Analysis Overview
SHA256
b02acad45820e356cdaa9d6d64f484aa4257ce1fab5dcd862b4309f8e10722c6
Threat Level: No (potentially) malicious behavior was detected
The file a50bbf4753763faf6a89be24868b93fa_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:18
Reported
2024-06-13 10:21
Platform
win7-20240221-en
Max time kernel
144s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435778" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{47FD0B91-296E-11EF-BEEC-D20227E6D795} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0c3b3207bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000016fb0341e826fd43adfd1ceede6f7b540000000002000000000010660000000100002000000046f0cf04cb05568e9736657bf6637253383eb14906e726ae471513f34fa01816000000000e8000000002000020000000f53c967a1331d46d7926021402935042579241c08cf2ac5a2db939c1447c1fbf20000000b761e058dad4698c51814ea72b269ca3b431db995d1455c483b95278a6b60858400000008a575abca1551cb40c65f95fd1d5ca22c3a0b5e70750ed75a4b588905ad7dee8d0abbc68723143248cf07a14da1d4dcf636e0d69a8c385760a7d9bccf5ac6400 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000016fb0341e826fd43adfd1ceede6f7b540000000002000000000010660000000100002000000075a9d5d2adce1cd420f185d6d666f494de0715158f817a31c1d796abeab2d63a000000000e8000000002000020000000479ce3fa3ccb16f461d897d671139d45e3c9e14cdc57783ad55a3dd75a0250f890000000f16d3fa572826b2644afbb92e89e6a211dcb8d0cf550517e62467cd73192969344b639bb1908122a2c2d60c4a30432b040b4a493c79d895d075fa63918ae6ec239d10c8a365ec0706ce7f373c219b041b5f5f2325c40cfc4db6c48b824643a46fefeaf8c1c5c03797a58d52cd409c6eb8f82e325761e74e9dc64e886ef3e52be8a6f117ac2f6a3396c0ccb1b90dcbe12400000009f3bed4469b6a0d38e6fe462c05c32fe3ff31a3a322904998289e39b7ac6fb2c0395d7a9f7a3329d22d31133c3625c1ea3f9eb4dd044b43af1fdaeda07f31a69 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1924 wrote to memory of 2484 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1924 wrote to memory of 2484 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1924 wrote to memory of 2484 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1924 wrote to memory of 2484 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50bbf4753763faf6a89be24868b93fa_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1924 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | belgradewine.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | s.sharethis.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| GB | 172.217.16.234:80 | ajax.googleapis.com | tcp |
| FR | 18.164.52.90:80 | w.sharethis.com | tcp |
| FR | 52.222.149.2:80 | s.sharethis.com | tcp |
| GB | 172.217.16.234:80 | ajax.googleapis.com | tcp |
| FR | 18.164.52.90:80 | w.sharethis.com | tcp |
| FR | 52.222.149.2:80 | s.sharethis.com | tcp |
| US | 104.19.154.92:80 | belgradewine.com | tcp |
| US | 104.19.154.92:80 | belgradewine.com | tcp |
| US | 104.19.154.92:80 | belgradewine.com | tcp |
| US | 104.19.154.92:80 | belgradewine.com | tcp |
| US | 104.19.154.92:80 | belgradewine.com | tcp |
| US | 104.19.154.92:80 | belgradewine.com | tcp |
| FR | 18.164.52.90:443 | w.sharethis.com | tcp |
| FR | 52.222.149.2:443 | s.sharethis.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| FR | 18.164.52.90:443 | w.sharethis.com | tcp |
| FR | 52.222.149.2:443 | s.sharethis.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| FR | 18.164.52.90:443 | w.sharethis.com | tcp |
| FR | 52.222.149.2:443 | s.sharethis.com | tcp |
| FR | 52.222.149.2:443 | s.sharethis.com | tcp |
| FR | 18.164.52.90:443 | w.sharethis.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 104.19.154.92:80 | belgradewine.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 104.19.154.92:80 | belgradewine.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 8.8.8.8:53 | www.fsc.gi | udp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 104.19.154.92:80 | belgradewine.com | tcp |
| US | 104.19.154.92:80 | belgradewine.com | tcp |
| US | 104.19.154.92:80 | belgradewine.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 104.19.154.92:80 | belgradewine.com | tcp |
| US | 172.67.23.91:80 | www.fsc.gi | tcp |
| US | 172.67.23.91:80 | www.fsc.gi | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 172.67.23.91:443 | www.fsc.gi | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 104.19.154.92:443 | belgradewine.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\default[1].htm
| MD5 | 0104c301c5e02bd6148b8703d19b3a73 |
| SHA1 | 7436e0b4b1f8c222c38069890b75fa2baf9ca620 |
| SHA256 | 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f |
| SHA512 | 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf |
C:\Users\Admin\AppData\Local\Temp\Tar18F2.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab18EF.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | d4ae187b4574036c2d76b6df8a8c1a30 |
| SHA1 | b06f409fa14bab33cbaf4a37811b8740b624d9e5 |
| SHA256 | a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7 |
| SHA512 | 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34dc6f796a2a564ace648c8e3c341faa |
| SHA1 | e6829344ae76a09e8359a8bea5c9f94793d92d53 |
| SHA256 | a5d620cde1562125c950c99315db5cbe8c3871bbce806dc5084570fa970079d3 |
| SHA512 | 1ad0121b07668b83b7e385a22cf06083ddbe61ddfd4f523770b43d82b45dd443152b48c650c0e7a84055c4115a4e03aad7d2af266973a31981a6c7c791e7bba1 |
C:\Users\Admin\AppData\Local\Temp\Tar19F8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab19F3.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 569e306e5eacaa8be8b40339e135d009 |
| SHA1 | d7076094d2f632e3a500e775cefcd3ee8a524e34 |
| SHA256 | 03206970125b957eda5377c15eb11f7380e4e9f7d23d62994e5baf88a2673e2b |
| SHA512 | 5032091fe8f47f7e90be78f37e7482efd6f2c2e24dac60f66e68a585fcd56db4b17e0f57ece85d9c0a17b5d923ff9073a4cb239a42a8a3e438334070eb82e198 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ccd84ade6f9c27f2aa5af93e79927ff |
| SHA1 | 0b8ecfe8e34c4443c43f8cbf0d730d7000d1fb7d |
| SHA256 | 49022ccf588055cf1a5f4d7dfef50f1ffe7b3b747aecf641c9061917881879aa |
| SHA512 | 7efa38d63956fcba6a56826ec80f6e4518e8f88e55b2f10c5fc8606cfe31b1c0b3d43e85cdbae827ac995b5a752beb8412f1640e8413a0cdedf9211f5e494790 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 091039bdba0f4f09dcd94fd7674ad149 |
| SHA1 | 0b428155c21ded333d9be5aaa2bdce6b768db6e7 |
| SHA256 | ff0f8f9329e38adb57bce1079b238eefe211752fa4a94e19fed41d2ecbf3b96f |
| SHA512 | 6721c4d4036074462593484a8714c2dd37eb61e59fe3cd53cee455f44bd5cd9263827808eca8ad2b57010097d0e72c04ebfa5fd866b2eec18c4074be3530bda8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61
| MD5 | 5ae8478af8dd6eec7ad4edf162dd3df1 |
| SHA1 | 55670b9fd39da59a9d7d0bb0aecb52324cbacc5a |
| SHA256 | fe42ac92eae3b2850370b73c3691ccf394c23ab6133de39f1697a6ebac4bedca |
| SHA512 | a5ed33ecec5eecf5437c14eba7c65c84b6f8b08a42df7f18c8123ee37f6743b0cf8116f4359efa82338b244b28938a6e0c8895fcd7f7563bf5777b7d8ee86296 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61
| MD5 | 3416b70376b84057af95d9f956a0167e |
| SHA1 | 94eed747fb7d0aaed3489783e4a0203ac84bc1c1 |
| SHA256 | 25de8440476fb173bdd53e7db23eea064e9b517d537c7f816e9646e125ae3b4e |
| SHA512 | 506b085dcfe20f72defdcbdc5282100f251baa5a492d127cffaa88c3463f74ff2f50b99147a2f6cdfe4b23d0530f2fc826fc10723729e528bf72f8baea03f90f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 950f5145ce70ac61431a625113aa9ee0 |
| SHA1 | 1262620ecdb0d38ae4a6732161fd71ecc5534059 |
| SHA256 | 6308cadba3330ccc3857342450a312d6f761b4248bcaa1fef8dc4ecc67eff7ae |
| SHA512 | 0c70cf8c7cdbeffe4505b6dee132dc46d5378244b0c76c998b6443bff39a9e51d485f37df7ced75e696898c5cf739e8243e543999a77741ab4ae7c50c1c259bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8083c6f7f370cd1e45386031cb1ff385 |
| SHA1 | 6ef1671af781f6d99470e97fecc9fa2526a32699 |
| SHA256 | 8e3c8860e127204bf9070b3ec9f7481c96fb3d8d9b8d31814774b314d63ed967 |
| SHA512 | 3413653fde86c68401cb85ba5ccc91ad29d76c66f0d2fbb0b126158ad337dc08765a3be357d771cee55890fe2aca3e3554ea01555aedfa0e2d2f9e1d703bfd52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acc5c1031b8a2de426db97d52cf3e3ce |
| SHA1 | e2b0de109ac48afae1c0712c2e7d1565cfdcbef0 |
| SHA256 | 01e33dfd4e7203b51ad0004a79bdfd4ef8f207639867eb8df627991a55205c61 |
| SHA512 | 69b43449bca27c4d43f015bf4cde96b06e4e6ed0bdb4a950b5e260326472a9a552312b72e81ec5f07ab9d38fe95627940878e832f6a1f6e627f9f13d3442c602 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d56ac67d4e9f4f356f4ea9b6042dcb9f |
| SHA1 | c69c50dd7ba7dad0366ce3cfcf5f53387a30fba6 |
| SHA256 | a502d16bc0503c3abf616ee96919933642141ed793fe600714e9b07f7ebd9e44 |
| SHA512 | dcf8566069a978344d897786b3fbee924d0f26a71dbb7c414fbd0d3fce4e794ce01644634e22cdf1ab81506213fe9659fe76552a90d25d641ec70574de7a6176 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38df6b601f7de63164737091660c7103 |
| SHA1 | db7f4b842ce6b8d602849955e16dd36968879942 |
| SHA256 | b5925ed34701d5b59823a300b2b78942d54718501d7a0304d7e8ea809a532701 |
| SHA512 | 82f772cf7de590273df479fc21d1aeea9dcf095fce3d82e5a5e0e6e30f9fa5860dc773a43c10869123bfab84fa755855b6bc5ef010caa8527f0391f711bb59e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5873dfafed56842aa75d50e40d834494 |
| SHA1 | 2343f3ed1dcb5819f469fda0e6924ea9db74678c |
| SHA256 | fd25d70279aa429a66032b4c62cebacc9fba45de88d0f869815d22ff4f115a92 |
| SHA512 | 5d1d4ae5983c3df9cca4a4c064da8c81f5920c656273aaa673501bf2e09cdb2f738b7bc4eccfb590f1fcd5a874b2274c701d2ff51c88e871a5628299168a471c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96fb4f3637ca8ca58e1511600594833e |
| SHA1 | ab0e117d5fe7a3129548b74025bf24ee5460d006 |
| SHA256 | 3b292025f71f4b0f5a87fa7e1640bf554006cc196635b7c801d7fc7a482d2a17 |
| SHA512 | e5603e43456d8ef8f7863ebc5ad41bce4447a965394ac09de9128062c411031ad3145d7ffd5090a5d7f6afa3191421369ad234b991adbe642814afb339480dab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4de80052b05c2b0dd7c43dd5990ac342 |
