Analysis Overview
SHA256
a63f8ab2593f6e31909a18cac7daf760c3333b77a21979432e31e7a85d3709da
Threat Level: No (potentially) malicious behavior was detected
The file a50071c5de571769277bb98bb00b5b4d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:06
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:06
Reported
2024-06-13 10:09
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
145s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50071c5de571769277bb98bb00b5b4d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd08de46f8,0x7ffd08de4708,0x7ffd08de4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2460 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11597024190018658414,18043466084974873251,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.brainwave-generator.net | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:80 | apis.google.com | tcp |
| US | 151.101.66.137:80 | code.jquery.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 142.250.187.202:443 | ajax.googleapis.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | www.facebook.net | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| PL | 46.171.10.10:80 | tcp | |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| PL | 46.171.10.10:80 | tcp | |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
| US | 152.199.22.144:80 | platform.linkedin.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 144.22.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.brainwave-generator.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.200:443 | syndication.twitter.com | tcp |
| US | 104.244.42.200:443 | syndication.twitter.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | developers.google.com | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_4868_ELOZPQVKOIGBPDGW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d48bd3f6bb9692116706643dd5042788 |
| SHA1 | cdb996aa1477cfcae1296ebdee8fba7f5c2f41cf |
| SHA256 | 42756a9c5aa46e72866e597cf233904d0f0ed0d5989b1f05c53f8b246718a642 |
| SHA512 | cbc2f91673735e65d0b61a876de3cc670d0055260e4fc55a21558d6a110c4b400d18cc2d4aabcc99d4d933702f9ecf4f490c6479a2ae79e3d9ec40424158a27f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | cdc9f19a52e87121bdff5faad76470dc |
| SHA1 | 61786f32243b3384fb8bd1f460070465d32ad556 |
| SHA256 | fb5b531776f398b46eda13ed3ccddeece8fc54653f27b93fec45290a31cd840f |
| SHA512 | d80755833280d63ee7c894510ba25d1ef4ec55757798126bb0a2880b9d0f90489c0d5f5765d90673ee7d6670931be05d38c42929b938aab3d6f643e5cfa0fa3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1c427da9bbb5b0ea337e8146ec08778e |
| SHA1 | a8c62caed7f26c34269cb8abff3a76776ca22769 |
| SHA256 | 9f837bc3fac0a31df08ac7b498e016798ab9b608df6078344e578b55566e15fb |
| SHA512 | 498d6160cc0f09a71bfecbc49d34fe8012e77b3f124ac88152bc2e8ce49a2681e840b0a9c54dcdeb7bb43dcf92a136e984ba570797cf233003155c615dafc6ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a7feecc12e8404208166735d2026ca3c |
| SHA1 | 1a547783c9c4463aae6db0dedff0ee8f45f9341e |
| SHA256 | 3417f7e725909ec9dff779e30a94a21dd74c249bb84cb557472db2b444267ba6 |
| SHA512 | f573fa1f3db958b34b73bf65ee3ca868016054c169c4aa1cba47713421e58e86b0e98ec49d2de9a937d716bdaafade09d94733271d9ac8013668ec5ff11fd0b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 819f9f3441bb2aea580da7932196ff0a |
| SHA1 | c266a2ab7aac41e4305003a319d55abdb789bb85 |
| SHA256 | 52d1d34c5737066c0308aa671b0423a3ccf47c9912147425a635a5c9456f2012 |
| SHA512 | 4d6f622b87908c5bad6f645ad9c267b083b251ec2d24148dcd5f3325c1dcf4edb4979c325b71709f3f48138b1d945e89ce919017b7a49d27100c7bc5cf8505a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57afd7.TMP
| MD5 | 1f9372d234c20dcf6254b82b67850c21 |
| SHA1 | 17c05e7c4c35045a79e42006d32d6c5062a2d302 |
| SHA256 | 423aab5c61cb6acf96a95b96b407c499f1744c3c249d5be236d10042754e39e2 |
| SHA512 | bb6ac825743cccb34afc3d4a4edf9b04f5e6fc621fcbdab32bb8622353123601ec0fc8826bbc01830a7640ec41a0ec763ead4477e177bbd163d8eef43dc66a1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a2184f82510cb562327d0802942ed25e |
| SHA1 | f8c1773c05fc313a37c9a6c2b1408773a5935546 |
| SHA256 | 57d35c9a7b62578fbf698e6b6ee0b274ad4c1b24b29dba67605cdc710ec29497 |
| SHA512 | 6bb3a227cf4d11ca2ce5ea21560cd7fe25edf6cb3d3ae884a18e5e5610d170939691f612356a3e130033b00283f119cb7f214128666ce3858eba0dedab777c32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 04a7d959125600b005526cd1cfad83f7 |
| SHA1 | ea04dd74db26cdc5ea1c73bd5627de3127d34b3a |
| SHA256 | 1d965e002f55b68e2d860a412953eb94926e7730f994a9cb4b81378180e1ec6f |
| SHA512 | f205bf074aca86ccd873462aa456bb7bddc22573e6721ae5092aeb84154a1d29b0d5384baa86b532b270b245c96577c4b5c66ed17ed080c800112ebb3fc68bc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7340b7adc5516dc9da91842a7f658529 |
| SHA1 | f05f71f4fd0d4915345578d7f28ad2f916dd0627 |
| SHA256 | 335fde295c7f92aeba94ff191528bea206e6ea62627a97dea9f06a797e49615f |
| SHA512 | f39d023cbff7e5bba5edb68ee2fd8fa1cb939c364b76c6e44d7e0d7c627bf226a8cc0831c7b6c8109ff0a00af7e8ef19530ed7fc7d676f2364e5e73bd49936b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | e1c71f7c04be834f5587230db2ad24b3 |
| SHA1 | f3bab9cb99d9f343bf7ed3981aaa7450515d2424 |
| SHA256 | 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899 |
| SHA512 | 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c6ee21f098c21a3665409b5fdc736007 |
| SHA1 | 64cc42683160d6cd544e9280cdd0a8acc9b8728a |
| SHA256 | b1b801f8caa92c48ea2b905d5a2898f6dd64ae98789b185c1a94355fd002c5ae |
| SHA512 | bc5982fdf25d10a58686c0ff0ba79e7de255d04b1e24af7347948d8c39814e8cdb288f0ca00ebbf49c1abd7df1aff5b196cfb40e78ee0d3cec416d0c7be37311 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 09b178208eeddea23e17117435ba6158 |
| SHA1 | b17c57a943385d6608eeb33979a4111cf6341ed9 |
| SHA256 | d160beec5c0f799ca64541ce036e3f6405f75fc006b017d1cb27dc1896da32bc |
| SHA512 | cb5d06b255bcccad4c28e8c13814e024e3434544207f024d4a9599e19b8b821656a4bde7b92e6c2479b85ad7023d3c581fad825aa82f2c1ff7bcac45f2071dd5 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:06
Reported
2024-06-13 10:09
Platform
win7-20240611-en
Max time kernel
119s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d08a439e79bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000f00b71ced53f1d53755c65460b7a9a633d7014190d5a00c93cc3fefbf5634b9f000000000e80000000020000200000000a2d6f638fb20d73b646464be787799c01d950c4b5a425c160e616d68b4777b290000000952c5b6f13923f48e89e067a414535d497157d27675c4c2a8d4263eecb59541ebb8b0b130ff622c30499cb9eb66ef506ffa0ad99a867e1ae043f032700361c56f47651e9e1bdf8f97af4df02d6f1c5d01cfec6dbf4c1c2049f921d24a683b3c5ffe465e8d2c0d048973ecdc34cbbcab76b869725c5cb737782970e8b054edb3ae6f22a5ab8a9f2cd93ca2a21b679debb400000008a7cab2f75a240c9aff4202994b60b1f63fa67b42ceb9a91b1539aac2752529bbe8e0fb4237e1041be1b89b87f7110548e591c3492531e4e414a4e36879a564b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435092" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000001788e458998c054323e1c24ddf74e70ba7fd5694de0a8dbe08706f4000c89bbf000000000e80000000020000200000000839cdc8502b75c01bc1047c2457ea7722e8bf7708179051cb45d5ddb26d3ba020000000614f09a7ce0178611b33ce5ebe9556993efd22f6a217270cdb7be820a8f75adc4000000021a661469c6735a7af5aed16e894266110bbccba319303a1c3dc96bfa1a443779791cd0732f5f4a8b385750c7572ab2cabf2d3c8380c3809362fa3d0d09e5031 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ADCD0CB1-296C-11EF-9266-767D26DA5D32} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2840 wrote to memory of 2684 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2840 wrote to memory of 2684 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2840 wrote to memory of 2684 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2840 wrote to memory of 2684 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50071c5de571769277bb98bb00b5b4d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2840 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.brainwave-generator.net | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
| BE | 151.101.8.157:443 | platform.twitter.com | tcp |
| BE | 151.101.8.157:443 | platform.twitter.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 216.58.204.74:443 | ajax.googleapis.com | tcp |
| GB | 172.217.16.238:80 | apis.google.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 216.58.204.74:443 | ajax.googleapis.com | tcp |
| US | 151.101.130.137:80 | code.jquery.com | tcp |
| US | 151.101.130.137:80 | code.jquery.com | tcp |
| US | 152.199.22.144:80 | platform.linkedin.com | tcp |
| US | 152.199.22.144:80 | platform.linkedin.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | www.facebook.net | udp |
| PL | 46.171.10.10:80 | tcp | |
| PL | 46.171.10.10:80 | tcp | |
| BE | 151.101.8.157:443 | platform.twitter.com | tcp |
| PL | 46.171.10.10:80 | tcp | |
| PL | 46.171.10.10:80 | tcp | |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab6154.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar6167.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60e6bab5827e4908c0480752a4fdbcae |
| SHA1 | 5b8f22e1eaa2ef748ece1e2d99c189355aed95d7 |
| SHA256 | 376d8e1230ef2e60e66ad3656c69f36ab10b6c32fb0f6969cf0415bd3163fd35 |
| SHA512 | 0fdb45dc37175410453b7000381633a01d5c2a15f7e5e2102313f7896573171a79aec96c837ee412cd217d4973f1d7b53356d571618f7b8f01e42e89bcfb830c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | eb2e7648f50441717bb722a813f37d09 |
| SHA1 | a3cb2b1fa7e4ba240af9c49c9cf1a54ce7ce5b4e |
| SHA256 | 7e67d5e48a3849461570e425927b6a30f462ecbd6b851605ab17ed882cc93f33 |
| SHA512 | 906fd55e1d38fa5fcd905f0ad5e082bbb1af3da906ce0dcee16c284ea90b6de1646d8dcf9f0611d17efd7ee22d432ad4cb1ce5c37716b918d2ba1ffe6297832f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3806c14298ef0f6514e5652006fe3ade |
| SHA1 | 9bb0b18177ed1ebf619ecd186a42b6700247d0de |
| SHA256 | fa9f8b997b4f917cccd469506d3a3a14ddcdd1ec6db1694634a851abd3b42a6f |
| SHA512 | 207869fa684f1ff30ece6f5056f6e155a6ea6b993c5537b5db0daebc21d988e45c55265688179bd9768e0177cda9183b7e02504d347d1bfe7b99969b858033c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91c292948cc6416c7f6663a0edcd1897 |
| SHA1 | 437714aa98276de3a50568a6ad319d95e99d2dcf |
| SHA256 | 87643652b3e83ffcd98421c8465da6e1b8d559bdbf1675176745dce9d6fe160a |
| SHA512 | bc1d8373fd45436c100ab2893ac7e94e7bda72961920a138b83ea7e5ae675f3a2709599685da81106e71adc2c071af7ef26f37b39ed79e6442391cd967471915 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d91e803422876ee3644fd40c3ce56716 |
| SHA1 | 898644db7671c059b4a8dbe469d82e3a5ad6da24 |
| SHA256 | 570fea876a36ffe9bb288ac8b85d596ab1737181063cff1d19f38d5268e86d1c |
| SHA512 | b42a7cffcb4d885efe4a91ef60de9b0950d51cfdb8ca0dc6b04e874dbb66e05181c865510181f3808406abac123ce60be843135db84b84f5f7cdc96e4a5ff28a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc845f006b45e90961babfd2a8ae15e8 |
| SHA1 | 7f5e09a7b5971c3ce39cb9b7b4b7da1c61225630 |
| SHA256 | eab1738bfe1751a75096518fb1ad9e7da92b9fb1b4332ad533de4a1b05a456e6 |
| SHA512 | 2ff10e90f472cb76545b7d7955969db68ed909cd9ef787df69a85489d7c222fa60d2835e2cfa8c5984b8628d9402c240e441176124698d937b2f74c520bd4e0c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\plusone[2].js
| MD5 | 53e032294d7b74dc7c3e47b03a045d1a |
| SHA1 | f462da8a8f40b78d570a665668ba8d1a834960c2 |
| SHA256 | 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2 |
| SHA512 | fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5846f4d656cc3213def58377d71c22b |
| SHA1 | 07d20bfcffb1563f2281fa0bcc275e95f3727d1c |
| SHA256 | 525c3a8221acd53ec7f7a9708a75a61132b83f407908ff1541f2bb010502b0b4 |
| SHA512 | 12accdec3dc56410bb40b94f1d470a08c5ab7771d78f1f40179306cfb2021a86b082001d3b0e13d45f7c9696b4436a19e47385b74d6871fed22da162e6b56ce2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba0b1fed127db665a0a47c8f5d25c52c |
| SHA1 | 9b4d31fec996879b4305769b796df4f99feddb49 |
| SHA256 | 7b1f0330b07539516fd59dc1f6ae2a7d2b24170f122e0524868506abdc0d618d |
| SHA512 | f4f0323eadddbe50e0470e22434b025773ea9ecea085de165b721474027c4404456b620c739a8f179440b5d4161dadf41cf9797368dd6bda4b5cd1eeeecdd21f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 268f0ebebdd8afb638440c7882b3c887 |
| SHA1 | 516be592e9c390f0578601af27f90cd6b728ed50 |
| SHA256 | 778b9093993089b34289dda3328c0687b2723cfbd571a212be4a210bcceda72d |
| SHA512 | 915a3c1e60402701fc4ffaafbc710b26af1a2efafecb4b183839003d7e781bb672fa80d0e0d0e86a07a1e43a186f99fecf7cd7b4719652545fd6a983eeac2bb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2317fb74b7cdc1b3b53929577e0bbda1 |
| SHA1 | 82a9857f59ce8766640f316aa231248f1d846275 |
| SHA256 | 3e66fbe80d561728ddecaa6834d95125aed88f7d221ffdd1a473fe227801a558 |
| SHA512 | be7a36dcb35b0b232ab04e2f81fe2517ac9f95d7b71d0ea99140bc946c321f48e6249a5ede59d24c5d62d3fc5141b32d728c74fb738da93bc6d0c41d35fd1ee1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa3589b172585775e2947c248168210a |
| SHA1 | 75cfd07e821b2e77363f42918770525150df1995 |
| SHA256 | 44d216339afd8ac9a951e0dc489fd31babe1d1d06019349132cb31e09d0466ff |
| SHA512 | 39316eeec3c41ce3e91b0e07466ea35536f067ae730e10276096fa3a4cbcb214afe1706845090f9671b38ad7cfaef2cccf79c2c4d9238c94e9cdc5a4f3692501 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7a784f8ba8a0f75f1018daa18c727e0 |
| SHA1 | b3e88622f3798c10f7dc558350c26bf66fe2a238 |
| SHA256 | e4cd32d3a06a283bffbe359276c86a929af63a7017b0693ad0374039ac42b30d |
| SHA512 | 155e8a072c2f9a2ae28acb00bb543939bd4d8ad228af5611ad577d2f6916d7bc5f6d1161b41c5ad9185efbf9952a18292d245ff5091caaed2ea5e83f51e8f59c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\cb=gapi[3].js
| MD5 | 0fe383a7ddb9bbaefc3105b3297f5583 |
| SHA1 | f80c9d789f251909c7560bd91a9e1b9a10c26362 |
| SHA256 | d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683 |
| SHA512 | 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\forbidframing[1]
| MD5 | 5cd4ca3d0f819a2f671983a0692c6ddd |
| SHA1 | bbd2807010e5ba10f26da2bfa0123944d9521c53 |
| SHA256 | 916e48d15e96253e73408f0c85925463f3ee6da0c5600cb42dba50545c50133b |
| SHA512 | 4420b522cbe8931bba82b4b6f7e78737f3bb98fc61496826acb69cfff266d1ac911b84cb0aeeadd05bd893a5d85d52d51777ed3f62512c4786593689bf2df7f0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\errorPageStrings[1]
| MD5 | e3e4a98353f119b80b323302f26b78fa |
| SHA1 | 20ee35a370cdd3a8a7d04b506410300fd0a6a864 |
| SHA256 | 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66 |
| SHA512 | d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\httpErrorPagesScripts[1]
| MD5 | 3f57b781cb3ef114dd0b665151571b7b |
| SHA1 | ce6a63f996df3a1cccb81720e21204b825e0238c |
| SHA256 | 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad |
| SHA512 | 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6598e08430a9b2261064276772f09a2 |
| SHA1 | 83b6db888125a29b370dbd6e9a4cd5e598300fa3 |
| SHA256 | 5ab0ba178e710c3d26468e6329d022e61fc2448da94f49e743d968c3f9764144 |
| SHA512 | 5e7bc556e900f364aab248bf586a5d6967cd69211e43f49eb2878d6e534655bc4850b25a64183cfbcf0ab7893370763650d240936d265660ec49be9ff8806375 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e644c921102c34cd12f378d25181fb0 |
| SHA1 | b18685861a11d9531708fe2917497558862acf00 |
| SHA256 | 81a0025ef069f69fc7706f32ded2e93dfc6dcfac6a52aba54048000e1ddd45cf |
| SHA512 | da61489d2665d4d526ae03ff6afe024aff9beec1d084ec3adcee1938b9faa206159de22c73debe9f5269398675214080c75304c2ffc795171e9e1297c38e50e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e0c67cdef522fe4ebdf1d7c4b226eb1 |
| SHA1 | 1df401ec3f27fc8135cf4c0156269c792631abbe |
| SHA256 | 5c59cc016bddc487cc9e4ff24e57a8164111d69900c58897b793b3ca8d7aee98 |
| SHA512 | b573c7978ed6162e48cc41823df6021b3dee221fdc4813785db1d6832a17a09a91a3eedd5927bd29b9528a79d1be4b245864043a36cb9bcc66ff6cb8e4b69c78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ca7505aa854b75dda3a7024958185cd |
| SHA1 | 5e0cc6998e9b20f08464950ce81deb2ba729236d |
| SHA256 | 9a1089703f667b4b579259f7d4f799b296e5c9d4135957ad1b46550535d517b6 |
| SHA512 | 0dbbff28ccf4b651b5628e49d25502117f4d9492dbaa77477bdb3a832bd866ec2be3ebe6649d912a3b471103b1700c2ffadb445934fe40dc424076a1706c9b9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ea18b31e2fc430b5474ca7e0b721a1d |
| SHA1 | 89828a01b53f9e742c237bdcc37d9e4c46f563e2 |
| SHA256 | b04fd082184b737f0f5052abb97e30c3031c99cf0430d8e03c22f71d5fd2ef63 |
| SHA512 | 4d5f1c5add546b2ab9088124a62d59172336b4b37f7b502292737ed25f02b83b1b5fa0c1c6c434e8aca07822fbf8cd06150ad78c83b861f5945c8dbc015c1696 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7538a4a2f29e4704fbe584d761b78fca |
| SHA1 | c53e8cc284d7e88553166f57408b4292fe523c32 |
| SHA256 | 2eaeb617b9ad20536c3c178ede6d9354e50081ac64505dda8016cb7dae732787 |
| SHA512 | d185a53772d6bc9a58de0ddbf0bf667dc7c71f669784847a4829ce86934e2e3e589721883bbad50a127a8fd160bb3090169f8f9d107059d604a73ca3e0b686c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9d2446419e892343ee32b4574d5474d |
| SHA1 | 83a68118c5df46b8bc9997f5502f6bdf1e9e3636 |
| SHA256 | e2aa9109633ca7e1d985ff415b630c7caecd115dfdbe339016a4c11d3f07b0e4 |
| SHA512 | 8133fb78fbebecc8203394ad90a712b22ba33f9813631890efa77c375a560127b85e66b75e48cec1e7a96ee834e741114ecb784fe9768a178348572fe34f25e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 690dc8eaab14e8a28f5b28d823229c6c |
| SHA1 | 497b90152d0f261d7b010fbbd512837781425a28 |
| SHA256 | 9a6397af50049aca92a3bda3960a7567dc7bbce593cdf043816c00fccebcb82a |
| SHA512 | 98a1eb679b07255d448152eb552e26e4f519632374d64a171b4b932feaee2ce336c6e4aa41f796a104cd4c7bbb3367e91e3d909bffe719dd4120f5c9440a1b14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e09e953b96495c018bee296c2808c90b |
| SHA1 | 820175a1814fe54ad717a3e8caecce6674d64675 |
| SHA256 | 2145f17bc9a30795f49c7c39822f2dde6f335bb3fed8c0e875fb48ba143d2bfe |
| SHA512 | 56d27a537f1ece286279c3a90855428210090e9571ee3f77f6a0b04fc6369f7a9fea59bd831c329e7b1d4ff61d856380fef6f28610fc5386c90c092f30f59241 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49ec2b732a6e7c205ae37705cc053ff5 |
| SHA1 | c741d10572d7c0aa49afa799a8b1a0f5202c6749 |
| SHA256 | b2ede8a9d7318ef4b2327d1acd8266312612d09e3087a3802537161dd9e30813 |
| SHA512 | 25fa17591cb3e5e3c96ce4bebd7a48c704bd16c88287cae336e5532d87a0302dc9ba3631908a17dfccd38343266f66a8b40693bd09ec77067e77efaafe8a3402 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d62f50fb553866fe9821eac51050b559 |
| SHA1 | 27371c3f2a3e966a306b1d03ec6a03e6ea966e7e |
| SHA256 | 243b8b2ade6d3c8fcb4de877af52e52f864cc436a7aef07db421820241a9e0a7 |
| SHA512 | bcdd5013dae2c75706e72967e7b5bd5721115ce04b5e1ba3ac806013ce7506fd194f127b2a1326899512b5e4e97dee61f310a166f11cde973a27532ff4560513 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c0bfabf7e4dcdc012a1158262770ee4 |
| SHA1 | ddb1b7960ebfc64cae4ab800610f065dc62bcb04 |
| SHA256 | 5d9f81faa832ac4d6bb257f65da36e29f85246c7c6220c9ef3af29bd1f4293eb |
| SHA512 | be08310f5f780a0fd8474c5b5b1a6fb7bb24dd0390691998cd5106166f5dcead29c2b703d116891ea312a7c077782060d073a0cb891c2feaa9ecf1477fbf3a01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddaaca6676f9ae89e07025984281aaf5 |
| SHA1 | 4ad407a0d799b48a6b84bb7de5ad636c7966e357 |
| SHA256 | e6d4db0176e8244e820a003cb07728c5370f8b25892ccd5a5e562d9637b0dd03 |
| SHA512 | 46d301f83a58ab7f7286e61d65fec12477fe3310bb01bb310f6dfabacc58f25c031dd2b79eda0d310831e896ce072a69c909bda68888f2c5c564d4421154e469 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4d483d88ce4aa63ae070ad842e31801 |
| SHA1 | d44fc11253f75f6ecef13398b674099d010dcb98 |
| SHA256 | 6fe4741ab50e93f85ab0c2b8d236d4c87982dba5994ffde7699a90f7a5dc6d97 |
| SHA512 | 35439fc6e4a8d01d1bf87a6ddbae0f058d29d4f85b87cd1353450dad04fc414968c3765149386e305917c541e7fb0f702ff022eff2007645f4e213689bd76236 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2769066eeeccac947fc8b00f41bcd8cc |
| SHA1 | daff3f3960980f42099338fc62a310da6d468df4 |
| SHA256 | bfb7e49e917bc8d8e6d78430c8a644f38bb88ae663f7063a4ac52f2458ad2d9f |
| SHA512 | 807bbb5cafb792efa598a36bb2fa0f0a7b273b6fee8c3cccdeb050364addd0f5fb5b416e39b6b4d715bb48cde1fbd3658ff6933273f29d8ad43b2010884c966e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73f52a223f54313e1120b00bfe9f2139 |
| SHA1 | 1c240995623ee5ea1b17bee1f5850c728602bb89 |
| SHA256 | d28f0ad0ca4245552ef702c923a2b76b3d23a1404961d3442075b104df6a9344 |
| SHA512 | c22665d87e01484465e458930ca68b8c39cb7a1703f6b01f824274ad562bc0d1514d8928434531799a9d024a2f067bc0da319bae1dc190bf7a4cb009724fccd6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 186c310bbdaeb1cab55384867fd2ed23 |
| SHA1 | 00537c3a862b4c5107a57bae508d9c099bbd1250 |
| SHA256 | aa1685510fa06a3132669cc990f1294c079f03dba53fde672f3950fa3b9adec7 |
| SHA512 | a1e1f2204f6d2ef3894cbfa3215abd7a2f5c4b80a898f2d3bbcdabb406ae1a52c16c0fb1318ef399ae3647288e00a5c64288601986a36cc9f2a166b112475539 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |