Analysis Overview
SHA256
a60e2491642aeaab258665cba806b0917154328719d77a0835ae2474387501a1
Threat Level: No (potentially) malicious behavior was detected
The file a31c6cef6c0df6a812995e402abf13b5_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 00:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 00:19
Reported
2024-06-13 00:21
Platform
win7-20231129-en
Max time kernel
118s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0bec96727bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005931793346fba347b2e44a968fba4308000000000200000000001066000000010000200000008be8fb3de03eae7696a2fdd119c50d8c893b23dd0461bc652965279be4452541000000000e800000000200002000000070155c7a5856a44cb97efd4863803252d8e135ffc9ce38def49c32e635c812e190000000704944d3a49be54b8448d39ea7b7b5393cb9cbb51383808caab8ecf6d65fe09f0853ef7b1c9eabb68a5f8ada3a565aa40f3ae85df214aef134f2e156c1ab02e00a7a3992032786303b5ef0aea6ef2cb26400cee3626b62d1481da60d6e39cfb0838e83b95e512cb421dc06042bf983b4463a7aa25aad677b81773bdb66872983ec149a30e1818a4bb9668ce591c91d62400000005e64575583a8965a0010941f21b94040ab8049127566954c577a1abdaa03b7eb27dc13777c13670f6bb9bce759acb29dde426d4d3ef6e8b32b007b52b910b9b7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424399825" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{92548D71-291A-11EF-A140-5ABF6C2465D5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005931793346fba347b2e44a968fba430800000000020000000000106600000001000020000000f8bac75342773909e4e799b658e5baecb2efbfc80e0918df8dd7cb1db78ac5b7000000000e80000000020000200000004994a11622eb52a3423743f7fe419e44e6f770c31a001cd017456acad07abd5a2000000005afe18434a97a7c117a439fe762ce7cf7650679be34767ad2fa53a4876ba15b400000007df7e46596ece243e2a7f99e171a87107ca8db8d0024f93b82c54cad29a36206520d49a82efb258dee392a831d28b0ac793b5e90dd129ff2479c577e646dda45 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2368 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2368 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2368 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2368 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a31c6cef6c0df6a812995e402abf13b5_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F64CVNBZ\e93d7024558d2ee595265c43dc1084df[1].htm
| MD5 | 4f8e702cc244ec5d4de32740c0ecbd97 |
| SHA1 | 3adb1f02d5b6054de0046e367c1d687b6cdf7aff |
| SHA256 | 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a |
| SHA512 | 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24
| MD5 | 3e455215095192e1b75d379fb187298a |
| SHA1 | b1bc968bd4f49d622aa89a81f2150152a41d829c |
| SHA256 | ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99 |
| SHA512 | 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5ea363db387e8d9a27569098785f670 |
| SHA1 | ae2db279c962e73a81c38b1e7a245e2cbc146257 |
| SHA256 | 8a57643baa64722ae31efe3f789c66491e76a89dcbc8fd66d73cc1e8eca33764 |
| SHA512 | 442409ea28aaac903a6fa08f891ce8eaa6907a24f84e5d79f67f3738fa2b0f9eee311ee607b5d8767b29e7c88c76565de554bccb8040f27a20c799f7273fbe66 |
C:\Users\Admin\AppData\Local\Temp\Tar1BC0.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 5a192a992126796c3f92156a9244a701 |
| SHA1 | 1c588e852d2713ef2cbfb5110957d5f6602fd246 |
| SHA256 | 91caf1561418d8579d4f5017f280482189507c1f84f39f9ec24e5fcdccd5fc5a |
| SHA512 | 720799982f1dfdd8f438859103d978a852ac7b616bcec0bca58c0973b5637984f7d41ce597abd210dd2547c24096a97600369652bce5309d87d84b7c44e3d87a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5b8498c4e1dc5dd567d90397402c9f4 |
| SHA1 | 0e9945f7261f8176a0cd1734be7cc1b07a343669 |
| SHA256 | ddb2a92067508b2c822105c1160c6d98e4c05893597fd33e471696d03bf397f8 |
| SHA512 | 1554f5eb445ce634fdff0a52cfd5471b0289c4128ae328b75dc8be5a0736ffc0ff4b6e127d4580f33e843d59aca50de10c59064620ffec73aa78cb8489dea465 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | eb2e1493e2ebd1e08799db2403b1d721 |
| SHA1 | 1e81bf3328fe070f3634aed1272496eee0fc9261 |
| SHA256 | c21de627052ab85d18edba03a535a86255ed3cc80b6a4004c672cf2b64785ed6 |
| SHA512 | 3a929892bcc324cfd8915feded2e1009ec70d2a73e88b0c0c40eac168287da7eeb68753f0036f358e9b46acacd4c90e6905ba7d65e1f556ee8721debf5204069 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | c0152f3c6d6e7a1cf430930476a53b33 |
| SHA1 | 3d1810deb990d0d0eec7d68cdf0021ae7da21d8a |
| SHA256 | 07af5042501386d3dfde818d105a8dd8a7aad2520460acea729937fae4b5727e |
| SHA512 | 931f344fbc1501156805768b17f965a27fa55ee25e13bd0bfe1bf00f308a05c01672fb585ee4082d38023b7f070a9fff2aeea9b3e35d8b03a0a0e645bbc5ded8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 1235bf0361b3418573ae0e93bb32706b |
| SHA1 | 8c304f19de2286572e50c7576dc34fc7382015d5 |
| SHA256 | 5849db3394f029d67e5d8f1f143e77d556af2c36aa921854c78538e090ecf201 |
| SHA512 | fa712fb0ad15b2b90d391cf60865cbb5d0d9b2ce1d66ee116bac0e00923b93e97c8db6a622bc0f9bbccc12e432ccd905636b83339c0e4fd2c2b5ae8511bbc820 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de9fc4e23c4b168a09e99ab4ffdfa0d5 |
| SHA1 | f4ce9f52a68897c524f48dd423c1e91966c4809d |
| SHA256 | 85da68cd7731a703c58a50daf8c42002a2f41985139528265c75b4c34e936c9d |
| SHA512 | 7e6d327bce6a3b6f2012cd40996c2eb41d465b37b71f5f7ba0296601f06c54baf74f02444c97da1faf00f80f6ffec10764d60671f3ec27163a0da95b1b7f8354 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 1fe432cb15faf201b9dc304c366d2783 |
| SHA1 | 29731b912800098019b80241640668b585fdea41 |
| SHA256 | 46855a640f4dec944857a8c3dc991d0139124e809060bb5a2ab1ddd8d28bda15 |
| SHA512 | 3597ec67a8faa7eff87db588a9accaf1774075941f4d37167d5d00c138ff7771b23883a9d4a46535da262f28fc716cb6a02a5120eed9fe7200ccf075885e54d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d3049f1a4b143f13261e38abab901109 |
| SHA1 | 1810917619ef7b98f40697c12f35a75575665f8f |
| SHA256 | 69df6863aa24aedecf107a7e2e0353d592c52a5905cc2833d824c2298733e9d6 |
| SHA512 | 6af844057e960d6f4165f297891b676492281fc4abdd7346a220b1972124fabe2a9e0f7b3825c9f67c1ed885262cf6fb994c4dcd607c1981005291a240b6e958 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 6421ab8b9866232ffe2d5e6276b5c6d0 |
| SHA1 | d7770a924e9453e3f3e616875c814652b4cd3a45 |
| SHA256 | cefda1cb5fffefa0a20f14f15dbc847b14b06d104fe3af56b8ea320105248fdb |
| SHA512 | ee709a95374e697a3814fea55247cc50c54a4c8cf9c0ded7b990da98fbfe2e3a305a0b133e5be3bdb5e6f64efd98eb6c5a5b7faf7a70582cb7743ff24b4ef2b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 544603c01fa0515b11e520b3420603f1 |
| SHA1 | 9a8c0a741f9f46db5be18fffdd01de47e29b3367 |
| SHA256 | 0774fc85b651df56406615a16de1082ece83e28e1a85a9ce422d4cdedcc85e68 |
| SHA512 | e6fb771a5843481072e3824ab5e95144852ca09926c986978acad9355243b51a5c080d3bbdf5a084eb55e172000049a7360c55906eccb3c7bbf2511ad48060fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29b680dc74fb1e2ffe030d34f8f00f5f |
| SHA1 | 7b42831965baa918ab649802ee0c5d02c7d9a405 |
| SHA256 | ebdcb0a6b75cea075df26dc9f78a5695cfe78b52d00eb80d56235e9507571f94 |
| SHA512 | 714e994217d34eca7ddc332939701ea560648e7eb5aebb3f8f1e7524687545650c80cebe73214ee6d9f8ff1a81f5260de1e0fd0f1cbcf20695f5f17843379f93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | c9c7488f93af75b37972ee4d00de00a3 |
| SHA1 | 7a0f2f1b8ffcf36f3e79cf5edb89dd4a05743f85 |
| SHA256 | 17614cc217bb8a5f96db3c0f5f1d30738103e2c0d423a32262f2ad37b03bc75e |
| SHA512 | ea039d00e978c9ee0a2a138a01e35feb6d6e32b3aa7985310c1012900e48090f5ba6c18f7fde4b0915520f7800dd9a373a9264b4b580455160a3224b14c400db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | f05fe4d1b7f929e374e9064161469b4a |
| SHA1 | 6ba2448437878136d4b8c977187822748e99b85b |
| SHA256 | 760f7456525e411415189d41161ad23d51473275a6ec59f9b0016c5f69e31479 |
| SHA512 | cb7b0d87f0d21e99dbdf24e8934d2428365714dc06bee0e7d64a29d211a961103f294dd100b411ddfd8ad0db48abf3f822bce1fd5f4334da6f179da44324ed25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 2c7ecdbbb063ea5981f2aabe7fcf9ac2 |
| SHA1 | 5c92e25fa96ac7eb2d432563ce62be6a11dbd232 |
| SHA256 | a6420b0e8db153c246988af7382bb94364fe491631d88ca68f800e83750489c4 |
| SHA512 | 8d7258ae557ce5f5fb98fa4da2f55036df3ebe308392f656a1bc21cf09f0d335ada0b44503fb523b16e8067bc7803f7e20e5e05bdfcc9b4ef970e763975b8c93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 790d6f0d7c86fa655591edb436811df6 |
| SHA1 | 0dcf98ee0ee1c9cbaeae8ba6d44bec9a0389fc20 |
| SHA256 | 3316d0a73d5dd814994bcb898e9f497fcb7860552eb8a4ec8feda36147474f65 |
| SHA512 | 69a8d8d74011790d817aee028b4be74445a04d38aa62445ca814baf98f9b045948a47309fe126eb22f4ad903b58f9b8bd5d6f6e7cd8968ef198c018da3ce742f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 5fbbd11da1447361d95430e07018c9c3 |
| SHA1 | 23934454aa9c6076fe25696a8223c63ff258f496 |
| SHA256 | 9018fa7df4d8c5ac5f77c69f1a33e696bbc91e2d44a64d3b81274c510242b2ff |
| SHA512 | c3d1b0ed8493b07dbb496c8369c34011c9cd46c8020f9a693aa807baa5e375a09c0d633f14f05212d2e6ac7c4802e69bc13c186eb95086e0220a26a5523f4b7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f395117ab8dd7151f8759b8f148b75e |
| SHA1 | 0457b57cdfcde0521aef68b46cb9f27be83f7196 |
| SHA256 | 623dcfb70fd86b35a8754d679d4a4c4a7243c5b3214f3b489f25b919f3760062 |
| SHA512 | 82a791929542f7323a4ce753504c2d45dbb5d0e69f7a2d8335c4066e49ca17b6db89964b0e70fd554e35d19dc0d581f9d4a5610b6b030e034449ea6a3a53257b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97d18ad438e66911a3ba9ebbd9af1ebc |
| SHA1 | f2d2b22c77983b55e448e7776b3fb22094ec5d56 |
| SHA256 | 3c00284e94e590c8644960c41409bea8f587850129b079d940f22e75ac0e5531 |
| SHA512 | 2d8cff8780a1b3e0d2225575ab0e2480fa8021b41280da82b928312addf9b8cd9a6e16777d49cf7b808435ad9b271ac6dbb00f7cd1c345fa392ccfa5246824fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aff6ea99d1aa9e9cbba4dcff40124c95 |
| SHA1 | b05c21f7471954c6866f2015fa4a8d179a51f41e |
| SHA256 | c2f9bc2baa79af76a7fb4d1f4034adc15c52e8393eb5ee1f6a891b56ca1a6a28 |
| SHA512 | 70a17502c18496d99ff2120b2f30e4a3ddcdaccc715a136f401939a12527f80d09fffa95ca846af40518096928c3b5da5d807c84426ce708cdd0f1e6a699148c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ab65aab76a0ffc23a13d2508d007c32 |
| SHA1 | 2e4c5ae09735278b0e0ecf86ced83c17933e4e42 |
| SHA256 | 9a06cbcc892d5c1a897ced2e07ef4a933bb308a68b46b1e6543884c42f0efad4 |
| SHA512 | c0ea11f8f52ba544dd8a878aad06df83d49908db0cbffefd3f91b6b29cd85d6ba12338e1b786e0a21797e69894afb90b37ca7e7ada8c812a93f1902455765fc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e35a3ab99daaa95b27a93803552682b |
| SHA1 | bea3a6fffaf64055e80c187b7ba394e1d784378c |
| SHA256 | 0956aa9881ed4686fae87f9ee52d7ce7f4d56f9d9919f2117031d5a912770863 |
| SHA512 | 90d26204e7bd83e9811824882e398ff61371d4823be77e8559080a158b2ddd45e62ee155934acde1a07565092b06888b6d52e41a4f5da643a3b23dd1f6efec10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afb13a016e50d73ddc2e75730c1c80de |
| SHA1 | 4cc0e6e387b1171050b61813b028b375f7d0fc3a |
| SHA256 | 3ce7556b27f959b244da20e52288df9af253c43d3d4dd5236c9d30fbd55a6402 |
| SHA512 | 4f98af924e02da57f3907091cef21d8005d2f35c365504b4bf1b582ec6e6a97713694fa144fa105490008301b4cbbf954e2802f6d3a08984ea6b0f03ea3d4d0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 263945e91d64fd6e626be75b50201798 |
| SHA1 | 8fa339958a21627ebf9aaee3f30e0881eb3b7658 |
| SHA256 | 06215a52d4e3d4b8d6e7e46053bb580ab0cfbc7caaf1049cc9b1d5aba1cc4899 |
| SHA512 | f67424284167889d326c7607acf369ec9f6c11dec00f3f6645613158ab9a394e44aaf2b74d4e124c8b902cd4f8c8303da7c9ba01e98b01524f84057e521850dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3370055086074249125b0849f01b31c2 |
| SHA1 | cd844eecb5219750c278c0da3e2b5f1a033da926 |
| SHA256 | 487aa927ad97c987a68446e91534348b865b8df7aa4906937eb80eb17ff9fff2 |
| SHA512 | 4692dd795f212abbf1e23c82a31fcdf885fbacda9fdeb8765d74274f6e3a4d92f8021dce6324f02e5d19bb9469aa65bb968c6e58d26b16bdf33930892cc6f9b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00e7c71cecefa729708bcfe4a9dc0bc7 |
| SHA1 | 8f864a111afc1b8fe54831d6dca72f32addbb1f4 |
| SHA256 | ab97996bfe56c591f4b218bcf3bf636965e40bf05baed013a71e67399366c1e3 |
| SHA512 | 4f96e90941132c700e24ae0ad21335d115ba8e3b1500350f1f842e73777587265f5b9b268446e526b0a09f36985120da57065d049dd29bf1be9d882d49b86c03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df080b0c3bda4511b6f1d52a91d16053 |
| SHA1 | 384ca16d7be302e40550ded7c21764dae3242820 |
| SHA256 | c5172ffc5a105600d615a2b3e7e90c028f4627b4efdea010f44bd1761d4da48d |
| SHA512 | e65fd169c0e3a5a767cc22a46156e11cbc517925eb6b5bbc2075fa6d6adbe15670a9d2d95116832599abab21d38c589476a9680874056e707dfd8dcea3d18431 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 502dee14c90e4416af6935a454e196dc |
| SHA1 | 34144b9b95ca61e05f4caf4f15581ff8ec868126 |
| SHA256 | b58fc7d43c9aa511e8bc59703463188a7d62ce59157c85cf4b299cbb32139e9e |
| SHA512 | cb1d36e7217e3ecfb5b270cf140a994121297917a36a8d911e7a30cf29cd51f584e0bf30b709e4a7e26c6fe8c6b9d3505a15ef4dc636e9bbb8cd4adade0b54d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33967ccb3b35b19ae6eddbccaf8b8ba7 |
| SHA1 | ba0fbe1511b5874111ba3e1e7f760351f4508421 |
| SHA256 | 141e28fe6de99987c16b65513f3cdc227006849df3dbcbd6a787a56dc6bca880 |
| SHA512 | 8f255232f0efe95a3347d11331103932dde586b695fd5a5d2ef995b1e860a87a5ee0c736eb4caf29cbe9ab7d511a3eba1c96a47a75c8232958450f6a00dfa2fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27f6a25350faa1934fc6adc82f8adc86 |
| SHA1 | 7e99cea8a9994b5280eb1847250307b074568464 |
| SHA256 | 3e1f995be146f17b84d30e915f5db7ae47e6f52e4af0be3b5b3d1c8043299b51 |
| SHA512 | c4234109159042e33698f65d65495e7cdc6bf9f1563e78f40d73ad5bae646ea10351ae98f0fb010f257db0d0d4d1f828d3486136ecdeef935257a07a6f5bec16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26c569778c4e6fa507465d91ea562f29 |
| SHA1 | 4e21bf9360ffba40a10b53be443e8bebcd2bb97e |
| SHA256 | 38724b9b48d5ae8ce04622ff115be66e1ad75e1b663cb25eeb7a98c571a9ebe7 |
| SHA512 | 4a862db7d06cd79832ec78c9c455c6602df588ee39bafb6dbbdfc29e7e6f637d6ecf31f6f178e7dd564370a64e08dcb4ff40e5ae00fa3af204150ff9b6d45bf8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28ee91bb8bc00230b422075d61332392 |
| SHA1 | 7e1a4375d10b3f08a89c9831968ba80673c2559d |
| SHA256 | d23dedbc72f60072174bb1e811b557391d70c87f4d810885219b87689c003438 |
| SHA512 | 10de93349ec4f7f033230647c22b7586394cd2065624c88c4f45f8ac52a7a6d297f9fbf85111eafa7a389fba87060be88d7c0db9817377d9f729f0f37025464f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 276791bfe8c900b3ff3f8e1479d7b8eb |
| SHA1 | 75bcc5a59fdd97dff4a3cd44a5e526f3f138ac0c |
| SHA256 | 5a8775a8ca82ffefcacbb7b6f7197caa5589d2c000b5728d2fd2c8d51318c3d1 |
| SHA512 | 313d716c5e5c5785a52dba380939668a12d7cf8b124dc4e6c8f48762692dd80bd3dba284b7c226f33f21c2d7c539680bd55bfdac2dcff03180892dc271751758 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1663cd0056d9d49b073a2f5465f29c4 |
| SHA1 | 8df9dc5d3c0480d68f00a86c32b87b59f85ea30b |
| SHA256 | 6c2c69145c83bbe9eb2c3c1716871e4f64214c9d95ae77610f927a4c08614338 |
| SHA512 | d4e417fd890502ef2b55860091ec1e1886bc7cd790a59584d1b0b3e81b8188082d55c4b312d01b93f4109a3cd0d02d0e958dd7a09a0c6c71e453330b4d4af985 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39d9274d8984b56827fc2246ed4d7844 |
| SHA1 | d71d4000f7bc633295ebc982918cd68ab421fcc2 |
| SHA256 | 5dc635145e2b48fc48267cc914a7c8270a46d8193c37cec363d968414424379a |
| SHA512 | 48cfb94b42e3fe34e4c3e24b3449d298d50adbf038a3de3309d144ab54d05e807430645dfc969c63be26c117d5c543b0c1e049a561a0230572bf9b3e7b255932 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aebb0a8f96e0668f5160f29036e44cfb |
| SHA1 | 389f49549b63b0d8d6d250e2adffb3a52a8ae462 |
| SHA256 | ff4cd7285f23982e84362a4200358b80e1ada506d9bc4d9035d02de2b32b5502 |
| SHA512 | adeafb09ce2962f3cf87f278ac140f781d2538fa842de1e7c291f79170511cf24e96b24245968fffc6411366c8d2a530d533564f9b7c99146198ba92dd31e5cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94cae2cc175ae0c8a6335cbe14f35736 |
| SHA1 | 229c545680de94f2a90cf1f24443e8b3099df5c6 |
| SHA256 | 81caa89a8921ef091509a4432dbbf0df0502e815eae103952d9f5127101e8fd1 |
| SHA512 | 6014cc9f5bed545b848061d2602c03db96b1cb64307157efa6178e2fb69b49f92ef3a9f4933fcf9ce2ac0809cb12bb7cd92c86dd4d01431f60fdc3fa97e587e0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 00:19
Reported
2024-06-13 00:21
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
126s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a31c6cef6c0df6a812995e402abf13b5_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa047246f8,0x7ffa04724708,0x7ffa04724718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,13091757384585323097,5273453783125718563,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,13091757384585323097,5273453783125718563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,13091757384585323097,5273453783125718563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13091757384585323097,5273453783125718563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13091757384585323097,5273453783125718563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,13091757384585323097,5273453783125718563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4168 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,13091757384585323097,5273453783125718563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4168 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13091757384585323097,5273453783125718563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13091757384585323097,5273453783125718563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13091757384585323097,5273453783125718563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13091757384585323097,5273453783125718563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,13091757384585323097,5273453783125718563,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 52.111.229.43:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c5b48b21b98a04f28a6c567e8dd8726e |
| SHA1 | ca120f39fa2e55455a08e099258c353362cf8217 |
| SHA256 | 2d684a3686bcf3589a9d5f9c05eb6156ad72385df6f2a8baa2ab14764499d6b3 |
| SHA512 | 9a39b14a8d301b205d31d73260dd11d8736432d0a10578f875a74919b4c860a76998a6f99c38984ab9c7120d037d4e36732c0620e2aec7609f98f6d7275f7103 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 919b9ad216068eae484f8e4918d7334b |
| SHA1 | 44d66ffcb9d9df97723cb5918dbf99674f232843 |
| SHA256 | 3db40199d0d527d16a2b20cff3a2b3cd9a0eb72e42b38caa973e7442592642e1 |
| SHA512 | 6a018048ccce05c80be016bc992b6b8eb413695e14936b4f6d98d6eadb72965c51ad1bf9b717db5a7ab64ea759f819cbe14290d751387ab3eeb52ee9024ebe49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 796a155457fedbefcb521ff714c71e46 |
| SHA1 | e065382c3541c958b5fe6643bc4aace86d517936 |
| SHA256 | 4f8762d5b7af3e9a717973faa1eb2015c26fe52393ab1daad3aa53852efa404a |
| SHA512 | a435ecadef9540a52667bf1d6db05580b958f924cb0331c3a13b9d371e608ae59d7c75f6b02917aa78c795210f8e17011f132c12c08af6691c4d772a2bec4ad8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |