Analysis Overview
SHA256
5e3e12bc82b313f225730e4cbf31dbff19232f841eb64d7099a5143dca9bcc2a
Threat Level: Shows suspicious behavior
The file a6aa0218315d1bc4ab1b9fb80af51e6c_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Enumerates connected drives
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 21:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 21:32
Reported
2024-06-13 21:35
Platform
win7-20240221-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Enumerates connected drives
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{74484801-29CC-11EF-92E0-EA483E0BCDAF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424476225" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b7b5f588a9a5a241a128b74cd3086e5000000000020000000000106600000001000020000000bc32db7a6260582d501b6dd0c9bfc721ffba218958922856b0416abdb7ec0e75000000000e80000000020000200000002af2faac4fda2bbd2390c4fd26bae4b2a8c37d0fe53cf6103ed89a9a1e34480920000000d881cfdc1ac1cf2fe723343c99fa9708305c9ef08eb4a82f3430e150a3aab5ac40000000bf69a91d4316e37888815f5ad7c1ddb87836220fdc7ffc65b8ce520f5a62e1229eca5f0a7c6f544a8970ead584c8a90d70e094eb9540cd3d6d09bf75e5ab7780 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7003757bd9bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b7b5f588a9a5a241a128b74cd3086e5000000000020000000000106600000001000020000000097a502f3d44a928b7f84e405e419c1ec658f25bae7e7e4b8a513fc20016b5e1000000000e8000000002000020000000d150a4f2360d4c290f1a2aaffea8b52e21d4b4cbda33a50279a1c605c30b63a490000000fb8958969cdd38c0c69134bb49582598d515b316f5d0b637dda4fbeb12a3070d336c67e198330536cfff78b0a73dd132205a53df3f3cceec73dc46d12970dff39390f5a7047771230461a98fe51860f6dfccf0e233ecf607d24a617af8f17ceec701f74d998d01969bd9ff0a02f16eff7620958b8d4a25f2fde02d80ceb856a73b87c75e112d1f9e117ea33f530c6999400000009031def1de7da0e0289ebb6efb32298683be31d265a167d44240a7816639af72bbf7ae475a3f7dba7c15d0ebcae769888d9deeb37e2bdb8c59edc1f21b3816b6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1728 wrote to memory of 2012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1728 wrote to memory of 2012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1728 wrote to memory of 2012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1728 wrote to memory of 2012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6aa0218315d1bc4ab1b9fb80af51e6c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.hotpotok.com | udp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 8.8.8.8:53 | e-gate.gr | udp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.26.9.197:80 | e-gate.gr | tcp |
| US | 104.26.9.197:80 | e-gate.gr | tcp |
| US | 104.26.9.197:443 | e-gate.gr | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | qrcode.leipi.org | udp |
| US | 8.8.8.8:53 | www.aaofusa.com | udp |
| US | 104.21.77.60:80 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:80 | www.aaofusa.com | tcp |
| US | 104.21.77.60:80 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.56.133:80 | www.hotpotok.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 104.21.77.60:443 | www.aaofusa.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\CabC0E0.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7795cebbf4dc8950b2d5ccd5c886aec7 |
| SHA1 | 195cbc74ce2765d63835ece293f261620bd2d483 |
| SHA256 | 6210df38ff05ce193541b6ba9625af2724d1f0056591adb59b3dc149e0958054 |
| SHA512 | 20173211840d5c7ed5a06b7402a8fe4fe42d924b643eb665a906f3adadfd4b66c8217cd6212ffc12d12ee3e1b41bc0c5556d3020f624bac2b9da285c324be7ab |
C:\Users\Admin\AppData\Local\Temp\TarC2B8.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarC3C9.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e216ab17e617a39b962f25b94db1f18a |
| SHA1 | f3a3c5a983834f674dd73890e47d63e2cee6ffdd |
| SHA256 | a6e9ddaedef9ea98658a9b944900c20c9a0d68715f286dfd45f177127ae9025b |
| SHA512 | 761071d25322eb3431755042124d3db4e0a2b5f9a7058ceb1a498ccadfd528126823c8e711547d3ea1496b503d6b69cbe5d749d75e4f6003a7d4390897b9ae5b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\p-1[1].htm
| MD5 | ba76d5533aef4c87038f68bc19db8c1f |
| SHA1 | dde6badaf6da3cf449d061f4ca8835b466a193d1 |
| SHA256 | 18037842741c2e00844120981f361224037a48f2734a86f907550b6b6a89e4fd |
| SHA512 | 54a9b76d02d6025250152a71884d974240eff414102450b70f75b2cdbb80ce54b21a527526e4db65b5723a7083e53874815468136de61bb19eef85b605120368 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\p-1[1].htm
| MD5 | 41c97e4eb6c6206aaba65e8dad69ba22 |
| SHA1 | 8d6f87b8697387d2c9ac8d0911748c87c217108e |
| SHA256 | 72a91851b4d5d08432e65216ce940a2493583f0bf07be5c4be7dfea596a5a991 |
| SHA512 | b06aa347ae3cbfc6d5533bc0b5001469561a7dea5c3757ef45a27feab80b4e55e2e2a2da68d212ad17c90a5935ab0d252affefba61397f0940046a22bb2541c5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\p-1[1].htm
| MD5 | fc9a40bd59e4044877b3340c911e8474 |
| SHA1 | c2bb54fdc15d864135b68874647fcbb44586c63b |
| SHA256 | 4e24e426ade521c845fb6ccf4a26c3968bb4ddc442bdb1bcec772b35d832e7ad |
| SHA512 | 88262f6e20212c6aa7233471f040ceb6386b37745309deb341e37c0b3af6df106a8e291881c525386e3817a98fd9e68b233d0513bc7710f1a441bb185cbd6160 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\p-1[1].htm
| MD5 | 75f66979cbdde7082be3c7c460cbac82 |
| SHA1 | c28cb06135e370aa7c85eff1fe9bb5ce263d1a75 |
| SHA256 | dd9eb4637a1f3f85e7033cca05015492b5fd1b6bf1a2840059af572f0407417e |
| SHA512 | d222e0c4855bd76cb27372e95d1a69457ae1f6d8b13e4627dcb0761fc6651298c5c03fe783fb7ce6e47e92818d1b4f9b9561ec733866a01572ce9a6377539ec7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\p-1[1].htm
| MD5 | cf0c27d1f48f67f17bd30b7bf1b636a4 |
| SHA1 | 56082847b289de964545b10c2221cb87158ed827 |
| SHA256 | 6598dc4ec072d160b1534cfebbc384e7fce673dd3155b035d7aea9aa4839e4e0 |
| SHA512 | db4a7d25a1815ac2ca76be6c37a81d38755aadabb5b45d2a4c70f7ae3e5f0c40cda6f8cc444c3a460618cd72873fac881a2816c7f60f801476f9f8f0eb94e3a4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\p-1[1].htm
| MD5 | 71f4c461caa1b2cd7ed8c0e9f7c2a86a |
| SHA1 | c5405cebb859607bde29eac98d0d563f8f5de768 |
| SHA256 | f973c6d77e95371b080a5912892199311abe20c50d9ddbe60ed258f9c61257db |
| SHA512 | 3a2368261ccd1db9cf261129442650c5a98f896bb10f935eaa490695c206801aec7a7861824c659dbc4a9b8656c6f4a5f436dfea53dc5f8c0bc4ebd72b5414f2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\p-1[1].htm
| MD5 | 65dea2e261f008cec3a90012d931be36 |
| SHA1 | 2ffe5a26646f3dafa9c8ae626b4ad5d35213cdff |
| SHA256 | 95236d300cb629de148be2c4317b58091964597c68f0fdbb3ce8b636dc267265 |
| SHA512 | 483fd61dc585e2636a7d63a76690bde1bfcb9c7c57749b14306b92da9d3c5fb6f70345670839e96ff6e439e55b9fb2ea50c0cba5606b37f72f6bb21ce734455b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\p-1[1].htm
| MD5 | 6b5fee9fef5b63b15756e34ab1706e97 |
| SHA1 | 96f8423e688b85ae19f6c7b26151dec619479ee3 |
| SHA256 | a9964e961fbb900cf9301cd9b428808b5e3b345cb5783c75de19071d6123b65f |
| SHA512 | 149bd407794cad062c146aceb7f6e8157eb8fa3ff8f22672f7a5d9ce40c698b677f5fb699b22e8a70754735015c0fcbd3934c42fffbc8d529c9a17f9c741356a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\p-1[1].htm
| MD5 | a9facf836021785d240e245484d9f16c |
| SHA1 | 1f264cdc96e0e3fe732ec56e475c84ec6a678e7d |
| SHA256 | ab66314fed94c51a5461fe220b51b4cda062ffbd19b3877340a064ad8ce20703 |
| SHA512 | 4eacecdcbea6e09573bd3fffc0a4b4fc987f61941ed4045f2df8aab7dbbd95ba1bf913bdd3a2acbb06e803b0f78e0745e3e08b0be55c5223e6c4b555c06e558f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\p-1[1].htm
| MD5 | 25749430620cf016c47cf166e77c505a |
| SHA1 | e9c945deb6a15be638e1ffa92a2df519635748c1 |
| SHA256 | d65dba92acd34a77cd5f4704f2565f7a39295a91055ac0e2f85b2b11c3f2c7c0 |
| SHA512 | f1a20974a4c5afc335ad3c7dc007c787c847f31498b038091739b7fdfaf30b1346bc368216b02e347768974065a37fdb8923dcebe7972209cad61fd8869ab94d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fbd3294c9c49946d3cdbc09fd8fe71d |
| SHA1 | f35a4219af8235b6318313ede38945a88ff434a5 |
| SHA256 | d5b99c00f61fe2da1af09f5ecc126f618537528473b20317704c2b08efa0f6bb |
| SHA512 | 5bed63031d396c267578137f4984381a6085c62de82b5b1cd457e49e4de4f0dcf278f7b8aadc5721b3924be372dd30071e3b103c6212e83e1dcaef9393c21f67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9579f02ab42246b368dd77c8bb027e42 |
| SHA1 | fc6bcb9b7a9a8a94113bd0467c546e5626e2ed39 |
| SHA256 | b909ad53bd3fe3d974633b8d07fd53739b2b08e76d09984c473ddb77488fce57 |
| SHA512 | d574100bae9e20c47ea3e0cd9cf93ebdd14c1c53ca5e440880c100aef229e0f780b8491b8ca0a92faf9ef5c7529256fd7092434b6c7311146304741b50cfc68d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d109923d2830c22d2f81bf58465ac602 |
| SHA1 | 1e66210aac42282ea5d5c8716f164bd2f1981a0c |
| SHA256 | e050efcbe4d3d2f06ca0d0ff75a5a15ccbc0f315ab4b4a0d0758ec9d685a2a12 |
| SHA512 | da9edcc73601d12200ca4508da36c79498ce985c5aa6f8d435d39ae6f95ff97e826ad5142dcc3eb00a2001d1ae3a77123227576acf5dc7e933ba8ddf0bc0a159 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cad4e40a32a2e6df3862f8aeb7b92be |
| SHA1 | 67d4c6ba4234fa9613f4e7c64212b7c05a8e9180 |
