8000000002000020000000e2c3ba4f871400e95f6703ba4ef717d4fc15ee474c0d505906f7c36ed1ff0df1900000003af07bc3b1b094920fc3f406412218ec5e03e8eded5cb46aa04edff9722fc42d5ca019f90aafc15db32293c83d532ac07decfc315178d7d99f6b2bccd63c93a90da21a1b87743af87106e165cd1dc9efc187f2bfec0b9991016bbc66c54817c05953ebb5f8e5b49bae4d16c2d8852ab07d47e8a8d3a9a605264b7721a86456b62a63d922e20be0ab3a6898b5a2de053d400000004acad079f4025693ef015e7cf51f8bf5c1d39913bc35ca6eb5a08ac14baacbe7a4635abcd1560468000518002cf9bba148e8e53d57d7d4477b8103d8aace59ef | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424368149" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D20CE601-28D0-11EF-9DC0-D20227E6D795} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1888 wrote to memory of 1988 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1888 wrote to memory of 1988 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1888 wrote to memory of 1988 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1888 wrote to memory of 1988 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a129f6d70b31830a1cc3a8e3b8ebe7b4_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1888 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | s3-ap-southeast-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| SG | 52.219.124.150:443 | s3-ap-southeast-1.amazonaws.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| SG | 52.219.124.150:443 | s3-ap-southeast-1.amazonaws.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| FR | 13.249.8.192:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 13.224.191.223:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e49971bd45807ba8bfe1faff42fba8d6 |
| SHA1 | 298ac5e3471651eeef72874514f0c4b68baa48b2 |
| SHA256 | bd60be8249e2945f53a09f08739ada96225add76ff5917153515a6b5ce52b989 |
| SHA512 | 5328d7a8a9b9ca9599886268d833ebddb79c496111f1783ad05dbea5dedd84e754e8ad553a2ba5b318a08cf187a18b4338da2d06a8c909057c5fa7140c110c2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 660b6e28b38ebe7e521064e60113fffc |
| SHA1 | f2c25e9f931876bf6834191ec5b409f47f869129 |
| SHA256 | 3e203426c4aa1403e940966905320c612ce4006cc87e03eb64058eaf6d402433 |
| SHA512 | 96868e652d5e0c25b4d0f0ada20d345115f0c6fda26d3cab724c0c1867386d2dcedc408c51f776b7e019ce2e22755017d99bf663cdd9fd0d88b26182c6434bcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 2486bffcbc403e7193b1cafdaeaa7862 |
| SHA1 | f35353c3ea7e303df5d6351c3502f27b8f4e4ce3 |
| SHA256 | d7df99f225a348a3fea48af706b8509cb4d4df13d19e97b60819bee8aeeabd7e |
| SHA512 | 3ba30b608d43c93738c51f98938852c4e85720ee103b04f84e4f18e8f9a86fe87050e4a54d693e4121b6fe7aa9e965bc9f67634608b4e11570ce26dd797002aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 01dfb243f9beb730f9f82d2f081ba461 |
| SHA1 | 44c5e5d1900fa67cb7c69eb9246fbd4bcb6a48fa |
| SHA256 | ffd5de8b8839299fa91632d5a669af3d52c49c3a6c90903eb0dd9d894c7dcb14 |
| SHA512 | d59486e9a62a1c2c3c67fd76ab90128e30a93d26a83f32c770669fca9eed52e8b254b927ac1bd11fcf0935f98c52cf4243e72ac8c9d6f6d18e51db0229110b28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 663a24813e5e54721748908d626bdd3c |
| SHA1 | b174c26c3814c2ee94906899a1fabc0caba54c95 |
| SHA256 | e23775c6785591885aa65d6316036806ec22a20304ed9557ed6e83dd3e2ba93a |
| SHA512 | 84d8f791379d163e24ec020807ad80a16e42c0322a2c014a0360cb36b752a272bc88385ae85076989226e960f998823c4932e7735cc368a06654160fa76cb4f7 |
C:\Users\Admin\AppData\Local\Temp\Cab3489.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_95776108E5303B05527E9B63C6628F47
| MD5 | 77493c5ebc65fb9de1bc61c4f87b4920 |
| SHA1 | 9cefe3782a397e7ccf94148dcdb2f1ed45533cea |
| SHA256 | f02f7418072a8367a55307629c2970b882864b65d399d2e7a9101805faaed797 |
| SHA512 | 1f5902b1a743d76080f76f06e6b506d73d849d187e9c364fd1dba05b614d4c99c8219a01b4dd4310d9b596712509e834d182e5b4a9acf796479b8d3d1edd2513 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_95776108E5303B05527E9B63C6628F47
| MD5 | 442cf0fa64ccc3d233f213637a0484ae |
| SHA1 | a2bac231967026566ad8c5d5d02cd88408918ea9 |
| SHA256 | 0fb18373d4459f16f87bcf18cff0687aa691c793d04de35b158e80e444a59654 |
| SHA512 | 3b4c748b4278529635b55d1f448cf02bd9a7d2c45aad0e6f38cb87ded7fe1f975df9ab50530e8bbf86915f47c11a0704f9644cab900d6ad623ebda95d655a6d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B7BAEDF8A66155214D6AA1EDC8BB7778
| MD5 | 7f171176d84919cffd54ddb4b0c0ec68 |
| SHA1 | 95545f831fabd9ebfe10a8cdfb8cac343e6ada1b |
| SHA256 | 93c3126612de4b4002dc25bcebea1dc7236959e75f4733a41de18f611d1ccebb |
| SHA512 | 4b442056e6720202e54924cfa87fe66d73326971b518700668bb48c5e191dabcb0e5d8e45e568edcb1dac306dd844fe94b37c0c57fe6fb89833b6992de17c0af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f34c3e33bf121225f3a487686c749cc |
| SHA1 | bfe43519004b7a0d38bc97c36d6aae7861a6f8b7 |
| SHA256 | 82c92e834c0a1b9a609e7417c9c7111201a6861f7e44c358e2942bee4dbf7fa5 |
| SHA512 | 5ebf0d0eeaa3f2b8f152ed2b5e57a8861f315273a9e5392f8ce32bb797f1b8f87a2be29c62437b61cc8aa02279ba5ee400ddfd57cbcf5700210a698f42053817 |
C:\Users\Admin\AppData\Local\Temp\Tar36CE.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar37D0.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6416dab1918d67d11e7a399dcb139587 |
| SHA1 | 1e800b7a070fb3af1a992d932350ba6a512c8c15 |
| SHA256 | fcfce1be04530d9066e400b6e71dacc8f639d9ba77046e198e23f36fbbe6f5d8 |
| SHA512 | 3954da7d097acfe111423f3d3c82b4df88a196fbe71cada51458436a34991ad89952a96f183fd6cf70583fd21920f124905e7f0ec73e717b0ed6a6c957f29f62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 0d9b8afe656012039b1202f3e95e9f6c |
| SHA1 | 5f0d4731cd449fcb3785db92f502f1f4a2e832bf |
| SHA256 | 81e16ea646a1d916d2045dcae80a587dc6a033922694c797943d1711300651d7 |
| SHA512 | 4fd0c8ddf93f30eeb188b61a2b9b8e9ebde1af75f9918f97738f8304d8dea27ccf65e9f47f389f1153f1c2e71a155ca1992592655d8ccecbc2eabb4c1d8b5bc4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0d586cadc854fe1f99819a0a28a467c |
| SHA1 | 74b83ccc7ceaf2b4b2059548c4a4f916141c43e8 |
| SHA256 | 2ab77240e15a426913fdca983a5c53dc3ee490116dfe683353b0fa8ceb0c6d94 |
| SHA512 | e43f9b29b16494e3b31948c4fd9a487891a980bb04e8df4ea020e92df349891cee93561b7edaf388028a3b8bac50422e2a3979e476cb8ce01f95d41578196f7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b20c90f4f60a266a76fbfbb9d150e29d |
| SHA1 | 6c4e769f449fd9c605b2bbbd6e68efb0ca47e567 |
| SHA256 | 9b7445522cd5e41375669492c2955bcef7bd6e9435283b803891507c7b0160f5 |
| SHA512 | 0344eb34046a799421fb6543b34ee2f42799709cccd41b4c485d1ef7eb16b5ca3cfee1e9f3a08db43416520ed4d3480662d3d7c5208d60c5f5c2a363f6e29f4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ade8840fd4f910325a8f32cdf39e19a8 |
| SHA1 | 0dd0cc6ef63a48ee5f442e90ccc38ae3cb4ab39b |
| SHA256 | c427426a80ec8dfb98bab3bdddc5c8072211f07f0d21ec6f58257382a8b1b343 |
| SHA512 | 128d1a1744faa523cc86f3e64e474fd71d35dad6a45cb4d4cda9a6eafd29859257348a016a210e82840bc8d187cc8660cac0e173c663748a108f0f90186a411c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23cb58e2a9fef91471dd03438242840d |
| SHA1 | 5e4328132bf675057219004f1ca5fed74d44dea3 |
| SHA256 | 7324e7ffa4797ac1292e685ed7eb4a8368c8a2db215d40bd2e9b36460d7fa3fb |
| SHA512 | b57a4a7799f0d778a824216e5c0e9250016906df3d1bdb1ea95bf45f4489b36e8de494b3deecc02c7c60e8286cba431b0286463e364c5ea1e49da3e30bd11569 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a149a47f121aed87bc9d38b35eaa9dbe |
| SHA1 | 6c3c522aad7e2cb7974deed5bf2e3f6040f1d8a6 |
| SHA256 | f61bc06d0d380e1211b3efa0bc6452898343f8c4acaf34353d89af44910b0883 |
| SHA512 | 50d9a1c4739b6fd12572e354f3411447bf7c79f78674bf54109b9fc2ad6b475b674931ba32b47c3a25d0dce185d307b132e6fe0cafe637f4af9234b743b1b4ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60717873ef8dbcc37a3153c2374a5575 |
| SHA1 | 902bb557ef924c1539db5c97e9d32ccfff500a2f |
| SHA256 | 70beecc0863a5ba3c9189c8873b577be1341ec9f20fe199af3295eb1522a409f |
| SHA512 | 1a644f3da3dd8407349e55949e6c42a8e412bb1f4e977a124f4ee9706d67862de2865a638e534402f123891de3f628400428f2bea40a56ffd59e6d536445bf57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01ecfb7af4daf748156b61f42064d0fb |
| SHA1 | 8d7faa552b487bb2d3eaaaad7fc7d9273aacdd3a |
| SHA256 | ee2789856a48cd4acd1bc2aa60624e05ad769097f80959613b5be3cb54781c96 |
| SHA512 | d07be374eb62d964ab6bda9785767aba825b8d7b7bdfd3cc24c655e41a152d738c63a0e17ccb3f209b7805baa012d0519d8cecf02ffd4701c3aeaddb773588fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | bce5676a5d90810d6f9be565010bb48b |
| SHA1 | f81aeef2ed268befdfd1655ed41066f438f18218 |
| SHA256 | 60befcb3b3808cfb6706dfc70f821f072de2630cdb30ca3769fdd009219276dc |
| SHA512 | 721d7376480dfada6ba6b267f9f30c92f03f9609ca6e0fabd1cec2aefae14f26ad8ea5ab86ffba57008ff0b608404d4249417a8580a3aa593d6550501fc71e44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59f5b35b66fa6d89bf3631fa10cf0c83 |
| SHA1 | e7ea7fa83010f66dd6d6e004e55836a1c47c18bc |
| SHA256 | a5b1445de5a82a84a577e2c55c6db012271b8733de52a43ee89d61040b76e5c5 |
| SHA512 | 3af082f6706d9c3fbcd18dfc7161ed749c27fa48433c5190d94e1cc515c3cc63dc321e1dec03b325eb37c4edb8c950b7cbcec49b0a5164a7f33de9c15816c461 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e6101ecae42d18c254c04914e55d72b |
| SHA1 | 974f916e56f0b1709e03d0d4fa833078502a2187 |
| SHA256 | ea3d790260453ea59b22b2362b9fbea285303ac9265fb2c996c944ec18f7f19d |
| SHA512 | 10f8cc713d915398391ff211275ea8fb0900f3b747bb001bd739631917d0713f631666389d0426106648f2cbe6b3135cd3d50b796d18a7ae0c968b3958fd23cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 223ed27942ec77e8e902221d9d6703af |
| SHA1 | fca91a0861cb8333f908e7c586311e5cba03aeb9 |
| SHA256 | accb5170eadd8bc76712225ccfdc3212893d076e3e9af8f5a35db8389ec0b37a |
| SHA512 | a6b0aaa4447e633844abcaeef9b3839f6ff1235aad61b4bd56d17a7e9dfb49b8f480a2992fb332519ae9b1f96d55f3ebbea3ee7e303c31b850d4b68c99e468c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fcfe76a82a7fb5c45037f92135814ed |
| SHA1 | b5b4ee268e942f516aca6c1c446624bcc229f812 |
| SHA256 | 160e3d5a89b802fd7add4859b5688024312e4692da539c286d797681d6e94062 |
| SHA512 | ee352c09b94d6dd421d58ae91d91f9b3cb07f0adb1d8b63b2c929c5bb782128ed900b1ab2789cb38bf68d5385c64581fe047db17bd122a24ab811d15cea4df08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 6178e640c111be7c7b31390d9906d6c5 |
| SHA1 | bad9bc6f1ba0c70377db4213b794a9b4a9be1975 |
| SHA256 | 7a1504dc946946c42e7c1e5168161b66fd27adf05191903ccdf27438a9d5342f |
| SHA512 | 953e2945ae6b3704b939193fbc57225f0fc57408b50e8e78f2bde65e0848033dcdb258bcc4150f31fa98ab01d663565cb94cf073674a2fb16f87aad29c12e9ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e89270a07b94ad96147e4b9867beca47 |
| SHA1 | 5f7b409b47d38b9304964576d86f7f47680b8867 |
| SHA256 | fb761294b236336feb029109aa3d84dd2126582786ee8937616667cdc45d9c1c |
| SHA512 | 19ce3d6eaa3208b026a0a6c3d3543be4c8be733b4c35d578575b0e443fa4a32ed17c6cd1560b561fcd202b6d79e8364daffe669e94bbe6a3a52f292dcc673453 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b103d08a7477635681a0d7b18e6aaa87 |
| SHA1 | 3497aeaef4d15ba46d6b6a3cadc1ea2cb609218c |
| SHA256 | cf9ca185710583cb078eff7c06f0ac3819033b1e3e1da7e9d8b7609d27a7c827 |
| SHA512 | 0db8f0a216ad172d638cd89434635c2a2292654c16c779ba61cefcb141de9cc76d01732712bcfa2d04ad8e508dbb32d30d1e9a5b6052bdafaac0610492359d1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41de55eb145c0d61ccc1a69df8b48383 |
| SHA1 | 0f3b19702ab069bd474c81807a06f35a3a3db218 |
| SHA256 | da594f8d349dbe1041b197e81518e93246b08b07e234fa56c88b1e192cf9d115 |
| SHA512 | 753f1c66c18ff0d6e0185ff6d02af74f52b53c627ffdd6fb5bb6ff4145c6e0ac430205a2fffd37d216c4e56f5f7a854a322097b39f8463256f7d4ba5b7138b60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b27e5c065729516c7054ad46075820d |
| SHA1 | ca484d832d05cfadeac4d9448b03fe6f92b37290 |
| SHA256 | 3f2204ed075ccd8b1bd370088f1198d87ab2e74aa65b2f47047575a655412088 |
| SHA512 | 02908bf29755e724f0b022601f5b9dd8c1c90c2ba29f5a091793f685c349f794c015c662d50972143b00c7ba3ad0d89be93da9ba1c128939516b4652a1c76171 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5a52b584503ebcda77f0482494ab54f |
| SHA1 | 788d28673e94b4f7fde6be9d991795d2e1621faf |
| SHA256 | 174a3c563afbe46463980e9212c7855df09f1ddad097d38eac2c1dd0b9c365ee |
| SHA512 | f229670742f9d65cfba197f5562ec39f6b08e02dbb0228f535d456870a65e4550b9f66e3566c98d28a8bf9f8c414c9091ff2cacaa2ff91c3effcab9025b8931a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac0e64a248ab53f23d5d9bd2aa19407d |
| SHA1 | fce2b92f75b6d6e344eb4a98d1d8c5cac4e1093d |
| SHA256 | e21f1f3e38b1558a3dc08f523a1842697f73c7326b498929dcb764ea62a75b54 |
| SHA512 | 79cec2f930a2196c4e87f65ca016537c5e4347ec57dd92f7aff88264255f15acad885712abe3505474ee7a535f7669d3f33896ed0d9a2ab697b3b26f82872a0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e27c2cdd43d60411199c2e2ebc8f54d |
| SHA1 | 5e8386c3ee698de573431475e9536af54929e065 |
| SHA256 | ceaebad31c6da843825c37c5041f6ee01ed55d4e78c65af07e2029ebe5fccabb |
| SHA512 | 5f679a79ca91113e8e1f6061082070e8eea7e8dc7a642cbb311f03572bce2155e466ab4aeb324591f2f612b9b898bdc4ebe63564f50e4445b98c8043e9967ef3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dceaaa5b95a749dcbeb780f304ca59dd |
| SHA1 | a9cf236dfcd03267bcf45b2ac3e5b4b1fda29995 |
| SHA256 | 2c02447584dbcfb096b616f41c813745e18055b86f62caf5dcd8fc4f678ff75c |
| SHA512 | 649ef5542405a14d279a7af9fa763d484ce20cc7af0f3d9f4f62b87a235e78fd1153f9fa5c1d7ffc219dfca6a2f3edaeac20ce4e7b17fdfcb3be7dff29d49ead |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93fe8cd4e7881fbd4ec19e5a3d43a082 |
| SHA1 | 243a707484f9e9628dee7217b0f7c82f50573988 |
| SHA256 | 5fda77613430f905ad589702d4cbed736b81eba0d5dd8f8bf95ef6cfdac0914c |
| SHA512 | 1d637c9027f9363e849910077a4a78fcd127944b455b4ec7f63ee2bc9de712663229a09f62b2bd98d55bc3d9ad4e64537e502e6cf2e83c643d675843a59a75e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c8ea8bdf3117a7d7b71d87d22f628e9 |
| SHA1 | 98f856c6ef4459e09bc74ed1e7bae638b97c86aa |
| SHA256 | 30ce9544cdfe76de88c44282183125c1d9b240804ec5962a4fd6cfbcfe6c9d08 |
| SHA512 | 0de16dc8449d68e749bc25d0635db0f367e48cd777226f5e81ec789a3aadcf2531044dcb2cfe900911581b7eaaa3838cbc90b91ba8d5055fa939ac1c0a6e4d0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f06676c918f3452722bda6f47968f743 |
| SHA1 | 5a301d767f01383bcc47ddfaeeb448a45b87cbec |
| SHA256 | 3fc86486655eb4224242424eccbec1297bc4d65fc945ab56f3353552c82d93e3 |
| SHA512 | 795e15d588e0042b08aaec18c51d4ad485ce2f44bc9c2e4c92e0a19e298b6b48aa236e5932ae0ec70151700b20f939fdfcad60fb5eefad9082e1562bccbd291b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb5f3edc969855451c0ba38d9b45dcd0 |
| SHA1 | d524948855bc0aebb1416ee279629007746132dc |
| SHA256 | b0f6a4dd8560fba047249541efb6dc9e79a68506a1e92e4c841cc80a4f3a66bf |
| SHA512 | 4ccdeecebf40d42eaff51624224c2708d8aaaefdd702a32794b4bff39efb5a1ffb41a0d06f847813e5760a6bc1000d870f6b41c1e9c1cc3037f4eedc33146f10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00029b35a683d2d20e48b806c9f408f5 |
| SHA1 | cbac01aa684da866f3d7e900d00f77dfdc5f5d0e |
| SHA256 | c0d4b2ed188ca6b1bb157eefd35d97b7c019174973a769b31fcf1f77e92b3500 |
| SHA512 | 9a457a547908e35fa2f035dfca5441c028122a835befb7087258c00c790fc9d5e10406731e3629aefec27beebd711ae2843f709a85fb432cd7c6a4bccd324648 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04541af9facde0e598433ae38e40357d |
| SHA1 | 991f81f26d2604ab5c191b83a702e94a8177e206 |
| SHA256 | a676b013ee0c1b8632d6f1cc3e141ca27625fe575df1aee3b61518dd76b7f0aa |
| SHA512 | ba7dd8bce9cfac44ae49253d2dd756dfa1dd5916448b81e11fc27b9a3f92a41c853c51ec6c1dd9c6562d7f210febe0df6cef15e4a4b64babf1b0e5cdbd825045 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 15:31
Reported
2024-06-12 15:33
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a129f6d70b31830a1cc3a8e3b8ebe7b4_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff850fe46f8,0x7ff850fe4708,0x7ff850fe4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,13816349957877802313,16012765813459661187,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_2216_XUKMFPWPLCVTGIOG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 034a4fb84d192b8b539abef6d1ad7483 |
| SHA1 | 26f92e7801c5a9b2ebb03758ce4712b85f174c53 |
| SHA256 | ce1a3923cc35d2f7288b2b552ba33a023a4d97c1b3d7d9ac50205b61d559c140 |
| SHA512 | 72326a45c658eff02d836248b8805e28533dc624028322e9661e49202b18a2d68cac8590e23839b85cd30ecbd20a5942f641558807a3f3d03a10af2ace5cbc6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 39eaa0f81e82856822b8b8456dca11b6 |
| SHA1 | 5aac8b044de3a3bbbf7be3bdf7b6f49a2e935e8a |
| SHA256 | 2e7e6c5b8912047d3c01925053e12d8fbfb5cbb8b38c822bfbc777dd0a87b27a |
| SHA512 | ca0a5247acd2c4ca8cdc1749bd2fed7129f0c30574d2f3abd015ae3f6d4e719293a3940accc2aa174337e176c6e6ec2167d933c8ae1c8b5fbf736dccf6c86c7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c7138ae9f55afc5d3b1cdd8dc13b0d5c |
| SHA1 | 431e247b2f0d3c1584eef2413cdd982885623137 |
| SHA256 | 7be57d9876d8a61dec212bc9b15a90017e78bad751f59b501628704c529c731f |
| SHA512 | 647a70ce213b2acaafa0f81bfe00c6d29a52cafa2e76120aae2f2271352bd9fa8256d06d1711f7a9873f88cc37f6a5427e3993f5e5e0780f7f2cd0c539a53576 |