Analysis Overview
SHA256
d05afba0a48b89da1478c6b0d6fbb49dc43d8b5b2d72b621d11d7a59c23b4d1e
Threat Level: No (potentially) malicious behavior was detected
The file a4eb6200c35c6506ea08058f2f9526a6_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies registry class
Suspicious behavior: LoadsDriver
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:46
Reported
2024-06-13 09:49
Platform
win7-20240611-en
Max time kernel
136s
Max time network
146s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433886" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 104078b876bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000070acb3d87fbe5e651a9727666edd2be35796d203351337f818e33c0b82a24f4d000000000e8000000002000020000000e0cf189c6c7dc06260f080f735ccdeb3d4731aaceb2c215bf19e4b03c8e1e84890000000243f87066554c81effbeac849aac4a0ae8041f0a1afdb90a608240b2475370e465caaae72e58ddb4f8645fb21365953f75a09edf825f5dea29c44c7afb8566d45eca835a74d28865767dbf34c78664b08c1004060fd1f5fbaee304bd6fc920a7b487cdad9689cf7c2d82e15b7a40fadd3629cf6f38401856747c0b752e858ebed0988b800ee9df8cf7a4e33eaac2f70440000000d8028fd60bffccf0f489939880e125d2cfd2acf4238127a371b720b2102561813b393fc745b18580ff4e0cf191eadaa8b3655eef9885cd50f19c1e27c9f8043f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DFAE5D91-2969-11EF-9E55-E6415F422194} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000391e59b33aab10c5a6cd938da15ff2aee46a86165426734cbb67fe81701badd8000000000e80000000020000200000004fb4ddc4f1c3259ea63352f8991f4d7d12780fbf478a3fbed6ff6012fe86d82e200000000a53aea23fac9567c739762a59fb67ea45174f3ad9719bcec82de85cb0d1656140000000ab0a08783c2306373577b4a7f9b40636043d2d9d66119043ea7e292e7ca5c1e917e045e41b8f78d66e141574b9222da76a0c4b97e93722602771efa672cd2c06 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2160 wrote to memory of 2812 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2160 wrote to memory of 2812 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2160 wrote to memory of 2812 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2160 wrote to memory of 2812 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4eb6200c35c6506ea08058f2f9526a6_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | q-trading.ru | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | userapi.com | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | counter.rambler.ru | udp |
| RU | 88.212.201.204:80 | counter.yadro.ru | tcp |
| GB | 216.58.201.98:80 | pagead2.googlesyndication.com | tcp |
| PL | 93.184.220.66:80 | platform.twitter.com | tcp |
| RU | 81.19.89.16:80 | counter.rambler.ru | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| GB | 216.58.201.98:80 | pagead2.googlesyndication.com | tcp |
| RU | 88.212.201.204:80 | counter.yadro.ru | tcp |
| RU | 81.19.89.16:80 | counter.rambler.ru | tcp |
| PL | 93.184.220.66:80 | platform.twitter.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| RU | 87.240.129.187:80 | userapi.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| RU | 87.240.129.187:80 | userapi.com | tcp |
| RU | 77.222.61.8:80 | q-trading.ru | tcp |
| RU | 77.222.61.8:80 | q-trading.ru | tcp |
| RU | 77.222.61.8:80 | q-trading.ru | tcp |
| RU | 77.222.61.8:80 | q-trading.ru | tcp |
| RU | 77.222.61.8:80 | q-trading.ru | tcp |
| RU | 77.222.61.8:80 | q-trading.ru | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| RU | 81.19.89.16:443 | counter.rambler.ru | tcp |
| US | 8.8.8.8:53 | vk.com | udp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | markmciver.com | udp |
| HK | 154.39.118.211:80 | markmciver.com | tcp |
| HK | 154.39.118.211:80 | markmciver.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 192.0.77.2:80 | i0.wp.com | tcp |
| US | 192.0.77.2:80 | i0.wp.com | tcp |
| US | 192.0.77.2:80 | i0.wp.com | tcp |
| US | 192.0.77.2:80 | i0.wp.com | tcp |
| US | 8.8.8.8:53 | forosoft.myjino.ru | udp |
| RU | 81.19.89.16:443 | counter.rambler.ru | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| RU | 217.107.219.122:80 | forosoft.myjino.ru | tcp |
| RU | 217.107.219.122:80 | forosoft.myjino.ru | tcp |
| RU | 88.212.201.204:443 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar70D2.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab70D1.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18252e4d595cc509615b7c4be95c9c8b |
| SHA1 | 9ee4f3a9eaf4f09ea28fa6202ab1ce05114d1ebb |
| SHA256 | d83fa6ead55ff3debeece0510b3f5ebbdde29cf2042341b02ceefe5fca26249d |
| SHA512 | 67f833d1cdfb6cef63bbbe561bf5900141f1fa5817f90eb85e2ae501a54b35f244dace3dacaf39877f77aba5d921b89caefa03ca89897f71de282bf0eac632ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6f5f5efdd2ec2fb8b1045b645a7f339 |
| SHA1 | 49faa95709e67e97cbc68474d465fefae1956ed4 |
| SHA256 | 109a13150feeed0b9ee0279b97d2d699b049f4c573eca97c049485af18342419 |
| SHA512 | e05d7b6d92c4a27a029b7707a5cf22de8a655be5e70b7482db0a75f09fe4c44b4e0dfb3016bb0845ac3e28e4418eea954e98823d5d542838fcc740709ff4faba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aaa85df8227d25e13804eeeae504c449 |
| SHA1 | be36a3672cc81c279af43436a9151ed750f096cf |
| SHA256 | de1d28b7bdea22dab94b794da86686c72a97a5ea23bc36a51900d7bceed9ec60 |
| SHA512 | ec72a0cfb48dbe67e4edf5f9ad315dd9a57ffd8457a12f038366c88296d448d1ae268fd15c805867897ff1cde4cccc5a5d87191136730178a922d32bb0e0c02b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1702afe3e570fea54fb6ef15fa9038d9 |
| SHA1 | a78fa72e7c258d3772c9e282f4bee3d25dea3cab |
| SHA256 | e27556a12f9122b52516b603ba7c495ee61513e677eb191ff6a35d76e04cf7ae |
| SHA512 | 659f18f673e90adf539cb99592c154896eb82e706740d65fea041f395897e89cf70e6883c85b8621217ab8e0e62cacf3cd0e6dca9cb937410d025dd62929a059 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6455b0b44b1a0989a6e452f86d905716 |
| SHA1 | 358e497902189c570012b38eff08d8560f2b5ce3 |
| SHA256 | f06a71b72bb0e8a97c6a7bfc2ecb98d4c356e41329b9ebe93f991fd98dc1bc04 |
| SHA512 | b18215d903b47205cd03d49a3a3f982ece8d77d22f80e8a4877d3d6f1ac9b76fd4120e9c74450e6feeb56a8f1f7605af7bf8315278d1af3764a2c73b8a177e49 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\avatar[1].htm
| MD5 | 4f8e702cc244ec5d4de32740c0ecbd97 |
| SHA1 | 3adb1f02d5b6054de0046e367c1d687b6cdf7aff |
| SHA256 | 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a |
| SHA512 | 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 688a2cffae518d7a5ca191fa92d75905 |
| SHA1 | 4a84c34c9ee3d8cff60e8596e67852b0239e8461 |
| SHA256 | fcfbe3e0a44770eb3d712b67388dff5806ae4d121c211d114bc765ce6a0aef16 |
| SHA512 | cf94d03c2f53c1857d85ef2ad1dcd778942861e92591fb4e9e75e193eb272cb51353680a0c4f8af717e9c63dc7b665c4b38b295a3dbcb5c4c5b09a8689c7fe37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45e9989025fc19157b50defa1c41569e |
| SHA1 | be71be137a7c8733ac44593636dbcbaee5fc2805 |
| SHA256 | c70eb989d8e18bb4826f235c5f2326be8fa3c6036fe57e0f0c3527b365850c9e |
| SHA512 | cb795e350a1125995efc2969ccf356f8da68a4d2ccb0d74415295c37885da405e13c444382c49c6cadf5e2d28c556f95fe5a3151cd0cd08665de5369536760eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9040698ee70b8f8a99d20f43e6af5a70 |
| SHA1 | ebcf0197aabf9e15e4255ee58398e524ce58d4fb |
| SHA256 | 91606153b062c32da4af8922c23ebcfea54833fdff91dfb6c3c944b311f59989 |
| SHA512 | 3d67a6a58e6b45f13a7eac3eb7b69a8a52ee063f8abc61903e40cf2a188f3b8159e264f87776fd93309c90d9e9f2a06e4999ec6900d10d40505bbda5df9dc463 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76e539bc94292659fc1849ced4715f80 |
| SHA1 | c9cdcedbc171be9bc221928f429b2ef874adfc44 |
| SHA256 | eec10366bc5f3b4287ccb7d1aa908cc16f2d244b507572886f672bb06ab3ac4d |
| SHA512 | ae3e7447971dbec2ff29efdef883a93aae1f9912785cd46be9d4eb69292754a8d5787c900e2f7842ba799347169cd7c291f695ccb7a1bdefb238311b68b336c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37796a9b601a33aff70e5f7256d1ebf3 |
| SHA1 | 6c9e67a9ac9cd2682d79b3339df550db489fbf24 |
| SHA256 | c4a9ba67668d4e0e15e28c7628e1a8dfd519822e40824d4bd397fc78de69c623 |
| SHA512 | afb74e3cacf2976328c8d9770322ac8ecd62e537a4f0415115d7834f31a41f97da84248303045f6c00446cd2e0ff8a1a016e91bb67c03e2980c5019833eba3ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09c8d49408c1ac504374272dd7ce037e |
| SHA1 | adb8f9fc0f46485baa9e60d87b6ae0b036f4a904 |
| SHA256 | 7f9ce47bc56fef77829f821714ab4aaf386e1ac870fb80eb6672ab6a0d3361ef |
| SHA512 | e9ccf1bf1a3d420e022b0d25098a3572801b6eb9ad4912b3cf48358953c43a3c0241ebb4d1c71bf007c39bad8936f2a0645e3e839b8eb91ca18c72c01ec0f53e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 824e0c02e36581c3bfb5dc9a74094cbc |
| SHA1 | 86c33b3ab51310188863bed78719eb6bbdfcefe8 |
| SHA256 | 3962c2860228646caf46aae74ac4e509f722779b2340beeae768acf0af3b1513 |
| SHA512 | b9b13db28f2b53c673eac606d4f36ab20448b057a695150186a4e4f8d8b12e761ef069f48082a40f5b345404129df4bf4acf3ae5d3e909256a91139a0f632942 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98d5814f97e3aad94ed078e72074fe57 |
| SHA1 | 43d7c198a44d871d6198823a9dfa3cda5052966b |
| SHA256 | e8b36eb2131d0f57c207816005448667dd8e89a9328ce3eb43eb7467e00ba9f2 |
| SHA512 | cfde7084aa67d6250ae3c3fc333057d4c8d9871799bf6689d488fb18291a87365976f4bc5ad1c3632e0e918eb7f13c9d3d50857070ca149f8464022d81b7619e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27b7c31b8ae781f205b8d745aec7a4b3 |
| SHA1 | 121adaa8c458788fb082e190800848de62d30161 |
| SHA256 | cc179622398b12be9fe93c952e648f6de18aed203de9f65b728f29dd01e5c8b5 |
| SHA512 | 0f9760fb2d0c75c9df7ca7994d25a0a9e882eb8f3376742a657d1c5ed3691ba253bbafbdfdac979625b9613d7183d33e0ccf42e08ee2da5de034d8bcb5f68ffa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecffbef34d9b15174fcb750e4b00e058 |
| SHA1 | 6da3007912fee65f7cfb34129eecf20fb0011290 |
| SHA256 | 56d1b718ae5758beb664d451e2ce2c5b05a2d14c646aa577e015bed489516e0d |
| SHA512 | 74362fde6430ec72fc7c5886a1bb5b5e5066c5a82f2500b22eab31890a849eae8e21add1b270dbac9c5c6a825ccca4747b77a733772e075ee7604663e75ea331 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 239c173d37afce9395b53f3928585a21 |
| SHA1 | 5d6768c65f4b0f3376e57fba51914ff2348244ef |
| SHA256 | 3b22ebc79b954bd2ee711f718aac83ec7d61056b9d05faa3e3ac2f02a23f3d62 |
| SHA512 | 4ce263b8c15cb79c19ecfc6028b5559974f26baa52aa2620d268c5d24f975de0e1658daa90ca619a6cb23599460bcc2cbcdd8eb23376d37cbd73281fea0b0a8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38d92d13f7a1caaf2df9605aab8ae059 |
| SHA1 | 1206c7c65114089935a5a0e1947b068228e52703 |
| SHA256 | b1a95af92c7a1ead0de5b1cd550313e33a9c666dcd1f20be20eb2a1a03fe6348 |
| SHA512 | 3fb79c9af38f34b753c6a5ddde52771be2b46f64c0c313220185a0b95ca154a052d06e749e838a2ccaf83c3fc9ac60f2c33e7a5adaf89f8b2d7e4928b9bf8cc4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23e67efda45fca40d7159c321059e140 |
| SHA1 | 1eabc84c3227ae10ac8bd0e04aa04711469a62e8 |
| SHA256 | aa501de9cf2dade7e71beeed55303204a1d9201a19a040d6f0dc803e490dcd11 |
| SHA512 | 1fef094174a2eddddcc44e79da9e784e402b6d733e7dcd39c0fb5e1a10f348d65a848a35ba6f9c95657c1f19b56cf3c2891f4e357961836b10722c1e59d35d1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4c2879ecff1143d49aaf32de5e3f007 |
| SHA1 | dcc7c7e41060f5558c2bb121bd1fa64e562db838 |
| SHA256 | 22947523a40d424e7862e9325b2c550aa0bc0057f83eb8479b9320f039b90d94 |
| SHA512 | 5d23d393da16e8e362bb8efdfa7d80c0f715fc7b94a12b0e1fbf1bbb0e09206a0ff76b93335e8800be29f6530ad3d408ec7904a74396921efaaade797847912a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\f[1].txt
| MD5 | 9d420cdab317313a6a94d9359f87f811 |
| SHA1 | e6c926665c7c4c09dd9d2f83eadfce55a147578f |
| SHA256 | 8493fe72ab2891685d2eec239c6fb2443831f07baa869d5722522d4d89f46657 |
| SHA512 | ac5d90505480bc0b5cc1c34344955d4fc34f478ca620a70d339060f3696684fab567c40ab24fd4d676ae52145e198bed359d7e87a8e2fc5166b20244c4f5d1df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1532f23b2c8dd44c707d38a5261b15b |
| SHA1 | 2435724ee13a2e794634d35d27dba508b237bdf4 |
| SHA256 | da4f06280e33829d7e103163cc345f692a9ab559dc673e4bf1e12e82adfdf021 |
| SHA512 | 2565d4e2836fdff96fca12af271d2f7f87ef12a8ee4172c00b15b543d16816e86f9dff288f19b22ac3ccc566c4645a263417266ca17b813485f2189e56ee2896 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\cb=gapi[2].js
| MD5 | 0fe383a7ddb9bbaefc3105b3297f5583 |
| SHA1 | f80c9d789f251909c7560bd91a9e1b9a10c26362 |
| SHA256 | d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683 |
| SHA512 | 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f560edecf89bb7517bb3ff5cb43dcb8 |
| SHA1 | 4141289e48547560cf217f2b9b7512dd189da440 |
| SHA256 | cbb93598847f21b7bb82d4e32c005333a92505a3c8e4233571cbbae15a44a0ac |
| SHA512 | 2ae8e454c312518d58f007e322c861829fc76651c6c576902e5421c55d7ff6eadcde754b995f6c4be2447fa21500647134b392e68550b799f79f345829a1f5be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51c9d9eac7de57a240543fd8aa066eb4 |
| SHA1 | d9eed964ae9d836fc70a888946aaed18b8875662 |
| SHA256 | fdd432eec4b53cacb82854fbf837fb4156d24e867def6be1ac5ac4e97c8d872f |
| SHA512 | f132af4cfe4a6fe887c97da0305d3b8d80d3763f2d5207db32fb7134c61df640e9892ed0b3f470ba826c4e97c60e6035b17941c75455700cfe0bf68d2d9b5a11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d621b64835a55d7260c3909d0adbe59 |
| SHA1 | ff9cb81332dcbb677a3bc0627ec1901427cae204 |
| SHA256 | 0366dfe2783e1e35ea7c8f9aaa4f3f99f4064fba75ae0335093818cba34d63b5 |
| SHA512 | 9f826f408d9f32be0f09c1071571619b85c8e97330384a78941cee7d20d1b58b222fcfc607a3bdbd1112b541713c7e6660ddd38c90c9dac27005796eb10cc1f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7897f56976efa00538c4f17d4fc1386 |
| SHA1 | 7c0721e8fdcbc819054d4aa7c47dfac9e1400761 |
| SHA256 | c1c1c8baee974cd51ee16e107790127052d22ef37de32d9005df3a4748dbc78f |
| SHA512 | 08157827d31c9057ce3049b8dc1c5b0bfdff0c1c284b06facebda718a064f63cad17f4b444779e187fbbcc903b5802f0328cd7fdc82a748f6e51ccf005fa594f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a41ff269a1a906acf8587d7df775e2f7 |
| SHA1 | 25d8bcb766139609af4b0a9260e307ed18652d0d |
| SHA256 | c0df64f9504e4c443eba4d9441c6b73be5b3e2312fbeb595351b813636cedfa9 |
| SHA512 | af2115e391a4e394d89f3461a862205dcc891bba1c00fce37e85819d0806fb06d98deffc8c12ce25f490278578311c10b6346fdb7a6e0978fbf8f82bf06d5d09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30eb2016e8faae04d690e438bc7831bd |
| SHA1 | f9de1c16da5c148e770decff80bce8cd1f08a455 |
| SHA256 | df6f4eff9fa62a3448d94face63b4d6d69de754bcb60904380436555529deb97 |
| SHA512 | 1aaf130d7640908bf885d2c7e1c57121196d5cd9dd36eaf2173ba98298781cf6ab0ec0660ed47009dc4d9007ace373d9d7e6858aa96db9714bee9e2d31843e4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a43e0175fbdc20d4602f953197ed18ca |
| SHA1 | 361903d55bb8f0c43af2faa340182d602dccf3ba |
| SHA256 | daffea246d389ea3e8fd52a5dde8827de3b19f0d7a809a4e526773c955b94fb2 |
| SHA512 | 1941f04743dca6c9c46e774a8ba70973f9fb710dbb780a87b52c27286254190faf04b6ef7ed7f98f753d9022a03535201ee3501c350b4d4b585a6659b03d5a6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78ae311b4840d2a0219dc2820d8bd617 |
| SHA1 | 76577bbb5335618c0de2560245e3d458bc226a81 |
| SHA256 | e8b45fc5a553db11054f9d40464e93284382656cfefcf3885c91d7cfdf291061 |
| SHA512 | 381377175c07601f42edc41cbb1a36556b3902ee952a78d8141d6d63906927258eca5db34db7f7edfaee2019254fe9884b741b7831f52934bd4782bb707614b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50a1efcb2d9cdef09cbc83465b95e0ac |
| SHA1 | 94970fd50b602b50aadc39484b264fc555ffd2bd |
| SHA256 | d2f2b419f91b543f3c9f7969b62aae9f8e18a71d216b99f71f87bba7886ec102 |
| SHA512 | a5107f895a23f68e66ef2bfefefa236af1518ee872bbf72dd6099f8e5b8dedbf52750d40cdf6b71d8c15a040c94d005b44404a54c9d6180a08f39645ee7d3da4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2aa22d9b76e616656ac22466a58ead2 |
| SHA1 | 79a66e554fd3f59e9048878e732f08a7dc262323 |
| SHA256 | ba6347a293164ac2f184a4dad2b30ed28532b30bedb45e7f4fb387cb39765ec1 |
| SHA512 | 935f79362e53e9d48366bcc50e113d89605dbd7ff5c90622114d0c5032d04b129e9b9fbc8b06ad29c43b4a20a3e891f9da077ab6ac6c4a461ff0cdbbd763a00d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4fa13362c118c02fa2f068181c7419c |
| SHA1 | c8c40a08c459479cf4757e61c28113f0cb8e512f |
| SHA256 | 22c2fe8d21f4ab005e9e9cab471316a3b722905e02c1c645d39245219f8eec95 |
| SHA512 | 192baac9a2d0f18139fabce1bc593a726386ce586a6c8220177cad74e33d509e44aad4934d43991fe6a4da418d470ed87d79808cd4081fa6f388e33c81af11ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7f60a1674d7694b659e78c3fb0a412e |
| SHA1 | 94c6e710c2240799c546448ed4522d0a1ca90b07 |
| SHA256 | 9e019176008b007e2e74f23e8714576c9933c68777229b9983c179478798b1f5 |
| SHA512 | d2a942cf06c0707e90ce160dc90b3848f3f02a6d2bb67c1b28264f7bf4147017984f042db12fe7470ceace9282d681a85b484422790b8497b63cf2353dc29f7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0af18e2eecfc8121bf14faf03f8c5f52 |
| SHA1 | e2d99ba0d99b2a00dd09073150f5af9b97e00ea1 |
| SHA256 | d70ca867792ab3ec7a3522f9a1e11da8a3acead2bbdd6b1c0117b107f77b27a3 |
| SHA512 | 623564e7e59df8d1171d3d0656c5bce4aa611ea2dd7acb4eb234991931627449d5ce9624bd32aff15543a06540695154808580c320cf0e39e50b75533a60f3ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfe30692474e0b195f916251a365c7b7 |
| SHA1 | 550b16ce7724a04619439176d5b2ead1e769b8b9 |
| SHA256 | b7f857246136d243af92bc9cbc26c0eef254f13d15384ca9afc6b98c9d4bfc94 |
| SHA512 | cf3ac3a05cd989b6d0dbe94e83186cf8b0c9d816ba395baedd3bdeb405535bcd16a314562f101113a851fa4330f60e31e0a9873d3d411464c09387abc354a4b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ea823ce03ea00675c62a88e792efed0 |
| SHA1 | bfb48b03fde9e4ea91ae0447fb044afe17a29c9e |
| SHA256 | dc8b81e563e73be5068a7bf4d6a5662276118374b61a1be7b395e0d6d6e47f59 |
| SHA512 | cb7f425646e1927c4999e470bbeb53c4412f10e3ba4ea9ba0810c6c38ed002a5a28b6893aafa79afb23ff3f5d9f439b509787e270e4d6cf06767c4c9b49c36a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5125b25e03f08ea0f6efcff1be0fbdca |
| SHA1 | e384731ce0b9e4f6477a8cab62227be75056220b |
| SHA256 | eb2bb6937d26229a2652660c4d43e838c8b69ae6f4d0a601807b934c8fccca3a |
| SHA512 | 0efdf3cafb7157f9cc1c34506b7b9585b0e080b7a3038cc74c62ecea3366bbc8eaa99de299afd6013676ed3f549a2034ab125242f2798bf7937993a3d8fd9ae7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad7ae40708cf14c063f08c9121ad008e |
| SHA1 | 58669c6d874eb059c0f209654a135a246b65d11c |
| SHA256 | 870fc8a39c575d8bc54dae7e548389489dd25ae03043050d0ff6ddab54ccfecb |
| SHA512 | 9bc06c419c9e358b69af8454bcac560b1df0c74e6044ac9b41f1bf35b5071275a9d2ccfb79153cdec0070e5f31a686f931bb3bc5461fa91e79dc4d78ae73cf7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 541f954092a12b2ff561a02434045eff |
| SHA1 | 8fe95886ca56ec7ca26f67738fcea4e238feb82f |
| SHA256 | 2cb5ee2e8cb5319f07395adc1e9f706b9c606f9fa8398f3be83768d296fef29b |
| SHA512 | c3f8a222afe8d06dc76778bce1bf4478d870bc7132a4fca1f2344292cab0ff6e8b3d5e3df074433d230c2bb30d6ee8af29e0dc4c17f6423fe6dfb45cc1dfb6fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37eb3b40f17ecee0648d97c9ea863168 |
| SHA1 | 584ac9c66432afccbc23a643f611e522f617c50c |
| SHA256 | 2fa53431a7f41f9de818f76a110c12e1024a1326c79573b5f1b1171c73768cbc |
| SHA512 | 4960eb4ff9cb73d0a88280ed669d3024c97e745f0ebd472c5448a07bd0b8f5b008bb6fe55febf6be76809ad464690f78d051f89042d803f9bd4952c597d85736 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:46
Reported
2024-06-13 09:49
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{E05C0994-2125-4AEC-B491-6F0B2F53A92B} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4eb6200c35c6506ea08058f2f9526a6_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4008 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4120 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4224 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5336 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5828 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5972 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6196 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=6296 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=6432 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=6576 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=3964 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=1028 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6928 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | q-trading.ru | udp |
| US | 8.8.8.8:53 | q-trading.ru | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| RU | 77.222.61.8:80 | q-trading.ru | tcp |
| RU | 77.222.61.8:80 | q-trading.ru | tcp |
| RU | 77.222.61.8:80 | q-trading.ru | tcp |
| RU | 77.222.61.8:80 | q-trading.ru | tcp |
| RU | 77.222.61.8:80 | q-trading.ru | tcp |
| RU | 77.222.61.8:80 | q-trading.ru | tcp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | userapi.com | udp |
| US | 8.8.8.8:53 | userapi.com | udp |
| US | 8.8.8.8:53 | counter.rambler.ru | udp |
| US | 8.8.8.8:53 | counter.rambler.ru | udp |
| US | 151.101.188.157:80 | platform.twitter.com | tcp |
| RU | 87.240.190.64:80 | userapi.com | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| RU | 81.19.89.18:80 | counter.rambler.ru | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.202.52:80 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | counter.rambler.ru | udp |
| US | 8.8.8.8:53 | counter.rambler.ru | udp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| RU | 81.19.89.16:443 | counter.rambler.ru | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.61.222.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.188.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.190.240.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.89.19.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.202.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.132.240.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.89.19.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| RU | 88.212.202.52:80 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.182.143.212:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 212.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| RU | 88.212.202.52:443 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| RU | 77.222.61.8:80 | q-trading.ru | tcp |
| RU | 77.222.61.8:80 | q-trading.ru | tcp |
| RU | 77.222.61.8:80 | q-trading.ru | tcp |
| US | 192.0.77.2:80 | i0.wp.com | tcp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| RU | 87.240.132.78:443 | vk.com | tcp |
| RU | 77.222.61.8:80 | q-trading.ru | tcp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | st6-22.vk.com | udp |
| US | 8.8.8.8:53 | st6-22.vk.com | udp |
| NL | 95.142.206.2:443 | st6-22.vk.com | tcp |
| NL | 95.142.206.2:443 | st6-22.vk.com | tcp |
| NL | 95.142.206.2:443 | st6-22.vk.com | tcp |
| NL | 95.142.206.2:443 | st6-22.vk.com | tcp |
| NL | 95.142.206.2:443 | st6-22.vk.com | tcp |
| NL | 95.142.206.2:443 | st6-22.vk.com | tcp |
| US | 8.8.8.8:53 | kraken.rambler.ru | udp |
| US | 8.8.8.8:53 | kraken.rambler.ru | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.132.240.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.206.142.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| BE | 151.101.8.157:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.8.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 104.244.42.136:443 | syndication.twitter.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | privacy-cs.mail.ru | udp |
| US | 8.8.8.8:53 | privacy-cs.mail.ru | udp |
| RU | 95.163.52.89:443 | privacy-cs.mail.ru | tcp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.52.163.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| GB | 216.58.201.110:443 | developers.google.com | udp |
| RU | 95.163.52.89:443 | privacy-cs.mail.ru | tcp |
| US | 8.8.8.8:53 | 89.52.163.95.in-addr.arpa | udp |
| RU | 77.222.61.8:80 | q-trading.ru | tcp |
| RU | 77.222.61.8:80 | q-trading.ru | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stun3.l.google.com | udp |
| US | 8.8.8.8:53 | stun4.l.google.com | udp |
| US | 8.8.8.8:53 | stun3.l.google.com | udp |
| US | 8.8.8.8:53 | stun4.l.google.com | udp |
| US | 74.125.250.129:19302 | stun4.l.google.com | udp |
| US | 74.125.250.129:19302 | stun4.l.google.com | udp |
| US | 74.125.250.129:19302 | stun4.l.google.com | udp |
| US | 8.8.8.8:53 | stun3.l.google.com | udp |
| US | 8.8.8.8:53 | stun4.l.google.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 129.250.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| RU | 95.163.52.89:443 | privacy-cs.mail.ru | tcp |
| BE | 2.17.107.131:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 131.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 88.221.83.251:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 251.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |