Analysis Overview
SHA256
0da44904bf0424cfe1bf69a84720cb04655fde5461b715a15f8d4871326668f8
Threat Level: Known bad
The file c73a63fe4cbccc0c4ee19748ebe8197c_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-28 16:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-28 16:34
Reported
2024-08-28 16:37
Platform
win7-20240704-en
Max time kernel
146s
Max time network
154s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30b77c4468f9da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000003aeb411d6187083d88a51596caaa69446316c2219c982756187cad3a722f1888000000000e8000000002000020000000f3b5f49aeb835ede33f1891c84027c57219899c76291d16e3fffd54bdec2cc729000000095a5e5134edb031cd1e7f627129e164b31a3e10ceca1a1cd2a1f7bd3deedcfefd0333bb73f04623c7eb17ab15399fb9f3e66d73990d81de8107aa6c745ea91d1ee82825518f7ffb52a88729b1e8456448fa8b37beb85b74cd29015bf02a9076971d18aa4f4cf08db3c43fb035e2f1a3bc83ed34ee6028ec5b7b55bb50b606b6f2bb3324b492ed0e9200bcec22b06de0740000000b71eaedb280c49f69cf99b676537229214113964c1d0ac48747688c7320042d7342095f57b8187d699c219f7399804b3b86bff0b27409f2f60c14862aa4246fe | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6CBF33D1-655B-11EF-880F-D61F2295B977} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431024750" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000001e23e64a783732adc2a4e3c8159e7c1626dcd0c078447e01407a5fd752579661000000000e8000000002000020000000cef4a42fad3cd1da2393216dd7efb897a911eedea730fee7ab849496c9d5df7920000000202a0204159e572e36c82a1905857b904317dc3cf000881200696201e7eca033400000006c545b2cac1a694b3b9e87947383d677c6c23b982bdd0063838de32703f3ad9beb5ae0089d22fdd0a925f3cef08036b35ef87165b28c8dc7b56ca7f970a01f27 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1292 wrote to memory of 1248 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1292 wrote to memory of 1248 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1292 wrote to memory of 1248 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1292 wrote to memory of 1248 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c73a63fe4cbccc0c4ee19748ebe8197c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1292 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | s09.flagcounter.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.in | udp |
| US | 8.8.8.8:53 | www.keralapscmalayalamgkquestions.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.187.201:443 | www.blogger.com | tcp |
| GB | 142.250.187.201:443 | www.blogger.com | tcp |
| GB | 172.217.16.225:80 | www.keralapscmalayalamgkquestions.blogspot.com | tcp |
| GB | 172.217.16.225:80 | www.keralapscmalayalamgkquestions.blogspot.com | tcp |
| GB | 142.250.179.228:80 | www.google.com | tcp |
| GB | 142.250.179.228:80 | www.google.com | tcp |
| GB | 142.250.187.193:443 | 3.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.187.193:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.179.227:80 | www.google.co.in | tcp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| GB | 142.250.187.193:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.179.227:80 | www.google.co.in | tcp |
| GB | 142.250.187.193:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.201:443 | www.blogger.com | tcp |
| GB | 142.250.187.201:443 | www.blogger.com | tcp |
| GB | 142.250.187.193:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.201:443 | www.blogger.com | tcp |
| GB | 142.250.187.193:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.193:80 | 3.bp.blogspot.com | tcp |
| US | 206.221.176.133:80 | s09.flagcounter.com | tcp |
| US | 206.221.176.133:80 | s09.flagcounter.com | tcp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| GB | 142.250.178.14:443 | cse.google.com | tcp |
