Analysis Overview
SHA256
415f038947fa99798b957e76eee1c0d6fc4ae937f2ea80460fa08a7ca2f1332e
Threat Level: Likely benign
The file 14b96fd5dcadb82dd574cd15b0d4b897_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-04 22:19
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-04 22:19
Reported
2024-05-04 22:21
Platform
win10v2004-20240419-en
Max time kernel
145s
Max time network
153s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\14b96fd5dcadb82dd574cd15b0d4b897_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd39046f8,0x7fffd3904708,0x7fffd3904718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,15269067099469838731,3623568680931532403,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | secure.aadcdn.microsoftonline-p.com | udp |
| US | 8.8.8.8:53 | ajax.aspnetcdn.com | udp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 8.8.8.8:53 | 160.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.15.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 919c29d42fb6034fee2f5de14d573c63 |
| SHA1 | 24a2e1042347b3853344157239bde3ed699047a8 |
| SHA256 | 17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141 |
| SHA512 | bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d |
\??\pipe\LOCAL\crashpad_624_RURULVBFSCUJIIGX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b2290ca03b4ca5fe52d82550c7e7d69 |
| SHA1 | 20583a7851a906444204ce8ba4fa51153e6cd494 |
| SHA256 | f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2 |
| SHA512 | 704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aad97e40df9ee38569c2d56de5396607 |
| SHA1 | 8b40d67626b9a3b66b6f2a1e174d87bfd653f92c |
| SHA256 | e403fe1c5bdd99b6f9e0bd204ccbf6fa7f8ec07d81afe144a5860a0d07d13051 |
| SHA512 | ce6d097d5434dfed826f2ec048b19550fed065ca52da2d60ad9b70930b8fe7e268ba7fb9fdad4fbdaa5c1464932036e3dbc6fe4fdf34f5d3361954817c5a73ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 45697bfa98d7f147b819b2d504f57448 |
| SHA1 | bca5658756191c40fac46debaf063ee25c13ad23 |
| SHA256 | d87f52c471aa7f630f4a1a953f9fb9710d004b0209755360916ef2b72fc777c5 |
| SHA512 | 7d6c915ca4e2f38bb601ff68cecb1c39951693f841cb1b2a2bd3762f654e5372e9dfc2a7ffb4d8da056de0b42b99b9260b3c49feef51b465ac48296fab47f807 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\01271cc1-f766-451e-8b73-1a68b346ee1a.tmp
| MD5 | 1d8c21ea15b25f7f73f88c8719fc41d1 |
| SHA1 | 5817d51ad5b33bd6df97f6e9502c6f7db09c208a |
| SHA256 | e990b7a16490f789f553a27da9a92d6c69b84e3ee081a0a3174b5015d005b58b |
| SHA512 | 44656d765e5dc8d9b1f3ddc7dddcf4142b19069773b4716cedd2e116d67bc55330e58904ac760a4b19d6b090c252284c9edd196e80abd469e32b1c732dfb5df3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c401274b19e17e2e5b3f2020bc3c058f |
| SHA1 | 5c2ca0484f94ad4bb5e31d3fb1364c0be9411a86 |
| SHA256 | 6106976139f9410cc79bc44c54c17c52d4f1124b3a438fed675d5ff7a214bb62 |
| SHA512 | d231ba6712b8be69824aa186689e3422fb56e20861c419c536124da4be851cf5bc02d0d595fe87b0dd81a3e83324f7dc8b1be1fe3739389638d1e8b5f4c77e56 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-04 22:19
Reported
2024-05-04 22:21
Platform
win7-20240221-en
Max time kernel
119s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{522AD1C1-0A64-11EF-8442-DE62917EBCA6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90273829719eda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000ce5b739132ca53db07f6eb4734b9a1eca3b51978433b94bd6d9a3f6e49ef0512000000000e80000000020000200000002f910a1a191cad6cd161ea57a572da770e410bef8593cd63fb87d172777ca62890000000dea60053ed4e7a33a6ce4995e794ad9e034a5586cff28bac0bac6f960b5bc28944dfa9f32d00e2f1c736b2664f141f89e553d1451251e9000f1254860de8d38ce07be6877d3ae37571a79135fa4878a767bdaa9697d887411343dc59f36355dea77696b0fc4c5602543f3ba52f7ff0ce7e56619d6b95ab028daed9a8b4adff602010b2e836135cdaa293439c6b806ae0400000001da477c5e1d8fada8bce2dd89bab7618cbec85e16ea8261c10785b6d1dc8372c3aeaeda83aab44802bc160f08db2c7b3d79da6ac997b397f9c4505d0be157904 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000111e82661b1b0e612f40805a5d8d21b437d920b86eda3775975fd38cd43a2b7c000000000e80000000020000200000000e9786bb2246eb32978ae713749ca60a19d8592a8467f3ce7499652ec542406320000000374dfad6ee10644a2954eb1053ee5163a802f15fe13c35b6fe23a5447bffc24a40000000a1eba728d7fb14bb94859dfbbe909957183de353cf697ce7cd67f7d446950e98fba1c3a06cf4abcbad70eb4064eb0ff987ff0adc8686b78085dceeb7d615c4b0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421023014" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 328 wrote to memory of 1816 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 328 wrote to memory of 1816 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 328 wrote to memory of 1816 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 328 wrote to memory of 1816 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\14b96fd5dcadb82dd574cd15b0d4b897_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:328 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.aspnetcdn.com | udp |
| US | 8.8.8.8:53 | secure.aadcdn.microsoftonline-p.com | udp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar24D2.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab24CF.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar25ED.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69b8dbb6e937e161fd3766997faa85d2 |
| SHA1 | cc01a329c7e80d9b820a2671b7d91e529065b2d3 |
| SHA256 | f57b675e4a9e5b8b9259f289d9adbce2e66cef4e52f6fe54ae66625e23249fb1 |
| SHA512 | cb78bc59686581985204115050969ce7cb9c3a8025d6b91890ab994a2544e83d9e98b200eff58e81dd3efcb11f82f176ae5f366fe2d187f375565c068fa17aac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21807062f21a9f28d6247bdb355043f6 |
| SHA1 | 96b8081f94096ebc29091803238a2e788270b952 |
| SHA256 | 414c1ba0df2452b985d9cd5cf3dec3d343d0f30e4213fdd17fbb8869a666cace |
| SHA512 | ed9451999dd303ef58ff70d56297dc7c59d7d5c125c9b3403cf60e221e43b72c4c61358b937fc30583f569062ed427922fea86e4d579303af51e2030ae7ea3d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acdea6c6ec4c0ff68a6a526790170536 |
| SHA1 | 8f1a27782736cd0db2ae69d99c76a4c712b0158d |
| SHA256 | 25b933e6158d240fffabac64afef8c9c687991e6e29695d413f0fd5a3b58d8cd |
| SHA512 | d0487a552c1dd319955f30689ad0b289ccce72a589a8eb262c8793ba0305c4e10441f3a3a77e41624930b17dd86e70e9f2dae2405a5d51bafc3222b34857e2ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f0f7873670ff88f270c345ced22c9c0 |
| SHA1 | 6c75519065bc6b69b788d72d666f52873ec78ba2 |
| SHA256 | 786b21a4b11e74d67d8482227d7b6d67cefbddcae07a72dcac6561b8b715675c |
| SHA512 | f7d8582a8905c33aa02b3d419d9a88107b977031a2eb4b05d7f7a048febaeda53efe3783196f9164ef80524fd6db9861440a2c0f2fb3cfc913e8dfbcca9a4678 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1bb06cd79be04c0d215dfacc377e09d5 |
| SHA1 | 1aa5992903700917fbe46181540110a32b982697 |
| SHA256 | fda10a5741ecfd432b509716f5a55921bc8c26aac9ff23d05ace234826f04f57 |
| SHA512 | 0a2b4dcefd1953605402bca5fc38a6b387b5b17539fc9e4b512878f2bdcdd09cc7dea77c2562a6615f98dacc5d5afe5ad14795edb890259fb9633ff111561ffb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43e2944542586dc17d4ff101b8ea30b0 |
| SHA1 | ff9ca802a86cf9333ea13fc5d7254cc0bd02fb99 |
| SHA256 | b3d90968fa0d6d810cd95b32165a8b5032f4aadf2fd4a9f6a9aa7045b3acfc42 |
| SHA512 | 5a1850046faa6d9594dd4f05e20e5d72323cc634bb04fcea4dcf49dff49fd60d7c90bef79e336f6b788b3b2c6f6ef15b3d078d916f5cc96160fef127373f5e7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebd7d3d85984b1e0a76dc2825c9e4134 |
| SHA1 | f5ef477ca467f4c0dacde1fb92aa2699e3498ff5 |
| SHA256 | 7b74b552805e1442a8ab39f5a31c92af7fedb6bb9e2ef06fbd6636901dfad011 |
| SHA512 | 7941cf92ef93cfb101e114bec18532ff4b29f628a8c4777a2c54cd8cc8da4d6d117f74f381c011366440acf6b2517c90ef1a0db4fe365d63abfe1723d23258c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3fb9bf22a433ed9daa8342c0133a3e0 |
| SHA1 | 93c3442ad545e34c606a786dd16ade70fc27f12d |
| SHA256 | 12b631eb437849a884ce560ddc32152b79ce255844db630fa7f15364be2d809b |
| SHA512 | a9a7eede7bc79d41708060ee6590f8cc2e36d18f4c26651bbe51b90e397faa455921691f1e086d092286713c77c7c4912c8ad822d7e32fb4480826b8058703cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9483e5ad4f911cb763eae52a7d37360b |
| SHA1 | 5d7babbb396805bb8189f7a163bab5b702be9c85 |
| SHA256 | 6b8d3348a1228a17dd359c9e83c7601e4638c4c3e8fd18b08a1a93d66c099133 |
| SHA512 | c845864271ec45752b911dfab38a34d0bc9ee19e0db76a4159d37a1507e02718f3905c92d01d3d37524a3c4554a433dc72e1cd1193016b6bcb03a2a387e644c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 547d23180fe0ba7c6623c40421583865 |
| SHA1 | f9a03a0bed04ca83b4c5bf4778b83381224f32ff |
| SHA256 | ffe7ed6baee867f1ea3d6f5a2823674c348fcfc706c664eb85a1ddd87d0c0769 |
| SHA512 | 51018623f5839dc8519f6c858ab4ddf60d7fc4a92668784ea7b00f3b564df98d818080136f098531cd76c3bf86abf0a4b87104effd571152d17859fdd9d260d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e96151e3c5fa7b72271efa841d2abfc |
| SHA1 | 7a256843547971cf7240bc2f97b6b747a2d00efb |
| SHA256 | ecdbf0808fad9b03061ea1af11f550c6749489505fccbbc00d2fa4a7cefc8f39 |
| SHA512 | 619cf919d758357ae0bf964e49756616da5d4d1c35c0d724a51753fabfd6a9c7374960cfacdac79045834019b751e9891818ec0c99d48530780fe8c92bf6dab8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e8e73eb516ff561ea0345c5cbc453dd |
| SHA1 | e0655d75a43de92fe21d1eba1153e68c6750d41c |
| SHA256 | ec4f6723ca70c632a1fed5756a60b04f7111fb057f24f2716fa623b818a60982 |
| SHA512 | c07a34ded1bbe3368fb508e22eb32ccb3a71e798dcedc4c487da33e7c7e197acc2a255fb7d02000c9d59f13e2172c7e85876268f03ea1d05e6aca0e671bc9496 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97c1147a2aa1baa7bb473c0947cc373e |
| SHA1 | 4bb02e2a6428ba975e6e73d596e15d6744811868 |
| SHA256 | df13ee902f1871835dbef77a59bdf58b1119f8537ac6f983a8ed25f1e8b270ec |
| SHA512 | 4d14754b3efd66d61481394569a85c3d53644f8b7347f8df8ae563480ee4e864a78a1c455e1d6f575f70862e12215252f554bba9fa50671156a06f814e1fef5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a679e689c6980a380d50bf01b8f8064 |
| SHA1 | be5f99ec05f106329fb2c324c1db99b73eba7de2 |
| SHA256 | 1feced07086cb4ef0054be3244bddeb2178c840c695381f4f77e558e4f7378d5 |
| SHA512 | dc02619332239963c10f5fa9b1885dcf041a01a4cffde2df21a949c28257346c6b049766fdbe2e61755d36c3318e01b7f95f941ed976871906ee7071ca59eb4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa5bad2153b4bdf42b20f93ef733e6c9 |
| SHA1 | ca724849b51968b19c53e258111db26e55a5205c |
| SHA256 | f99aefb983fe46c60aacea2f19509aeb58d54f05656abea2fec3f2a779ffc786 |
| SHA512 | b27695a49a1d4f9c1d0b4f92c6b33aa4ebe80e28a777e6a937613dddf4d3975e2b5b4208ecbc284fbeef58fa577bb33ab393e91ea88442e707b1e3bb0c2db9e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec3b8224c033a22d7a9ba6ede7d561e9 |
| SHA1 | 7bbb0cee9927ebbe7290b2c498d39f5434649a25 |
| SHA256 | 63338d558a5f0e36f153da2fa06788a7a41f5528c776548e6594d9a7d3b49be1 |
| SHA512 | d26b2cc477fa68fc67d45696880ec4d2e187f433e86363725543b4df1bbbca165ad454a5774d5ecf6d4b9f6c6bdcb1ad0119a5d60cd93d02257586f94801b08d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6645346416df80f1c30879799e1c8353 |
| SHA1 | 3ae322637e451a3ec325b1c32b7e35c89a07d549 |
| SHA256 | 9d66113765ed3afe27de92f184c0d0fc5446a080e3288ebd47e1ab2b5b50a20d |
| SHA512 | 35edb3841251b9c6672c7c9bb48fae263e4340b0f8ac3ce772f1692121d3b734653b38224770e898e8af4aa9e03c1fdfaab769ccdab8b70247621bad99198b1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f4e0856bc0e97370e3bc6e02d4b8198 |
| SHA1 | 479812caeccd9e24f1dd9d7cbc132ea65cd7f421 |
| SHA256 | f7d6d31c5e4cf6a6ac2c8a6879fa19d7db0c388a3ce626e230962280cff9503d |
| SHA512 | e90d63c23da18733399ef37f15eb011bcfd9496b622af65b02ccdf780464da5d3c4382b7ad775fb78524e02b8d4f478355a72c8e0a3cd767bb0e4d58b1cd5b9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69dce19cb757c03b480d14321a4a2985 |
| SHA1 | 9d77491085f2698580cbd1d3651c6f88ec4403e6 |
| SHA256 | 75f94ac62cadf38d94ed4fb2f780b5eaff686045d0ae2adbde825e590ec7060d |
| SHA512 | 51e72e71cb2799c90ebec3c684155081bda83dc0ffb76f09f946241ebd57604734621e57ea2e7e7ad6cbb71481d16cd93e70bcedf2276a3d0e3802417b26ec4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54c89f836719c74825c654df51663887 |
| SHA1 | bf45e3c20a8d0de05b9fed4c7c2c1f84b0e255a7 |
| SHA256 | 6cb2097207780e0faae9ef5cce47b24aa4d27d3ac439040f67468b187c4f7352 |
| SHA512 | 03300aa0a22695c211bab9bf4f9fc3775ed2311ffcbf1f8d1e4a7435260320ccb282329508768cafdefe458f078b0e6fd312a137c8d2458d5f0aed701100a466 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9987024e7eded330e9d4ea98367d20aa |
| SHA1 | 0e5f083371002b31ee4102fac98a3645204c70cc |
| SHA256 | 38a59d8a5b9f2073cfd7bc1928b21a9e9ac5ec7c771a847099a8fd446f912cea |
| SHA512 | 113df24dc207d62ca81f22afbdd72432633e009832699dd914c6da2d35f9eb940521d7879adec820e4a986d703611fe8380c61eb83f590104e08f30ba3c91900 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62d5e9ecc3d2c804fb68a1ca11caf06a |
| SHA1 | 793099364df6f951c82fd102b3677471c2291f2e |
| SHA256 | c1926a93a237b88dc3c0e99f5659b63ef7016a9ad7cc17f7a9913b73ca91cf13 |
| SHA512 | 07ec5e22f0df2a0b0e8da239c5e582705bbe62591ed85e080c84a03eaba2905ef57541a79c0063727178d9240291883fbcf18ae8a980c38d028277dd1c725230 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 628067330ea8e66574d3f87fe429400d |
| SHA1 | 9facde3dacebdb71a735f48bda1d17a8a5665dda |
| SHA256 | 61e25b605a2d99c629faa9a27cfd47520ec49a60350d5bc2b8905543ace73d21 |
| SHA512 | d4bfb115e068dfdf65e8dfd06f2813a448145740299bd66648926044a33ee4fba8a26c28218bbada4916cf048b54f40436a974a55499957b69e4a5e37bc5ea7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b5d363779a69bc6672526f5209ce424 |
| SHA1 | 3cf0e74ac89defb6942bf0f58923ee93074dbdb4 |
| SHA256 | 131aafa48ab58c16c50ca23d7f718ce6be8eb9135ce88bbac08bd4d7fec21d73 |
| SHA512 | f1d5115054ccaad00fe17b390f25e9cdbbab3ed141ad681c184f28a71d413f41c1f0ea8ed9618b5b242e75fd4b7a99dc08088f78663e8aa23125bf6ed9613db7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b572a15b21c614f3fd342ad70b2dc40 |
| SHA1 | e7af7ae83e1b780b1f3e7bfea0fc505a9ea7524a |
| SHA256 | 1e2941690890cde052714bba3bc44d6b437da801c83052c60995a6dd25dbc3d4 |
| SHA512 | 1605c26e87ff630080bbc43df935017ed4111c18d1a4c3c87e1ea0289da4b6bf928748fa87ffa9c75207e07bda3fa0ca9e018c0237c7856a20d72169beb33d26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1235e1a62378e7cc8a543479984c15a |
| SHA1 | 23a8fe535b6990ecf84cbd181874f8f28c7fc849 |
| SHA256 | cef293d59d9a2e84f116bf2faf97b153dda40040b3329c2c67725901f6b58889 |
| SHA512 | 6e6d76d04033bc3898e2d4b616de48ea98d050580b498e1f6dca21227951c72f8022e27aa15a8b287129cb0c24af9ca29eed9457487d195cb4cc4e227a0c804e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32cbf5b59af67104e5aade5f3ad58d4f |
| SHA1 | 6b75f9723e9b350a618f87caa1106fd147ef9911 |
| SHA256 | 121d91320212650873a1f4aa983473ef5588fbe368050c20f943fca7560212f4 |
| SHA512 | 4b66429be913244a3c1b0d2b7ed0f06f4b7d92ac1bc81e51310124575bf7eafe06602afc8446380cbf1f01560ac8c6b39a6322c3e0f20f7cc728e1c60de61d3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a582e3cffde661ed787c0786de56da1e |
| SHA1 | b683f032ff6d6e25425b018f419cc2289156f6b6 |
| SHA256 | 728305bf64fbe2a8cd22ae9ad36bc17e0d867e616ae2acced097a3560d0fa9d7 |
| SHA512 | 58a10da711bca59595345c905bfe6ef50ec439319a729d72b1281e9e6809a723a3e0bb1fa795be8666c40141eafa0a2c5b12418273ab76f091d5a0affdde7293 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c89eff902ce4ba77a73ddd14c09563f0 |
| SHA1 | d54c0477d13ecd4f18fe5108a050eeaa48269865 |
| SHA256 | 47b656abae9b21c20a40034a4132fc62a3fdc0bbfb1ffee082ce17755884c278 |
| SHA512 | d8f610719e9d083cc7bf6e5c90b4c5f906b374c02bfb1b0438479c5aa1e19c43dc7e855bf7cc4946d876461c3742592cc9232cd633d87b97b2ffcbba2e12736c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4e4b1c4c4a8e7e5bf2b5bda3f35caff |
| SHA1 | d46fe394c64280bedfa16f2e41792247af4ac9a0 |
| SHA256 | a6816a75b3f23fb205571488639910a23808f3fd91907287b1d373ba0d0a63e7 |
| SHA512 | 117d5afb6e2b2f76f578ec26dc62b0a69c32a4810c2a001e4d05785d1775934683a53e73bb1dd1a63f13026f2b0fee0a6ba74a1ce40bd4df19b23cd1dc694468 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2a2708810dda7965eadc57d45885e0f |
| SHA1 | 9a84e98349e814e3a28adf9dc5a18f994082af33 |
| SHA256 | c70abbf18819fb1bbdb7e525e228ebbb012bc27154b809f58061a3ff7c996e47 |
| SHA512 | a19e83d4a2a0aa07ddd2034fde069d46a570e25360f7ac314e1bdfcc7669460738c38356d486ec31afc15a3e53815c513a4b95218a11a3fa18866a2a5d309e57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c32c4aa41a1633465b3658a8a902240d |
| SHA1 | 4d3ff59ad869830fbec857e5f147c1afd5afeac1 |
| SHA256 | 4f88a61ee0abc1a6cabdac79878ee3a60e6ff8a9980b10cc8dc3fa340d08a009 |
| SHA512 | d411de813ff04778f9544d53035d6c5984fdefd782a961cf92194ea21671057a7fc642c2fc878ef380a1c0d21ab1e4aad207663301b2853e7fde211b1c0cde86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 480e082f5cb755ffa681b13d2361d1dd |
| SHA1 | 070393b33b02c6d9a5e810245f52c61cd4b14ab0 |
| SHA256 | b2bcb6234c2f7cf2a3571a438500d08e8b64b882646e1a4eedd7fe4a63ba5340 |
| SHA512 | cecd14578038da45492ac4c4c2b3c13b6751983c0ea6bf438efeb41ea42828af2750cc9b138285a0f622c9e425735c969f8c7f63b33cca08a14f8a7eea843b76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1bdcfc8ce39a59cf941db0e863e96ceb |
| SHA1 | 7fef8d2f873f6ead769e9b50771d1f6b89fec2ee |
| SHA256 | a23b5bc467e2eebf747f45ed13483825241e4460a7388deaa386b47e093638ef |
| SHA512 | eb8d184f0b0b8e1ab463853a3abcb1c29b3df1eedc90ee2bc851012d10d668747edad5608b94c2f090efdc3aab6579ce532880bb8ffdb0f9bc9e69c83f6f9b3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7b75a660566dd2079afdf1fbeea5f41 |
| SHA1 | c3c96e71261d6be99d23994b4f56dd59ccd05652 |
| SHA256 | 9b1c7f74d6e180f47cebb52098043b184a243b4b192f93e9491060bc540ac10d |
| SHA512 | 9da79e22d3cdd7baf5f54ca81c357fa4ee68905af75de66a0c5b457a4da2aed759dfe245b946c601c9e82bdab74e96d4f30e874b7b35e11e4c64eede0edba750 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 514e81adaf647e81b4c7ccbc634f9b78 |
| SHA1 | 68bd02af5701111f25acd93842b7ed8d548f189a |
| SHA256 | 3c6e0ff03535659f7a7ff49d0ba9a09ac4ffc85b283071327311e9e5b0dcd974 |
| SHA512 | 73f44f0f3803153e08b8286a3e832ab7b13e691c97de761f717652fdbb94fea727437e9df47da5bce9777d471bfa3b74af2713201eb103f7315d1bcdf0c7a89f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e97d9e0ab1e071723f780ff561a09c84 |
| SHA1 | 54f8a9bb62eda069bfdc1a38a1721f3c579a3f06 |
| SHA256 | e2edd1672cc69db8d3141df99984bc4b622c917e52be3f33465932e72f239fd0 |
| SHA512 | 8234f821c4b6249044e17d4905fe163d209a13ffaebe66837cfc2559dd2290e1f5adfed9f1445c90eeb867c07f26ce6d798a43fd26ab42151e2db969f31954e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff094168f36c2a0ffa1bbc65c262725b |
| SHA1 | 94477e1540fee0ed2d98ae35e7a3d8971ddaf982 |
| SHA256 | ebd4160e8811f50830ca285d0627f41957669d0678c72b7ea52525ead7ac8e87 |
| SHA512 | b2595beb544f4fadea6efc5f8467927e715a52ecc2470a1f47a96da413dbe64081edc26806fd9047c4dbd29fe665973b17efe2484a06327e8a490ebc83584a87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8ebb9d1032cf26de4510981786711f5 |
| SHA1 | c5062fa2ceabb2e0c4875ddf31f608a433dab2b6 |
| SHA256 | 67c1ebd432df0b88de21dc563faf8dd08bd045c9c6f84314558b6aca1d580b68 |
| SHA512 | c6fdbabff60432f1d052659951c2da4cb4067f4cf782c03baad14888de2f75b979ce73d65362b1a719c3daa13cf1cfa339c73e8f3dff24eac200a8211358da91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c36d7261a40c68fbcb910b11035ffbdc |
| SHA1 | 564a545268524796d64687f118fef9440817e14d |
| SHA256 | 189b09806a124862957d84b09fc66f41450fdb1f6073c2c26f13054bd3247059 |
| SHA512 | d42dbbf6559d8e9e256c7497bf68ab309f659d6e074f542f530bda2edf192f5e897cd7145f81097a2c2058a6572b5414da6c0f8e29e76ae109aef0a0fd505cfe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 7c4b25c33512914b5a5788a5f358c157 |
| SHA1 | 50fd589df28a2e15288d8da4310cddb50b773b3d |
| SHA256 | 3c023e6a9ef676d3a1a2447e2f71d324b538632264d150f3e5a35f4c44f90f3a |
| SHA512 | b808ae13e6cd16ddce5209ef34bc00a89be3877bbcd2d7378dfa17d5f8568a3ce54293f2be323ac9b712edbef0f6212285273d8893cf08c61a48315455b4e6f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | daf15a4c6b55a35eed2e698e0232f45d |
| SHA1 | 4d59451aeeb3fe36ccfa91bca7d2c32351de8f8c |
| SHA256 | 9bef9f2e14dc8ec1f3451f88db1ace995ad69fc2ae0b58a87a6951d93c14b4bf |
| SHA512 | a0658f5ed1eb73148f629e51cb9b56b782b3f7426db9f8ec685316f8579e3c7c30bafff93d3ee76ce59b5bb64a28d49f75145362300695df010050c8918f699a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34570d21c78e38d70b1180ef31668153 |
| SHA1 | 44a6e5f0ee67ace1a3a9f7777701d90780a2da2f |
| SHA256 | 4baed461b6ecaff000990edb030311bc6f44a5f662a2ec8ab6cc50125848450c |
| SHA512 | b2ef4ecdb735eb2ab478cd1da40fe875f956771112cf4d8127622817d43778f1f31826953f8674c19294b0343054cf7b4c5ff0fc7300ff89e3c99511aaa8751a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc7911e56f54bda4edad8d8a99935a3b |
| SHA1 | 67653093e50cc916d39dd39b1816feac6a05ab1a |
| SHA256 | be5a9660df95e52a0aacdcdbf30a827a11b2c0a7e98d2ac57ca6fd55fc7a9c01 |
| SHA512 | db2efc04c2719de7ca7735071eeff667d7d56d9a15d6d324a883aedbcdc1666402fdc334124b29856bfd14f69498f1f09620afc5e4dbb5d425942ac896f3e685 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d58d0afc0c96efd3c6732d5a421fb79 |
| SHA1 | 41a6601708050834e0641dfc6f46b0c7fd3dcd76 |
| SHA256 | 6142ad0c937e28210453c39c26c35ab92ed1f8c20d6288831300a31a4ec252b2 |
| SHA512 | 45e6ceb78147c24d383b6b8c7ae7f08cbbcf5237e18c7a5eb207c2038c0dc15122e9cf64d5a6235a903e662328be313ebd79018142c2230b3ebb43e76c8d60da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b1a16361ac61845e62286108745ccd3 |
| SHA1 | 1d5da115adab4ab1acd33b1b57b31450bcb623d5 |
| SHA256 | 8ea758b7607be1f893a65f40743ee31908a9dbd997571bf7189466d560fd3019 |
| SHA512 | 32625aaadd6b671d5e573078c59b2ed073394165ad3966d92acd53756fc9bfabab4c8fcdd5db7edfc51b62ab5a1aa734db1c66c91f88dd2da71b8fe1042b7825 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8dbe5242f3e170d0b9dda870b5b96a0 |
| SHA1 | a735213122f88d64f6863e4347e77c8ff5b1b517 |
| SHA256 | 742415c2c6d76ef48024d2c6eb6c2c9f60405031e3c0b67c0897f85f4257ac6d |
| SHA512 | 405eb1fca2eed37858782788b807c318b3bcf292a8d680db61acc53208f82b6b74d2c53810ea26e8eb967fe59f25fc26522001557103069e0c6ab498c888350a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ed4d059b64ce8578c496c311e36ae0f |
| SHA1 | 157345c7d244e0ddecc641321acd704eaae8489b |
| SHA256 | 915e76004691256fb28dcdd8f3a56735dd4022bf1b5402232b541a865ceefeab |
| SHA512 | b80a01b3d5c5933576a39787aeeb10816ed9ef72a37ac3d325369aabad09811fd46ab26b886a735522f33c9a7eed3efeb411bd6b91f456fb24432e77618c0029 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a127bdf416f3ee134364cd3100df4a2f |
| SHA1 | 65d6f9a064fa010193a9da522cb84214efed1d57 |
| SHA256 | 64fadbe98363dfb264aebe8d8d7959024c536bf583cf2c66ba7d9b885099f336 |
| SHA512 | 3489509f6cc25738fc392ed7e986af91a47983f849b925dbb623715f61f2b3a55c4771582f3a038f3e5dddd7b236eefb5025e105d5303c18d7cb5b30b14b4c51 |