Analysis Overview
SHA256
8f2aebb02e494a152d7963187db9481e3a56791d1e33e88d0111826e9e0aedd3
Threat Level: No (potentially) malicious behavior was detected
The file 742bed3fcf131a4e9252ab016a9a78fb_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 03:17
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 03:17
Reported
2024-05-26 03:20
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
145s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\742bed3fcf131a4e9252ab016a9a78fb_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff739b46f8,0x7fff739b4708,0x7fff739b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,5854228176421530820,4200985256532729566,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,5854228176421530820,4200985256532729566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,5854228176421530820,4200985256532729566,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5854228176421530820,4200985256532729566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5854228176421530820,4200985256532729566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,5854228176421530820,4200985256532729566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,5854228176421530820,4200985256532729566,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5854228176421530820,4200985256532729566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5854228176421530820,4200985256532729566,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5854228176421530820,4200985256532729566,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5854228176421530820,4200985256532729566,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,5854228176421530820,4200985256532729566,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4788 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.saaad.co.za | udp |
| ZA | 197.221.12.112:80 | www.saaad.co.za | tcp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| ZA | 197.221.12.112:80 | www.saaad.co.za | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.12.221.197.in-addr.arpa | udp |
| ZA | 197.221.12.112:443 | www.saaad.co.za | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecdc2754d7d2ae862272153aa9b9ca6e |
| SHA1 | c19bed1c6e1c998b9fa93298639ad7961339147d |
| SHA256 | a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7 |
| SHA512 | cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2 |
\??\pipe\LOCAL\crashpad_3032_KKGYSFHZWBYKCZLY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2daa93382bba07cbc40af372d30ec576 |
| SHA1 | c5e709dc3e2e4df2ff841fbde3e30170e7428a94 |
| SHA256 | 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30 |
| SHA512 | 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b06797cef63683ab1474a1199ea5c88d |
| SHA1 | f8aa4ad6df4b7d6352ecd1652d27d694c4aabc9b |
| SHA256 | 4ddef96a15e9985ded3a5c64bce4759e0727811418d158fe40be0ed7c590b52e |
| SHA512 | 7be0d9a4b78d9c0dae0dc2ed0cd4c09758b1a8a751ea75e2064b58f0b34b277a53b42e0e98ee20a6eabe02fffd3b29ea6a41add91d8af53fbb6819ff759a5205 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c4efde9473dcaa6b10dce11791c452ac |
| SHA1 | fd4543ef94bfd8e949ea03a5e5e0e8a9ed39fae7 |
| SHA256 | 9d0a2357511e3cefe0eee6d1c77a77a6c54fde6f8c7aa244ec945bfc010275ec |
| SHA512 | 7d4c0c1bdada9a97028509df8100b317a7e42fd28ab88875c02881ab2cf11f58d03519c1af97bd47babbf5d585db1a7244f763340a0e782527940b8eeb89ca71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e47804fb1d74b18906be6a05c7f19982 |
| SHA1 | cec6c00e9d919e50291cd0abe9c521cd22b6cb4a |
| SHA256 | e5bae60c9fe98a06149ab6e50912a1d719b5123e9bd23fbdc3598b51608117e2 |
| SHA512 | eb52b110b28d3d63ad30610a61a738c1393102965825e1ea84ff421b48a79413e321d04be315aebee97869df7e4e003197dbafb349f2c2cc9430a3a9cbc3bcfe |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 03:17
Reported
2024-05-26 03:20
Platform
win7-20240215-en
Max time kernel
141s
Max time network
142s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007fffdbf37b34604094a29fabbfa6905500000000020000000000106600000001000020000000924ec9bd644ae8ce1eb35f26a8d3732d888e18fa161492f9c0c380a166713aca000000000e800000000200002000000044c50872f0ba01b6afe4857f930065212241ac1f14954627517cdf76e42448222000000010f73d31d223365f7618cda6bee2623281a1e72818b09adbc92af114f9a6cb65400000003d0795a915292b04aee3456471a7b82ced67fcb11de9ff0fc596b3b55205dab72faec5637b227fccc6b4da0acce4f812ed215ed3827b4194b495a68529a3b393 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20c510591bafda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007fffdbf37b34604094a29fabbfa6905500000000020000000000106600000001000020000000ee53e37d46200bc1a82eb2ef03e635557b3a4bb0da001f0e82e0905deb1db09d000000000e8000000002000020000000a6b8fafa90e1cfdc421a366e35882054a9685de8172e1804405306da9081ee2190000000418a3c72b2827e6d031ef169ddcf2a77945101d841a82b1eac9cb7dbbbfeb5401e40514462565f5ba2627aad7b30a9f0681411f39b12cb52ee5889a5838650afdbabd08e54d5e2458387e3574a264f2e79ff062297c403f6e284a82185986269dc279b003a4c440a124957c94306b4f0c1fa803d61beec865ace12640aec42d5387774df1248b395585ed24a835b80a140000000e5183b4e59ed4117b520897f369872271b3f9db1d9757d6d84098c7cc35a6ca45c41a31259c12d86a08d061edf7473e14e847870c8b1cccf18234e34483354b9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422855327" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{81E3A2B1-1B0E-11EF-A6AA-4E798A8644E3} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1756 wrote to memory of 2752 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1756 wrote to memory of 2752 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1756 wrote to memory of 2752 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1756 wrote to memory of 2752 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\742bed3fcf131a4e9252ab016a9a78fb_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1756 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.saaad.co.za | udp |
| ZA | 197.221.12.112:80 | www.saaad.co.za | tcp |
| ZA | 197.221.12.112:80 | www.saaad.co.za | tcp |
| ZA | 197.221.12.112:443 | www.saaad.co.za | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cff8394a2c735ac1d00c690c4fe722e3 |
| SHA1 | 792cc7c6de027b4f383be10b3b1f3e72f89be23f |
| SHA256 | a422d654e3cd5ff574a9f08322e58ab015130d5d49a07b8bbb75015fee198229 |
| SHA512 | 90f89287b322eec78b6e1b87090a91f747893d6804c9c35850ae167b8b8395e4f53084e6ddc33c7dde9eae2fec197d27d94c35f3fff8f33f1e5dd6ac8f166551 |
C:\Users\Admin\AppData\Local\Temp\Cab31FA.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar320C.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar32ED.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e89d9e11d1695815feaed2511cce3388 |
| SHA1 | fcd01036a9c506ce4b655979af9132cf7429f539 |
| SHA256 | 01fd850b6b56b3e4b05611800915d7ad95014b54a9fc080b01b41b6afb38db17 |
| SHA512 | 2fd45b4ffb078d3259dbeca6867d8c068b5777616ae94493f7c6a18759420288f62535c56704d9fbeb8f3791857ccbc50a2d10cfd6a03c7559f622aded7363c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd27e97edae66dbe5f18bea24cf5d7bb |
| SHA1 | 3c39fa831ce4fb36fe78625e6dea52961f2170d1 |
| SHA256 | c0fe34b3c6eaccdeef297cff68f3964593fa1eff9d1cfdd3b644d44c608fe9c8 |
| SHA512 | b0c6832354e6bff84d14a5783f3cd360d2d4f36fbe932788161058634a64256f63bac7a0e95753a53ded1c751c7a7659acff830c1b6c502af2ce755ec327a753 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d4a6b9b83e059a384ec736b2cd6bb49 |
| SHA1 | 4c54d65669501e65704f49d20bee0ee1d846cb52 |
| SHA256 | 37a39a1058b49b853ba1871329907d0c5bc40c88078f958dc04f5561f3fc17d0 |
| SHA512 | c59c50388831f151b58b0f4125b8f6ebbe8dd1c131bcc1c80d0ec347ae2beac29105cc7d7448b50f15c9de407d16fcb5633483f6bd5295a7dd52fd088aa07926 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec646a5e28815642a14cbc7913ccdd71 |
| SHA1 | f6331080180198506cc777e4c374cfa6296a9e17 |
| SHA256 | 1d80cebd0bf5563d3e2f3b7eaa776becd0256a8cb1ebacaeceeaef3c6ed5f91d |
| SHA512 | eeb3ef8104e1924e1a81c98226ed9ade2b314cd36f62fb0878c96ae01ca27138696fc2de717abbbbf1942ba3f8484c1f048313f157da7fe65966371305904a26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 050b6bd9f745acc6c821e5cb62a18ce2 |
| SHA1 | 6ebd7f6ede072d7a322bf22cd5268a989fa33b68 |
| SHA256 | c042f0b780d536ee42376a5792828e884b1f33ba5c50b2c2c7b32705dcacfe23 |
| SHA512 | ebdfae405b38d542fa9e00624bdc5e53dbe1e10b2d970e7eb02087123b78fb94c6ccebd974b7cc400dc7a999988cf4051ea1a64948afcca5aa8782ba9d71de96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba9c73a835ee8d9ede483d81989f3e01 |
| SHA1 | 9b678da635ee50ff929b6f7364f57a72ce5907fc |
| SHA256 | c6dbf41369782aae44d2662177e967aee8f39802c9380d7af073000356f024e7 |
| SHA512 | b3f8802f7bffd3d7e693016d6c1cbdaeae0e06941265ab54e517dcc8385729f1df1faea5dab42ef6467fe4be26fca10ed94d4098142c1e7aac997af448038002 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4bd0dd05868fe09970fd8b7068b6d36 |
| SHA1 | cf02e4a44e1771731b1fee83eaebb483929f5670 |
| SHA256 | 18391cfe58d150e1c48c20bd55d640dbf734fe0dd43b697ba4c2d35e12e656e2 |
| SHA512 | 3a1374c7e51e84ec98ba6c6833265a3a5d1f2a361b70cc1069f2bb0efc3b42f06f262881c01e3b4002d31018a21abfcc0a1a68dc40f8029ef06b390796ae04c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cac1d7874c18a0399c4577e4d040663a |
| SHA1 | 67052a969e8ea87b0846d2224d23dedcb7aedd95 |
| SHA256 | 7538204638ecc0b1d817af4ba5e3d074c9a1b039312f96d980da06b25560e39b |
| SHA512 | 75cab7d92e159a89ecdf6cdd64d8af75f1c7362224fd2b482e256d333f859ea5a87345d863847699c8bae04bdf787a137829dc64903f73e03f316d3afc37c7e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5bee2d7295081bcb83ba7ffde55813e9 |
| SHA1 | 1f73776f7b0b10e7cc4d028f33fdf4fa897dbd1a |
| SHA256 | 38ac6a228391f261affabc55ac8bc0acc0dfdea626ae6d4e4cbfb606aac932db |
| SHA512 | d64ad1c17aa887bdd9a9521488ad4bcd4e689d8e44d12ae127102b9bfdc5cef7beada96aa0cbe9f33236ff5ee415e575ee6ca960de35cd939e9e49626f98e25e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 696bf9209f7b891033047f1a5ce3058d |
| SHA1 | 0048f25d7a1a41c19f1d1c5e2f792c7be840f729 |
| SHA256 | e21882927813a4f11e5a3b73adcf985d274503728c418c9ebcb93492de1baecc |
| SHA512 | 21584f4c26aaca9a2c3efc98a938dd445cc53d2d4852980e11841e9075ab25de025d387d8725beaa9e6338099963943bc712cebc3ea4aec05ec0d6841fd0401b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01ffd2f53858f0e6891865ea19a36d1a |
| SHA1 | 3a110a601ff72786c06181bd7c229dc0722d2034 |
| SHA256 | d9a481ba6dca167599dad8eec4f8c47e2914ab2f14a09301b7ee1b991e4954d7 |
| SHA512 | ea742260e9f3d563b925f764e4819ad59612d64f0d668a24d4e731890298cca6490f821913e2f5c55fa117baebba8d88d7ed817f9cd4289974a95c7ee3209777 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 943354babcf77bfd1be77191c21be35a |
| SHA1 | 446750d9372344eb148fd35b9cd11bcd2c1adbd6 |
| SHA256 | 17c0ae26e9134ffb11d9d1f2ae09cfffac66b2612f35362ecd178f9d0e70d867 |
| SHA512 | 42f0502a6b090695fe980ebfa37cec82e6f0c63a59c58338d65032ff4f54c35b474a961b82b2270513b3c3fbd2b13e5df5662bbb062fe318fc2e53baf4c9faa4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0161186753958e29cd7c05b1313f7f17 |
| SHA1 | 7911b99897c321ddb00c4c9b9d90b7973791be51 |
| SHA256 | f65b6e0b016490b24bed00b3c732ac59b6226aa223451d0796a9224b8f0e769c |
| SHA512 | 0010f6890d95def37df5fac94ebe76ec51fa0e8dfa60caa5a8dbec8145eef90410251aa5142f156233d9f9e6a31e54cde960e27b061c55feffac845b81eba587 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c909a994cda1f150740bff2e144b103b |
| SHA1 | f9e6458c840e38495c0e5843588cbbb270bb5b56 |
| SHA256 | 7c0c11be72340c64dd36310259cb0262bd22a6e0bad5d4f0e12d92a2370ef039 |
| SHA512 | f53c7aaaee9354571cb17305445f062b6c3815c43d59e252d85c3ca88930e30db9538ea8ece600b1b40b07921c2804d5bb5d0f7e5c275a10f03713453a637911 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4051e1ccca08b1a54c70affa737ca88c |
| SHA1 | dcc177995b7c581baa0dbe2b86600a889e38a10c |
| SHA256 | 772d739b42b69bc2c9975ad725e9c969d517426316e93af68a2459fdce22d0fb |
| SHA512 | 1341d6da8035068462a5b298d89c443e32ea2139f449811270113064d7fd40e29f8eb55ce9f0b478adfb7c78e7852f557c77bc7bf8acb3b5711b3ddf93875edb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b8763e58858c48c204b393dced8357f |
| SHA1 | 2176b848e1639bc8d43530a6539f6b6d0b1915fc |
| SHA256 | ee70b7316a5d70a4c47de6938d9683e0f0cc2c3c1b30d040f53b9e18fbe434b8 |
| SHA512 | d953c7c440ab3d0ad30491ed1011f375b8fb63578efd6bdac99eca7b2a85b454e2e00c1a17954f5a228195fea99ecb204ea68c1e6bbee54f8db9c68e79c34729 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f7cfe3a4351204ae2237727e549dec8 |
| SHA1 | 83bb61a18edc360013c97bd56e78dfce7cde250c |
| SHA256 | f1ff50db176f76db6b82248bccf13bc5568ad6d6232231291354a58936c9b6b4 |
| SHA512 | bf84a068abb7ed1d0de26c508f8de61902c7b30a0da26d21ea1f6bfa4b28b7fcd6bcf8c5550562acfd09a8cb2de0ca4cad81cd0c400827e73059eb70d4a7099f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 5cade74379f04ef0b5a6ba543073e46f |
| SHA1 | 071a4fef4c26df077138ce7c18910f54630aafac |
| SHA256 | c88b6c8eeb12cf5f1b7d9d0c3ad613000a38c1b434b64ab7ace6d628c717299c |
| SHA512 | 45f595b0788e1aa982392df936ab48f22689b885e7dd714016e35f4c1cb1400b2684b3c371cf66fc18484d988589477412ac10225e1a7005c32f499d4fff3b30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27849053fa96b9e29e2d16feff35f8c3 |
| SHA1 | 1b7146e38fc1efc6aab4456fd954f1b26f0f6adf |
| SHA256 | d6d127b4e739ab5148bd29307cf3d5a072a8d73dee8c7354f33fe5744e44b0f4 |
| SHA512 | 83e0e355466d1d53bd6045eea5eb7401af6a8606e248b76ff3017efd577b3c512c3d2d7233b71250894f8cde6338d63b98c79ffbdd36034458105ad4de6e6ffc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 635dee737f9ac5dc23399d950568afac |
| SHA1 | 2f7cc5a40b5206ff0087929f0bc0d327db5876d9 |
| SHA256 | 9400c659c0c2d7f7207e5567624b65998e8981a3bef477fe0cc140333c2586f3 |
| SHA512 | c8d0b00ef404277be79f9a1f2ed16a64b4777add4d7dd92b6bfeeba0765afb9a0105b5fe5a25dba2eef3eb4058ae2327dccfabb013e3229bac4f8eb6bc749e44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c26ba308dd44137258e675dd639a1bc |
| SHA1 | e0c7be1eae3b17f875c32dac7e6f34acce8d3641 |
| SHA256 | e59a6cd6b280f345b1a4a98bfd3e78695e640795756ba1126629d238ce33d5d9 |
| SHA512 | 1ad2a2f16893265fc98dae4213c4c99e1108571b543fd18755a2de298431e28be99ee15b06c4d2937e1dc80d64bbe052cc991747f1bf9106b770c9f06d9067c5 |