Analysis Overview
SHA256
45d485ec00b4818b28ae7261b4f863d617f78b8bd3e4bdfee9adda3ee142a2e6
Threat Level: Shows suspicious behavior
The file a43121192c9a7498c51e1b079f808028_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:25
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:25
Reported
2024-06-13 06:28
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43121192c9a7498c51e1b079f808028_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa405846f8,0x7ffa40584708,0x7ffa40584718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5208 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | keyrom.googlecode.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.200.14:80 | apis.google.com | tcp |
| GB | 142.250.179.238:443 | sites.google.com | tcp |
| NL | 142.250.102.82:443 | keyrom.googlecode.com | tcp |
| GB | 142.250.179.238:443 | sites.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.102.250.142.in-addr.arpa | udp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| NL | 142.250.102.82:443 | keyrom.googlecode.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 216.58.213.14:445 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.autohits.vn | udp |
| US | 104.21.68.246:80 | www.autohits.vn | tcp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| GB | 216.58.213.14:139 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 246.68.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| NL | 23.62.61.137:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 137.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| DE | 141.101.120.10:443 | t.dtscout.com | tcp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blogphimhay41.blogspot.mx | udp |
| GB | 142.250.200.1:80 | blogphimhay41.blogspot.mx | tcp |
| US | 8.8.8.8:53 | blogphimhay41.blogspot.com | udp |
| GB | 142.250.200.1:80 | blogphimhay41.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_4916_IRCIKZGFGFELWSIX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ba895ff364553e42660b21f7e3c6aa91 |
| SHA1 | 13c6666ade63cecd0b5b7bdc0acfe91e4c95bc1e |
| SHA256 | 53db09b8750bc8619d9f4cc6b623d2792c732469d7786f0c61a1cb294c6cda58 |
| SHA512 | 7ddb0e0b37887142653fc8c87e4cdb00a7dda556dc3dd82b97e0f6408e3dd8f9b04b564a2c8f152c182653d52220b3390971ede94187627b59eec1720f6b9b37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 899a373f90fd8f9c610346d02c5d6163 |
| SHA1 | f5651bae0b65e402a58badcd8693cb2e5751be78 |
| SHA256 | f9f1889e7012cd64993805d31c377e072b325ce896f5f73dfb801d339e54fed3 |
| SHA512 | e5b955740b8f49564c49674306ba6a71adb5896b431de38b657414464eb3ea2a6cb83b00df7c31c28072ba59d36d7c00e2cf075b0c342ce5fa1dee2ae552c3ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 99b3392456d4bacfa854547d8d4fd589 |
| SHA1 | 8bddb0de0bac7b366330f9e8669baa8a76b7710e |
| SHA256 | 807c77350e21c195eac61a88824b3471d3d508fdf4995fc9076b1f8ba4ae3ad9 |
| SHA512 | 875ba03db9e75f5d6993e54f46090b100872a2b3bbfbebf1baa1829f34f8343c84a0ae3321313122ffb8d6296221dc5fd3b60798911ea9f5a7d3f86cac48d455 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cd38a540c01416305bb4a8328ae33ba4 |
| SHA1 | eab66e45e122268e592780db186df171a5752afb |
| SHA256 | 205d214094552e2f47622d21879087cab0631a03ea8596ba8a7dbff5229b3693 |
| SHA512 | 87d63d94b087b7a7614d240d28e0e1eb662567f1747288cb6b8cb3bb66a975871685941570e78b08e57dd626b10fcb7ffe9b2c311a9c8ecba7216e6d5d49a550 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1acfca41acafdc4d9be11ae70151ea50 |
| SHA1 | 910c726e770083ffefcaa9a8980089370f0601cf |
| SHA256 | 8bc05a3b2ab9dd692f6a70c555a81b4905e180db1e7adc6b2835bb16fb5102b6 |
| SHA512 | 03fd4d2ac7c1be66e56a8525ec135adca2fc1989b5557384d135898d7359232f9b7240d82440c877e2fc8c4a2e2710a62c28106ce847ad64cce5dac86a2f2842 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5812f6.TMP
| MD5 | 411ad4f7ec2837f97993fa2699a4699f |
| SHA1 | d472b45f371a57302edb3982004b123ec16d9a1e |
| SHA256 | 745a80240456358d86e5aa66ee0af57bf1cc09882016cdf7d4f10af8159741c4 |
| SHA512 | 04dcaf9441d5fc9427f1af3e8d9f551eca45670dc5e259ebd5e4a9be4a01d9772d9480b2b04e1336192c723752cb7669dc365957822e687e81be17b9b6b8b5d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5d168d3129b13ac9ea13a8aea6a5d455 |
| SHA1 | 07f1c7445bcc7c1b796397c157ae6b6b743fa726 |
| SHA256 | 0b7fe0b7072e29e71d8acf8c6c89e6636c7920f1cbeca6757edb04d007dcb80a |
| SHA512 | 72b5512709e60b8fecd5d0e3c23616b9cd26011d35a5f9163dd9b59bf16ff13cf40fa0f62e3e0a2aabb74cbdd444244b3dc8fca5625afe0c5a3b17fe585855cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e660073180d8c10ad808771430949140 |
| SHA1 | 9f918a85227c0f2972c6c63e9491679cbaadb993 |
| SHA256 | ccc02b7b160a38fc88255d58f93e4565c7d9529e2c23928f3dd2fee608e7fc1e |
| SHA512 | c166108bc7b0af3c21731b13dd3eb7595849e14066efd509b0a915c8975f52dc297af395e6edcd44164cc76fa97ffe7be649a498d8edcd33ef01b3b6fbc34483 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 40371c250b30064df2351289c3ae6fea |
| SHA1 | a68c46191f689462c8d3a10a72a9f8d990483270 |
| SHA256 | 6c20ef7e788994f16abef6e919533f0a6142ddad5bf1075e969a71dee90d8883 |
| SHA512 | 493993813c946dc25a3bdba54cfe2388e9d2fb886be72a5715fbf5143757a7cd1d087859ede9d28ba2f0760fb8bd418a315925d702e47cc228b16d2b9178d1fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | e1c71f7c04be834f5587230db2ad24b3 |
| SHA1 | f3bab9cb99d9f343bf7ed3981aaa7450515d2424 |
| SHA256 | 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899 |
| SHA512 | 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f9bd18e64a9739e662dfcaca22aee011 |
| SHA1 | 6fb1fbab45624a944a170cef1ac7555038daaba5 |
| SHA256 | f7443a74a4ed991ad85fa20236dece1ba8670b98619aaec648a73b9ee31e50a6 |
| SHA512 | 8b938e0c2878f489d3bbb48b51ae73f4bb2e795570f5b5ba9465d097c415e1a173d4d63e945ec8015127a7a252c1fcedf2ed2f945dcc8e5bc7e3dfb5bd44f1d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6552b582ecb08eaaae030a3239bc3c66 |
| SHA1 | 95b6a6036036a63427b2a0faedb6081f095cc1de |
| SHA256 | 040ab5dcae10edf8d848479d6b9d03f706a2cf0b127fc98130f4f2d045fe2329 |
| SHA512 | d21f721b538cadb59a60f65551968e583427813b4f707be629f29ef238099e4bf59b5ab0afa30d0927081e26c2f020c3f248f93eec4250ad50d559ab20277987 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0fb56f266c4bfad35b42955bbed2c0e6 |
| SHA1 | 72500382de07ab9d384e71367d59ac5b2571ee6b |
| SHA256 | 7fb1df35f910975614128c7009d518be7dfb34245b74d8b732f8bb962b168b43 |
| SHA512 | f099f81b94553cd18091280a628331bb8320d413c5e1285279b8e15f95f8cfb48be4eb075bbfb41b4594bf9408c238f892d29abc7239511d719a780b6e91dce0 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:25
Reported
2024-06-13 06:28
Platform
win7-20240611-en
Max time kernel
142s
Max time network
