Analysis Overview
SHA256
e2a3fef5d85e0652c2ce290daa43dfb2320dc0a65ddf54408aa0f989451a18b8
Threat Level: No (potentially) malicious behavior was detected
The file a1d08804b4aecf0a43d7b41667b9cb00_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:46
Reported
2024-06-12 18:48
Platform
win7-20240611-en
Max time kernel
141s
Max time network
142s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1223BE61-28EC-11EF-964E-D2952450F783} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424379853" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000c60c6ff8afb634b02162d46593ae81b543fc6770a9cb99b23cd12cf62b144b9d000000000e80000000020000200000008f693da3bfc9aaa375f06e5215fc7c58274211638bcb0a1914013d511e9831a29000000096f9f53d0b6a40a3ce4fe6302162d2ec2aff74a13ad8702f083066581fda2f2b840c6187fab3b262e3c7bd5d978eecea1a4caad86a72c91c1c874162149e93be50cedf20a397156d095c3fb1cdde66ca184ba8db1fe968891fccf102a49a7ad37dabce9aa34bb2b8eb1c63d63c9a2e1591dd054f564e62673dfc9b30814a92170483683619ce87be8ceeb0ff5deeb8b040000000f3de6d9047da3e54f7d5ba3aaa32fd1903fb912c249d82c5effe290e453f931de7a3bb6c4bfa3d92cbcc1e0656dc0df3a3454881abfe2783f8d9521d2053c0b0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0ad45e9f8bcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000009a7bbddd2f2cdfc83910307e3c9bc315ba11fa9b42166b7113846b1e61d710d3000000000e8000000002000020000000dfc7bd3e051fc3c514243c2c37408f244286abdba869598c06cb9ed73d9af9d8200000002d5f4ba30c469a4fa4db9d1c221ff75861ae17d81f552258cb08ad52c5c4dee9400000006f54ae9329b72dc4f6882d1734c95f80751ff79da608b202b44e94e91961fa3a1e8709ad71da3c23a33ca1f6215c0b44beb0d103986cd85cc3b6246d89f435dd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2088 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2088 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2088 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2088 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1d08804b4aecf0a43d7b41667b9cb00_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.movie4all.co | udp |
| US | 8.8.8.8:53 | thevideo.me | udp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 44.218.9.82:80 | www.movie4all.co | tcp |
| US | 44.218.9.82:80 | www.movie4all.co | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| IE | 2.18.24.24:80 | apps.identrust.com | tcp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| IE | 2.18.24.24:80 | apps.identrust.com | tcp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 8.8.8.8:53 | nativead.tech | udp |
| US | 8.8.8.8:53 | cdn.engine.spotscenered.info | udp |
| US | 104.16.176.168:80 | cdn.engine.spotscenered.info | tcp |
| US | 104.16.176.168:80 | cdn.engine.spotscenered.info | tcp |
| US | 104.16.176.168:443 | cdn.engine.spotscenered.info | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 3.33.244.179:80 | nativead.tech | tcp |
| US | 3.33.244.179:80 | nativead.tech | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 104.21.40.172:443 | thevideo.me | tcp |
| US | 3.33.244.179:443 | nativead.tech | tcp |
| US | 3.33.244.179:443 | nativead.tech | tcp |
| US | 8.8.8.8:53 | d31qbv1cthcecs.cloudfront.net | udp |
| US | 3.33.244.179:443 | nativead.tech | tcp |
| US | 3.33.244.179:443 | nativead.tech | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar11A2.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab11A1.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | d4ae187b4574036c2d76b6df8a8c1a30 |
| SHA1 | b06f409fa14bab33cbaf4a37811b8740b624d9e5 |
| SHA256 | a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7 |
| SHA512 | 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ed951a389072aba2e7a099aa2540b9d |
| SHA1 | 636ba936264082db5aa2aef0faea4eef78392800 |
| SHA256 | d487ef3ac38780e2aba4aa1b1b4744a5f912d9d0a9321a52eea8e5e22336615f |
| SHA512 | 2faf42c2f66e43a2c232498ef01a81168153f21647dc5c6d693895398793ef93c8909f3f480dbb0d06a2c89de05c371b651c932ec6e19213617d37ae00d33d99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f1385eb7af3997d15e49661939707a1 |
| SHA1 | af2e7a4fb807fb38b5ee70c2a268c2bb65dbfc76 |
| SHA256 | 10f50dda6cbf2aac2847ad28fbf73ed6ef71b29ca874d735f730d5903d9141e4 |
| SHA512 | 2c0d7afb7f49a3048603d783617f53b25c91cf042325ff448bd5683ea7d2e2a4db0361ba13873d9432810e708039f2bca1e30164f721c359e18f7b98425af1e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61
| MD5 | 5ae8478af8dd6eec7ad4edf162dd3df1 |
| SHA1 | 55670b9fd39da59a9d7d0bb0aecb52324cbacc5a |
| SHA256 | fe42ac92eae3b2850370b73c3691ccf394c23ab6133de39f1697a6ebac4bedca |
| SHA512 | a5ed33ecec5eecf5437c14eba7c65c84b6f8b08a42df7f18c8123ee37f6743b0cf8116f4359efa82338b244b28938a6e0c8895fcd7f7563bf5777b7d8ee86296 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61
| MD5 | f6391cf1f4731dda973a30d0575a8989 |
| SHA1 | dfa4bdc8a26d7c1e141e7f6762edfc5e60d2fca5 |
| SHA256 | 628a6871dea408a2a6705eb3b1c8ea626d4cf4b47642adb729f6c2614666b307 |
| SHA512 | bc2467588fa495bcd7822d1a73a667217b9d16aa6db8ac694734cafaf3ffb600e0d269a445f470b0fe23d3059e7490571f72ce0667f8ae3641f133a08d73403f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3eb6691da0430ddc650c509069241851 |
| SHA1 | 2a20e880eb5177a0a45ff2853d7fd5eb58571893 |
| SHA256 | 86b1ce6474db3b634f7eebba88aabdc158156c8eac460d468bf277e60be4ae75 |
| SHA512 | 7177f089bde0ad978bb89018b42d43e702cfb7ba14f957f92bd350afb20c927e88ca5d546c364af5b170eac7502c64418fee213929dc2ec4f1726c1476442f54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e7a6c30276ac7a02a34432b0624a599 |
| SHA1 | 9ed9ff865a31cfbd19e660be3fba172b95cdfce5 |
| SHA256 | 3302148a1f766c064d9c904c457c87ecfe4378dd677de2826a57666bc423a64c |
| SHA512 | d95fd124ffeb975b1fb9c2d2eb6d7a97e49445679f4aa1700fac85d2a74dd16611eaa21343bd20fe3d8c5dcbfab013811a6f22193e04ac7b8b81cd4303363a96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e29aea3db54ec90c96b2068e3ea93f1f |
| SHA1 | 5c020b51b1f659a784c1f7837d531de51807a7ef |
| SHA256 | 9e69f5a822547e60b052918961d0832eff938ed8428f60e7ff6bfb9dfcd16252 |
| SHA512 | bfbe46213ee0ec7ae516e8f69e6ec84ea263a67a19fa288a90b4dee30a9c00f41642b9bd7ec62b9898aea1fdf4260ace98521e89281406fb891b102f45e706d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2421d7d6787619e1ba7e630df32903a0 |
| SHA1 | e253b77f403e9eb4bb5d8c1910cf7d755bc1b545 |
| SHA256 | 386c3e2bc047ee8f2f3fe54111d7df69c14b5accfb289aaeedd37f5fd21b82b8 |
| SHA512 | d2d4713906bd32967dc3f8d41efa7f4ebdd940ebc35af4b1f6e87ea07c5136be2b06904b86e86defb267f56dcd08bb2a390a9c68ac4e0c274f7276f54b90fc29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b5272b5fda458ca7b218eb884fbbe20 |
| SHA1 | f6f81607a584d7215a86920bc6d2c3ae2a10a733 |
| SHA256 | bc679a63a228941d86c419e5cad359af7b706b04e3431dc0a8030cdadbb75280 |
| SHA512 | 2626902f15029abf353852177aaeda40e55a1f04128353a0fbd8791765fd6c658dab3fd2a091f2d546818e0d18a82056c06f6cbc965ed6f8828d39de825ed7e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec8af7ad33a56efc900fff4cb1b0d227 |
| SHA1 | 8b002a64b143063d588674d9f3ad503576aecf31 |
| SHA256 | 1215210153d7288959a11a44d585f22b99341be10c1cbaa7b567ad25cc711d1e |
| SHA512 | 650c7d7f4086b47b5a46c1ae0b2e1f7ef97542888276d91dcfa3f8465c2263f84cc221abd888e722c951d0416db62b706e9973b3b33e30dd250d7f24f455c659 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 832c96fd85c12e11e8d53e9f4f0496a6 |
| SHA1 | 4073af279bc1060dadf73814d685ae3aadc890a3 |
| SHA256 | f1422ca9d82e43af850be097047dcd98f9be3eee0588457866e7d0404de83eaa |
| SHA512 | 872f1c76c9852538302a6304340fe311b4387de70e4c335e6558227943f53bd356b36cbad1566c4c49b626af1ca53435dc245b10092caeac94de0bcbd32357c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0dec73e2f868872598c0f0b95c0a4574 |
| SHA1 | d748e36761441dd73a914851ea0b06cd8d6f0727 |
| SHA256 | 981e4d31b1b744ac93d90c6ab7d9cee71dcfbc674ae72b6be8be99051748122a |
| SHA512 | be568188f94bb97afabc5747a60b5bcfe911237e6dfb4839ff8dd0d233109153e99035ca38e7b5a0c569e82bf11eb9422b4a6af037559aaac4aaf251139a8388 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d07c339ccd02ae60d932f41bb39e3cf0 |
| SHA1 | 48b90132d9e3f86d5a8283971e840232bb356132 |
| SHA256 | f942b8bc43aa0b493f67ea910bc308b50d68876abb735fe466da94cd003ed4f8 |
| SHA512 | 280403a227e1c79293f6e18ee98717466bc2726279a136359d7bf31636eb30d44679c5ed509899aa52dfb30d842660528c0dac754ae97c0e0e0283b483d7db25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 414b28c9394b6b7de4347545a07dc0fc |
| SHA1 | 5b76f61d65b38d28e2a6d01f325c663e957ad598 |
| SHA256 | 6e14c08e91dcf36f3d37554a65d9c0bc1bc5f2d60a305831bd6ae15f534b4459 |
| SHA512 | 9071d4c178c0b0136dab0efcde92214e41cef05d9c76dbcc69e27c200c4333c2a4990465794eb9f5fc209347f9c41a4314159b912f628f9214284f2e29cf4fe3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23d8a9d99ec6f4683ef707d31756c0c6 |
| SHA1 | 68a3f7af98d9e0ade07d78370f6411a905fda148 |
| SHA256 | cb8bb7707c648710ce48e945c6c34c661b680d5cee05eab5aca04f49dab8f230 |
| SHA512 | 4986b4a2294c48c6113f32dec605b0e7e0f171dbf8d7a0ef70e0f76ee3d3aeb79f006d061265791ef97c80dad886a619b3726b60090a7544da7413d06ceceea4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6eacf34fa1547a72df13dbb9ea0fc244 |
| SHA1 | 362262e04e1ac65e17a4d61fa9205f62bccdb27b |
| SHA256 | bc3667be7c526b1b4a5b84888720de266777fee97e03806ec0bb68c7a131ad48 |
| SHA512 | ea666e63d341021b7cab71df36ce87319b54bb87ad5fa687172551a99e331234c67f4dc3a90e9d8ea27a28ae668d30e1bccad09b6d8f1f76cc9d08fc4602c0ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f644957a570fef2d3d807f6456315b5e |
| SHA1 | d26985f1938c4533f2203687456d6764133a280a |
| SHA256 | 0331fc967980a4d7179b311b67f54d72f8fb6fb3c3785a0f5a74981ac7cab9a9 |
| SHA512 | 8e99b2ffbb679cd366924043050648aa8fc0ee7229b38a9fa0287e3a0d7dd12f6bcf919f23703b6d9bdcda5dcfc0806853b39531b5ce7d4e58911a6de8b4f8e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44e47cccf1f51373281184f408bbcea4 |
| SHA1 | f2f520bc503adeae30ed72193d41fc82002ee08e |
| SHA256 | cf6538d6072b283880742bdf3385e4c9a05d6d98041f687fcec25fca92a4b08e |
| SHA512 | def8704de5bd2a1a9f7702a84264677d819cabd0b3036132a801894db34a7ff78f2e655ed1528ca7b30615d04408e25a4f2230294ffba6d34f05333b75e6e6c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3525f9520ed9006d77d58709d1ad811f |
| SHA1 | c3d3987f9c5957202bcd0c3b5e0c8d9fdfb0951e |
| SHA256 | 31a1b0cbbcfa14df20049357ef26dd91978f6f42283b9cb5612cd7410f4d017f |
| SHA512 | a96495da7ee770a92bc7714a0be6cc9167bd5f7818e1f94d8982778ba1f9a144a80a2d2af03b537c6ab23ad4ad7f5050c543c374520654ed28c58da97b1215ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32158a3d2e97205534eee08adb76609c |
| SHA1 | dd79c6cf1470c075a1a643e8b44001b546aac0f5 |
| SHA256 | 68a7f435f50956b4c5b83b6de410f9f4b3c9da38f888b8d4e11484aa80c4f98b |
| SHA512 | b84d0e80f662a0365e43e8385c3335742e74181fb73e82e60e8d489b81428af69eef9f97bf0c433cf614038945894cbf2dc0e719d88f70d9f92252cc69dcd43d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1ff216be2d9443ceeef1dfee30d005d |
| SHA1 | 1a940547806ebdca736120ce398166b7f6a7594d |
| SHA256 | 39e1445a2a86c6ab7e1ab608196bcba68ff7fba108325b721dc4cc67cbbc1a5f |
| SHA512 | f49557e23b0402f0d7cd4fc4e351279ee248a8a12ce71f3518b097f1968800425a828bb029398a17a2a6ee9417baff82997f63090ae0ddf45b07646ef48fbcb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed00ae8f48de040cbfa4943279586256 |
| SHA1 | 62d54857f0e0640f8cfc546228513debcc4285ed |
| SHA256 | 10a5fdf2d7216dceebdfe3f6f6140d38635641e8f8899d57227a5c59b63957c4 |
| SHA512 | 1c2ae8b9ff5dea193e0625040d26c6a9f25d4ede3bbf94ecca34c242ae5e185a6a1a07ba4483def12f864b2c6a55160d5abb6f533733d0612f822ea2fa809476 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c5a88b67a6050e188c005aed98ca013 |
| SHA1 | ca5f375dc1acba1689bcebbe0330a44e8a5c50e4 |
| SHA256 | 075473f6f7168184c66ae132aea4099d5bf1f4832d97c628e79dcc59023596ae |
| SHA512 | f31f0acb1c5167555f029aad1a60380508e27acf8accee50a5d229cbe85d24d46d4538a7fac7e5e24c2b66b387e8a53197e9e3a85d515cde7f6c8f399c0446ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc4547102e91da3aa324bffed58ad8d9 |
| SHA1 | cfc7e8375842d02e826799a3443866b6110ba679 |
| SHA256 | b0d6909b1e267127c7139942273fe0c8acc295bc956557b45130854e6b7b203a |
| SHA512 | 1a920f5b39f1ceda0bc19e86b403f9acb6f8a81cc607675d795ffbbbefb7b7c4f500bd96a901c2c8ccecf837f7d9efe02115502072b8a63d15ff179bd2c732c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 450b0624ae3d1fcaa18c2e20c09a66af |
| SHA1 | 192ff15c722fd7e6607930a10809c3b200345e38 |
| SHA256 | 1c48073b5592558efe03af4e7c628713919c4483b2c2cd1bdff720b0698ea0b4 |
| SHA512 | 00f533afb867d41c699fbe8db12449c51e2e4baaa3b1f229c6807690b22d1685d91530a0ddbf17df6854adbd92c2cb39418f161d0db0141da58cc1645e76cd67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ea45a76c80508cb2ebd8c2ef4eca8c4 |
| SHA1 | a799286f4e67eba7c66acb84e9c298d21e5a64dd |
| SHA256 | af1a5f89b46908916b3f5798b7ffbed9c264ef59cf7ae22810d12f3c5d67488c |
| SHA512 | a2e5bbf6948d934b3030d152426f0279c7f4bdd614bc27420cc45c911d2e74a72ff72325e16e5547de3fa5e888ded8f32f5331dae19655a3aa1a9018fbbccde0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 456a4943ed42e9c97235262e723b81dd |
| SHA1 | a6eb39006b8c7e42c6e47b47760349e0f21b026a |
| SHA256 | d1a180025a2fc1ec2422067922e1ebaf3ab0bd9f6131f713b511a16ed715ce2f |
| SHA512 | 8a78f674626098ab6fa70ac3edf5e1872122bfe9209e3140b64e1eb1cb0087976384c317a96409855918281a8db252c38706912284928dce66d099a18feca060 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a7f60f7119bddf7ad4e4c6a0991df0a |
| SHA1 | 8f7ad963a42e5644f382daf8075985d2900d116a |
| SHA256 | 46f9a62f4b2d2c3038c37939740c2074f4e151a8bed80e05c6991bbc19f0f2f1 |
| SHA512 | 3f52fb051c27a9c534f9834a5978bc13ae5cd390c63efe01bfbb90ab14dc665c0b11b0f7c90b6a7a79c607a6de8d3993c80722dd01b7bcfe9c1fab31114e262d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80d1e86decfd6a99c09db1c34f495a50 |
| SHA1 | 4f6ae1a7f44062a11fa014afb03a0e3d34cbcf88 |
| SHA256 | c53b9f66a01da297bdeba037c5df03ed18b4fe091473027ab6855d9727562970 |
| SHA512 | 1eea4df190211c5d81b09fc1ef76f4a503dd3ae71b5ae0b2cd282b1126f66b605bd80f5c2092a97f5b9d8a1e91b22343d1db3438dea116ea22211bdd22adbe5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f461fc7ecc2c391a5945cd6a77b361fb |
| SHA1 | 93e3c06aab67d2c83037e635b2d386d489c8aae6 |
| SHA256 | 9de821974dc6577b838a38baaab2201a31c5da159025b336486b846b7bbacc73 |
| SHA512 | 823db70d637e0fa7f61d04a8dc5f1318413db8ee58dcde8e724a8267e87c7390389ffe66207d5c96e4de19f7d178aa2d25d39876574800ebc40b759465c9c542 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa6b539c3b6e100312c0d0d4b5f20012 |
| SHA1 | 199505197ae3e5ec66bf8a333329de792192eb99 |
| SHA256 | 019c623bd3b5a9fdfc842ac58a149a036fa65f603a5791807877ad0376974f8b |
| SHA512 | 0bd3c50028a7911f313c6e4767a2d2124a53b5da5688d5f38a3cf4e2bd43991265170d1e6ffc0bfd35d757ac637fbe58f6e0a1872c5c1f8018e0c8dd18904b01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7a1de78ace77288a92d1bc70b31b72a |
| SHA1 | 45ab6240508fa2abf6aba3ca6a385ea3ef0dd4c9 |
| SHA256 | df2b600f9021a0610840593e29348c13b2cb6fa895d8d0f01e6f7107f08a3469 |
| SHA512 | c52f2f026d2b33f2f4a0ade43c51da12cf33c2a8f0c8fe90ffb97c8ce2f2a31255c55f282d31422b425b8a0b0f8df787430c421450447f348b18f5e6ad03387c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b1e7754bb9f49abc78009bc7a0c5f95 |
| SHA1 | 01b22de7b39edff02da48b33624ede33a6825f1c |
| SHA256 | 7d8ff19dc2ea787a950d03e244d32d1d45a2ed363942ff9e9734dd0d966ac17b |
| SHA512 | 4c30c2227dec6f24dd693bdc972df5d582916f91503fafb40473181c7507d28b1aa11b07d24406b83301fcfab82c359e930114be42aa0ecdf193a9a91c1454d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 630704b1f0ae22bfd2ca236032615d3c |
| SHA1 | 3e92df2d37ada0610d8adf0e7579ef0bc9c8a7bc |
| SHA256 | 8a1f646368677dd42aacf59cbfc4bb38819e1aee4bf7461c72168501f22952c3 |
| SHA512 | 6f94201b10122c907299c612fec14f8a4e0f019c63b825ef6ea1555be473d6f0d981b2dbfecac6d21c6ccc43b144d59a01f0223eb76ecbed96a8701e6bcdbebe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14bca242d5def316a38f0e6dc4ec9417 |
| SHA1 | 3766a6cb084358163bcd7527617af8c24ba360db |
| SHA256 | 381f2a4a598ebaa7bfa185caee0783cc081e23e5ca567079408090c2e60d7162 |
| SHA512 | 3c4b70ce4a7eeb59a682928fa026b9105fc3e85fc85a136f5dd95dec7c3eba9ebe5961f7cbcfdc08bd6089c28ff60a7dfa35a8fd25a731b831a1db7fbde08e91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea84edd758f74d077a14b1b49bdcb8d0 |
| SHA1 | dc4a1047f2297fe19d7634cc34fab010c208acfe |
| SHA256 | f0c0d07ffec22970c117f68924c2e54918a9809f00c4064b44c1656e0ab7904b |
| SHA512 | 2bd9bb2e8029e0e05ede0f27aa4fbdeddfef9c03edeef17dd490b5e316c0444339daf21cc5c046d604570b8429a7464c9f446496b2ed7f46411c3b3d17916750 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e81c7708d6fe470d58e60161d6f5bea3 |
| SHA1 | 41ac2c7d2c04799f7db1528389116e27f21d4062 |
| SHA256 | f25e316d1aeda89a88e1e218078267f4ad7a450572e22765fe423876924c9a7f |
| SHA512 | 5770d2a7af8c23371131ab5c578771186ee7c64e70d39a3a4930481dc2ea1b219ab3ae2fbbf258f6c73640539599269ba34c0ca5209a3d6bca89a7a90cc7f8c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 793291ab10b153319697e010c2d5e6c3 |
| SHA1 | 69cb94e8cbd4fe4297845b39ca7e845751660b04 |
| SHA256 | 0d43505079d78ec29cfeb2b66389f2f04c9b79c81d8e223ac77ecb0067d80ff6 |
| SHA512 | dd9194d487a6fc797241703f5ab5d6a96f8bcb4c907ff22904a1c8055071b3bebd1495df92f0586a0dda5bc07569fae1d7323fd4e4bec2c5d038715703c69ac8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b14ddf8bff350cb434b82d92c9b52f33 |
| SHA1 | a6be2687ed90ee4c8afdc839440c777448e8bf9a |
| SHA256 | 55d358ed2759de5e4fb597e0364ea3ef10af2d7880f675ab6bb0bdbe2a0a90a2 |
| SHA512 | b4aeaa9d8422260d0efacf6973026235c6f6c1afdbf32f308714665cf3a07aa5735184a07e0b15b1f400720db26fbefdb627e14fed96f9404b08af629b5827f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c771642d0ada5d64c9490e73da480fb1 |
| SHA1 | 8539ff812b52e95d0a161346f5d021fda3e5b47e |
| SHA256 | af584a4cf9000f37d6098dae69eaf8d3d6fa258aadc60c30c59f88af0555e145 |
| SHA512 | 18edf8b423d8fc368cc3f8843b07a0cd8dd14ff5e92719e808c5b786071a590a129f6af088b5ea1e2bd5d04a815f60bc3e2b6399af6c3f066d9c788f0504393e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99b5e2321cbfad0b9922d9953c08acf5 |
| SHA1 | 0a71ad2e9db5bbefcf1c3f2ed16bc8059fd8a093 |
| SHA256 | 337d2101845c1d2de7ff662f671c8d2549e5ec96568da283ef5bc4034bb90494 |
| SHA512 | 85211219e8f46dd2ad267e0145fa0db88b54e5f720fd99afbe04086317c2fe05dbc01bcbd17481064e9f197182e4116399cfff2bbf91008121ca2c4eecaf3a13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aeffc662babd9966591191ab468942a3 |
| SHA1 | 0dd3fe1f2ef7477195f404d7b21fa71ea2b839a2 |
| SHA256 | b0f4e2b7fd0f66d0f88bd8a4b3051a0b77158e59d4d09e1c588e7e8ff2fa380e |
| SHA512 | a62848bd95c2422483f4a6ab2da54535fad9e3be893cc7338f7f0b7ec6da295e00c7b4f5e3e70710682e09dd1a2c0cd95d94cc51d6e054078544cbed3e9f44fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10910c1cd4e01c515f7ecd70521ffcc8 |
| SHA1 | 8ba1453e80dd7e10ec2220e7ab1afc8a5b4cef94 |
| SHA256 | dd0b76a216d1251c1ddaa171c35ab09c5872c6f12694caa15a295d6e1bb57d23 |
| SHA512 | c3e51b0d875d303174e09e162228cf0f0ef47471ffbd15839f1705eba82ccdf089c9daadc7aa500cc4589cfb502f06cb366c2f0267144b99314986774abda9f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ada6f9fafb3b0493eb6e5b69a28cf88a |
| SHA1 | 98fd096d829a4ddbb361df4ef12d20285038c7dc |
| SHA256 | 27f5a7dabd72d31eb6855433fc5d937b4dc4b7a161b94ab07c11ecb33a35a2d1 |
| SHA512 | bf8a696fb621e1215eddfce94fb91f15a9a4c395ee2c84c1b143b118150acc1e8f336fbe4e524a25b979d98f8f6f721b2156bb5117951d5003509cdcc916a157 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cebe411c20bad935ca2e1d549eb63579 |
| SHA1 | 069e1a95bc057ea65ee6916339a31d368d1e4e12 |
| SHA256 | ec885599aba21ff064dfabe35346ce6baa14df2d05c79fc0f3aacaf35d3ad95b |
| SHA512 | d85ddd355ee2ca5362bb9dbe08e577974724fc6f42aa987ff3ff9b822ac68bed357f2e754c331286f4ca9ec49ff246c293db1fc97593f9f57b88758bfe767338 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e46e515f6b93399498fccc330a63f9b8 |
| SHA1 | 6d86f8e1e7a88466ba7ed30eb6b5103eadce7b78 |
| SHA256 | a3acb657df7851649620e57bdd7dca203545d5d6e06d47dadc8348ce7a175583 |
| SHA512 | 02e5ed7e99ee9bf5e07c6a4455b42ddb96d749f6822e6ed648413f8707736fe34eeaa60a4b3fc65d99524fdd8c8c360fe40235cb79031470aa4d0add13490459 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 18:46
Reported
2024-06-12 18:48
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1d08804b4aecf0a43d7b41667b9cb00_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffef99446f8,0x7ffef9944708,0x7ffef9944718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,4546904839841182233,11506733220777603777,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,4546904839841182233,11506733220777603777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,4546904839841182233,11506733220777603777,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4546904839841182233,11506733220777603777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4546904839841182233,11506733220777603777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4546904839841182233,11506733220777603777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,4546904839841182233,11506733220777603777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,4546904839841182233,11506733220777603777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4546904839841182233,11506733220777603777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4546904839841182233,11506733220777603777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4546904839841182233,11506733220777603777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4546904839841182233,11506733220777603777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,4546904839841182233,11506733220777603777,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4400 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | thevideo.me | udp |
| US | 8.8.8.8:53 | ajax.cloudflare.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | thevideo.me | udp |
| US | 8.8.8.8:53 | thevideo.me | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_1144_IJAEVYSAQKPDLYLH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0862f9e556aa10ad492eda440ebf53ba |
| SHA1 | 1a4da78d92ddd23d29200e9aa6ac20dc3774f741 |
| SHA256 | dc4ad2d3e89e93479628305d6a74bcebd6fabf6cf769313f8b571c5f54d2b054 |
| SHA512 | f8713b43f67ff04c103dcb8581ba438af35bb58087a51256bc198adb7ce28df375d1dc6957ea2467b2d9db6f3e5ee01a1590b84587945c0cb2b44706265bf52b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 846b141ed1e5ead6422f096bb763b7e9 |
| SHA1 | d5c2ed127c229f5f51c5f347b788bf6cc6127e65 |
| SHA256 | ddba6cb483c8e42bd61231fc7a4133700c44b0fb3c1c514dff83740fed95686b |
| SHA512 | 773354afbd5f6b9936dc690dbdd8b250ed4ea40ab955535abe0fa87a3b6e68bf84003e3130cf4828930ae09a787cbaaa53f1726f0fa7d315b580d605ab61260f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9bf0a04df6bfab81091bc7531eb2a5ab |
| SHA1 | bd4c5b8ed94cc57fd69eb2759473cc6b0e641fc4 |
| SHA256 | be248d52953794e7748ea8fcd598f31aec8d1a611fdf51ad57b7867aa3f34eb1 |
| SHA512 | bb6ceb38104dbf4d0ebe6e82c411574714f75564c6a6e3e86a10bd89d7d27b8a869f2df3e3c4126164fbaec50744fbf6d3e0d1c7a7901aaaecb6dbf48eb306a0 |