Analysis Overview
SHA256
071e7810c4a2472cab87f8642acc4fdf3f725063d4b79230676684f5958b08db
Threat Level: No (potentially) malicious behavior was detected
The file a437c3d47f1a839db85f0e36e6e36033_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:31
Reported
2024-06-13 06:34
Platform
win7-20240221-en
Max time kernel
142s
Max time network
146s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9A3FD831-294E-11EF-87C3-6E6327E9C5D7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 700528725bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000614dc991db81a340bd25b9d24eec73b90000000002000000000010660000000100002000000072a90e70d9623e960e2acf935148e9498822555768a33360e897c777b7398faf000000000e8000000002000020000000174f8db30afaad2f6c7dd90e328147e0d6329bd96dafa866dfc7c9fadea360d790000000ee17cbbcebe10aab8bbf8bd16fff4ec47c298d9a2644fc06370bc9833cc6b5b205ab99bfcd1c88b75307977c8510c61bb6ef0ee801eac695e1d07980336ff3f1ee3d0395aef3e0168a78f4678f5be4851f87e2ccdf8b5aa53408f7d3ecaa97f78ed460fa0ed689e1a64450d19b9361e89c78c11a1e0ec34100dff796a7e1cf51452b03eadec78853531184fb5483aca9400000000ea856bb7e6a69a1f616051428cb6510524e16a3b4ae479ddbcf63b38e749d570b93a85ba6e5608dc06fa1dffaad14cb4a2edd37e934daa4d03bcbabc121480d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000614dc991db81a340bd25b9d24eec73b900000000020000000000106600000001000020000000d4ceb8beeb13af9777a5cf4a4e59a5d50262d7d0ba9dc69d4d2442f7232001c0000000000e800000000200002000000013f6084634bfe5e0b0fd31b4281fd28dc6acfc5370a4bfba140983e64e41548f2000000091b701a8e76a73570340fbf5293a7358f08795a868441b4f369cb1429c823da24000000070aefa9ad8a758217f8f3bac9fca74bdb1b02c3f0686b1e29bc69a12bcb5276b95605796ae210001fca310368886b9727ebfce038aa25938b58cfe20899f28dd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422172" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2512 wrote to memory of 1680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2512 wrote to memory of 1680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2512 wrote to memory of 1680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2512 wrote to memory of 1680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a437c3d47f1a839db85f0e36e6e36033_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | cdn.innity.net | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | feeds.feedburner.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | u-sup.googlecode.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 172.217.169.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 172.217.169.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| GB | 142.250.187.206:80 | feeds.feedburner.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.206:80 | feeds.feedburner.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| NL | 142.250.102.82:80 | u-sup.googlecode.com | tcp |
| NL | 142.250.102.82:80 | u-sup.googlecode.com | tcp |
| GB | 2.22.143.136:80 | cdn.innity.net | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 2.22.143.136:80 | cdn.innity.net | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | avd.innity.com | udp |
| US | 8.8.8.8:53 | as.innity.com | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| SG | 119.81.192.141:80 | as.innity.com | tcp |
| SG | 119.81.192.141:80 | as.innity.com | tcp |
| SG | 119.81.192.134:443 | avd.innity.com | tcp |
| SG | 119.81.192.134:443 | avd.innity.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 104.20.18.71:80 | s10.histats.com | tcp |