146s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C535BA61-294D-11EF-B918-627D7EE66EFE} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000b5588e0ede91a4984f897dd053d03bd8c889d19d35050d211489bd7e6d99a9d4000000000e80000000020000200000002ca91e6defce6205d354798fd800673ec8c7d873ccea5d980c87d8fa3719892e2000000030eba194dc8e597f2e9487aed7d6f54a31afcd2bffaee3e08a13f4dd0a69cdd6400000002b1121b1e0580e66513211b910daa8c90898bc21675741785c51f44b342cef3d1c2241cfd08509dac2722c6889ed471e5cbf39101cadd42b7bb1e86f8d7d3704 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00735aa75abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000796f897bf0777bce00594e189f15c8e6d778e2d09b14b85fae093d168fa3375c000000000e8000000002000020000000233fd02edeebabe53bfa08d1e9429efd1598c32f9df90c4d6e34b01738cd1dbf900000006132a6a946db01bc623fd47aba41c4074af39028408278a5463b7f2aa425fba8ee49c09f32097c0bcef9d5a1bb1fdc27f75f12ba02d2f227b12fc025c4d8917bab145698c55636e342c32e6072ccc28562c43227812aec3a71ed183e248521373fee90792568b07d7ceb110a9c2c1c6ed7803323b9404cbe8713b00f1e4a8936ae542203ecfbf4852199e73a8b20136f40000000a7e269619277aa3a11717b6c11766c41b82fb7809b8f896e9f2d94243fb2e8f411bfe13fee2852c8dbf9e4efde0b98f3c0cb26dc177e54150ba36a21a14da903 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421816" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2188 wrote to memory of 2104 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2188 wrote to memory of 2104 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2188 wrote to memory of 2104 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2188 wrote to memory of 2104 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43121192c9a7498c51e1b079f808028_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | keyrom.googlecode.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.179.238:443 | sites.google.com | tcp |
| GB | 142.250.179.238:443 | sites.google.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.200.14:80 | apis.google.com | tcp |
| GB | 142.250.200.14:80 | apis.google.com | tcp |
| NL | 142.250.102.82:443 | keyrom.googlecode.com | tcp |
| NL | 142.250.102.82:443 | keyrom.googlecode.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.autohits.vn | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 172.67.200.130:80 | www.autohits.vn | tcp |
| US | 172.67.200.130:80 | www.autohits.vn | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 9acd70edd90b0e4931d5a13327bda224 |
| SHA1 | 881cabea7c402e5f19c425bf4577f4b108e459b6 |
| SHA256 | 977ade7fe5377a5ac722608ad719546f861fc47ca9208d1ab7897b1b4f53e58b |
| SHA512 | e27bb184b0f567c4fe248934118657ee01cfdc538e9db5cf7b4cf6ed66268bcdf92e8051077bcdbefaa6cd22e6a84960a566422f40e5b2d4961d425a8116b0cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 0e28a971ced07086daea092c6f479b8a |
| SHA1 | 8bc0d0c3eec7311f3893b3cfb50e87fa037687d9 |
| SHA256 | 111c848f84e06333f28264b27533647fbee3d8844355bc852e7ae9b47c6a12b8 |
| SHA512 | ef6ab0e908308a8d1a07302021ecf243bd690dbc6d1e0dcbb04a1ca4f7ab846739ae97f3426daff2f45efc29f8147c529155596ed6d0ccede118ab6330b041a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\Local\Temp\Cab5312.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar5315.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\plusone[2].js
| MD5 | 53e032294d7b74dc7c3e47b03a045d1a |
| SHA1 | f462da8a8f40b78d570a665668ba8d1a834960c2 |
| SHA256 | 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2 |
| SHA512 | fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01312dc0393d4a9d98cb757d7900bc29 |
| SHA1 | 5442e1df816bb71c864441d2923dbb499851e9d1 |
| SHA256 | 96ca6d22bcd0a058e4fbf9ab942f09e330c046cbfb69047197d7f1ba9f94e134 |
| SHA512 | fc981128ed19615b12bcc57a5bc849e55be2ff82bbe293e675b4c03e895fbd53daff3d0b0594541f58386ad1bd9ebd384c540cf12dc26f75bce935780f60dace |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 371d94d8ef553d09d6f771793b55ecb9 |
| SHA1 | e624905584cb2659598a9812f2a3583b33d216c7 |
| SHA256 | 7a5e5cdab87dcac00de69045c2b53db633241ca869808ad76686f65c4acb767f |
| SHA512 | c1a3ac5aa8dade93be556413056705003be31bbeaa49d65102005dca62205f19266226681f00809c562e6a012702a0318457162d9c6cb4b03f3d3eba5e62632a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98e789eed644c206a89a9cafc296d983 |
| SHA1 | 97e36198c98d02cf210c1aefc798ea64ed7f25e5 |
| SHA256 | 23057a2c1a6d02bee08fefbc0daee03232555deee53a39dd714f475300143650 |
| SHA512 | 2259ca76bdcff1209b836be068e0a17ba38affd5a2e23e000135790a4402202875ce7a7f09307abde8b55cb47000b250b055951362823fe35bfcc6a8a0642a05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9115d16243df3eaface43d2b9df1a6f7 |
| SHA1 | 4f742fb332a8c10f828373f58c14e0db9a4b0bd1 |
| SHA256 | 7e9ed5d5526b946d32756df37454b1e56d3d8b958480e1fe1f1798b9d729c12d |
| SHA512 | f1bb74c7a983e70af9546515ee9a7275e14b0af9003495dd5ad8068e093a44f53d6f8e123d5af18fc21122bf1a39bf112f945c752cca890b768e9da932b4df43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20075ebe18ee9f5b4f09ed23c25e63df |
| SHA1 | 8509681951d0f9a9b1e2b65b7aeeb0f563c2df5c |
| SHA256 | 6e7a3cadcbfb1c3e10838daf93666bd1045818e5233dd77e3bad7f78fde3816a |
| SHA512 | 40b53ad9777f5ecad44fc10ca482c9d25210dc81fe194a2179642ea3e3ffb9c7e9d72626ba9e4ef60f2f9b4b9daf2c7b068e32b0c0133a2ffb72684c2ebbf565 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1714c794255530b8863c089207d30eaf |
| SHA1 | 0cacccaf7b20e8ca9113b2f98076e6faf7cb53c0 |
| SHA256 | f57bd58ab81037a8f8ec0becea64779b02c4bed3d7f9078904e099c5ae2596bf |
| SHA512 | ce919ca05a3447ce8e1fde91c66ec6e2ae029e36886a9b6c2ce1e48820a9f662e30d36a7702a221d26c1d4a0d5e8f4c6385c0055e7012c1018d155de3358fcd4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a979cdcf727066a60695d1a031062f76 |
| SHA1 | 0d345c389658a36d405826edad0364992bbeae27 |
| SHA256 | 8209c8804f8b448860f6936a0f03f2c179022c60c905d9e3c43fbcf4b0afa5bb |
| SHA512 | 5aa730d19483997204d4825d525b04258ac2fec23041ab29124b8a6bd0eb384980faa479994ca9243c519fbd21f8c9a5dc3c83f68bedfd2f6d17dc1b722a5783 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f242958d5945e5e0ee5beef334fd8642 |
| SHA1 | a813e8627431f0c0ad43c31843cdbc15afeeaa9d |
| SHA256 | 48b3820b0f705e7caaef17b21461f8eac8ee485118e870ef1d4eacc123dc4e5e |
| SHA512 | 84a0cac0aaae5b9d2896030a4b6bb315d674c2fb74df758e7c3fd7ff0a4e7e5d1c5fddc58d7350cc1d3e2cd2961cc274ec6cb58eb8de33d7e1123d43d7a1f3cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c0bb423dbe8e27cd8d9190a8d2803a3 |
| SHA1 | 9b20fa8e63cb1defca9f33a652fe7fefd2066777 |
| SHA256 | de6b88ea004e043978c0ee5f98220283ccc1c479185e81501f69b1efc43dc120 |
| SHA512 | 9327adcace4b3d70de21d89c12f3b26139ed25a244a66ef7c11b5d7688f32e878aa6cf6eee16194488c4133eb868399723f4df69f68fc0f37ebc19fab6c66aef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9fd86548ebdc41040e69e383b30e0f7 |
| SHA1 | 4ae8af7ad1f2d5adf364cdd8173897a878151cb3 |
| SHA256 | f4d3aed066603baac06be9e117542b7d33e020ac6edd7da5807a54ca693db78e |
| SHA512 | c57633b167a9cbdc36b72c509318609f06fdc991c8352b3ca02c741edc6e44435b871ed9e72c4d339e4d899d5ba5cf35a6103640cab11d6156084d8b280b674a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8b08ecbe6863a001ee525ba4a35421c |
| SHA1 | df635e4d8144008f9808bede37c2840dbc3e1949 |
| SHA256 | e92104d79f7c8add0ff17894b325528b0507f64cd8aedc919604720e9e0d35c5 |
| SHA512 | 2f70f59c095b078089549558932d61dd7a4464f855d60180ca7aa52da6f9ba20c2ed9473d56e9edb09d1b4064767ed4d94e363a6a56c217e4f3022885b85fd6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6269a0b3e64251ee2b2c82db542b6d87 |
| SHA1 | 2e1eee28d229ce01a877c2b5af424bb2d9e253d5 |
| SHA256 | a6b5f47972a125c59b758f3c3f5451d8bb32c92398f957ff498ac120537d04ad |
| SHA512 | 6b1cd1d9f54a0f5a6fc2d92a8c83d132aa5723c704a88896b4b0f1f51b7e86b3237cb2201a9fbaa814682f9f47337a5e43352758b4e6be9ba56185466a9c17ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a896d3793e8b67bf6aff303c4a41c665 |
| SHA1 | 5ad00743cbcd948ebc9e0d5a8e73f50ea7fa1893 |
| SHA256 | 5eed979bae4daf604232e3017a2d5068349dc9423cccee85e6507b321c4376f5 |
| SHA512 | 18bb7f4c470e002fca9c50d90e2b4c8fb3d468ee8d70bd60dabefaf243d239de009f693fd3190ab9c884bc66b3fdd74dc8469278136ce7f498e079e36f607c15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac6a743c2f33cb2f8f927ccd6dd8ff73 |
| SHA1 | 994a1eaccc2325846eb056068107b2158270f401 |
| SHA256 | f59c6938ceb21a5ef1444718961b0b030610b55809b2c8210f9516dd66e36879 |
| SHA512 | 1e1430082ac7b66543e28e480d55ba4a202694a64fe8ab0bd9e05db6b3fda00da068bd53ae061abad9c1f6f87fd3da55d7715ae30ea253184c7caf1fcb4a295d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f230b8cd6df375544a01d829370d6149 |
| SHA1 | 0d92bd15f11ce488ee7b9f7d092918d32dbb085c |
| SHA256 | 1c12024495fcae2ced3628ee672c35087e426d939fd7225c84ed7f3eb98573a9 |
| SHA512 | 8e45971bb044ff5f35e426c888671832927260b0c612afaf72c681131e7a3aa159526c21dcce03694187b4570fe7adf4ed34396bed59e6b5c605fb70e6182ab8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40a0681df821a7664cacd025ecf5845e |
| SHA1 | 33e5ef327f7f88e8558de8e95dba8350d0db266c |
| SHA256 | a5dd1a7953fbbf0b5133727eb8508564a895bd5fcd758442f84470c039ae0d59 |
| SHA512 | 5f9d001649068405db62b34e4a606a015f1d103641ca95c7b9dec45e5260d001afca3d7701ee0518bb21ce95024b0f10a15bb23c48ce01e1b3d1e944f3e3c32e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 246915603bac7bda3b7e3e3ffd8f51bc |
| SHA1 | 1b94edd68ab3625aa9acd1ed7f76f51ae390aece |
| SHA256 | 5f24af6953555e05ef5babcb39eb43905ac5c59b15df7f4fa8496ba2cc883b42 |
| SHA512 | 2e8894ddf7aebda11f0c99e17333d851cb345b2d7964c8217abec8c2325371851ad2c0a7e4c4fba7aafc36f112d0dc0f62fc49ac780eede53fea95bd114fcc28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8e8764678c4cacbabb23589b99994e5 |
| SHA1 | 8ddb7660240de4ea7eadb93c88b05b9ca9237c27 |
| SHA256 | 0d46d9a9801c7c0b3d55989fef82486abe5e02d3c239da8235e4aaaf5c789b41 |
| SHA512 | 29cc16ca16761f4a57311cb014677cf8ed85de311a370396cdd39dc0da1a930e10ac8b952bb5f256380294946a4b6a91a38696eab979bc220b6238974303b622 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95942a924a2dc76c1b98f470a9c116e0 |
| SHA1 | d65419445ac5afa6d493b0276031b1ba81d22f09 |
| SHA256 | dcd66b6e86d786bc46135898cc1c8ea57df93ef6debe8771f602dee96462d8f1 |
| SHA512 | ecd3e7fc699091a6fbc136fa9fa99736cdcd4490a6827b86c7b381636ef282615179ea6fe3a87762bcbc269d6f35c72b274608f68953e189f08f7198779c36de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f98f9615be2a771903c6ee5b304b0b26 |
| SHA1 | 3928f2b3e51190c702a74eaf556da80ad2304591 |
| SHA256 | 0be03bf8d14580ef720ebec3c46ac33db26e5b73230d755253894a27baa780ee |
| SHA512 | 4c5edc08a8411d84f80114a694e94df0660553d2e81370175096a8624194d283df9b5912d6ba4eb1ccfa14b68ad86378d6d6c36b32e4593e495d3c9a3b07202b |