| SHA256 | d49ea0de6dc518bb562a19e84a1f12db844f76354ad62a7db68339cd20cee863 |
| SHA512 | ca3042384257ec5eb46e42a887fdd1df1d7a52afe7ac817c67db203521f182f63cc85d33cb8fe3cf7a9c1e1ed28c98af56e21757362287795cb46f26751deeb2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee66ea0298816f5a252d8216e37d00d6 |
| SHA1 | db935b29d6a66a8120a13adf8c75e51b3e3beed3 |
| SHA256 | d8c7d56fe482f97800317ba425155f69ed45405fa91f5fd7973177ab9e99ce0c |
| SHA512 | 36808df80748fed5933094b8d1bd9475c3e17a7351a0c8f31c3ef16419716f463a650734b2163af1c7c8e8ad3bc16596d9dc05a066f0b770e8f4a65d33835f27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a81629031fd600c2db907e7e40f943e |
| SHA1 | 1f48ec9b1e779b75f37c52c4f50f621a2e2162ff |
| SHA256 | 274fb8f7f6a25e54803223392e29826f4433b12a278e49eedc58b791d0f76c55 |
| SHA512 | 2e7203570cafbfeee291a1a1200da62ea5469fd14ab20f5ad13d35257aecd79bc4669edba3032e5f2678d303f485ca957485e28c488f7d1d1dfe20806ae03603 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01e6dad0dda6e5865c9899b89765a528 |
| SHA1 | d654097ff6dded42e8f6e305a45d18928ce39883 |
| SHA256 | 7a5795a4886e759bcc48cdddcf5e1ceeaecc6dc3df31431a87f137250632a808 |
| SHA512 | c8ab06c32b697f1c9207cbcb143fc189cb8a0dedb9b12b311fff1ea5bab71cd7a411135be03cdaca87427f7a87470008f04294e1c85dfeb95bdfb4c9d69eccf0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 734eb5abe336adfef45f30fe584b5f8e |
| SHA1 | 5bea53c6f051b2e4b6dfc67456bce1209cd8703d |
| SHA256 | c37a45f1045886cb9c154cda7b87bb324fcce3c6f7f9e2f1c3bca1d3fbe12e78 |
| SHA512 | 768fed422157c42ba6bd68dd16b734843b16beac7cfbc20f8fc3fd4c960e5512dd77462f453531b9fb08cb5b07706365550f06aa786860ff51cc11981e7c893c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8937eacd1b296b2582e4d439a27adf0c |
| SHA1 | 82aa5366e42674f00f807d36c3126a7eb3cdd99d |
| SHA256 | 8a71d835d8895666ccb25e90a28484d503d63fcba3ffa1bade07a3363fff3a77 |
| SHA512 | 05cde5e5059c334c2d679ded8d4b4d06401064152af2e224512a6df5484fc0d0a1b0c8b205606855e4db64b0dfa63646433c7124b6c1edeae28542002aa13952 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a99f350f1e8235c3977ad2af59aed99b |
| SHA1 | 3d690aa4a88ce5d657dfaae72b5ec49376dfecd8 |
| SHA256 | c05d19a04a18e7388efa64be972d462b109f3264e7915b57cbe5cc615ccc18af |
| SHA512 | 2a8f53dbd7d84940897f532f2296854591836b438fa943ab7d54477588d8dc30dcd48e6268a915eb20e9788966c11a86582a68efebc311e33f10d69a6809b685 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
| MD5 | 5b6c2d20aab0b82ca5ac20d8700b8305 |
| SHA1 | b91fdcd819837bcb7493961b6bd3608b959e07dd |
| SHA256 | c9ac3116dd7fabb542f1cb1c3cc4147ae8cc390c6701ccd5466b5ff6d8cbf179 |
| SHA512 | d9770ae52e3b9b681e21524e374a1ee6aecc6e776bdce6061858d5646488e52a7f0870460024558f75a711f106c06f5cab6abe3aa448a715f09779ca95b667b7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\p-1[1].htm
| MD5 | 9cbf55562ec8bc7de107aa26bfa61f51 |
| SHA1 | 0de58d932d4e7a04c5312657aca750e62cadc21b |
| SHA256 | 95a8ecb8b7b59bd8dacf784e7cca2f38bc308170fdd2481b5ce2863cde8ca135 |
| SHA512 | dd298d7664fc9d65853fbdd8bfc7b6b9957a4ad8133ffe2de9886ba5ae253f328be3d7233cf8d905e0938e0ca7d54b6d38c96f3cad76fc7ee38993ebd72319c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d96fc9020d3ed1131bc55ff14669f76e |
| SHA1 | 8a1be782f8840388a42e124e037a28fcee8364c7 |
| SHA256 | 40e4de578627b791e9fc671309635be38e83346d1964c625c24c08f04b3b28d3 |
| SHA512 | 36b2d74e41c84db5da1d3a094f47a8b010a36ffdf5a2fc28e419fc74834c7e6185004bcf4a4b77bd615ff479ea3bff056fd8883fe36ca8c357f80ab3f1fb3ae2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d16b626439e2b14250a21f455df4c06e |
| SHA1 | a04c6c66450369a09376079651ed7fe128e75254 |
| SHA256 | df2c6459f6852655dff8f2b4db642c69f94a6aa6c9039f1c523e186c6234f22c |
| SHA512 | 5fc1d35f6ad793bc81210511f2297e907e56e821376501ba089446000486b07b57b4d7d00470dbb3b9c7ee0fbe08b946ad8bc9a3042d3b5bfad08218a13e9525 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c899cab70eabbcfc32a6c5563b8f5ea0 |
| SHA1 | 6c53005490c9d554ba31fe090348d0c0f6bd1318 |
| SHA256 | 1a19a7b92d3b976c83c823a5b8f055ac05c031979bf097acd0c9da6f1e1f31c8 |
| SHA512 | 0c18e5bbd2a8fc8a464717a3bfecdc15388d942d8b8695ecb74b88a408d7e6c38924abc2169b9ad1d334b39e071af429a479e4c18b6530ffcd786bf8cab41254 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 48d7111c39c7d381b33404402689af29 |
| SHA1 | 6c3ed8a8c6569b8bb2a2444d1db6afe5672eff77 |
| SHA256 | 8812715765f87fb6642c334c6d1bfb135605e0fb14d91756e7a9f755ee7c33a9 |
| SHA512 | e89fb6b9d1deabacdf3b297fbbbf0f0486bd3d7319cf881abcf7fafae21a4c59417af66c625e56341c0a1e594e68c5a353adca250cc1478ca531e2569052bce8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c36e63b492e94331cbef6b0a42b9a18 |
| SHA1 | 1dcb36d9f28f158f645881e20a7972139671e7b8 |
| SHA256 | dc395af7d525fce5c100a2eca010c914862725a2a161ddafb22f43b4e049eb50 |
| SHA512 | 55f5bb7c6ce4555e1c0848b040dca8532bd7cb654fcac73d435b68b54a6cd41d072932ae1b207c7072fc85b80ca16d619cc1eba3aca6f6e6a7356cee3dab8eb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6574fc6a1e1c187f949a42a0403f559 |
| SHA1 | 5ad9a4063a8b60b301ba2c037169fccef58160c7 |
| SHA256 | a01d749cfe1db28418553c6a3cf65176f7f1ad5534d73314eaab1762ae751297 |
| SHA512 | 7359fb98d6b2d314477bbb852c30bb6536f6423f46322bd0f3d5a4fa18208ef7651c949b0c9bd672b10bb0cd6a90a0389d357dbd6ffd022aae6b41e5c831c3e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 361960ef3b3c32d53332b358c30a753b |
| SHA1 | 58adcb36d656c98957da6f766895c88da9e29344 |
| SHA256 | c4f35980de5c73ad07060b9d315309bb43e11aaa18a7bc11622af7ff245fe4e3 |
| SHA512 | 353042b500e0c352990722da6f1cb3a41767002a166d89836733bb4b8a0b9fcb5253d586a050dc96971f3fffcfde485109222499757a410f5a1b7824e94621e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c93beb01bc738aa29d69bd70664ead24 |
| SHA1 | 15f8b068f584494089c8cf821cb3dab34b467f6d |
| SHA256 | ca287428c33a8d809ffb2d06a6ae583204492da7a74a1c004c7de938d0058035 |
| SHA512 | e58f7ac6c4a6687957e4182395388b358362ccc81016188f978ecd64e15e30006a13a9c173902dc8cbee0b2c5bad2a4a260a3c424789071aea84d7f6ddd42304 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84e584d3c070296246a47a5873fdbd11 |
| SHA1 | d6400cef9739b05959075b2b015c58326b8047c3 |
| SHA256 | 4b1959c7337bd1dfec3d95035fe6f806549f9311abe87a04b2da556f4b179dc5 |
| SHA512 | e946591e68f0b67af1f9bbc18b044f1ae4094d5e0a6f296529651b5e3c49723805e07d41b41eff9a6d7d581b64c71e146698659d3e9f70976b111e155442d320 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 89925fece61f1e404a4350cc1d606117 |
| SHA1 | 63f9c69377692a1397e17a2ea34025636f80e46b |
| SHA256 | d056d34cbd8bde26b767ee1470642ba8b675229daf51bd2eff5ac8b4a6acccc1 |
| SHA512 | 0a25c4075dc5225350e2a9a6949f724876a9c89a4899c0350d749e4c00bd895e05f47ee8536f4d413679c45b6556c7b832481e12bba5f4fa0b1837f836bc2a0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0c4d10ed9e7340a3f982c6438b5a428 |
| SHA1 | ba91954a5eba32e3e287016e127fd8706b1b817f |
| SHA256 | 80650263847a4392ac07bc776a464787c29c6e6f5129e822af400d7b2fd8d9af |
| SHA512 | 1b430a165dbefef99db754b6cc8376621bcc44db08e02897b862fa0cdcffa97dee40267503e24bce601a05b8e380e3ff52e6bdf67d5076db356fa75c93ccaf8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4051ae5466edb4e46f02eb1b2f1d325 |
| SHA1 | 15b55cf98393615d07f4f06e2cb15e6e5554afc0 |
| SHA256 | 1d219ffc4f6eaeb3a898fa9d7375b1c4d20dcb312fd5d18594e5639569fcc293 |
| SHA512 | d19629eff426bbfea139f369b355f8dfdd3afc80de956c51b36aae64b1ecb4c30b16d7b16a7e5f11b641c74a16c9d749359db13613504bdfa3614b819a383168 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 21:32
Reported
2024-06-13 21:35
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6aa0218315d1bc4ab1b9fb80af51e6c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6a4b46f8,0x7ffd6a4b4708,0x7ffd6a4b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.hotpotok.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.hotpotok.com | udp |
| US | 8.8.8.8:53 | www.hotpotok.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_1576_CXUNTXAGYBDFVAQY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2ca51da4-5d03-469c-b399-8ace58507e00.tmp
| MD5 | 9dff10c3e1d6cddd611f6e1cde49fd5d |
| SHA1 | 8baef7e83f6358c8a961a882cfa507eed9b57024 |
| SHA256 | 00f6bd25f755a4e551d4262f6e12ed16eeebcb3b33a7cf61bfb56f332a297662 |
| SHA512 | f3f1acd5adf1227ac3e1e3d7df91ab6a82564a7f56642e3534b6e26e4d44ca451167bc4d793500840fd78de3ae3bb3e540b02d1ae1a3bb9b634065d16ddee953 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bac25aea2e4428884afbd7cd3fa57d77 |
| SHA1 | a25b312dd764dadf28514971fec5f9200de51183 |
| SHA256 | 9f2b1b4ec3db4156b29bf2985f87061a100eb351bb03fb4eb2c369e24d625af2 |
| SHA512 | 9e20dde77f4d8e7cc1f58232f6834b15d832245212fb37e138feddadd8e82dec215d9a9ab148287856236fef578c14987791ca5340830ff90b0b0d6f3b97cddc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 87bc63c8d55210dc9e025d6551b359c8 |
| SHA1 | f29a1e0477d9f5d27ce2b751a55a7ae5d3ccced0 |
| SHA256 | 06ef593d47d42600e597fecfea8f7b0faae7c45ae1e3ae0e45ce72301de3c0db |
| SHA512 | 59bdfa12796ea463dd882963068d4008d7ee6706d74f091c3b68ab4b21c3497f6f1ccca6b3179c6161e261d69097ed5825dcef8cb5d5f57436b8d7f8b057ec3b |