| SHA1 | 67a87ae5ce52a980b0e15b275ae243dcdbcdb12a |
| SHA256 | 8e884b575191d0ba9ac858bf55a0055a439d9afec46b93dd9b871642856467f3 |
| SHA512 | e9c0ef7a53b3c11124bb02345ff0686e9496a64a8e353f6da2c5db60d077f4fc60b6f7f819bf20fbf343c6e0e39b2aacacb20e06262d934867de3b4a87e9d248 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9303e5a845025e6a03b24b58e3f2132d |
| SHA1 | 0fe7bd640cfa714cdd4dc6f2531a3a6e86c4ec93 |
| SHA256 | 5359613f7bfd1c38437bfd926bd0e42c15873f6e408d9d7fa689783e08d477e5 |
| SHA512 | a69de2386e3c2f02772f9e5bf7f54f09453e97a3fa9eb63ae7c3423eb6bbb117aa3ade54a15ed4e224b6d61ed867b53bddae0c352004efe7e98b4ce1874bff3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 193fc8359a81c2a7af3c061ae075c564 |
| SHA1 | 9e53b39489372c01568dda3b887c8fa9a01016e3 |
| SHA256 | c223d77073fc69335d5f2a1da416be29beac1d051de0464e565141a229b44765 |
| SHA512 | b433e7d9f9b30fa635494ad4634e2d0aedbd7651edbce1ce0e7b4fcf9e50b9377e91939d210b302eed4f468ed37f91c116b031d77aa6b8e2b62059cdd0a74653 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f45e820c9ad1ea2c5d5120a3fd882bc |
| SHA1 | 207d796937d04072d703925a7c3153a95b51cbe4 |
| SHA256 | 635450a445cede620e6ee5f96a6aaf05db6959a710a8802a3b2ad8fc5a2f0946 |
| SHA512 | a4923f673b27424dd91243a9fe8029290d6521161bc1a2cd6a15267f629e48f5a381c6ef3e257a28bbfde7e15644ade936a62ade1aade4cba2d2d68ed1c6a2ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 353f988065099f141ba013e6a543f2de |
| SHA1 | 58b3d7cdd56199423c1d44d3d04a222e0ec9d2d9 |
| SHA256 | 518cc3172ba2f97566c88b886ef9d528c2269e28e2424115141106226ab4d4d6 |
| SHA512 | 4b02ed8890c6b42e5155ee93c53cfeaf1cb0407cc6c7669db02e805c982e0babf58c1e0f09c8bd6b83b09b6d7bdcf6ace54be7a57dcdba96c84cffcbb76d0515 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c112da2b6ab389fef5d89ad4b28b23f |
| SHA1 | e7d827fdba32f64a6c5a36e21c2c919fc897d7d6 |
| SHA256 | 905132aafdfd9d24e1be8c69d7233f5cf710a4fa723f14ca5f367d0e832ee6ea |
| SHA512 | c514af4045ceac0d2e688d5f95ac84c1e1ea7d35235ad659d7b62af9501c5a024a7274fd140d61bbe0affb4949ac88a21c1afc21ee6518a3ad12be88121c1db7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b05e927f3bf86ca8727e033550f65b96 |
| SHA1 | 16e3508c6359a208063be36e7e7c7e12483747b6 |
| SHA256 | d97378ca2ca8ac2ec50590d55464381a11607711b5d4398fd68a042fab0a513a |
| SHA512 | 888cf9d3d55fa4d16682d97f609b45ea6ac9d7a4da89f0f95aab077adce348ebb493dec1cac76e0d0b0a8eea937824c84ab3cdd4ede5f3528451df7e725306a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7b4ff0722e86f134414f78cd19f7863 |
| SHA1 | e343e8aae37434e04089f6f6aaa238c26041155f |
| SHA256 | 02844755255ce1a866e0f79f355ab1ae02db0d001f94667f7f946d982bd11900 |
| SHA512 | 0098b6cb67f384285809585434f431aeb49575bd48fc8f6f81eeb580112682a66559eebf1a22cb881cc41c9f595ae7801154dc236db022caccac459a086eb21c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c267d7889f86086fa539139295bfce4 |
| SHA1 | 9d0f107295084e337b7e55653b23cfb44f5cffd8 |
| SHA256 | 640bbfaa019683a848b50145b79b6fc2d473e37d3b422cab284b8b185f92dfdb |
| SHA512 | 4a552fe1bc44f946dbe959914cb342dbf0160173f95a74ae0a397f3f624a6a1f7f9d2510186065dc9195654c9ada0de8030ae907ec085699bc2c896c3400f6a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d40262050daa40387a5fe315375376fb |
| SHA1 | bf767ff1edc89d92ab3b08f4d93f6d38c2751ed3 |
| SHA256 | 03a4a52ae7777abd91a552370fc611081a5e4988351a189a8d13b319a56b79e1 |
| SHA512 | c527f3692e472ba8ead0d1ae8b773440646761928fd7c87a4560e00b51bb568e3c5a74b1fc5400718b4dc9f1c916c494a7fe99de18ec96983feb5b2eef4a809e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f63f2513c55998c6bd8ba50dbd12c6c2 |
| SHA1 | 25935c23e8ce9185e3450fba52f1430e419be741 |
| SHA256 | db4614d7f57eb23eac51bcbdebda37faa0c13adf192cbbddf5eda0f144c9f33f |
| SHA512 | c717539a971665b064c6570e9727a249e6a996d10df0646b93cf732efe822f567edd8de3dabc1a55d9080dc8985dd17277d560e98a70e2e550b1ae05b70b33e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9b770f67df2506b8ebcaf730ba04b1a |
| SHA1 | aafa013aa19982b4bc8d0143ac76f9990a886c1b |
| SHA256 | e7965c3c72a70f91a95afeecaf6b15135ae7ebc8448fbaa48df660e43e47d18e |
| SHA512 | 35097b4f0a199bd367a353412d45c2b4c28fec04b8443663bffa04bdeeb1d67c9173b18826db2f109d546a0c5f5400bbfb11235b3471a4f3052ed74211803194 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fa72b9c692031e5bb354a93dd24269d |
| SHA1 | a3ff17b560aadaccd094b0181eda2589c103b77d |
| SHA256 | 1caf00b9d0d1c0898635fe2d47dbfa73022e82bf746aee1fbe73fc406ba0feb7 |
| SHA512 | 2f702f9f094f95fa4f3c724ac9095a3e31813b63714cdd326ad4f43c9454b04a455848481100e1fd081efb6620058700f41aa64f9371a4c0309ede0552377d44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7407c0a29edd939f0d58215976b4b561 |
| SHA1 | 31ef56717ad8770282b7dc4d31537600d2537fd0 |
| SHA256 | 9e34d814ef3e7a9c948ec3f7aa2cda916e6b02466666244414f23f72cdd68854 |
| SHA512 | e27ee3a0748a8d9c43ced11d96c8a80ad30be1ef3a0b47a31ac5f5b91bae10b1382946ff274ad85d9141ddb0d9356b8f08ed65776e9e60fade16a0b977c98a4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7593723c6bfad576b064c6b47523fc1a |
| SHA1 | a905ca3d15f8af60b60a2e2be887f5b5174687fe |
| SHA256 | 1843c33d6d2d242fe46455ed08dcca75c60fb52355a1d20b1fc9031f786d6f63 |
| SHA512 | 14f21915b48ca189f089cd0e9fd9e908d62219edfd43300d0d71acb76e7f9accdc45ec486bb26fd13e2b9eb82f57d55c4790f0f256fadaeba430b981a83474ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13f29ebcd4b7d4d6e7689cd3d372afb2 |
| SHA1 | 075a691d2fd3ea762eba3b5861822a7adfadcdd8 |
| SHA256 | 8825f364ba363245739a51dc6af07191c5c2313fb78011d141cca35895ea097b |
| SHA512 | 4126eae0497f2b8ab3c1328e1d489190eba419b460eb1a12f2e5bbde36216fae52c783c0c9397fb6a11c5b62cb5f2fa8bfa77fa0540d2211a9be7f195af0a130 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9eceb1b60326c0a86ed176c9a40394bd |
| SHA1 | 593b983570fd1f2f1d5844b5651ee80028f7cc5a |
| SHA256 | 1681ee1b3e69314d173d0c201916fc0e624cbab28b488d4d8bd612f2d4bff123 |
| SHA512 | 222b8fa86d9fc4c7949ab0b05852c4859d57c96263a9026e2e94c577b23f380f9ad6503d4cab3d49f75c46bd81a856bab506c45620ba61bba3323e5509c8217a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a589be22976dc18c1ab7066ace9fcf74 |
| SHA1 | 3646c6ae36c60a0d50489a575e0b57bc34e24e9d |
| SHA256 | 3cbe4c6b4b8dbb29a3051b690a04aaa0fa9110b8e6bf37e0911d9c5a03e924f3 |
| SHA512 | 49f7b588ca21986cf6dd22a9856c88e61289cfd696f26c04673b93a10427bbf8fb67efbb6d24f7c335a44c8d40e5e1335b8503b8f9e1d55bbf37e44b33bb48a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7de7ccf16e3377b4954453fe1567ff93 |