| US | 104.20.18.71:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 54.39.128.117:443 | s4.histats.com | tcp |
| CA | 54.39.128.117:443 | s4.histats.com | tcp |
| US | 104.20.18.71:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| CA | 54.39.128.117:443 | s4.histats.com | tcp |
| CA | 54.39.128.117:443 | s4.histats.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 168dbfe099ab3c8c9000a96a013843dd |
| SHA1 | 9e3c24326f706fdcc211fbdea573564a4c2514c1 |
| SHA256 | 6e5544eca9e27f08c34b2f54b8a1d8b2066c581d13785c72a2e69356f852373e |
| SHA512 | 642e82449595d843332a2a4e1fda2a61a2e4654e88aba11109017ae5fd986fe3568ad64455a781beaf96f3c1b42ad858629da15bc6ddec643626a9f4cedb454b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | a043e71285c8abf4adf8afd51aeb6e5a |
| SHA1 | ffea4001a4da3c220553561b940571153dc15302 |
| SHA256 | 5a5d1ed3a9e885f031ee0852fba76d15c79f234dce59ac037627f4734c6ce076 |
| SHA512 | 15280ffc30f5d889ec5afae36ca6b14656d33c1813fb60a773f4ef7ee1ea07623b5d620057d38cd94bea355da029e3c2cf63b887aa7398c53647affb7ed6cf59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 9533c0da01549c5896e051e11a9a3e96 |
| SHA1 | e0f1746d41ff05ed69759521b8ae14d83f277aff |
| SHA256 | 15d3f5c61b6ac30f8ad72b88568de08108fc29f11d02e1a85b73d02cc42cb4d5 |
| SHA512 | 8ac6dfb02f54cad6050056fa672da87fe200a131929f825486361e2faabce92495b907b6deef6047d23d81254480cf9b07b3be414d734ba6c125795aa493d360 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 86b7b9c309195bc116ca1cd2b080bc47 |
| SHA1 | ace687cb8216e1dd9767585cb630916c508d8ca1 |
| SHA256 | 13677ac642b845b9c4ef0e69b80f1ac65a0bee4f53b78844284c1895927fce12 |
| SHA512 | 88ac3ab2ad9ee90cc57c5a9c762ace10a0b029d2f2efec81c69476495089dfb22f5d8c52945615efe127693c42a4a655233035a6732c92b5412c0993d4274f06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | c32a5bf8b81f3cf007a3bb6aa9fd729f |
| SHA1 | 088d717cd18e1f9574ad30b6703de05c427e61c4 |
| SHA256 | dd69a1020d97b33241970bdd6a05bb0e2cff8df49b17edb0ada4f9d7c5adb8ba |
| SHA512 | 3b136c50a3afd2cfa9f79fe19e2d414820fbe3e31505fe2ed1eea459730eb0296965091c7616bc5c0c07adefc33dd23d481b9de395c0ae8b23bf9060ddd55321 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | d13a21c583edf93b8a73895a36ea66a7 |
| SHA1 | 8e38a90013db2c6ebf01ee1e1123bf34e3bdc01b |
| SHA256 | 95ae581a4f6c55605a7d8d3fadee76e5f26ff816e98beb59467a3068b9c9483f |
| SHA512 | 31c4f36268392240409eb403c303dcbbfcb17b4409b69196addf7a882a44a973b08d420d049140626b7751625176167bb769ee3b198526519d8aba3abe4b5ed0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d84dadc8a20c221be9c850a64766852f |
| SHA1 | ca01afc1d4d0c9b4062cb6c214f928b1c0bfa7a4 |
| SHA256 | de2935891a414dc89f2080e47a305c7bf77047acd8d8610e5e222e7b972394a2 |
| SHA512 | c90a9d459764ddb6b464c2ceb9edf40291a502416f11b84cf2e36f945fe0be3c64a4c93c832939bebf9ef866edc92d219ba739e80ddf61ec627e4028d04da3d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 32ec5bb77c1c7daeafec0b1e0fd2b3be |
| SHA1 | 6853b6e73532708d94b5d31e97e5389b4c454691 |
| SHA256 | aabc55b541d2d2040ef79486b268d783c600bddb65cb7f8c2be487f3af364f8a |
| SHA512 | 47792eda681d723bfd9c45b29419205fda90d8c81da468300deb93b817d8869bb16aaabd49e34232994b16f1969287da0d9f3e9d14ab8133364581163eb3ea08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B7BAEDF8A66155214D6AA1EDC8BB7778
| MD5 | 7f171176d84919cffd54ddb4b0c0ec68 |
| SHA1 | 95545f831fabd9ebfe10a8cdfb8cac343e6ada1b |
| SHA256 | 93c3126612de4b4002dc25bcebea1dc7236959e75f4733a41de18f611d1ccebb |
| SHA512 | 4b442056e6720202e54924cfa87fe66d73326971b518700668bb48c5e191dabcb0e5d8e45e568edcb1dac306dd844fe94b37c0c57fe6fb89833b6992de17c0af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B7BAEDF8A66155214D6AA1EDC8BB7778
