Analysis Overview
SHA256
4a98053dbc8b891462d2331a617faec51969e50ac7f3c3bcb91a3fb450e00373
Threat Level: No (potentially) malicious behavior was detected
The file a174050d5cc6c4121968fbd46b7ce168_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 17:12
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 17:12
Reported
2024-06-12 17:14
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a174050d5cc6c4121968fbd46b7ce168_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbdf746f8,0x7fffbdf74708,0x7fffbdf74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11540977447836091474,2624100816082402198,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5884 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | www.sharifpost.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 151.101.2.137:80 | code.jquery.com | tcp |
| US | 151.101.2.137:80 | code.jquery.com | tcp |
| IN | 13.127.139.246:80 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:80 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:80 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:80 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:80 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:80 | www.sharifpost.com | tcp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| GB | 172.217.169.2:445 | pagead2.googlesyndication.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.139.127.13.in-addr.arpa | udp |
| GB | 142.250.187.226:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| BE | 2.17.107.114:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| US | 8.8.8.8:53 | 114.107.17.2.in-addr.arpa | udp |
| IN | 13.127.139.246:80 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 104.22.71.197:443 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 2.17.107.226:80 | apps.identrust.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| US | 8.8.8.8:53 | 197.71.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.107.17.2.in-addr.arpa | udp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| US | 104.22.71.197:443 | static.addtoany.com | tcp |
| IN | 13.127.139.246:80 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| US | 216.239.36.178:80 | www.google-analytics.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| US | 8.8.8.8:53 | 178.36.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
\??\pipe\LOCAL\crashpad_3140_VBGZSDIYGTQALAOW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b431f1b1369b702e792909994742a286 |
| SHA1 | 7b81e1f307d334936c12647353ae7b49d9959e25 |
| SHA256 | ea50e511c4868586d4b4efcf58749e725c667714a795143f34caaff25797e8f1 |
| SHA512 | e656e2e3f40c79c31ff95012ef0a66d24d75afd98fa2032b3124d1095c6b778440f050134fba61ad8fc0465fa02a591107fb99062b4f51a4a821bcc355842f8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b305182ecee45b9eb2ce7cd8b9e6f7b8 |
| SHA1 | 2873e3cf00cb6388ace7ee171e158dfbc80b9de2 |
| SHA256 | 70f7072cffa0bfb036b853761584c7d00fd48c9aafc5f5ebe8c9456f104f5fe5 |
| SHA512 | 170c340e4917dea5dfcaaa875200014327f540ce055cfae352b76ad014cb9fbdae8c22995a476094a37effe176e5102acc8763d3615be92b3bf7137f330179e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 12fb049fe2807787e4bf53dff4d90828 |
| SHA1 | 0b08e01aee6bf3cf8f42f1e016a1bd12fd88df8e |