| SHA1 | 0fe5ac4eb298977d1142856015a33619474de1db |
| SHA256 | ff8f061f23c908a67a2827784a95d6a5af7a7367091e2a6a2b9268bc7f4b6376 |
| SHA512 | 677813b9efcaa591ad2ecfc31e91b09bec79c45df6619c8ff9deadb2fb58ecc7858b1c06d790a4dc1f033aea3dd9980480a1ecfaca0d394f17cadb8f799a01ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 695c6fdafa4c3e40f164924155232498 |
| SHA1 | 03647458c818aa974a84e63ca289442cf4fae5eb |
| SHA256 | abca19266b834a77910df62876b7065112a526974cc51cefaa2fbcf1b67c16a9 |
| SHA512 | 572fb5510200ee2441efbc3039a0c32ce8db1bfb23b5d17a0af8605f2d19b1ae8f6e72177a1e69998c5587827a67eb2c256c838fdd9d042100672e15e011692f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 11d9879897c5bcc7ad01b4da22669159 |
| SHA1 | 1580aa85838f134cf0bbc602ef941f3159dba72e |
| SHA256 | f06fbbf4da369f181c48b38cdb0958f4704d71d478eb5e4f62c433fb47ec850a |
| SHA512 | e1daa729a81b504d8237d0ac7bf08360b179d419532193a6946b549916eb6529a980e5605bfb579136c21add5984f56c51a23d19073443578e52ceccae276784 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e409e193d3f962831b1cbe9123dd1841 |
| SHA1 | 0fc29a11a00b118179e86946a3bac1407c6c775a |
| SHA256 | 79a6d105e3261f80040c3107486d3fa7ae64ef306bd8c6c205126aefd0f422c0 |
| SHA512 | 45363c5865c3853e138bc54ff55dc184d39393e372b6584d3005b1ce4beea81f4db16280061343a66d933d4c276a31fa16b055b111fb2f9f5a9c225f5a322597 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17564eeed78397ccb44724d9ff288310 |
| SHA1 | 340835db4f5f89879e11a762d8b46af71434ef5c |
| SHA256 | ef7ef3ccbeefd7482f3a77040e8d8e3041a6799f53c0d8f7be9227d8d1468c6e |
| SHA512 | e2801c23179c42bc29a1e464c14631f7a79587573215f8c4d472aa1818a1a52e9a6adeb61dd0a24d242b88283368bded859a8c6b6fff4cddc0a369cbf9a392a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adbd4bfdb6bb5656e9db6f9ed0a88edd |
| SHA1 | 3e046e5fed967bf0a757d73d93bd2656dbb3edd2 |
| SHA256 | 37db70d2e12a621785bfce261384888cce943709f1d185d571f1ffc7d48a6c4b |
| SHA512 | 2d030f7ff754dbc512e1726a863c2de0c73fc4c374a982163a011a92f01c91240e46a881a0ba389a579bfe6a29ca4696d8491d6a08ab16df2bb774df8bf5cb1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc493307d51ca354df5edb5c33a2a916 |
| SHA1 | ba5bbc2397380519b3b84ac77bf0607dfb74c96b |
| SHA256 | 9be68bba094f327becc30497af8e1e59a32e1f32b0faa0c422ec48548e79c43c |
| SHA512 | aa760cb4fb371720b02ff46025d5c09d06ecacc848feaa2d0c58b0b849002d0161e38737e5dbf3f78ae45f067f5ad890fc4223b13e55bbd3433201ac805f65ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 56dc1c1be19fd38e2984869a79ecbeb5 |
| SHA1 | 0abd4daace9258c641bec72986f8cd7fbdb8b543 |
| SHA256 | 33106a7068713cc21950dd328067da0410a4013a52d9cfd8ff50695272acbd28 |
| SHA512 | 41fbc6baa2d4650bc3232c618a934d87113cd6c442eaa4e89e8d53b433def93e4e62071a379a26a22abfd800828c4dfe2922b83607fdd7858fc77892aa3c4531 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01076be4c40752ce2381adcb38983463 |
| SHA1 | 7e5775a0a4c59942676474e9b78b24b43590ed80 |
| SHA256 | 5e3ae0851f7c05db903ab9386d568d54e9f239d3a0f5fe1fb1338264ae19a197 |
| SHA512 | b92b6a3cbe48a689808ac430d1074602c2bbd9d311ab32a83b1dbd554520812927a459b23de59ff388163c05c48fe10b16e343fdf098db42a31b9078f4692a8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36da60519af8ca96644f5caceb797d46 |
| SHA1 | 6217bfddf76e6d47600414b94c255ecae852f690 |
| SHA256 | d1d2e83f91d1711b7e215820aee8193f398e7b851ac9064a25460479b3de383f |
| SHA512 | 46fce06723407294ca458d69a872dac6c8928e6b8b9934c6904c9c373bf4f07a1b331802591bff51c1f90367768ccad157d27f1b7edc105f066c16eee7a61d5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 622382c4134dd8055795ccbebfb7dae3 |
| SHA1 | 524843f2250707f92735ca58fec7ffdeeba6fde6 |
| SHA256 | 684c62d04439c9965fc78b0f278c474480c36eb0b730ebf71a8ac9506b1cca46 |
| SHA512 | c0c28fbdf9976b56ff78a06c18cb6d86b72c452927b953eb48f525a60dded87eac4551176804ee683404eae17e0c131a47c45b59eff4cc1dddf085e3b4f654b6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:18
Reported
2024-06-13 10:21
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
155s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50bbf4753763faf6a89be24868b93fa_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8591c46f8,0x7ff8591c4708,0x7ff8591c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,16829019750531598109,11711441832536813507,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,16829019750531598109,11711441832536813507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,16829019750531598109,11711441832536813507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,16829019750531598109,11711441832536813507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,16829019750531598109,11711441832536813507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,16829019750531598109,11711441832536813507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,16829019750531598109,11711441832536813507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,16829019750531598109,11711441832536813507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,16829019750531598109,11711441832536813507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,16829019750531598109,11711441832536813507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,16829019750531598109,11711441832536813507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,16829019750531598109,11711441832536813507,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3464 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | belgradewine.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | s.sharethis.com | udp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | belgradewine.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | belgradewine.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_644_AXGGNSUVQFXNEQTF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 26d0cd2791bdf149859660389a079405 |
| SHA1 | dc38ea29fcc4db5ae2f7a3813428daf04ec6dd85 |
| SHA256 | 85e8858701097e4a8c4b9840e35cdcc1062ebfab922960c67831ed0c8fbcea08 |
| SHA512 | 178063d8bcb89bd493df60d6e6589aa032cfda54953c07fefc45ce33d8a40253c12fbd80fd23c2bef05b419c691bee67ecb3753e1ffbcd670c0d7839cc18abf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | be2d1646942610628bbf25486bc4c885 |
| SHA1 | 64f79b3b6902c416bc20f9fff56854c63d9b7c66 |
| SHA256 | 721585f1cc4f53efe07ede4b07239a4d6650728b2d45022ac31fe0eecd1128f0 |
| SHA512 | ab377e3b89e4bb21841771886a5a990bb450060ee8ed12de788f235d57b08c89c202f0f5c3e5d038d38fcc83f57bfab0b208ed2e7089e89cd6932a5a7809a1e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |