Analysis Overview
SHA256
08ddc02304a55fddc161a8c7e5c9fc8029f1941e1981fd1db5857d4db496bb90
Threat Level: No (potentially) malicious behavior was detected
The file a1d3ff24f7237d1ac05976bcba8a8ba8_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:49
Reported
2024-06-12 18:52
Platform
win7-20231129-en
Max time kernel
137s
Max time network
148s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424380041" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40470996f9bcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8230D531-28EC-11EF-B5EE-F6E8909E8427} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004a500c78c5847d469a81e3d79d7d7d33000000000200000000001066000000010000200000001e941b6a3d60d3f7ee2b5e8ba688f54a5c331c41b355aff278a899c89a8816d5000000000e8000000002000020000000bce293f7d760db74c0773c5b132187982d8ddb7ebc19426829a7ad074d8298ba20000000285d95e982da49f6b862689e945ea564c56ba82a2b6a0f72d5562ca18072ec2f40000000db52233d6300ea5824f7b2806878b4e800d6035cf16b90428cae1f247c20cfad7ef18b05a454baf6e08bcc76470974ac60005894589295cdc061397097abd274 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004a500c78c5847d469a81e3d79d7d7d330000000002000000000010660000000100002000000058b6107883cf016593ad2ec958b8852a0b1a5d0e614ae9b6b0600b125a14568b000000000e800000000200002000000000628935b58d04161199abfefcf4c5bfd49f184be66c545975fd4546935819f890000000ffba2fb24c91a16f6758fca12e111cad73fc20ff65de12d68c3e61d59ec75dee309d4eba01a7791e0b71d989dddc616d5d7c506a863896527c57b7a5d83de7db8ce5f95ea39676bc76b781e7bcb060900ecafad2cb1834f7ad4ca28006230d370a42254a92c1131ef4f1a9c047d162917491a9a65f28e9cbad6db2197fa676cad841137ec8f26b31cd26e7df506b2079400000009d6a8d6187706e52309e33c4ce0463f2f86dcb84f8379a8ac53df38b54df0162b203b21de306d7386f6792cf281bc19d41fc750e2c87836987128d8c600f8806 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2352 wrote to memory of 2964 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2352 wrote to memory of 2964 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2352 wrote to memory of 2964 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2352 wrote to memory of 2964 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1d3ff24f7237d1ac05976bcba8a8ba8_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tomtheis.com | udp |
| US | 8.8.8.8:53 | tweetmeme.com | udp |
| US | 8.8.8.8:53 | 0.gravatar.com | udp |
| US | 8.8.8.8:53 | farm1.staticflickr.com | udp |
| US | 8.8.8.8:53 | farm2.staticflickr.com | udp |
| US | 192.0.73.2:80 | 0.gravatar.com | tcp |
| FR | 52.84.172.83:80 | farm2.staticflickr.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| FR | 52.84.172.83:80 | farm2.staticflickr.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| FR | 52.84.172.83:80 | farm2.staticflickr.com | tcp |
| US | 192.0.73.2:80 | 0.gravatar.com | tcp |
| FR | 52.84.172.83:80 | farm2.staticflickr.com | tcp |
| FR | 52.84.172.83:80 | farm2.staticflickr.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| FR | 52.84.172.83:80 | farm2.staticflickr.com | tcp |
| FR | 52.84.172.83:80 | farm2.staticflickr.com | tcp |
| FR | 52.84.172.83:80 | farm2.staticflickr.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| FR | 52.84.172.83:443 | farm2.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm2.staticflickr.com | tcp |
| US | 192.0.73.2:443 | 0.gravatar.com | tcp |
| FR | 52.84.172.83:443 | farm2.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm2.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm2.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm2.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm2.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm2.staticflickr.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| FR | 52.84.172.83:443 | farm2.staticflickr.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| NL | 23.62.61.160:80 | www.bing.com | tcp |
| NL | 23.62.61.160:80 | www.bing.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5A6K7OB6\28166840467_e23a6fcf56_s[1].htm
| MD5 | f5d40b7259645010f9a248858ad14178 |
| SHA1 | b3051d17a6ec8c9e166bf09a62b48261ab86957b |
| SHA256 | 7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d |
| SHA512 | 1e82bc2d067f726670b3e6054d73e57868f6e7c50eb979696bf927daeef699f2d8f8de201e8252b86b0e9f86dc69e5037fc9fa08ef6c271b033f29d4f0f4c1aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarBC9.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 8d2ca82748998c4d6226a7fd1846d873 |
| SHA1 | 5e6ae07fee4a712951c44aa0f5f206c6e654145d |
| SHA256 | a2509bbb2f54ab68b592d1d3a92aeda17be5b15d579c455ebb8045f5f96739d9 |
| SHA512 | 854f5615a53626774e77bdfc8748f56c0940e0f4f99af4633949aca6b5abb49a0e43913f91c1b4c9c64d963e2d8e6d4187f9301d4ae897f206a8934ad458f657 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8d10acc9e11f3cc2ccacd8511667820 |
| SHA1 | 0a6bc55c5d3a68e7bccd4316e18b21924d512711 |
| SHA256 | 5b638614da4c4b398fa2a7d43c10ceb44324decc35eeeda7208a4b248705c8ee |
| SHA512 | 9cf7f81972f92f08ab48c9010b26a591df7db2b82c1e93e38cfb8c03fe71f6e8e3cb7902b38673783fc212a8aa145f9af4fba5db36b159a7f3ba143f1946fca1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ee9570c13a50678844db47e0155e1fd |
| SHA1 | ff31abe7ea2cf17d805e25ad5cdd4c54b3f579c8 |
| SHA256 | aa7b3cd6b959f05922a04afd5dad12239acb05affd614ebab0ce856789da10ad |
| SHA512 | ab91cbfeb2f11cfe1a8a02302b93b258c31ecea2af44e4ee4826de1a6b74a39a10bd138f4e6e2c10161d1e7aa94a699ff8807581486cb136c3de57bc27773998 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 5645d479afac1761458f772846237cc0 |
| SHA1 | b7c2f37d756413311c8255d238b60bf97665a4dd |
| SHA256 | a33b92d7f2ddd140cf6047b08b29edb5c63f3ae1bbca335be05542e9f69ec37c |
| SHA512 | 2f614d1b93077eaee493f07c7bcc8af89eec7db65df484aa030d48e4ee307e3f4f5d7b530abd84b68406e5758fb71140f3eae4a6bf7ffb257b3aea5f94d30cb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 84a990b7af8c91f7f1b336af93a049b3 |
| SHA1 | 9f06d61421ef1bbf96ecb67bf707ca3a998f3c23 |
| SHA256 | d6d22b4ecf5e93909cc140d3b9b1b5d9dc96c135cce77d9a13387289d9cafc71 |
| SHA512 | 0744d5095c16000dc5a619ecb4bf881e53bf1dd7927936fc1ce30a937737f8fdb7e533f6e8e2feb0169e3d597d382b847f140af887bda54c9bcf022804a1cf76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6e7893e3618869f64251afe32e465f2 |
| SHA1 | a3e94ec69cd6bfa2ea359ce19e1679cee4fe78d2 |
| SHA256 | 06d5e0e8cdba78715490ace75ac79b693d06a15be8e76c7c080b9ca70ec81786 |
| SHA512 | 402609650009a6932a06d99e7ef2119909da59d37b3f4a8d085515b53c8068c52d58098065d7f3eef266cd21ee50d68088157ace01bae273e8aeddb8ab5923f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 311c53931c2cc693b4cd0652a06f0770 |
| SHA1 | 76884bc56deba390717e0fb272dab2e1e2f28c98 |
| SHA256 | 8158298007cd654db6cceaae9df561d14a207edbc2975236b96e05ef98a23543 |
| SHA512 | c9203c7768c8efb3eb24e51736979342afee2211e7b16be6283c07ffa2f6d851339bb679e12ceb01e6b1f5e419a51c67cff0296774773172a26f3991bd91655b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 928215d1e99410fc2e9b8093be22b4cf |
| SHA1 | 632c7da5329d040fb91e26f57f9418ed5847cd66 |
| SHA256 | 19a2954b8bdd89f63ab6bceccab4af71ca82c301268e1af7010bda8812a6d962 |
| SHA512 | b80f4e6ad247982c5479a7091d1de6dcf23913cc1ff2348373abe6d55ec30fc52e98a98292131b77a725831afc9b5ecf772b70c9a5cda784df4dcc73001db044 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | e182265e0913b1070439ea835619e529 |
| SHA1 | bd50229bfd1379543ce7c88d626e247c75bea2d7 |
| SHA256 | 9bf9ae4e70d06e7c3e08d3d2c7c2d6956fa08f522010d5305603a6b78e222618 |
| SHA512 | 7bb3287950dadc2b77b9db9faa4ac0fa47ab87975bc9b7cf84e13b1de1eb3301beb311c4b2bb812afc32343073bf0f711886e5d646c0b43c505bac9e0949109b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 564464efdf1d1803b4cdb1e79e315af0 |
| SHA1 | b2ea805fd7f81879de3df7600ae96a9287b15045 |
| SHA256 | c5e5e47b9f9393da8d1cf48a61e19b084d9f82b1dc034f761a6f101a08bc3c5a |
| SHA512 | eee90a33895be212aab28d6d3df9ea99ae40ee967d0389852b5310a97fd66a824fc3c92cd1f4c67c99c70ae2d8e1011aa6942c78a18ef6fcdcd6d4bf37e1836f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b19a22c2182a19132616ba60f8ad59bd |
| SHA1 | 78d2018284df5dff0385ce17761108dff3a0fffb |
| SHA256 | 8d1d4ed145e7961b70ce145bfa01106f1033de13a37c78eea9b23a85537fc5ab |
| SHA512 | 4cd7165e106207962e8d6097cf0f5a22b2fe2f7ca015d0a4c4cde45a4cfdf4323f5f397042dc1ca28b2dc01f7609f336598300c49861206622a6cdb11e3b6874 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6591e294015f70a7262a561f98078bc8 |
| SHA1 | dae9534aad9098ed720799663f54e9c26bbdce44 |
| SHA256 | dc0220b1d2a5a043b48927ca98a6841861d132b115d942c227ac8ddaa827642e |
| SHA512 | ebf8124769be5af08c16bce8d8263c7058f7c62e5aed5c048a16a59e38d56d5efff06c84bf201e8213dce8c785b454fac457a4f4eee39441a24f9286379d3974 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 79a72d1f0d3aedb0a047c06d095ba5d0 |
| SHA1 | fdd4b89ae4c9dac4ff2472a2295af868f769952b |
| SHA256 | 2c2f77e5d5974d00dc146b5ac76a72a80548a9d53d7fa840d2d8681cee0805fa |
| SHA512 | 4e51f1073aeaa731d2cde6f7b069b7f8586acb0d32b0e649ca646eca487ee86db8b1d8a748afb9a242ecbcee5500c7073ee43cb807e6fb2dc814e4943e8d5598 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 6351b04db4706808f97c69426166a23d |
| SHA1 | ea26f694a87d9faf943ec249dcdc5c38e438eace |
| SHA256 | dcaa0f57800a80af4e70dd1f970831c93eedbab9e0b025c00776808c6f4183cf |
| SHA512 | 4190895d144426f2ec07163008189dbb79729b9a68bc13bcb992d084fd489f58e8214fae53dde7483639c87c1674a4d3cc295fe7f9e361162fb04b654edbbc3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656
| MD5 | 2570d205000dcdd90bed05b36e22cc11 |
| SHA1 | 1b5e16941b12118f1c6b30b4e3241c9d6b5272ae |
| SHA256 | 4df7289c3980d141a3068dbb85f14c7e5c7bf93489ba2b8471b2e62042be0794 |
| SHA512 | 356305367dac6fb1ff1d9690aca59a45aea95344051b12cac4dcd97cd526cfa09b38e2e1d12276f41c69ea24d4ec8966d86af9c945882f9401054ac70168f8b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656
| MD5 | 0900c92a8a993c591f68e2ba9af99095 |
| SHA1 | 971ebdf37d875f4d78e32b48832361e80f9fba77 |
| SHA256 | 0825736df91a0db1364c3b1882942da1ebc1300108d3412f94b293ab30f1f211 |
| SHA512 | e46c36a8b611ae02c320830c0b68d869d2ea0c890a904c2d13471734fae71943b2c773d0dd833c127e144745559ff5cc6c7f9e7ceb563b4b716447c6466a6698 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5226b7f23db0489d90bc6d8caab95f46 |
| SHA1 | fe322579a569055ba6cc1b46bbb39370dd59dd0f |
| SHA256 | 4ef485282a6553d7d7f257c38289f92f1b142d1e620ee4810a2fe2e9d9362108 |