| SHA256 | 3ab239080d872d67241bbc76a55ccaf5e46b1ada786a9f1395a1139937f16101 |
| SHA512 | 04fa71baac1c0d225b49c39f87dc32a7ed23ed85ef7b1cc611d271d9655a330a0c4438d4ffaff01a4108aff76c6a184ee9f194d9823d9cd3b22e087f2167f945 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7d4b3ca441194fc9a5d699be272d127d |
| SHA1 | b2e011b177fe2121014653111a8598e2467fcae3 |
| SHA256 | 1f26df95d0c540d3a658efd6147176e3cc0fe556841c9a7df3164bdcb96a2fcf |
| SHA512 | 8fa5656c9249d78633819fa8ae49860dca6222b6edb9950cc3e245baa5266c527777e3ff129b8185ba89607b2a44b37993c8340da934af73e8e769d5ac01d992 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b565.TMP
| MD5 | 067355abd37b5bba9198714c1207b56a |
| SHA1 | f952e1614052e76ddd55751f062e299180556259 |
| SHA256 | 08e421513e03c84ff75826a7848d92a747b50a0e7e9ac42d828d69db01f6d57e |
| SHA512 | 40399e7259e0ec17a293e6d8be7663c7ee5193527d551b30887d4cb87441a99cf87fc9b97bafe944077558f154c90699f3c8fd068b2926cc957162a77bd9c613 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4163e463b10dffd42cd67121339ab71d |
| SHA1 | 130b9040f18cb1dfbfbece7c2648e7fdf44ff5f5 |
| SHA256 | 94be9599d69363c0afe12f37c077e3856bc7b9148c6578f2253c4ca65b5fa6d7 |
| SHA512 | b3b267fee467836c7042244df65f54ee46051aa98d9baafb18200cf729f5497dc84acf16112f207ffbc2897076c941283942daeb5afa855a34654fd1dd8f91b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 657d80e778b39d653587f8847338262f |
| SHA1 | 99a4134362b9df2fa03c4e8fb3733518b6846a4f |
| SHA256 | 629624e44c2552d545840929a840c367d729df1d532db9e340d39a0c51d5799e |
| SHA512 | ef63b729f03684d28865ee445b07279bcf39d542b0729c646fe5876ca45158f80e6b969ad5ff21a6c98bb449589a2aba03c1a811241afbed4d8318561ac7656a |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 17:12
Reported
2024-06-12 17:14
Platform
win7-20240611-en
Max time kernel
118s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000084ea3a37ddef794040c5c7d9dfdad3c818e0befaec5d3f650cd156906d5a95b5000000000e8000000002000020000000a9cecc64dfd307cce8ac0e30bec17b47eb8d103980fff63ff8779c129c44e78290000000b554e332d95b522038ffbc398f7c5b0c139564d6e4d7dc22b60407d5cf1780efc6c898fa8e5e9abfd443ec069e04377406ffe46b69fcce6e0f129fbd21552fe20b0c68551899e670da14d2959a60fd46a94e9b9dc9dc5e8ec5222dde520e28fc25a51cce7170bade358e0d880a9f40db0b185fd79c82c6caf4d95818fc46489f8d72b17fc30466a17123727f85d3588d400000005a46219bc2931d396643a4654ced7b483b316883e0cf87bbf0a9319c250174873de7a35790dbf65b94d8c3f553c7796e4f71cf3fe7dc8056b9fd24e1fea16674 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20f0c1c1ebbcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E93BCD61-28DE-11EF-9B2D-424EC277AA72} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424374200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000008554d8411784786444180a9a03f3c03b0e6d88e3ae0bd616848808e8564b32ca000000000e800000000200002000000029bb8faaa0c99e1402fec8662bb22f623a4690f7fad563e60029f662c46d814520000000a046e8d9840d904ec07783b641078d33f8e10a758ddf7cf6fd49b437e5e3cc95400000006cd0c0ffc319582c1c69b17369fb3802263550e65a16ab4fe9043afbc41ca36089332cc1b542498c81f9f535e258253c50fa9157fd3e2852b319050b198daab1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2540 wrote to memory of 1740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2540 wrote to memory of 1740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2540 wrote to memory of 1740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2540 wrote to memory of 1740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a174050d5cc6c4121968fbd46b7ce168_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2540 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.sharifpost.com | udp |
| IN | 13.127.139.246:80 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:80 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:80 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:80 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:80 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:80 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:80 | www.sharifpost.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 151.101.130.137:80 | code.jquery.com | tcp |
| US | 151.101.130.137:80 | code.jquery.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 104.22.71.197:443 | static.addtoany.com | tcp |
| US | 104.22.71.197:443 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| IN | 13.127.139.246:80 | www.sharifpost.com | tcp |
| BE | 2.17.107.235:80 | apps.identrust.com | tcp |
| BE | 2.17.107.235:80 | apps.identrust.com | tcp |
| IN | 13.127.139.246:80 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:80 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:80 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:80 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:80 | www.sharifpost.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| BE | 104.90.25.32:80 | x2.c.lencr.org | tcp |
| BE | 104.90.25.32:80 | x2.c.lencr.org | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| IN | 13.127.139.246:443 | www.sharifpost.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2EEF.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2F11.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2af940fe3b84f8674f99ce54eaba2c3 |
| SHA1 | a263ed5758219944a86111394ed62ffe995764c5 |
| SHA256 | cea83d39bf6426304c3fae48e128cb993b4a6be28de5895866d71954b215f8e0 |
| SHA512 | 57eb4dc3d9cc4663d502c3f0224e631bfacd01d9beac821f484fbc9d8a64e565a86066bf78bc5faa0e89857d3e32f96cc733fb9e9452e8c9fe07ff132315aad2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e1646f1bf08a24cd8300c05421f6052 |
| SHA1 | 99dcc0f0df045f229bafd4232b6c1c14afb14c80 |
| SHA256 | f2260f53b5198bcfd10466346ddba5be6474debdb5db13041dcee7776d83f895 |
| SHA512 | 9156e37473ebcbaa4a4a489128d7605d1d9ed01af5d776ff414ec75be8fe419e1494c0aef5e385d47ba8272f8cf3a8b329cba0a9f170b85a742f80e35e5a061a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88bd860fd1572976e742e9609479ab26 |
| SHA1 | 7f1a25a9f66a6a309c462e26888518eb7383c450 |
| SHA256 | d25354f1cee5ab0329a4e4134ecf5b0139d42737f3ab386e3ed00eb9d497142e |
| SHA512 | bad2f587f0480e92d145986554e7fbf0c153eba37d0954c6540a76612abba2a185c4493b91fa558ac3a8f615f1cd9654852703ecd6ffdabb0e33083ae16a3e9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb81dfa6b0581e84d50e83ace0633a6f |
| SHA1 | 81dc3a359a18b8dfe97702b7677dc21e2e75d12e |
| SHA256 | 64ad92d72c4d9e7a881bd7fcd28995ccb43116cf4b8b08104cf066d1687e80ef |
| SHA512 | 9448b1e05942d5040e50ebf03a7e711e1f52b5d4dd81d62389f9a95734d7cda57954787cfeca3263c9948287256cd599ce4fee40becdc5cf645898de7aa9df74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e005582596d98d4c465cb226a35ea0bd |
| SHA1 | b43efc3988f0c11caf7f0be6e191bae854f1095e |
| SHA256 | 33d9b4aa7572dd8374b8c450375a645e5a1e002c0a7b43df4007791b20bdb2ec |
| SHA512 | 51bf13fda638dd6298a2f409641ecf47d77fbd45af50cab8d8498fddfeaf61c3f31b5d7b884b0a062650418d0ef195c5251142c48fbd110c957a7c9c9bd0041e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26469788e2c01cb80e32f42474e1afe8 |
| SHA1 | 939a2c0f082ee7cd21935bc23d4c8cae69a25da4 |
| SHA256 | 9418f40432aebeb877d6be760f2c83a445dc0fe315c46aae9da0787aee93b604 |
| SHA512 | 089ff921a949add8f21559dbf7e12f65f2d46a4f8d6d70399724128acafd7ede1ad9895674c0e87072dbddfd7aa32d709c5c3da89545f657394b61662c68c768 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be8f09d5ec4fc3b7be7deeb1c87a4cab |
| SHA1 | c06d53af2519d51ece9c802bb817afa1ea7afc0a |
| SHA256 | 89945a8f974dfac1c97e430a67d0cba7b085a351159f429b4361a0eba19633f0 |
| SHA512 | 6cf1c7fc9b15a98996cc1e8d177f0f21019bdb37884039f729bb59b8dccb9b1e5a0c3f040c6a235bc7e835ff317bebc01868663ed2a1bbc836aadf459f8a6f64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9cc200c7bb28600ddbad7e6599c6860 |
| SHA1 | b7f04db5db2d889e8737564542c89cd570ccf415 |
| SHA256 | 021d0188332873b2785df39c3db3deb787ff406eedc7e82eb6e643c28075e5c0 |
| SHA512 | 6c89cad6c06ddd7230ea131d85a42a561cf87863d26a8495b28b77877251ee2052830fe7bb7dcf913fbec2d8892ea60e8f991fca13aa498ff6d3cfaaf0097599 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec53b4e2e4cab349d4c08532ec45e995 |
| SHA1 | e03a1fc2da3da95c0396b662f9bf9b2ca43eb346 |
| SHA256 | 3a47ae20d703430ab7fcfbfdc051be95ea5ae741d3a69bb72b8ded0c15dcf3c8 |
| SHA512 | 7068f6caedb8295f26c53e696d24b7b57db293a72c3f6a0af08ec25af6db63700ab8e1ea36501877804e25bc03f2b50f81a1a438a3052a948e200de01e7e145e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04b9452d7e9228cfd7e3d3212e6f84cf |
| SHA1 | 4c47df85d2a20f0399fd3d74fb9268e6d44354de |
| SHA256 | 656820d18f42d13e9a20f3ff5da1f489f5c12ea72acd2eb4011a099618e8cdfe |
| SHA512 | e499021903491cd51eef5c696dfbd45c4ab02c649017a15d4712bec34cb96894937ed2ee4accf71f2c4a3d2843255112098085becff3b72be8344b2be86c706d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd5d793b029f6e21a2b4cada4ec03187 |
| SHA1 | a4acf6c7414a0b0ebf57b1c6099d875bb9e25459 |
| SHA256 | ff2cf17a01197d48b13553b2c6067d80325bb2633062a5e23b4acd2d2cde470d |
| SHA512 | 92364602da4bf4c53ea9b73e09ab056bd24c48fb8177112c632d4a2dd7d2769d3f0204e9123abc47c40f6de273c2fbec1d72121a01cb1a154aee43b81e10b5f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df0e654c9ecee3216f9638986f29d4ff |
| SHA1 | 75f450d6e996ae5ff765c4afdd0530aaab439ab6 |
| SHA256 | ab2cd766dddbb008e3efddf114272d1ab044c46464317213275e9b8b29c468ad |
| SHA512 | 67d6fc2082f4c89abb65064c18873ad8b3016e70d7932246fd12ab6d2116782639b2c9c7c165e3aaba50f693273896d1d59e63f7ddda32923fccc9a2bd004aba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cfc62d487b0001b62761c67a1234b4d |
| SHA1 | c78fe3ba8eb776a1984a84e22cb856d2ea72ad9d |
| SHA256 | 820e07b14a89e6a1c8bbdcbb18d6cbaf2251258dd7e9aad9d7b334675c885614 |
| SHA512 | e72e56b3289c051f307ad72ca16cafcc9ea0401372c9dc2b574d7f460d85aebec22b7e3af8afa72ff5b340e30af0d1e29c68b96ad81294596b7b59b5cc0b343c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09326ec4243a1fc915988666fa6835d4 |
| SHA1 | dec1ac22ebce4e7225636485d64a3b209f9d7373 |
| SHA256 | c0f2f568b583cdd80813acca08a0a842db662b31ceb84bed974372bde9077a1a |
| SHA512 | 0f05ca2a990c852676c8c4f0cef7fbfb5e3ec4e86ed6d11d82a0597f62988c7e4fd5535b22e5c94e8c873fd2e66d1c1f58a2712568f086909f0610553eac0d53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7199103aaec50fa8a67e9d1bc4d1a207 |
| SHA1 | f3df1edaad8a52e3b8f7dd9817d316a290053876 |
| SHA256 | fca00e3b184ec21bc8068d7b18558b5cea9ea0b6123a29940f5314c47329fbb0 |
| SHA512 | 9f11778d566360431f66114dffe162044f9249273c5f737dada3cdbc80052f25c2fc41320168dc61a235e092f0f15386a8e55a866ade4db81e7771a3ed8cb809 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9e4eeb20f9f0eaf4d5ab1ae444f08f8 |
| SHA1 | 343e8fa4877db34a9d40ccbc55361c77ec1d9d36 |
| SHA256 | 6ef69ea8ed49b6f056c345ecf3755a49489d60b5e3798578f628c89d594b02c5 |
| SHA512 | e9fce0ad3b675d6997b7998db9694cbe1d202d4aa0cef33c2b0526cf02b913b9d707047a141737c2b49838b357d923afc8b49ef3c1b9c9e5eb5e593b4a70f5be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55b73fd659f32500762950c9af20bc79 |
| SHA1 | 803bcd422410c35a864146ccc433ff98cb60fc63 |
| SHA256 | ba8ae7d0eef477861c486817dc677dc17a15b9b09bb159925c129638d2159231 |
| SHA512 | 4a114965c272b8962ad071b5c1ed4a13ccd2216012916dc05dafef6e0556283365d43a95488153be0ce42b44613645c1c64aec877ff63b935dcb8b06d95e9744 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bcd1e860a4cdc008592344d59bc2385 |
| SHA1 | 170bfad3c188f9507ad16d337348ebb77cec3240 |
| SHA256 | 0280631bacb25ad6b5fe2ea37ab2941d8fcbe5062d7717ba70a69b117d9cf3ed |
| SHA512 | 11af40eac9ab5e7a373298263f8f313bff655a5e8893608b48edf915f27bad10c6873b41bfc3a888d91145eea2865658c28273f14cf2f1747bfbf9fc7ada73ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fd3187bfeb0dfa45813c354688ad8f0 |
| SHA1 | 68e4f3971a5bd60b08157fb3b8ab7c605aa896ee |
| SHA256 | 02a88c48a44050fc51fc314cf90faabba924f00a4b02f8db97659fcc0f4fe41c |
| SHA512 | 8f91c8efbcbe566ced8123e0fa5c4ee5531cd6b03ef0c49080078c20a032de8c5f94a9cf505d17bb228fbd3f98cf132c38d3d5434613a7e3cb27cef4ca8f4d23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3c258dd6bd907db1b6a26465b63180e |
| SHA1 | 8a716bcf4bd9d94148dcd791fb594912ea28915a |
| SHA256 | ff924dc418afed7fcfd6e0cf512bbb1cdd935eed97b85caaf760bbce82a30fac |
| SHA512 | 42a8447d9889ff1b74991f90dca06e20ee6cfacec3847ad24b8106c6c1d33b04cbc22467f63c9489a3b9947342212e1923bac9943bca60c23d11ce82f61e896d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d0cac8393786ac0d17d135e3702e1a8 |
| SHA1 | 8e6087128c7cc8dd4b6ffccca58ad905cb205c13 |
| SHA256 | 5a64c8c11fedc24aa0a46ffb2465e6f1e35f1ddef4f3b2ac48084ccf273ebe1e |
| SHA512 | 4b9b70d5433b482bfa2ec744e025ea30e11c3ab5631f44d48633c2d321593a28a5d31e9a7447bb6ef977109da90ad02044e8d86242cc03b3079ba0cfff6f02de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d8c5f5b5d3b620899947994766d11c5 |
| SHA1 | 7454831bc6cc76a83440018796bf41f6f7f91f91 |
| SHA256 | 0c501b647d80154f73460e8b4b3d5aa4afccac28c46cdf1924d2d9d46d14d456 |
| SHA512 | 55626892e34738b4978f3683441ed551ae33ea4ee0a7d9d8757f1561a502e337236b56733a584631e07de2f4930dedaebdb55b3098250db74eb9ef955fe73392 |