| GB | 142.250.178.14:443 | cse.google.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | jqueryapi.info | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| US | 173.255.194.134:80 | jqueryapi.info | tcp |
| US | 173.255.194.134:80 | jqueryapi.info | tcp |
| US | 8.8.8.8:53 | sock.plugincontrol.info | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| GB | 142.250.187.225:80 | themes.googleusercontent.com | tcp |
| GB | 142.250.187.225:80 | themes.googleusercontent.com | tcp |
| GB | 142.250.187.225:80 | themes.googleusercontent.com | tcp |
| GB | 142.250.187.225:80 | themes.googleusercontent.com | tcp |
| GB | 142.250.187.225:80 | themes.googleusercontent.com | tcp |
| GB | 142.250.187.225:80 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 172.66.132.118:80 | s10.histats.com | tcp |
| US | 172.66.132.118:80 | s10.histats.com | tcp |
| GB | 142.250.187.193:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.193:80 | 4.bp.blogspot.com | tcp |
| US | 146.148.34.125:80 | sock.plugincontrol.info | tcp |
| US | 146.148.34.125:80 | sock.plugincontrol.info | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| US | 8.8.8.8:53 | ww11.plugincontrol.info | udp |
| CA | 149.56.240.130:443 | s4.histats.com | tcp |
| CA | 149.56.240.130:443 | s4.histats.com | tcp |
| US | 75.2.122.238:80 | ww11.plugincontrol.info | tcp |
| US | 75.2.122.238:80 | ww11.plugincontrol.info | tcp |
| US | 8.8.8.8:53 | s4i.histats.com | udp |
| CA | 149.56.240.129:443 | s4i.histats.com | tcp |
| CA | 149.56.240.129:443 | s4i.histats.com | tcp |
| GB | 142.250.187.193:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.193:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| IE | 31.13.73.35:80 | www.facebook.com | tcp |
| IE | 31.13.73.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | blogger.googleusercontent.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.187.225:443 | blogger.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | blogger.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | blogger.googleusercontent.com | tcp |
| IE | 31.13.73.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 2.18.190.73:80 | r11.o.lencr.org | tcp |
| GB | 2.18.190.73:80 | r11.o.lencr.org | tcp |
| GB | 2.18.190.73:80 | r11.o.lencr.org | tcp |
| GB | 2.18.190.73:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | d38psrni17bvxu.cloudfront.net | udp |
| DK | 13.33.124.148:80 | d38psrni17bvxu.cloudfront.net | tcp |
| DK | 13.33.124.148:80 | d38psrni17bvxu.cloudfront.net | tcp |
| US | 8.8.8.8:53 | ifdnzact.com | udp |
| US | 208.91.196.46:80 | ifdnzact.com | tcp |
| US | 208.91.196.46:80 | ifdnzact.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.71:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 1d78002854cc639a28bb5c0c8805dd40 |
| SHA1 | eae91824740940a8bc96f60366d229104918b33a |
| SHA256 | 46f4bcef0e5dbb0ef9bbfafb8788690e547d20c4401fab628f0cad79cbee910a |
| SHA512 | 527493027ef7a733713a923ac2308df3ab3b2c265c8e786d7d378ab31a127714051d2972022f9114f6458942f1d4d09fae3cfe2ac01988e083e8cbbddfaac4b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 61011b59e66abbb253b932ab30e6139f |
| SHA1 | 597146800c0f275036d9853667fcd37a5b698017 |
| SHA256 | c5ae1fca8b53ee599d7a25f0898867de48346726236395a7903a3fab1fabae58 |
| SHA512 | f8ecec189f9d46d63098960f6b9daf25a23ddef6499f40c2288fad7f6c3e5bf1ec7d58d3b1c6a6efa559935c2e79e328427d70e3921e5ca91debc9d95230af44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 15b078a79b996f43891212b11caa68f2 |
| SHA1 | b2da45be0eb018c3a1bd68dac875f193caf95d56 |
| SHA256 | 162c95c2662700984e251ce72cd74bb1965891d0e3c759270a24aa7e001fdad0 |
| SHA512 | c694d913829c3de18369cc76d0e5b9a076b0f804ef6013d888880cefac76ec2f4c205d87db34ef8bebebdaafd14a188a0107184e3d113f28410674b1b28baf92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | de14c8a147055c4740d7ddcd62bddc1e |
| SHA1 | 6b06bfdafb4a65fc53415554bb722f58e508746d |
| SHA256 | c8fc2f489cd1132425f5206dca0591bef2e6004e9cd3711295365a2a66a22369 |
| SHA512 | 098374d672218acc6606cb323a084b1cc9b21fe2e6edc5a823014eb77b4dab8831d2278f75ca4676a7265848b6115767062e9aa0bd394b3b5dd54766b18b2281 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 46cbd2c63ae87081c7a5767171e5852c |
| SHA1 | 6ae36e854d2aabde518685dd638d4ec93ba9b257 |
| SHA256 | a19f2c880cace8ea8925cd762e8f734afe586945c30988ae951cb3bc5aba437f |
| SHA512 | 1f77d06ac8ae518f4cddcb6cd37e71e695690a71ba389fa254b6bfaade178fe56641f22a9a718bc8505d1d416d3ab70d76ab0ba9fa59cfb2ea718bc32cdfe84f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_D71A94740B0CED76EBD7AAE2374CBE8B
| MD5 | 296d0c0c06f8daadb4d0ac5643ab0422 |
| SHA1 | 2f3fa169c9f9dcbe206627143d0a52732007d74b |
| SHA256 | 797cf4e8864e93f2ea8c6f1a9b659b31e3488d94873e32dbd95f0dc3318a8aaf |
| SHA512 | 4ac4aa8590e91de39953a9e88eed02c9248754c8f78f5ac410db404d5a95004ff6a3c25aa6aef76aa2ee0b1ee8528ae548336ee89d63b2b01e539299d0bb5955 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_D71A94740B0CED76EBD7AAE2374CBE8B
| MD5 | 70b280bfa481bbe92cfec558b92494ab |
| SHA1 | 42de94f85fa7b355a54bdb50e2fa0559c1b15e62 |
| SHA256 | a4661ebe7e70168803a2141506a0aeeb1908e7624914364a6cd1f2f18a06bf05 |
| SHA512 | bec9326e42df3c6a3962ca5344b09182e904619a5a2e14700440ec2a65a8e5ed8903b013553ea746d77a2452991943c6868eda5512f497bca94ef703ba4959e0 |
C:\Users\Admin\AppData\Local\Temp\Cab9EA2.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_9CE832D646FBAFC5C4ACFC523FDD84AD
| MD5 | 72ca68b22b596eb0a1a8d0de00ac4933 |
| SHA1 | 8b8b3ddc5f7f63fef2198a4ec00ac197b7cf099c |
| SHA256 | 4fcc1203695f761f44e7cf58437dc6fa7a30e107c5392de3898169cda0a031a0 |
| SHA512 | 17bbcb71ebdfc69257ab0a6f809d52c166608ae014df96ad7b0bbfdae7f8eae82e65505d53c27779e373babc53b14116997643c603fe78fb23bbde605f6a96da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | a9d32c18e891c01827d1d0065f066b38 |
| SHA1 | 17f71ccb66d52233180c192b00df9ef435bd1790 |
| SHA256 | cb0974c21dd1f088a8943ccf41a689eb95793ca59fdbeabf4d034965011a84fe |
| SHA512 | 39c3f0ddbd1d9d6f25dd2db7de3366afe4ce325c00f9a2a1c0f6ab1e9317f1febb26d76628eacc70815f32e56ae0346dbb888f93f45ddebfbb374bf742e29cba |
C:\Users\Admin\AppData\Local\Temp\Tar9F60.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2D4C3EC404C59B891BF67902A5DC84E
| MD5 | bf543fcb13d3ef72855f9d686560d31b |
| SHA1 | 3fbfa22708e7464acc27e21440c0ffcb17966d06 |
| SHA256 | 804286d9981c71d214605a061df74395e5a0347f0d1edbf8b0270720a9840a07 |
| SHA512 | 5aaadc6f5064090a8dc358ebc7112d7e16ecf0569128d8a6071fe753ced1b49853252da6da9eaadb37361ffe4dabc5ce3262d49333c945c9554c1563db443afd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f2f1c117faebc0543b6bb235339a4cc |
| SHA1 | 843ca8e28312c8bfda6134bed7b6d106ce16f909 |
| SHA256 | fc6739dd13a76316e596a25f77cc232ef3cde96b34f8a706bd5560ae7d903d09 |
| SHA512 | 489914607514a9f592900f72e69c109b76207f334f046201c9f2922cce80544c0b136cea978869bf6aff34afb3956a27873a9df27c63d0fe4da950efd3691d09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1443f30a4c801d3ad964cc2877bdc864 |
| SHA1 | e9e9af99f6052d3070558c61624fc64349a0195c |
| SHA256 | 6e0aeaea1e2b94d027570445c1f0d2372165dfa4e6b1ddad2a6996fd9c00f5b9 |
| SHA512 | 02fbe6a352d2c815ecedcb276a19aebefa45403b12deb8388268138f5bc127ebc82aff00f2043c02d002c7e3db1352892a22ffcf166d7f4659ea04499cfbde97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a7914a85f2cce0666e644ee54a4f31e |
| SHA1 | 0ff9edbf8fdb94de4ed9db608451fcca859f3e9e |
| SHA256 | 15b594cd16f169e7b1e99760c6611d494c8b28aeccd730abfb41331b6fe617c0 |
| SHA512 | 577909ff16e423f02a80cdacd78891727d0e4a0374c9ab23dfc639c3515e47e6f33ddbfbd01e9eb2c6fa84cbf071c808be9906bd45d963eacc240ee78163ac8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 287fefbd3557f9adeab823415c33c06b |
| SHA1 | 54bad07497b8e5b806319460206e7eacb20eba09 |
| SHA256 | 47302451a7fbb756c992b909394155b8eddd4dba1dff35cd55c526010f7c6e5a |
| SHA512 | b4381d2679ea2bad72aa3ac6937b920ec7cb8a804dffbc10b312a68a85499845d1da98c059a401e141f954104304803187f964ff58946918230f2d97c4c065b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed260b32f21bac7cacc23b75cf0137ee |
| SHA1 | d277b5179ec93c3a466e847073a6be746b8ea48d |
| SHA256 | 205c195431a5dd7fed940ef3e46ab4109d104cf38858834994088f76320915dd |
| SHA512 | 26b7f5525d82ec7f6f5ad55a5467a46aa201bcf5af32e1fb7685e31c63f06e77000c551313dd736843c174d1b41bc2573e10111312292f4f300b80e6f8e99632 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92bed3ef35b6d3ecef46685b8eb9d1d3 |
| SHA1 | a06817dd67ed735ba621d18bb4ad3c3f6fd257f2 |
| SHA256 | 99262a1e954d73588b830b624779c9ac1d502f098fa73169f6b0d4d98d21aedc |
| SHA512 | ec1b29eabc8dc7c97b0eb176807407f4fba33f99927d4a1042eaf41ca911891c13a8e80672937ec94f8f8d6800fceadb15dace71188cd591008cfd2b5943c876 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 778a37e4560fc8df4750d12fbe623abf |
| SHA1 | 0cb6c9484dc186de1193f4d1e9e51c53d13cc819 |
| SHA256 | 017273f514beda4252151c073c6ea152fffbc48a8be81be8264560154af10233 |
| SHA512 | 9931774a8986dc449ac14f68d3b9bef96481a5a548d0d7625a03cdddce68e2bceee851fe844ab2c5ca8db7eb6dd231f6cc410cc6ef99a31484a3c564091c3907 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7261a4ddae2952d312c52b78fe793b23 |
| SHA1 | 629b76eb4fb734a783ee8361034fc4a3cc9cbf62 |
| SHA256 | 97ef5b003d0fdf5033c2ef8d580c1b14dd14f0f184a61ed4a1097b1f5feb7651 |
| SHA512 | d5c7c6580d05ff0a0b425e4332eefa389a94e1ca627f27b5ead1c9b2b0e8c106efdb6b6e4d82f8718249fa532768230fe68b8b4d10a102dfcc2da96a6d3645dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8a007a1ae329bbff4ca2af6b5ca1a19 |
| SHA1 | 2e7adf5cc80d71724794018200498d6046f70c28 |
| SHA256 | 17b3969f4836fdbadebd81fb65a681b3b63bb50da48edf209cbc21637ce868ed |
| SHA512 | 82fdceb5fb347154902243eb505e5199bd35108d0395b91b53dd7450af01e47247bafacf25c5e57f13697282eb4ea77f0edc3f1feefc83952fad3ab242b054f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe01b78eb09f82bef43d898fe99849e1 |
| SHA1 | 3207782e2f8d3a29191929e2a2e2c03103f2350e |
| SHA256 | 92b0d2f7449b9e26daee8caf53452276f6c7c0a7053f6b59bae18956566f5460 |
| SHA512 | d07af88ad5e94dc3bb6ad57a7d7c4ea6ae8821dd177fbbabd14017587454d8b0a669d768b0d5b6ff6291ade0513c9ee4a6fc6fddd4fc8c2a219354067fff49e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15f3043257d9773896475888767f5889 |
| SHA1 | 1e7fbf45da609c39dd077b6e115e0400eadd0573 |
| SHA256 | 0286aaf4c0efd6571e43bd3f5345fb47ea758c8675701b39feba1203e0fbc803 |
| SHA512 | c3abcfbe61945d805d7a3d1939e7fc94a517c979f3936f28bf61ab102add511bee10d657e02ffa4995f8b4e5c13ee76ed6879c80b5717e760fc63e995caa5d73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bac97afbbae41eb3ec537d680731e1c1 |
| SHA1 | 6db2ff19a2788f67d797abf065335e9828172fce |
| SHA256 | 92a1805530ba4c609d361f39e2c4032ab4656e894629bab34eefb3c24d6e3600 |
| SHA512 | 65e8e18157f73196227cdc00cc1b7319f37db445f63b9275aa4a0af47333c0f7daf1181bdc9e4fd68fd2b5a608c199a58ec67259ee9818cfaa3060fdaebda489 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08314f104195dfea289f66b6637ff1de |
| SHA1 | 240f408d746a81e06b27c57e658140e564fd32a8 |
| SHA256 | 524cd4aa17fe5b4faadd65ddbb15ee4a93108324008fcdc53d13c270cf52e792 |
| SHA512 | 6088823b98811615b8fbf18cc79a81e13e465d990ea6bee04421e9b6f79ee8057d93a46ff531ae51a9b22b22e6740dc2c6fb469e1f273b7058a7c715df6e47e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | d7f774a8ee705c83798576079c23708d |
| SHA1 | 58a9752ea51ae94b21a4ad72c3e42aee492b551c |
| SHA256 | c9b1ec3c72bc33d924db690ea84cb83de340da1ee304491046060ef370195a6a |
| SHA512 | 8498bdd4ed189d7145b7cb7b81be211f2dac6f559d5963bf9c720be714abc1ed1909b17ed3c6d4d850d64c768ba3c95bee1b5f9400a88910a4dd71e80946f3d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c7166bf009bd22b115bc815c534ad92 |
| SHA1 | a09b316749d6370e7aabf139be83fc93a21d96e1 |
| SHA256 | fb5de298cfc9ac8dec5da84e514e1f6ec121183e0264f479d77ebabd2d17ba00 |
| SHA512 | afd37c0891de8c3b59e0088fdb0c110c0b8925f25baa5819ad0b4229b06a9d920e3eca8139d5159c7f706b05c470eb68362b2ee4f5228ef0d14aac9f804b05ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95e47a02b256bc3d8b60e3072b309d52 |
| SHA1 | a985f4d6f7e6083883acdaf717af5f66036d4e06 |
| SHA256 | ac3199d0e8374985bf6fd54aabaaa3d0370cd296162ec48764070e672b1d5555 |
| SHA512 | 6e16f1356123def05f4f3ee4cab82cceaa7da4ef7fb0093f40dae51ce41f0df3cd86de63a59d90771de12dafd272b4300de8c39463133f71db9015a74e8fe0e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dac2a353d98e58f79e5972e935184fce |
| SHA1 | 372b747d5f0c297fe07656d4cb94741490354861 |
| SHA256 | 794a53a154fb569e819d14b631c053fc593bd856c56cead326d379c20d6c31dd |
| SHA512 | e664824a9aa549e01e975f52a9a31eb8d54634902f9ed0d9e64fb95c279a376b2fb77c2ce0fc5e3c52b6b8001c0f82af793a9559f5f9a0aa4838e338b453bb16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2825276a5cd3046c966d609e736e89a2 |
| SHA1 | c96f9904d0edbb645906570435b64f2f9c4a3da3 |
| SHA256 | bf16d72538b33323309d803c07d8a287a0b68c08d7ade483310d96230c0ef0a7 |
| SHA512 | 6061982ccfeb808a2af2340a86377872eeb3aacbaff820e6a22bea9ea0f0d2528a4e7c88b57e0a54cc13ee0f3f872d5953569adf41c2771e0d951d5454cda98e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60e480580a7ced99b70c4d699806dc4b |
| SHA1 | f346c332320b8cf94c1b633ca1371e633a4ff0f0 |
| SHA256 | 97cf91b0fcd34877894974d2ab1a605d0c6323144a04b3d44eac6c297e6aaab5 |
| SHA512 | 03623887fcc3c020551d1c7bd2111d204f3ac586b59816cfeb767a894ddd24d4f1262e554f75d2ad01411cbf7441929bddd168d51057997262f8ea84f8a78fa8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f12ddb37283779cbe003f86a39ffb0c3 |
| SHA1 | a02fa8ed3907895cb95f5a1a2809bbd208952b45 |
| SHA256 | 2a3855ac6431de8a338af8f7b2f9b553d1edc07d917d3b304b7280fc4ff6f5ae |
| SHA512 | 662d2e4caae0af6f4575916d5cf7d58bd6d3862cfe95f61ee42956dfffaa9b89366edd777d2ba104b009392e30c944ba32b9b6e558254819c3f9116d0c292d1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 9891106535fbb2bb3a30a3eef686e637 |
| SHA1 | 37a72a862ca02fc884bacfa280a4d35155b4eb6d |
| SHA256 | 6a303a56352b5c48c4338285ebac10ce17a0f502eb3c9a1efa41c24d37fb5045 |
| SHA512 | 533fcdbe06a91dd1046bcd316f8ac992c3c4eb919dd94ac9678f28ffaa4621cc77f1b547f509c906cad8071c6bc20535df15eedc9b17f54e5c07657b81d565dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9460c91b5996eaca3876d9a76ef7518c |
| SHA1 | 7f1ccea019637f0d04d5e7dc9480e50e09510cab |
| SHA256 | 6b04e183937ef6b2dcc4a02b3c5d77b92505f5e54b4cd15030f9c325e9978f6e |
| SHA512 | 54eb7028ae9ae278bba2a492eefeccc189198ef60f8bd7fe5e2b8ef8fea1bd40dc4653995cc272602017800c822eb1e3c181fae463375a8ecc32cc2f12013c78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38b5fa96b582c1dbec49cfc876e2406b |
| SHA1 | 898a6bf6a25b78856d7b5ff19ad61b2e2b3a56ef |
| SHA256 | fcceedc5c90804f5065582488add55838ba65aedda17914b83e834eafb85514f |
| SHA512 | 08672d3a362b90228efe214dc9dd59700be7ed854ec0b6130be81ca7bbeb8da3855a042ad040e5457e39223f13c0c78d1f1f916c19c68150a59e68c9e3984d47 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-28 16:34
Reported
2024-08-28 16:37
Platform
win10v2004-20240802-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c73a63fe4cbccc0c4ee19748ebe8197c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd73946f8,0x7ffcd7394708,0x7ffcd7394718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10244079403120865781,8082466404431735756,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10244079403120865781,8082466404431735756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,10244079403120865781,8082466404431735756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10244079403120865781,8082466404431735756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10244079403120865781,8082466404431735756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10244079403120865781,8082466404431735756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10244079403120865781,8082466404431735756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10244079403120865781,8082466404431735756,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 172.217.169.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.187.201:443 | www.blogger.com | tcp |
| GB | 142.250.187.226:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.201:443 | www.blogger.com | udp |
| GB | 142.250.179.228:80 | www.google.com | tcp |
| GB | 142.250.179.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.co.in | udp |
| US | 8.8.8.8:53 | www.keralapscmalayalamgkquestions.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.179.227:80 | www.google.co.in | tcp |
| US | 8.8.8.8:53 | s09.flagcounter.com | udp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| GB | 142.250.187.193:443 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| GB | 142.250.187.201:443 | resources.blogblog.com | tcp |
| GB | 142.250.187.193:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.193:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.193:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | themes.googleusercontent.com | tcp |
| GB | 142.250.187.225:80 | themes.googleusercontent.com | tcp |
| GB | 142.250.187.225:80 | themes.googleusercontent.com | tcp |
| GB | 142.250.187.193:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.193:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.14:443 | cse.google.com | tcp |
| US | 172.66.132.118:80 | s10.histats.com | tcp |
| US | 206.221.176.133:80 | s09.flagcounter.com | tcp |
| US | 206.221.176.133:80 | s09.flagcounter.com | tcp |
| US | 8.8.8.8:53 | jqueryapi.info | udp |
| US | 8.8.8.8:53 | 201.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.132.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 45.33.20.235:80 | jqueryapi.info | tcp |
| US | 8.8.8.8:53 | s4i.histats.com | udp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 149.56.240.129:443 | s4.histats.com | tcp |
| CA | 54.39.128.162:443 | s4.histats.com | tcp |
| GB | 142.250.178.14:443 | cse.google.com | udp |
| GB | 142.250.187.226:139 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.187.193:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.187.193:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.193:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| IE | 31.13.73.35:80 | www.facebook.com | tcp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 172.217.16.225:80 | www.keralapscmalayalamgkquestions.blogspot.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| IE | 31.13.73.35:443 | www.facebook.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 133.176.221.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.20.33.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.240.56.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.128.39.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.73.13.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blogger.googleusercontent.com | udp |
| GB | 142.250.187.225:443 | blogger.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | blogger.googleusercontent.com | tcp |
| GB | 142.250.187.225:443 | blogger.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| IE | 31.13.73.22:443 | static.xx.fbcdn.net | tcp |
| IE | 31.13.73.22:443 | static.xx.fbcdn.net | tcp |
| IE | 31.13.73.22:443 | static.xx.fbcdn.net | tcp |
| IE | 31.13.73.22:443 | static.xx.fbcdn.net | tcp |
| IE | 31.13.73.22:443 | static.xx.fbcdn.net | tcp |
| IE | 31.13.73.22:443 | static.xx.fbcdn.net | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.73.13.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.177.190.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| GB | 2.22.69.243:445 | s7.addthis.com | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 65.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 38f59a47b777f2fc52088e96ffb2baaf |
| SHA1 | 267224482588b41a96d813f6d9e9d924867062db |
| SHA256 | 13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b |
| SHA512 | 4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b |
\??\pipe\LOCAL\crashpad_3092_EFBCUCMRWVIABIHL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ab8ce148cb7d44f709fb1c460d03e1b0 |
| SHA1 | 44d15744015155f3e74580c93317e12d2cc0f859 |
| SHA256 | 014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff |
| SHA512 | f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 69d33524574a8c5394efabc89961a3ba |
| SHA1 | c995e8bb9ff9bf409391e1f4cde8c1746ca5faa3 |
| SHA256 | 654913c27eea3c63210f167abb9b8e841d04723d381444bdb3913628902add52 |
| SHA512 | 03f249714b3d3eb45f166852abd08c6d63b0425f05719ac9aae638adfb4a6633f3599e6f46470de28199e0ea631036ec3d65ac3a3514cbff5adfd8d2afbf0b07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 73720e8db143d4ba51c254b123e0d864 |
| SHA1 | 47894d2c37a1351bca7603e79e809ed0af66e78d |
| SHA256 | 9622c3c202c3bf6ccfa9fed8953399ae03522ee20363778563b3b7a39765af06 |
| SHA512 | c78eaad29f606bb281b2130a611cd0494c91166089cee4bbf64d2f0f5cfaf63c46913268eded937c0d132f6c5f052f626c6f65da59dccddf7ddfa513e950f379 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2e79e6e1b7118e0c0d76ffefd18b88a1 |
| SHA1 | aef54f52a6bab3807ce7b301f8049bdf42a85eb0 |
| SHA256 | efd2ea6e4ec2f7792169ded1ad07667944b2a593eb468b7aab83f1c6a39d706a |
| SHA512 | 6845d8028c447923ad6eabda6cc3d5c2da6e4f43bf40d226f45ffcc2f3fb716a17acf0e27e4c27e099873221ded04caee29dda0f34e41fad003d084f77d564dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 52e5349a2400a20f76c882052567715c |
| SHA1 | 53b692b8f3b96613ffffb0c05713177fdc8febdc |
| SHA256 | 6ffa8fdebbf66ca8fec3bbf6887e9d492ed7c9e060f4f14fd4d3d9f14f1e2663 |
| SHA512 | 53a1b6f1c465287b17fce86002f462a382aca95a81386fb176ab0ab78231ff873e6e71385d32a289c05bc32744ac3860e1fb3e78ff630356529ab69326b82fdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2f0a0be056a0eedc307248514008f603 |
| SHA1 | eaa344fa1c301fa0f0b21ad0985267adb0d377b0 |
| SHA256 | 04d8bc26547b114800cb5baf8c1f28dfbe1d21e7c35c9fbb59a8d1b7ec22b8a5 |
| SHA512 | 598e688a9e97b5b18d1ddff8ec36280a2c709ff8ecbdd7fcee166591d3cc89bee6de4e287be6906b6e9b9102acfc3bdcc8f3cfac0b30d7142e46fd740f7a4c4c |