| SHA512 | d74e9a8f7b9b305886427905541a6d1c97afde5386a9a4530fd43ea694dbdb310d3c44fc61ac100ace541801cc9a2101e66c3b8d548f2d1e08e8a1f903d13794 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e8a196b417192612d821187503f2bf1 |
| SHA1 | 13e59cc424f0f7295dbe7d3684101da4cdfad1e0 |
| SHA256 | 370f83e09e25b0a9c0a2ea41b26dd27099f238746f86849ce5217d6f720b53a8 |
| SHA512 | b082340219091b379bc3adede3a63164d01fb789801efa437f3cdb0409840ab719ec4123b3e6a7a54c12ca95afd4f75cd0fb9a503b3799cb2d6c7b95d9c22f07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1344f18cb77b91f39bd4cf902fd98e6 |
| SHA1 | b6355f316b0ff834163f18dcb6452abd198a2ced |
| SHA256 | 696aecefadbf18ef4557a115d0fd950b1b379f473b0f986d2e57cb86c6cc3d3d |
| SHA512 | d750f18c5a69ffa7ad25f8d3d99f38bfad34c8f3e2e2453b3a10f67f41c12ce7e04dd162c231d47d5a0ae34db2817b09e363bc795f6610745c87398fb784f4e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3a1fec04c795675b488c8b45555d6f8 |
| SHA1 | 2a899de991984946bc5c71980d9f8ba17951d180 |
| SHA256 | 3e90f215885c5bb39191843c91aaea626c3b31017595af6d5d93ad326f9d655f |
| SHA512 | 02055c4d0df6d20dcc2d913e4e07b5740a380259d5730c57e1b7264f33ab2b905154db81ab97c666dabeccc987becdec748b0efe61a4fac40ff2060a500509b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ce5ecfe87bd401e5c1dbd5bb760548f |
| SHA1 | 4ec8c11921417644664d0f07b8d284b507b9b4e9 |
| SHA256 | 75a807c410160c2467152ed31606a5fdc94f9fee0e72693d9703f6e724351a10 |
| SHA512 | 83d729ead562a7d1718285ffa3d2fc1deec1aee943934f114b93dd3e0c1557c6d3cadb112c3994bed2c70ddfec2c1a9347cc24c27bcaa4598a0d003c8167e372 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8d543f2c1e45a70af84db6ab3649913 |
| SHA1 | adc5f72a895a37ae0403b0dab73fd28658e22228 |
| SHA256 | 00635851f472ad2c057f774cb5dc11acc45d47b2e2a865831b91c5622937b804 |
| SHA512 | 05ea3ae9e2739a53a049fb43827859fd0450ece84ff9a4faf1b176272d52296b3a04b1a941813cd4ade3b07b29b17ae222a314126714dbe1ffee41e5738399a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | ff83d34a0c9102645cb20746628c7d91 |
| SHA1 | c1779c2134e1ae4677e62fb0ff6ebe9275db8d66 |
| SHA256 | 0a4f17a71b8ff9e9bdc28f082e8fd8e70d2ea43120fd70b17ccef913e32aa8c3 |
| SHA512 | 4070cbe27ce6ef46611346d03c9e95b1b401c86c8daaed179585b98e5c71f9b26d6fe7efd078e49f22407387b835c7eb8c629de0e36384d808e824cc32fa23f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cba75d267d429557fb62dbb13b96c10 |
| SHA1 | f850ec2531b639c6a56a7df9ec2efb0aa91e13e9 |
| SHA256 | 0d44df01dff255d9a84a327520da86d0b86219f8f47dca8dd591111913e8d2d4 |
| SHA512 | edbb861cb948d5336639118623618b0aa27f7667bcfb3f3b722e73005034bc2c84e8b615f3d186d80a71b1f52b877ec895581bb77d287e604b542e577e01c690 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1276da033d17cbb116ddca07ab0e62bc |
| SHA1 | 34b985f6f76189ea84823d693788deece0147198 |
| SHA256 | 433d915f671fb8eed716c29d1a4b4dd505da29714ca8cc09b615a2905e0c7864 |
| SHA512 | 3b8ca61211d2542113d694785e17bb476336550af9b9bf9b83b53541c3edcc21b94ab6d91cc40b0eeecd8bcea1e3d7d6b0a2b92accce8eec170e0b137e61f0ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1315bffde998a0e5c5a6b92fbee65179 |
| SHA1 | e95dd7ecdc1af0dcd587c58b68633e3ea329ad1c |
| SHA256 | 11ecdd5fe7ecf40a009a740b69eae80b0a1d9b6d365ce195676ed21c39dc31b6 |
| SHA512 | a3619159c79d85d8a0d21f67eae2d16f1f6dbd2d2190c2bff088504be357aa66237457637b906b3e558603341a4a0b515601f8f4eade1656c785f173ec0835ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10f882d6bcd326d7542c7b09421ecdc4 |
| SHA1 | 403c1a1de6f0593810867bc4d1b2dbc5da4babc3 |
| SHA256 | 44cb2ae31aa62b98c9413dd9b499261e0a7fc07682a8036498086fe0b94827f8 |
| SHA512 | e44c992b7665ce26be0bd263475175b45f04f379a8a83ac54f82b7ba288e7ee9191554198977cc1c1143749846b85c5ec62f6c99ce5d1a2d8afc1db7dce405df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77b25c9527028852e0db89ccf51f1101 |
| SHA1 | 242ef0bcad39630692c8c60b75ab8b4577fa6986 |
| SHA256 | 81ddeb549173d3b94a49617d464cf0a9e89c64fd71669ce4088e3f825e84df00 |
| SHA512 | 7b7d3b276a3a0b1a053ad51f276426562d312f8265aafc55a76387e119a0553440baf12014aadf6b1af2fa2ecfabddfb2286236e59126e9815118138f9a205ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 641be99564c96249b74a62b6417c6944 |
| SHA1 | caeb88e47e53b56c48a6286d8119da6c6b641a92 |
| SHA256 | f688f49a92239e06b4a4a5169f51dc820bc896e1b14b96ffac11935a7a40aea5 |
| SHA512 | 2da322c802929b9268befade4ce90d002d8e186c884917e21cf69cb59ec6d5555853d57f514104e68d21d8722dac63b4a50333264e095836180243d99261c285 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f84f7c6eb67e76c2c505dbba0a23805 |
| SHA1 | 6241defc135b1398f11c6d602cb940850b51eaee |
| SHA256 | 8052a4b2a9d544cfd1299921e8c92f7ed318541d2966a29c73f8476002c75196 |
| SHA512 | 53c0477957cf35f602b21ddf16b9b3f33e5d17223a9efcb3cbb246b6f2b71663cf5ba11e59a46977cc9a51febd0f47af3fa5f9f5bf7ef97a0a4d27745c7fbd40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4af78dc31cfb1fdf471f41830bc345a3 |
| SHA1 | 1a81971b077a5fba16cfe18a1a036be23322dbd3 |
| SHA256 | 41f4dfdbe420ff37748cc08b5af523090947785028a719a53c39a16c75757932 |
| SHA512 | 8433c2f01890fdbb2a8c2d90c173c3f138b0cf13dac21c1772136a1280ae854afd0f42283aa285a9255b92d65e0bd213ab7208e1b447a541460f129e85142adf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0276395e38b60ded1dd7c0dc8b629ecd |
| SHA1 | 8c482765f57b407896359bb812317e7fab25fbdb |
| SHA256 | 8f63c0b5196fcacb4bf47fb29522b8372cfc5d6fed48e086b537aed93752140c |
| SHA512 | 4402b2c27f135a1564152b89098c52c0563dcce905193ba372a9b41adc52cbd594a40642bf741e9bb69ac9bc1c1179f00144a53200ea2bf297edf0c4267bff57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3cf71d4c95e3e87bbd30e72c907a3d9 |
| SHA1 | c86a5766faa79fde3b9c67470a326e044180db52 |
| SHA256 | d01a31c5bac77499211fa08c60e39f70eaa74a7bc178a4f8354a81f103185674 |
| SHA512 | 8f8fac39d66ca79eb8ff19bd581b2f762623024b5e74253bcfecc9aef6aac60af37052f35eaa6cea5af8a76bb6ff9495f4391be804a9c63a7d79ac067877bf65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97612f5c9e55f4641c32efb0b301c121 |
| SHA1 | 8a25f7722c2e2930a7e90f77c9789912fc8ccde8 |
| SHA256 | 01cfe86fe501aee555da54091082584da3036cbf108ac5e4c412c7f5821ad992 |
| SHA512 | 60d3d7b5f18d28d947fff6b3341bff26911219156a38cd08b7345337ef7bd6fbce6177dd56520fff97fd240684a50ee071199391741640e2e1ac52f8f4f40819 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06c1d474858198dcb763314ebea5355f |
| SHA1 | 83d715ee89d324743a9b0b3c4d59eb2bb45ddc22 |
| SHA256 | 1c5eb779ddc7bbf3c6f14a94201c06f79c372b6b3cf088a640e92854030798d4 |
| SHA512 | f0825081f18fa5e9752cf1751aef6e95fa6d918bd8b2a4ef6e35ddb739262578f110b2a17acbcf28881c0168dd5bbea0db88f91598b2ec48736c985ed256bd69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa9c8a9ea9e4114aa23789cf7e393a0c |
| SHA1 | 782e8a149bdae5129db4dd08d959f49a96df2660 |
| SHA256 | d6958d6a263779df097129a636c51cf845d05ace9494c825c7dc5602174b7ab6 |
| SHA512 | b9b40d5c71adaea265fb07466472e74b51471ee27c34e702b61a7a7a237a69b24a7f8c0e8c46d622f119aab30335ecac46d2554c431cca3d7682fab5409e6638 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a742ad98bc9c833f5a11ff5d3a14bb1 |
| SHA1 | 067b66772366869590545ea7045abf14be3c41a9 |
| SHA256 | e0fbf3f2443cdb4721f803673e41d13b7e2ee637eebeee3a16d3ec61dc5416ca |
| SHA512 | cbe34201d7c734c78a3fc3f10081f5076d27b152be368082b9931e0fc970fffe2c9a56cd066863e559c8e1d266ec584c1221d364efa5df651c2e8b7217dee428 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a1e6cf36ca386114fc0afa977faaa96 |
| SHA1 | 2e1367b9edf501cf7ea2683d7ebff5b8664ae5f0 |
| SHA256 | 81b2e5ed4997f756d6e9c6c51c7baf8f9aa8c694bacd4242a4fb4a7ca3e32abe |
| SHA512 | aada828e8046c6c807a576e1aeff46e96436d18670968e75438a523a1580516c3dc416840c1391e324a03edc9f8c5506b08dcf6ae524a10d1df8238dd8dd33e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31fb6a1c792ff5c2ea5935a2277d7b27 |
| SHA1 | 445d747c5b5322793877e00cf665aeaec15aeb61 |
| SHA256 | dad9ac58ed25d72ad7637876278aced28b9092c312f831932822a54dd6a72784 |
| SHA512 | ce9ace89a3dba25a3712b6bddc1506aab1ed54b7f0820ab4e3cd94b19e023d68c961720d43937999adf5d4c52b227bd1a1972e413203e845633d65a720e8c575 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70254ac4ef35e6c257833e0d53981b2f |
| SHA1 | 63ba438d7d5b24a2bdce5d2eb78365d336f9baf3 |
| SHA256 | eac7deb83e00a77a543193b9baaa063c19c09bb24b0aaafea9d8b5b791c37872 |
| SHA512 | 104c8c096be7ac147c0805d3d930901ee513663c418e2b0a189bc75cf8e6f1d191e8c277c74ba1123d22f5bdf85c4fb64a6ba260b01751ed805e550cb91d6609 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1b400804599f1c21427500f5efa6c00 |
| SHA1 | f0b53876a72629b69a330314c627880114d3c4ab |
| SHA256 | f464e2239e8b54f62111da47f6c1a99475d5534c8d9986f231443bf0ff01fab2 |
| SHA512 | 983efff9a9880ff8e272e6541a389485234fc753ddc0393c07d7df1cd7529c093ac02d196890770eb7dd560f51c970104af65ac2316ea104bc0745194a200973 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 18:49
Reported
2024-06-12 18:52
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
143s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1d3ff24f7237d1ac05976bcba8a8ba8_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbb5d46f8,0x7fffbb5d4708,0x7fffbb5d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,14543613901740001441,11396422241260992385,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,14543613901740001441,11396422241260992385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,14543613901740001441,11396422241260992385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14543613901740001441,11396422241260992385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14543613901740001441,11396422241260992385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14543613901740001441,11396422241260992385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14543613901740001441,11396422241260992385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,14543613901740001441,11396422241260992385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,14543613901740001441,11396422241260992385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14543613901740001441,11396422241260992385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14543613901740001441,11396422241260992385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14543613901740001441,11396422241260992385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14543613901740001441,11396422241260992385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,14543613901740001441,11396422241260992385,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tweetmeme.com | udp |
| US | 8.8.8.8:53 | tomtheis.com | udp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 0.gravatar.com | udp |
| US | 8.8.8.8:53 | farm2.staticflickr.com | udp |
| US | 8.8.8.8:53 | farm1.staticflickr.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 192.0.73.2:80 | 0.gravatar.com | tcp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| FR | 52.84.172.83:80 | farm1.staticflickr.com | tcp |
| FR | 52.84.172.83:80 | farm1.staticflickr.com | tcp |
| FR | 52.84.172.83:80 | farm1.staticflickr.com | tcp |
| FR | 52.84.172.83:80 | farm1.staticflickr.com | tcp |
| FR | 52.84.172.83:80 | farm1.staticflickr.com | tcp |
| FR | 52.84.172.83:80 | farm1.staticflickr.com | tcp |
| FR | 52.84.172.83:80 | farm1.staticflickr.com | tcp |
| FR | 52.84.172.83:80 | farm1.staticflickr.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 192.0.73.2:443 | 0.gravatar.com | tcp |
| FR | 52.84.172.83:443 | farm1.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm1.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm1.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm1.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm1.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm1.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm1.staticflickr.com | tcp |
| FR | 52.84.172.83:443 | farm1.staticflickr.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.172.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| CN | 36.159.125.71:80 | tomtheis.com | tcp |
| US | 8.8.8.8:53 | 211.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_800_DUAHFGIBAUIIAYYA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 225e551e45bca2d187a6aebe522df2da |
| SHA1 | 76157a1f6c0aac013cf1506ef8685d66f9edef84 |
| SHA256 | 2e057a2f134de9439831b59221e04ae3cf4bf1df630a2cc5ff167f532da8f4a8 |
| SHA512 | 8f5f78c1abd782d7417acf6d9f30f5da111b2011a52c63a31b55f500446ee3c5294807a6c25ef11f866b0b75212e97bb5bae5de20c894a5cda18d1d449e0e892 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d991c232b78c03a210374330babaeefb |
| SHA1 | 729ef24d2607c5ae0b43cd703aa8d31eddbd9134 |
| SHA256 | d235e7820af90918207444a5e2acc85fbe25c67e8074e17e49202f3b52a3a252 |
| SHA512 | f055845df16c726fb5529a693c3b7a31b26e15172a9d64662a17a9cccee3aa75705c33fe6ab72de43a14f9b4952f6de367dfc711b8a95688e17c0a34601c2858 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3a2222f4c9fa0c6ad2ec969a5d675ba6 |
| SHA1 | e105ecdc3e5f8e68270bddc648d3fb595eaa07dc |
| SHA256 | 0933519d6754016748add059cc7d81f0e060a7d9745eae47ef25ad996f176087 |
| SHA512 | 68dfb87f3e560c7b2462a1177e3f30d989fd9f26568c6cab10fdb551c02dab76db6f5724ffa71a0daf9cc6b9d5ab87b9462295ef6e15209faf4d16eb93222f8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4c90c11c8547c56e96218887b3febc31 |
| SHA1 | 5e32ee0442568e78d643f6e42fac14174c715471 |
| SHA256 | 6c49f6fc8a06d07e5d9f19adbcfe1eb317f703220b35422774bb528f0ffec88c |
| SHA512 | 0dee0fe06b13ec2b6bcdebdbc28751090a813f2843b8560464e2bacaf61a3c55d55f76ea476b1f01fef91ed24bfc1375e1db4b9c16a0c6051cf184d20a23c030 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f5468fedb250947080e8738319c6bdf4 |
| SHA1 | e6c6bffcb0fbc0bddeda49d2762c6e93d668182d |
| SHA256 | ec184b42c55446d2d835394751b6022a2c4726afaa1167552517e6ebc8fba0e4 |
| SHA512 | eda8b615e0b709f5c7646243ebd584a738123b535a05b1130f53b4992dc2f754ed462cb3f7649efd8d710687bf2a1cfc77d7f28447592516ca4847833bca8a1d |