Analysis Overview
SHA256
5d148a9cb009e417315dfd40645197cfa8ed93d369d238434e98362ccd14ee30
Threat Level: No (potentially) malicious behavior was detected
The file a4a395155200924231b1cba2fdbc0566_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:30
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:30
Reported
2024-06-13 08:33
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
138s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a395155200924231b1cba2fdbc0566_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffce4746f8,0x7fffce474708,0x7fffce474718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1800,13677281799213063780,6048839905569734353,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1800,13677281799213063780,6048839905569734353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1800,13677281799213063780,6048839905569734353,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,13677281799213063780,6048839905569734353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,13677281799213063780,6048839905569734353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1800,13677281799213063780,6048839905569734353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1800,13677281799213063780,6048839905569734353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,13677281799213063780,6048839905569734353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,13677281799213063780,6048839905569734353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,13677281799213063780,6048839905569734353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,13677281799213063780,6048839905569734353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1800,13677281799213063780,6048839905569734353,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3340 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | vjs.zencdn.net | udp |
| US | 151.101.2.217:445 | vjs.zencdn.net | tcp |
| US | 8.8.8.8:53 | p.jwpcdn.com | udp |
| US | 8.8.8.8:53 | maps.google.com | udp |
| US | 8.8.8.8:53 | fusaha.com | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| GB | 216.58.213.14:443 | maps.google.com | tcp |
| US | 151.101.2.114:80 | p.jwpcdn.com | tcp |
| US | 8.8.8.8:53 | vjs.zencdn.net | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.43.107.13.in-addr.arpa | udp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 151.101.66.217:445 | vjs.zencdn.net | tcp |
| US | 151.101.130.217:445 | vjs.zencdn.net | tcp |
| US | 151.101.194.217:445 | vjs.zencdn.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| GB | 142.250.187.202:445 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| US | 8.8.8.8:53 | 150.242.59.199.in-addr.arpa | udp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| GB | 142.250.200.10:443 | maps.googleapis.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| GB | 142.250.200.10:443 | maps.googleapis.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 8.8.8.8:53 | maps.google.com | udp |
| GB | 216.58.213.14:443 | maps.google.com | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
\??\pipe\LOCAL\crashpad_4472_JYNQXUAYCHGHYHPE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d35759df3f4a5a820c1c3cca51ad05d4 |
| SHA1 | 64cfa6aedd04cc5817b35c7734e5652b2e7a6508 |
| SHA256 | 76fd383536ac0c341b50d0ab9edac9cb3cb34e5ba392106aefeea73dfc035d0a |
| SHA512 | 13977916358458be5d4ff9389245fbb6e8aa463ce76ecfd5a90af5b18bae0b07318e304d2c0a138177072ebc4c17acc9565e5079aad9ac40ad1b8d9c0efec933 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2075a71dc9691d42c974e0b49407d2b6 |
| SHA1 | 807e6685f2de1d4f4ab0297dca03b95c3dfcafa4 |
| SHA256 | b33ea566f4cb5ab99f3091761c6af8bbbfcf1763a950d18ba95dc3db14f912d9 |
| SHA512 | ab0c9e43d3906571a1373bdb0de614cd5319a142b96272f7f11e826ead338fb27a330f00f2f7ef578f85d1d2678e2cc8f9ee938099a2e1b898749a2bdcf42531 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ffa20d70a67af6e4ca49c226820346df |
| SHA1 | 630ba527ca73819f1e87dd03d608e9f43f044a99 |
| SHA256 | c412fe0891cf5651d73bf6f45a554c7bb6257c5deb7fa1415362eddcea95a46f |
| SHA512 | 8add8440c6d410badd56299c4c490c28ff0497218cea3772a25ee9859f46400ec4801fa5c629d8cd57ce7151d3cdd1150733581863a47a7dceeed97a5d7192a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3fff66f3925ba44092f13fb5275434ee |
| SHA1 | d1e174d4568057736650330343ea21fd1dcda8b4 |
| SHA256 | 3465531748679903fae320b25b6ec5c3da8e877db037927de5bf81c8eaff4e14 |
| SHA512 | 509b1e87eac3f18e28930049cf8c9e0ca1222631f4f2244d31acda5d85173e310c95d3fe65b5996b85f774a910d4e56ace322ac4bc909f572c7abce339306559 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1ba5a9f502e2e03491c3ed5f322fa4e3 |
| SHA1 | 5d3d4fb0cea5f1e7729edd4e2e8fc971515696f3 |
| SHA256 | 8e3c7093768799e2001d3f354c3b88122c739aeb0c7ebbb745698ade76bf03e4 |
| SHA512 | bd549043014dafab16ea372a6079de1e840ff50eda33c09b52549eec74edbe7a2fd56c27e91d33882bd5101984d7a11eea3c816995b3254964715fdee41fa097 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ea04c7fb008e16c49605bfe6a79900db |
| SHA1 | 24cc8df7570c9e6769aa6aeb42cfa2495b719480 |
| SHA256 | 1c92dc7109cd8c2a0560575b23297cccb753ac3559e57db00aef51618ea00ca7 |
| SHA512 | 465865035895c5eaf98fd9572be1ca926e512a39f760c42243a6cfa7827aff169251a767369ee468e7932183620fa7af2e9d6a55e8360b2c2089a235dae3bdc6 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:30
Reported
2024-06-13 08:33
Platform
win7-20240220-en
Max time kernel
149s
Max time network
143s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009853100535adcb40b97bdef8d373711b00000000020000000000106600000001000020000000fc6963b0c29e67a4cc1b42162de631c1d9df984448926817d0c14881036835aa000000000e800000000200002000000098e51bab73ffebd8dd2b51d90d3faae2b7aa1b955237e4ac8277b557328f721c9000000044630b822114baaf2b3454bcf2665bc597bbccbdf132a8630d4a455d3db8ef5d772e33a66e0c262338b6afbf15803f21f2d73350e760a9d1dc50ca03104645f4c39c95650f02cd3eaff12f8c4c20fa9e9e44ae69ed98a76543320f42c7f1e0036cb43e233a140db033f2e57332e7a59a3be4184a9fe2fbdbab2e2fa39e2ae6b956f5a76999e5e90e4eb949ab9243b4b6400000000a68c9ecfcaecba9a52b7a2b2d70c9422d7fe7afa6e56ab4055a97b9f6155a46dfd400173bc6d4323fdb876eaa1093fa7b449f7dd5fd4848475bc785b5bf9cc0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0bef9386cbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424429311" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009853100535adcb40b97bdef8d373711b0000000002000000000010660000000100002000000037f27a26c741b293f1bec86f20318d7053d73bba3ffb8e7764f608b1edb0ae07000000000e8000000002000020000000d905a720f6ab62d229127b6e297efffba5d7e5915991d41a4def946460306d6020000000c3964de980c95bdad8aa4e16a6ce022683c469ca2aa1e2bd17888ac5e2b0d9bd40000000769c9295ed7fd8d24a917b7ed17de09e6f5c9b5e6101bed657297c9b262475e73d581bff455055c48743f76fb8268e27751f6918ba3dcef657c1ff9b45db0350 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3798BF61-295F-11EF-AD30-660F20EB2E2E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2088 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2088 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2088 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2088 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4a395155200924231b1cba2fdbc0566_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | fusaha.com | udp |
| US | 8.8.8.8:53 | p.jwpcdn.com | udp |
| US | 8.8.8.8:53 | maps.google.com | udp |
| US | 151.101.2.114:80 | p.jwpcdn.com | tcp |
| GB | 216.58.213.14:443 | maps.google.com | tcp |
| GB | 216.58.213.14:443 | maps.google.com | tcp |
| US | 151.101.2.114:80 | p.jwpcdn.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 204.232.192.84:80 | tcp | |
| US | 204.232.192.84:80 | tcp | |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 204.232.192.84:80 | tcp | |
| US | 204.232.192.84:80 | tcp | |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 199.59.242.150:80 | fusaha.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab202E.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5393642d995eafa3c3b3cbf3caf690b1 |
| SHA1 | 75eb1744e057fe5a4121128a556f096a05246875 |
| SHA256 | 1386572dfe035cc2211918b949e135f424afa466b5f950802f7d98ab26604d6e |
| SHA512 | 210d115de25aab054a02ac832221fc3020b7d0b81c0ff737a502bdb1cb77d97f5a2394ab4d45c82da3a95b76310176d4d340c803eee8bcbe8fc8482ac81954d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2218.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | c93024e5cba3d308bf1915a8fd0f56ef |
| SHA1 | 7b92dcbaa8ad07e0c07226ad3d27ba4dd8261b8b |
| SHA256 | f833b48afb1f067bba5b716e7a1d2e6d1f4202a1fbd4ce2f6b956a1bd87f5b1f |
| SHA512 | 6fbb060097030f2b4d96b7e285db3e9d902c2d993139a0d7071d08e8e55c95673e9dffa15d76db7eb3dd614edc041babad6e1238354e0b89a8030cdc5a6d3c23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 74f7089ce00dfff28f40b1004a2eaa10 |
| SHA1 | 9db11861960dc5beef0edcb355598bfa6a6321e8 |
| SHA256 | e505c13a53a7633f29a8796ad3d1eb6c82d307f462b604db08f2cbb494d1ca16 |
| SHA512 | 6f9101d7ee2198448341233b97f8e2f052a0f2e50d70246f02ea043b828f69043514a8316aee9fe6830554aba90db857db651d0cbb068b25f0c5d1312154e240 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 145e6b8f37b569dfbe51ede10b8bcd0d |
| SHA1 | ef4d7129ea91bb398b0a64f6d64dd0265c290d09 |
| SHA256 | c2acdc9710cec0a542a5d55a0682fc44e23d80eda77234165ec9553735c9fc56 |
| SHA512 | 514d57bc119ae5e1f3456e48be35d5a6e99e432db56acd368349fba1df382ef90ae5d581d43d5f0b2d9eea734f62d09d121e468f98f6d5f51c30ba0680a901ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea3f9b89e13292b989bf691a19c1814d |
| SHA1 | 455863a91d64ed3553fc799e7f0e41af117fa761 |
| SHA256 | 9fec8e210de298f9ddad543036239fc5ce82bc04a98f13e8e8beb1ec98a0948c |
| SHA512 | b3778ef653f19b62183d32a40899d6da4ca10a4244d444bca89cf22f45551722db4aca0bc715f1954f77db0ea6ddf8bbfafc90719d37e3eff7bfa3aa010be5b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9310c138b7387e1c9f12996e525cf635 |
| SHA1 | 5b6a87aa897ac99251c2fc85e65e1227bee1ab29 |
| SHA256 | a1e9e80fdaa60844785b6820520dd718443775ee3e5c5e6d98ce15f122417bfe |
| SHA512 | 470c7b4acc3b959f62612aa47b95b8bc6ed77ef5d4084570bfe724c9942433458c443b27403f65b02ae8781a9adf5944c7cd6459a32206eea3f56afce6e9be4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 575718c42cd0704f9757a75c35c87f7a |
| SHA1 | 12b49011e16d14b512b416de8c2ea2e5118dd141 |
| SHA256 | 95971cb79a137202243430b864c7be711448bb80799b9ef98933edb545bed7a4 |
| SHA512 | ce467afa54adc72255dabea513966d1d8bedb2e37cf7b075befc58d7b022b0119232aafa33940bd3d769166a4bda6c6c426455434fc7d300abca0d9e507a6520 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 92c3d22e170364b2bdbb10cdd4cf4e7d |
| SHA1 | bdde3ade7fc3baf6b63079d915f0c51434da396a |
| SHA256 | cda67ec14258925275f9ebbf56047714cb56e7fc2846a7f53d99920a5e27324c |
| SHA512 | 43e7a272eac2fba950bcf7e46946c12926fb354e4ed5fe4262e798d010a3866cae970f73db9ab9bdb824f8ac411eee536645447a1ff0d24f60f7a526ee43f80a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5bb87e204b77d5b080fc150fb8267cfe |
| SHA1 | 15d353321c0022947587846787276e9e1527f052 |
| SHA256 | e8ae53bd7b15783651108f196bd82657aa7691adaf225f516129d2b683187bf3 |
| SHA512 | d8788b8d7148b2c652b86b38e0124b4b55987a009698405f41216f0cbc6d3693ccdf67cab5d4f75a7bb2eb80d5bda5574ca589eb0732de1dd24bf89bcb8cecc1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 661434df1c11a4ed9786c5919168c2ee |
| SHA1 | 7b704f562363ce2b9bafae090597cbbea55f0dde |
| SHA256 | e659dd353c07eabe62e285b3efda11672013eadb5aead724202bc64041c4eec9 |
| SHA512 | 344835a359004c69ca4ab2dd4c1173dc120d07fffb75055b61b523d805e6db103ef83dff54d7b8035eae8007b3e2e67cd73a9139f91cf8c6d9b573ec1fcbf27a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08be161dacfb0212d0eb156a60db43d0 |
| SHA1 | eee736cb2326a148a3d7b549dfcd75787aafdf81 |
| SHA256 | 5ae7be6317eecda5a61fd498041bf325b8b672ed024485be932df5b2762f6c54 |
| SHA512 | 2fbb2a373eabc59de61c7390809bfc50a758152db63e33dc40cc661690b47505d08d9be9bc704553059b5709d4b75fc69e41343d739bce3bc142a632719db457 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2ff842015eaa124edfad293d2be03d2 |
| SHA1 | 635d75ce0062453812a8f42514beee46794d06df |
| SHA256 | ef4b8d2538e3d4d0b8abd0b6e0aacd8d1212a8569bd3f25cfda63a9219a8a7a2 |
| SHA512 | b5c3e48ba526178808445ffd71e579752a4c45b25a346057d31b16b0ff9fdfcffecb70bcd6f9a5d87cfcd421b414c3d68f343007aa60fedb88ad6211dfa854da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f910b46473a10b9bdc7195d2eb413e20 |
| SHA1 | 97a783a59bc72e8a6a7314a26f719ab38be7065e |
| SHA256 | 3c7a04bde6895ea0af6913fd7c641e95cee480c661df03f2218974008dbdec48 |
| SHA512 | 4de71b3af9a123607a0f385548c71ca50375444e04d1c5e412e669988968a1a56d4b8d70d571a5c8d2f2e4a8bda8cf322975641735211a156b10889f95d6b721 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 385e1583540dfa4b3f6ecbec2a0f0784 |
| SHA1 | c6cc1e809dbb79a95ecbae627a1b0dfb2e0dc661 |
| SHA256 | 54d906b13760bf4c22b42df6225ded65842d7cc32d6dde3d2613e23133b5b795 |
| SHA512 | d6a6299de1af95d6894f903e20d9c13a7f4730461ef10b9b812d39b3b9a36412a4c37dbb31f4d93014ce7606a55f940fcd3f1d8cad016e7f9095865e436970a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15525a398684b55682c4bee28b166c58 |
| SHA1 | 8c845b1d1d6b9eedbcbb57dec190100c5264e20b |
| SHA256 | 559798418e26b24079b89815196482f63f8ccc2c42f5e0ebabdae018bd75f1cf |
| SHA512 | 17d53f5082a1631a644a550a7678cb08ba8dcb91ceb7ec0f5df9661050f67be5bc9491ffd085e0b2fd8eb8634835a473712c0f53f358fa1630aed7e73361ed3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ff738edb28d7839a67740aeb08c0cf7 |
| SHA1 | b56ffaf85c9488851d00b5ddf94f5314866327c7 |
| SHA256 | 215f773097978d7c29f1200e1590bcfc5c323a283b8c70c6df9f6f9ffdf34763 |
| SHA512 | 285b5b3bcd9d64dbaa087ebc1cc53b1e6c596e466dee539c639ea93d3e206eec45976fac8f02bccb5c1cd372ce314540e4505803a0ad847a74a8ff64cbbe8539 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0e347d269b8bf37fd5f661b6b1862b6 |
| SHA1 | cc8ecdcd80d2582324dc3992e3c9a7681ee1789f |
| SHA256 | f7c3cbda0683e4bb0d10bfa2e97a08a5deb2ddf8075c956c02de6b0093adaff1 |
| SHA512 | e23f972f7aba5940c0501ea405adc890f4979fb70a33cb78fa2ad5fe751ed3485805204d2878b6ce1cf3a28120cc7414c3ba449126c372e16af98bd2dc0b80d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67b09b3a839f26e7f1a486c39abb691c |
| SHA1 | f86eaa662950dd10cf28e39c1057361d5117f9e3 |
| SHA256 | ec9ac77688b07dab0e5c2811323e993dae4791eeee9a07f01481d56ec8db0313 |
| SHA512 | 1b211cfb0fe93d26fd34c4f3fba1d62e305a38f1fccf1b8d55b2fef5c3a041c5eb498a86a41df4859615a8a558d2aa7cbbc492f4d313dbb69dd94f7034ac13b6 |