| MD5 | 86f76fa573efad85b4cf67fe59939c5b |
| SHA1 | 9a0edbbea181ab56360c5bccfdc2d2a07c2214d8 |
| SHA256 | 6999f3abcb61c30d903828497db77dedfa1298c049ad35c4522969e545aea3f4 |
| SHA512 | 616ac6a6819cd66d99e7431508c08cc0c5f1ecde33fffae3da1b2a9df829295d19a0c57b38bf9d8e71576c0f05d7d03a42e0b96a17fdfc42d9a1928c219a6eec |
C:\Users\Admin\AppData\Local\Temp\Cab1E3B.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B7BAEDF8A66155214D6AA1EDC8BB7778
| MD5 | 10a0f0ffcd46c19d13688839dcf95ee9 |
| SHA1 | 7ba36824d0480529c789465c094ae0b49c68d6c1 |
| SHA256 | 03dab6418ccd6c828db101ea38bb133190a352fd79cc75e3edf193cc29e84288 |
| SHA512 | b7e28be6e4fb267dbd35dd7dfbb7555ce5922847f0497b002ad629b516b8da7b5b6570bb21eafedb8a97f1338a18692c3658a5700e6019b2214f9fcc47732aa4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B7BAEDF8A66155214D6AA1EDC8BB7778
| MD5 | 5c6e6f00ae9201a592d55c37d2e95296 |
| SHA1 | df6e1cbcf0aac0996009aaeac6b341ec1011cbf8 |
| SHA256 | 12f5c056a44d243b6034416a330f3f86317a082404a83ffb217000cbe74923f3 |
| SHA512 | 6b9a96c7cc604fe1ccca04c990476caae98dd9dc2b9c5df44e899f7fc49f945bd757d07aaa868b0b56e125b391cb6cbc3f6148dedeadbfb0403958d6b851e54c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32689faebd13fb853ee7c08fae092868 |
| SHA1 | 140c7b16b83b78c16ec514087a79a5128edd84f4 |
| SHA256 | 051e1b802270d1462835507063302a635189286309378f5e0fc410f9da10b98a |
| SHA512 | b5cfdc0181d5d6d6a2b3078a5d1e6492bb441e01d0e8fc76a3ef5c15c62b42cad718e64e6e883a49b27eaa345cfbf5b8470cc0e04361077ab19d64531ca1314f |
C:\Users\Admin\AppData\Local\Temp\Tar2438.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\admanager[1].js
| MD5 | 7d11dcb6fcdc32c3de9ad65f14910476 |
| SHA1 | da03e80b14da916ad730c1c15de98a87e2c8f6cb |
| SHA256 | 46dcd32f6a4716a12d6346971aa66a3affada52e933215cd9f48f0819c418ef9 |
| SHA512 | 23fd2ef0ee603f127d7f28dc69a5cebbdf8f925e0bc5ab08e16f0817297091dead446aeb879ba2077daaa88ccf1a6e3aef4046642709cdf95dce47cbf096f158 |
C:\Users\Admin\AppData\Local\Temp\Tar27E8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0afd7d9e754c184581fcad2d56c390dd |
| SHA1 | b46a17c62a4888507ec87d10d787f0ed3ae035a5 |
| SHA256 | 4101a3b1c62519fb5a037ef9b2424d839b7f84cc5dfc10754786d47b281a413b |
| SHA512 | 7ad90299efa0b830dab1aaae579cdeee3979562698fe1fb892eb3a6f457bc6b3720cb40aa8aad6e2301ed54b1f06a2da9ae32abef669d9a1ee07d98e9e2f933c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f71c4f167765e417be622779056dfc14 |
| SHA1 | 3a5d4e436166f6a792f7aa3b5f03055572aa808a |
| SHA256 | 055fe57a697e049146992ac9026847551da39dbfa948326fba5ad860396bae4b |
| SHA512 | b21e6f0ef4eb1ca329b1c4289f059c4aba11ca4f0fa981fc6c0af494fd0f07fbcb663a7af70ec0884ed48eb695d27574b33dbec4d0422b0feb43dc227056b661 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 894fa7958f77895b6e4939be6fae2319 |
| SHA1 | 5cd451ceb13e908cdf0b279d5a0950d49654e004 |
| SHA256 | a7c100d19222c7951730bca028e549aafd1ed959b3d258def58cef27523950d0 |
| SHA512 | 643982dfd271a7de596b04e97853392ccf7f2288a02fff40b27eba32a126223550cd71620e78e0a6ba9ac770da19dcfa165b0209bf7759ef68ac9e0fc73ba245 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5f49f0a6458e136eed13d464e39ee9b |
| SHA1 | 783523757484d6145a0f68f309f122db802208bf |
| SHA256 | 45721c1773a6f805ddd2c85d6c7b45f272561ee72134cd24a39d539c840362e7 |
| SHA512 | c68af43c9a0a16c56485c7206474f50e84a2b8cd92e96410eb3d0727199a9617f44187dab9493417fce7194dec9f10ff7a6a5506c6a5f1e23841bee14ac439e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6c12ceeb1bf6abdb3e0adb3afb33c68 |
| SHA1 | da24c83f8ed13e40424afcbf44bbd1951aeed5ea |
| SHA256 | 0e079a2d730d7024c8e88a3eaf2072d21f1b248fe68f177d40c6f7d39b0b5113 |
| SHA512 | d38732c9312be05d1a7bbb64cd1cd2809a3db05047cc545044019340bfa0b892dce7495dc155bba1dbec251775ced53fe89e70ff9f62f88c2c0ef1d0c510b5a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3af63ab7fa781089043bd18c2b4db9d4 |
| SHA1 | 64f71770e933431fb22b900591ff89086827e5aa |
| SHA256 | 11f73f333b2254ed9d618418f9fe19abdfbf3b9897e44f580b7529df579c1bb8 |
| SHA512 | 56a17dc0d0269d1af7edd42d173a693e690f5086700256fa5ffefc5b986eef30893b618c9809dbefa175124aac9db71b24bdbb9c8318c6bb5cb23d58116635be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f8f214b78cab4477dc368b1ccf16a00 |
| SHA1 | 3e13f34a122229dd17edc3455efb97f3a5362106 |
| SHA256 | 69aed56bbaf9df91a476a76008d6265036a29a6c73fb55b914b3a73e19fe9dd3 |
| SHA512 | 3a4b042252d895ea1b56cef94b2c2c0554418fb092a12a03ba979c3ca722df74c42cad902c1800d08c136670473cb25ecddbbd1f01f3ab1f0d41362c47a6330a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c13d425e10cad6ef737e88dd096529fb |
| SHA1 | f55b00f1dd06b81095b0b521fc1177241f0cdea3 |
| SHA256 | 3d8ac25c3257e2fb69518ace05a1d1b87e756ee26a1b362586ae26ad937fceca |
| SHA512 | d66cb606fe3c9ae0954e7dbdad568780c9cbe77070df3ee1b8533c0cf1877d59881c6ccfe24315e638b3ef5511162e2572f7f73a0c28373acf0dd2075f476141 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a03a31d68a7e1fce89bf9e4502b70360 |
| SHA1 | f29a905c2c03ff92c1c644376afb58e9ef545ad0 |
| SHA256 | d5dbdbbb38e772e26b2da382e312259edbdc28b22a9cfd8be2e80ccdf03aea2c |
| SHA512 | 227989d414a6728db50cadc0734ebd3e8797c0cac7e4a651350a79b2d71fcb32bb2a930bc995d324c820be0122cd38aa945a4891b247c6c84764e1d4ab8440fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2177764640f20db9a88bd9e385c87a53 |
| SHA1 | e710d2bb52413557bc9905d5a9803dc7edab2d8f |
| SHA256 | c0efc7eaa4f1489b6a8798e040bdef9cf6df74f57c7c796126a660cd7c249d58 |
| SHA512 | 73ecd2a94ea62668fbbc8303b8a3a19cc10b3003e24e89d9d7884bfaa15d3648da64a26076be00ea2aea139ee5768cde46ecf48ccad456e2bdc6af489e84dca0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2814f4b30d9086c0e1894fa68dcac5d4 |
| SHA1 | 32ef5192fc4f81963a85eb3ca5be8cc80dde944c |
| SHA256 | 9bd5d89a3f4b5480ff8cb002a21bf6a240e9d56cffde1cf5c1b6d07c97bc7195 |
| SHA512 | d27ad4554ccbe94aa7789f549dbfa1ebad4dc9a5d06894521ba2d0b195d72981c63656a79f648442ce848d2a2ac340e0111451c4cf947f952aa4b762755215dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79db143be7999b71c5e391dd17685069 |
| SHA1 | 89e53df5c25eed3df661d6e2a2a8d271e0bee312 |
| SHA256 | f7a129dd3d62cf1236b084b68030d0bf9f299fc4e30cd56d1c0a0159e7d77ff6 |
| SHA512 | 2a000d7eff5f3a7a5d3dcad80e0a1f4f9743d996672086f649ad871bc20ab5fc11efa55f33bdacd227a45b469fd1cb4ef0def74b8dae521f1adc2a4b2624f0f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14dfe1d2144cf339ef6555bc243ba20d |
| SHA1 | 1ce21cd6f1e19137198d457a6c468c2571721c5e |
| SHA256 | 360307ba62ef76e62aefbaaad358f7c1cc6f658cab4f6c944c82d865ce048770 |
| SHA512 | 80f325d878cd5141ac7ba3c19b07fbc5ed09c4a0b853a2cfda3fed105aea9dbf7055a75567377bc403c632ba9633f76c4c518ce2e8ca5a8e52af73a814762169 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72a61016fbeb9643557f041543c7c8ff |
| SHA1 | 1a8df06f0aaa1f701b5f5122115d2e32b7496080 |
| SHA256 | cb9710b334a9e446b57a250476bef6c7086b186322491744ac556e514e8d8cf4 |
| SHA512 | b8c8df15409a88d64ab76a96fb0f16e186e6300573b055cdabe39533086ee0f00cb2c3ab946192a81899458973d444ff67c6efed283447249efe321094ffb5c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cac01e686a1088ffd519f8ad8570735d |
| SHA1 | 9810092ca319a6ae6ed402b1988b58e961bd944f |
| SHA256 | ec5868ea603a370d60686a222a5665f50261f1ea6e1e4bb834b09eb55bfac25d |
| SHA512 | a5a2304efc35d475014ef7db152670fca21207e1ed3457ecd205b3c002e49fd63947a2bb620c6a7c00aa959e08b30d45372957f5b70361b3b1416548e3b208b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 21bd4737db9cecf5a8415f6b2e6a4790 |
| SHA1 | ec896d176ecfe6710ff4485a85f378ac7bd91237 |
| SHA256 | 38f127a1f6a801f7443ac88e4ffe4bcebe1c64a3dbb14a29f99ba2953a4ed844 |
| SHA512 | 817aa47f49c2420246290d65dc7671f4c920052203fec70d189d0953a85df664f7be578bd339989fc74a14489f8044cf8457708763bbefbb4040203ee1225e1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3009a9f308d95e9de45c1f03cb23cf90 |
| SHA1 | 551103511bbbc07ea64a1c787d80e1c2968826ce |
| SHA256 | 7a20f7d1c7f084d4789623a393f91ee3085bc6b276f5eea83d84829b2900f555 |
| SHA512 | 9252d82a66bf6812f8078740a3d9c6635045caa83005b570312c7049bebb238f47166dee8193a7aa5838b7ee25faca0bb52e0698964dc5e6f061cdda7f090f41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4dc5ff34a29fb02691ae09be3788b0b |
| SHA1 | 0604afdbb9e402c98395d67a667e741130738041 |
| SHA256 | cb33e1bf842b43edac95dd4280a0e5f1df910005aca7f47fb38ad8a8be22f80e |
| SHA512 | 6e3dd170d0bfb40857dd595d274d387c45885295085b06bd1d65e5c05458157680bcc6552a182f3212cf4eb58f0b279559694127c180c6a977543b25bfedc66c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afc76a324e7a286557d4a438276a9289 |
| SHA1 | ac1e2536e18d9fe83ec177c7baa82dd533a1533e |
| SHA256 | 460e4fdda6a38f05811b2c41b34f38dcdb452c63b313cfc6c51172828096fef5 |
| SHA512 | 32a9dcdf32055f607dd3ee47b0f1aed75fdb493c0d70459e6b31c3824601b1e8ef737e3b6dadfc3680551dc1f7207c4240e165f9004461aae7b70c0de972382f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 237955e42d5dbb7faedc0ad3af6dac2f |
| SHA1 | 099c767669f91883ce6b046ec7bc85d6a705b2cd |
| SHA256 | 6b94d111abd39405a36042826f1cee97ada895be52e52388dd8b755218a89e0d |
| SHA512 | a457c13a189cd7b8fc106cb9223bb817c32f4dbe50767dc0a4b1b402d976110246ac5b08e58f50b0e4fbb2c281171ed34445c298c6018b9a17385356ba444ddc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d83da83d4e5f0b5d42ec3fdd72c698c |
| SHA1 | 956b2981bb14714662845c969b66e1498228c1d8 |
| SHA256 | f347782b247051c907ef412600e99f19ddc8ffb7d8e13d9986db17f7c26090f5 |
| SHA512 | e4b2b18abf3e685b1a7fdeca2ed3b3030f5e1690fdaebf6ff9d2b379ff80fe19bc5e0218611ce1af66bcec123b891f42dd13e7792d9383a0c5754b881b4ded90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4251dfd2e82f022bf13740b42a147339 |
| SHA1 | 1cdb405c43c42963bf165f837b18ae33b1095077 |
| SHA256 | caad9d499ab9fc11a538b2e4f6ca6511f7a14827c7e0b1252d72af97e2778eb9 |
| SHA512 | 3958d688a164522835ea2a6befa622547333c9fe98d67ad77ddd3e6a861bbc2890f7ccde335180fbbf963a5f5e97a272c95a74361699c74be27d08fd97ea8624 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | a1c871468dd99a47e0c3ffb77fe00c32 |
| SHA1 | 9bb6899d07515375fe2e7215740053c2ab3d342a |
| SHA256 | 1fe38982950bfb49b539f2ea1559f1b7103638432f042024eb47736aea659610 |
| SHA512 | e80e4398fc7d73be4500479af53730bd14721873a194003c795eb92d7308ae4a9d445ee791bc118e0fe8b7abe1a22fbdf93f7972b94cec67b2f4a6cd95bff742 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c5f9d740c4561d832e5f502dd8aafca |
| SHA1 | c1f603645ea9cfef8cfd35f44d2e80337f5fee7e |
| SHA256 | 7da515b526cad8ff355b447b7d4f84198aa60625251ae94ba968fec51f177b07 |
| SHA512 | d623af5c94b50f10fd14f8d01c262dff5e6d67ce0540518525be1202c7fffb387163a75efa6f0e3f262fc3ea8e1504960469fb3a1ffa05c7f76e348f3b01a09e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ef12085cbfcd4538987863f569a18d7 |
| SHA1 | d0e3deb0503acf7ba2453a229680364ebb01ddb2 |
| SHA256 | 5801f9fc00f13861383c6a239cce40983652190f6f6738186fd37b2bd08fa346 |
| SHA512 | 6900653a3e0d15522ba432a4accec44cbbf87c4bf4fca8bd82c15f96c0b9c9c8ae0d36888fc833b0a40acb5e066198b8d14b369d493068c71500e216d0567373 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:31
Reported
2024-06-13 06:34
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a437c3d47f1a839db85f0e36e6e36033_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8517946f8,0x7ff851794708,0x7ff851794718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,17925957137025461445,11196393994311047241,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1832,17925957137025461445,11196393994311047241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1832,17925957137025461445,11196393994311047241,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17925957137025461445,11196393994311047241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17925957137025461445,11196393994311047241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17925957137025461445,11196393994311047241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17925957137025461445,11196393994311047241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1832,17925957137025461445,11196393994311047241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1832,17925957137025461445,11196393994311047241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17925957137025461445,11196393994311047241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17925957137025461445,11196393994311047241,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17925957137025461445,11196393994311047241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17925957137025461445,11196393994311047241,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,17925957137025461445,11196393994311047241,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5068 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | cdn.innity.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | feeds.feedburner.com | udp |
| US | 8.8.8.8:53 | u-sup.googlecode.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | cdn.innity.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_4420_DMNGKSDOORPJBRPZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b3bd9ed0bfb04daf7c3b40b9f37b8362 |
| SHA1 | 1bce09a4f4508a4f8e498e592fd99ff161c632bf |
| SHA256 | a1c1ffd4021f0d0346793f1de70613bf298321531abdcdc3e88c98b7834a646c |
| SHA512 | 3e65103b10757113be227a60edd05433b64172f6e2ee5ef40929f33c001ba8806b084b21f31596984e7b5d92b83648f2bc0d659ff82d05265845227b40b2951c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ad993f088d2a5981f030fad448a02337 |
| SHA1 | 1c227bf97b09938659cb52f5e4cbf50e8115eeef |
| SHA256 | b0fe4601676674b0bbaa15b68a6c82e88bb16c2de06c3ebb1fcf1927a7338876 |
| SHA512 | 73a1534fd771a610c74b706d73b886ad6d30908e32df250661ab81b9c99dad354b386b5bd4d184d59cb70085f06873947e617ad08ce7d4e374c11df4fd708e87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e19ab62cbc1dbac6f5212bdd3dfe718a |
| SHA1 | 9486db529e164e1bc94eef02fc8ae716c2744799 |
| SHA256 | 35c842383bc07a02c4e2e7cd0d3cfee18ae487e5d718bc3ba7aeb66d39bfa632 |
| SHA512 | a8085cfa677d41fac44be0b9d70b21cbbc6867ece7925607b255d608a99eb033611539b79bec61b7f5c8345d711192eaf4ff48369ea722bf80752133d39386d5 |