Malware Analysis Report

2025-08-10 12:13

Sample ID 240527-xy148sfh84
Target 7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118
SHA256 55df91d8c0d52399f4a6f8a544d89759cb174bbf1e8ee3a298addf059915dfd8
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

55df91d8c0d52399f4a6f8a544d89759cb174bbf1e8ee3a298addf059915dfd8

Threat Level: Shows suspicious behavior

The file 7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Deletes itself

Checks computer location settings

Checks installed software on the system

Unsigned PE

Enumerates physical storage devices

Modifies Internet Explorer start page

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Runs ping.exe

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 19:16

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 19:16

Reported

2024-05-27 19:19

Platform

win7-20240221-en

Max time kernel

135s

Max time network

129s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchlen.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchlen.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\{72ECB4C6-339A-4376-86FA-302816F67778} C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a9557ca230e2a548ba761630307c27b8000000000200000000001066000000010000200000007b8ade8e515882b0b6622853ff795c21385d284918271c9d7c3e86f533f24ccf000000000e8000000002000020000000dd30166068247bb32acb04e114ee28786b1c5579c9fd1fcc275631dd265f60ba90000000510aae4046c6a667d036965217613628aa4d60e87de7cb78b0cb582795565eed1dc1305aefd79838954e532dd1920af8b29bab4b1e3883ded110867b003158c603f77caa2fc081a5410eacb5d690cdc0c31dff50b89c9c120a7a535f6776160d87f9af778a7e2fbbabae23cdec70c8932991d9a9da3f3e8f99665a0d414f14b60cc5ac67836bfd7643c0054474b1f5f940000000d38d0902b9df20030272de71999856db5a1c02ccf5ab02b8be5f0defd2e0e081a1ec9280c599a41ca188fb8d8e88c6ddec72c9b4153205f38eed8c66f0b48012 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\{72ECB4C6-339A-4376-86FA-302816F67778}\URL = "http://search.searchlen.com/s?source=Bing-bb8&uid=93ee8c57-d60a-4710-8f2a-e66a3cf7c487&uc=20180109&ap=appfocus29&i_id=email__1.30&query={searchTerms}" C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\{72ECB4C6-339A-4376-86FA-302816F67778}\DisplayName = "Search" C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\{72ECB4C6-339A-4376-86FA-302816F67778}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30bc107a6ab0da01 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422999261" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a9557ca230e2a548ba761630307c27b800000000020000000000106600000001000020000000614035d077d06988027f2290306cb89822cbf5e187d86bfd87419389eb61cc91000000000e8000000002000020000000567b7ba4e55d47b5ecf5078690f77f9887b1bdd5a0228d7fb5bbd535deff6fe320000000dfba69542a834e33dd10a8c9d4e299381dea2586b3d5c858b885bfa2a1ce36df400000004a0ba413016fb2327daaf45edd7949efefb3be39a4db3d3bdb378e9901da91ad9506692b6a41e22bab914fa505f5dd5a7fc0640046ff4df9ef3bc41f49683641 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A1110C41-1C5D-11EF-922B-6E6327E9C5D7} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchlen.com/?source=Bing-bb8&uid=93ee8c57-d60a-4710-8f2a-e66a3cf7c487&uc=20180109&ap=appfocus29&i_id=email__1.30" C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2220 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2220 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2220 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2220 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2720 wrote to memory of 1676 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2720 wrote to memory of 1676 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2720 wrote to memory of 1676 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2720 wrote to memory of 1676 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2220 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2220 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2220 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2220 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2540 wrote to memory of 2256 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2540 wrote to memory of 2256 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2540 wrote to memory of 2256 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2540 wrote to memory of 2256 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchlen.com/?source=Bing-bb8&uid=93ee8c57-d60a-4710-8f2a-e66a3cf7c487&uc=20180109&ap=appfocus29&i_id=email__1.30

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe" EXIT

C:\Windows\SysWOW64\PING.EXE

PING 1.1.1.1 -n 1 -w 1000

Network

Country Destination Domain Proto
US 8.8.8.8:53 search.searchlen.com udp
US 8.8.8.8:53 search.searchlen.com udp
US 35.153.28.20:80 search.searchlen.com tcp
US 35.153.28.20:80 search.searchlen.com tcp
US 35.153.28.20:443 search.searchlen.com tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
US 35.153.28.20:443 search.searchlen.com tcp
US 35.153.28.20:443 search.searchlen.com tcp
US 35.153.28.20:443 search.searchlen.com tcp
US 8.8.8.8:53 kit.fontawesome.com udp
US 35.153.28.20:443 search.searchlen.com tcp
US 35.153.28.20:443 search.searchlen.com tcp
US 8.8.8.8:53 d3ff8olul1r3ot.cloudfront.net udp
US 8.8.8.8:53 dap2y8k6nefku.cloudfront.net udp
US 172.64.147.188:443 kit.fontawesome.com tcp
US 172.64.147.188:443 kit.fontawesome.com tcp
US 3.161.75.51:443 dap2y8k6nefku.cloudfront.net tcp
US 3.161.75.51:443 dap2y8k6nefku.cloudfront.net tcp
US 3.161.75.51:443 dap2y8k6nefku.cloudfront.net tcp
US 3.161.75.51:443 dap2y8k6nefku.cloudfront.net tcp
DE 108.138.24.56:443 d3ff8olul1r3ot.cloudfront.net tcp
DE 108.138.24.56:443 d3ff8olul1r3ot.cloudfront.net tcp
US 172.64.147.188:443 kit.fontawesome.com tcp
US 8.8.8.8:53 imp.searchlen.com udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 imp.onesearch.org udp
US 3.208.225.212:443 imp.onesearch.org tcp
US 3.208.225.212:443 imp.onesearch.org tcp
US 8.8.8.8:53 internal_banner.tiles.ampfeed.com udp
US 8.8.8.8:53 internal_tiles.tiles.ampfeed.com udp
US 8.8.8.8:53 via.placeholder.com udp
BE 104.68.91.91:443 internal_tiles.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_tiles.tiles.ampfeed.com tcp
US 3.217.98.213:443 via.placeholder.com tcp
US 3.217.98.213:443 via.placeholder.com tcp
BE 104.68.91.91:443 internal_tiles.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_tiles.tiles.ampfeed.com tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
DE 18.245.65.219:80 ocsp.r2m01.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
FR 172.217.20.206:443 analytics.google.com tcp
FR 172.217.20.206:443 analytics.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
BE 64.233.166.155:443 stats.g.doubleclick.net tcp
BE 64.233.166.155:443 stats.g.doubleclick.net tcp
FR 142.250.75.226:443 googleads.g.doubleclick.net tcp
FR 142.250.75.226:443 googleads.g.doubleclick.net tcp
BE 64.233.166.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
DE 18.245.65.219:80 ocsp.r2m02.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m02.amazontrust.com tcp
FR 216.58.215.36:443 www.google.com tcp
FR 216.58.215.36:443 www.google.com tcp
FR 216.58.215.36:443 www.google.com tcp
FR 216.58.215.36:443 www.google.com tcp
FR 142.250.201.163:443 www.google.co.uk tcp
FR 142.250.201.163:443 www.google.co.uk tcp
US 3.208.225.212:443 imp.onesearch.org tcp
US 3.208.225.212:443 imp.onesearch.org tcp
US 8.8.8.8:53 cdn.45tu1c0.com udp
US 8.8.8.8:53 imp.mt48.net udp
BE 104.68.83.229:443 imp.mt48.net tcp
BE 104.68.83.229:443 imp.mt48.net tcp
BE 104.68.83.229:443 imp.mt48.net tcp
BE 104.68.83.229:443 imp.mt48.net tcp
BE 104.68.83.229:443 imp.mt48.net tcp
BE 104.68.83.229:443 imp.mt48.net tcp
BE 104.68.83.229:443 imp.mt48.net tcp
BE 104.68.83.229:443 imp.mt48.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar4F7.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 518d566be9b7434407e0063eb6bf83b5
SHA1 7da396fa65e5c4e58e3a85ba4737388b8f132d01
SHA256 b47c2441f592f875bfd5f7f2f6f1256f4f2b86609cc7ca76b3d7586e5b879876
SHA512 bc61968915673fda5d460ee2b34c5ff2c69ef6ee1abeabb13582339fba199d1ef8f192a6b9c3911f48841bb8e66904041a25b022804a4946697258c775914ef2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 077c1197f302d347ba0710e47da3b7ea
SHA1 76c5501917904e3f71a774aed9204d26bff55521
SHA256 f5e5346ef1297dc9daa8d2a26494686b8176f619a7a28467cb2b42d7be80c7cd
SHA512 ae9f31563b86ee558566e304c3f747b04f9ebb760c99fc4d7c9559920a4b239216e9e84b89783b081641ffdb219fac5518f26f1e4d07f696ff2aaa7987af4338

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65623842ef04a8b8e1612d98047145a9
SHA1 e774d334da2d833023d66415b8ee25d3d8cd08d7
SHA256 e39618f64e18f3e3b44efd8065d7216082434fe0672219c7486d302d3a66bc7f
SHA512 e6f4e1915c24da2668394b2d4c605b0543486de944d1dc2b460b45d7ac13f0291a411737524e402ff7ee88cf5de0f7870d0d3864a8875b27d2187d0c83e9854b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7054467c1ef4be254f4d289fd79391aa
SHA1 59afa06ecdefddcd0c785daf1373705fa9a488b0
SHA256 b7543e3b1125b0ae4818ee9b09ca8596c29bf2963c87be5175ccfb86aba9428e
SHA512 99c9dafb7c548e69815b26011919f21fefeeec1698f7e86ca35e3e9f54aa14a607b0c85410a7b89cc4096257c3e495a3b7bd394f96b98c8d50c8ae93f11cff25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

MD5 4bc4381f18d9f9cba7a90818586d793e
SHA1 7468d9fe55ecf2a2894da18e6363bf10709eb3d5
SHA256 374303e8db6383c89cd21f5035d1684c28754e65328523065f06d99d5efa9cf3
SHA512 f6d67c8c18bdb49a18690f8694ef094610930e746887002b0547767b5661b06ce2f7b45309f46b6074a5c886b6a9a34b4dff2fc0a1909bd57524c6e86a6a051b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 de32a51c284b45e37362db7889e17073
SHA1 c036d3a51e91194e018819d7b3143252274aa5db
SHA256 71258decb4954b3cd6d024f5bb91d5fab51c823d948e68f20fcb8ac00d8781ef
SHA512 a2c3a83eb63de1846ae9efea521a39389c562aa9fe57c499e9035c9f74594660013fdb908fea4a8f25155cc0a372d09c2dd725c3d409e19ca883c9d852757aac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e7e25a7c342a2b782db207545eae3405
SHA1 44b1e50f06a37530c2f835be3fb98db40872eda7
SHA256 6b4a89d18a5b093a0e4f0b4131ba454a10e09bec471c5cbf173c4003e902bb1e
SHA512 d18a4092f3900d5512a38588e42aa88d1244ea5b9bccb718ccd17609745eaf92155f74dc19e4a10e1aab193ef8d3421d59a2ff0e79b3cae9e0b6a2885c8c4841

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab943eef80f42fbcab9e1db585d9c0a1
SHA1 0cb9ef7e0a4831281865f075a1c938526adb9011
SHA256 09c9d9dabb540c965f015457872174efb0a9b6a975333503486f9f56f27ab18a
SHA512 d792d527eb6adf7319ab645aedfdb00ce83b7db3678ff40d0594dd0be34056b960a8a150296568c9a5bc9d1c66d9b6946b8f2d478bc5d4274d6de6bef9873a93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b22ae3828bb26d0db4dc5a5615d7687
SHA1 9ed28408716c8f8ba02f449428f944a730acde4a
SHA256 821e9e72fe9f469eb775e052cc43e0711bd19bc6d78653b2df0243797adc5755
SHA512 450f4cb6751fd7dc4c1aaf8687a47a82986f73e5af7a49f37be4fd2b0ecbf15cc58e77a267b79c15e315614f5ad6add29f9801c397c0e8b46febe0a3e7f07a4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4552a3b195cc65f0923f89fc200788b
SHA1 8d12813f29628e2b4d44e5c4b1f2e271bb52f106
SHA256 0a42fb64cf090533135459534c544493e396931c41406a01485ce061c5a1b899
SHA512 bbfde616ff59f912a4237427a586516b902904d486c7ab5c1dec167016181c25687ae717ba5a0924498be48390f952c154c650c9dba9d5a4a487dfc5f8dc4bfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11551a360163b084902945c24b1a7e02
SHA1 5e048445b9217e844a6f8ff7155ed88d0ee4820d
SHA256 bf2903db8e0d176d15046bab7e2994dd23f2728e22e93537df6d48d451574cc8
SHA512 6376868963814c245f7d277b432e64302d62cdf63fe61c32e49db52a9910e8f6502105918db11c26ffb02c9aa9287022b3c7dcc16807e3adcd35073c6259726c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 446d539812a138251358a9366f3ab9f2
SHA1 8b143bcd87c68c7bde4d5cf685d8e2fa376d304d
SHA256 8542f13f06187802c8181c82e6cabb33e0fd78d9282e1c4ad17d808f326492bb
SHA512 47b834ef5d9a9bcee326c014434b5f8f7f1cbaa5fb9b692c3346a4b6d1c53c3bc7de4daee08ef3e7ceab8910e4510205f3cd6270c10ec9a9a51b78e99032b8e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a76a38a51f7f38c6e44d7959546a6d78
SHA1 ad6450b20239684b7b36acc4471e6bb011d47820
SHA256 d1c353238a2c81b00dc26cb0763355d1027bde88214c5b05dcd918fd256043b1
SHA512 f38a00c27db26677ac3a765ebecaaf093e21bfa013caa3e7faa0a442f38c17eb413935ffc0ec9bc3ef3cedcfa15aa3073f02bedadfd7e9cab8c56160e7dfc43b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ea73b45b26e228d1916190155f9427f
SHA1 eb44cb89268cefee2fe02be9d55c1c109b0b6eec
SHA256 aef5c81745efed96d8560c413f940b35d79c0afa71d57c3cb614f9bb6f7bd260
SHA512 1aacc0df521b3e1420d92e8315de4fe590afe8b58ae4f177c39481e16f0f99ba9a1f1a8fcc85d881f79772081a0e589153623262e7c0ca5c45012f20afcdbc80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 212aa2527a276c197bd35bfceeb28012
SHA1 439128b7f0792f578502f8bfa8d3c9436087b46e
SHA256 2ed727967f3cf195cd3cd00ff10cf05099119dc59fc6718279834aac327dda45
SHA512 2268482f8b9704e0e14cbf6d3dc7fbc1308f5a96a3bac268ad98b94108f7359a8f8c4b4a3afcd924aae9d09bcb714452cef0d84ff1d6fdfc27c73d12d587f116

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1383b5995d5517bc76154b28c66c12e0
SHA1 50fb9bd2f7b2caa9d199a4a7faee92767f1a13d5
SHA256 9d2ee7a944395ce2365aba3db4bca9c3d5fee1d4bd85d2422bc1676e7561a6c8
SHA512 4f1a977592cffaa6884b18e7277823825739c6328919cd64f152b62c47aed55f0c49a9a8bc176022d465a6cae686c1169720c9938dffbca842aab0718f9f1fbb

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8HY0C4TX.txt

MD5 5cd08b9d807ee1f7f3db54be6aaa247c
SHA1 e4093a57ff5cf9ee1187d20ec53412f87ca251b8
SHA256 301f55a22400b17f627b0c02fae910b935bdf07fb4beedc92a3b46ab03ba2a18
SHA512 b30aee3e12333600879ad503ca06dc3a553ed3e11fc448bc1f9198adc790a39710c489e29ff75039c05ad564d4ab8361f0eaf0b0eefc01af1f562363685b4eac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7203c2254f574dfba19a1daed7e70d76
SHA1 8d89eb57cf920158110b8266b0010f93feb09dfb
SHA256 dd0aef7d162b0e295a6c2da93677dff6140ead57e743115b8936e66f5cac95de
SHA512 99496df6261404e58e1a612c0971758b3c7685b3e8cb94e22c1599a713499df82adc4a0cecbdf16ed28309647d0318cfbc462888488eccc7716abbbd37d51b5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba1c1502ac57ce5979758d0cc2a7fc2c
SHA1 ea8569e61c3bf1fd7116453d9c46a4a637f41af6
SHA256 3a4acb2d1a13887d1de8e3cad9841e3f82321260db42b0a4ce665e1a8049c77b
SHA512 aebf421093fbc0b53a9aabe1fd9f86b4ac31d5114933469a99325c3cbe02c041a26d2bdf75a4264577596960eef48bd69eddccad02ab013ee5080039a570f727

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_8DBDB314F582CFB69D8C0359C37384D1

MD5 19bb7f45ed8acd17c1147ce676e753ac
SHA1 74ed8afbf1503b52fa954a32191ca9bed8c17600
SHA256 b596cedb09ae203beed6dc2ec3421016c23e18aecf4ccc1465bf9c7e0eb33283
SHA512 7fa76f32b0522196111b06aa74bbadc9eed889dc789eb40012b7ee21ba9f6d1b257a41052679edfc098a70860bb0a1749d0e106cfb25d190bb5702a1e8f01067

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\js[1].js

MD5 6ff3a1fdde8abcdbda410ee89120013b
SHA1 6d5aa93551856255c2be89374bed2a868376d238
SHA256 05f5e3162a8f04960a97ea51f0d1e9a5a04aff8388ce188ade54e3f3ca868c49
SHA512 d809a70e28e2bf3d1cc054d28de7261a2ee4f843983041f536d22f96c93fc6f930490503238fbba7efbe22ceb7816b9ffaf98534284e46c3d131f384f7110cce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_C23811B47FBB3622EDD1969B2F2E15B9

MD5 a32e5feb19f1526d0db4bb8d82ec945c
SHA1 c910cefbbb9a1dceab70551f80b2b23723a9f00c
SHA256 b5addd8e85cc6271e6704c616073c3cda7fd65a510035b0a4cc8a662c2f94745
SHA512 28427c3c1c8bf93d981e5614c5af15fc72557d046ac878829815a1f714af6fc17d85e4c6d7bb36a714c3bdf3fcbdae917782799209f58e7b3bb8939f22d170d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

MD5 dff9209b048db45fc7595cb17c8445d8
SHA1 d9b24f2e32489117b4b7fdb291a8bc1dc66d0620
SHA256 fcd21edf1221ea44b10d7b0e3de792fc2a4b0fe3f8aea14279dcd88c9fb9c7b7
SHA512 cedb857cf3fd22eb21e815cd65992a8500ba909198a97ac844689e6033e50a91295e5d3292183d4cbdf77c15b088bb060a2479d467a2ceb01d495c0327977ee4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\favicon[1].ico

MD5 504432c83a7a355782213f5aa620b13f
SHA1 faba34469d9f116310c066caf098ecf9441147f1
SHA256 df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1
SHA512 314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\re26ad0\imagestore.dat

MD5 7cb5b677dfa9fcf87fcb21d63809cd8a
SHA1 43d52fb5cfe711da1865fe9a2a6591dab371a16d
SHA256 9cd527e80408aa74ff4a6b2c14e10d1d9d398afb0d09bfe8dfcc6524063ccdd5
SHA512 d4cef6e7526e27029e2f29e75a8de414e2a7fd8c887c0e95a45ef9deae23460f22ea17f5adccef5ce70adea04b27e423aba25d326870d08bee7e29c79f58558d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b22789409188f68ea6057079d69d65b
SHA1 3aef0878e93966c2a7f6327ff9b5e896f07c84c8
SHA256 bef9f2f44b85eb54578de2361d8d1d6a55f66534d7bfb3e8c9021566f674fd04
SHA512 2123f4015fb31af1df5b3ad6ad3d739694741bd823cef0087ef48d7c485a29114b4beeef0335474e90f0262129cd1738cf03af45d7fb8714d2b37cf3e9687b75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0d1ca48dc5ebde0ee076a7ee145f750
SHA1 fd199e269b8f63a079c9ed23afc7457e16e52521
SHA256 fe732f5fa166308ba2b6dfb1b6ee1ac9373fe45ed28c6b988161b74e37f11329
SHA512 33c822c3b3f8ca522a439e62153593acd820f418c6276458ea2fb7e952882d1adedb67334492a912fd020150069ad388afee053e245894e0840825d32eb30d3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 688db6d737087ab01e5586b38dae4431
SHA1 4704d5ba4e2d10e83c6076593bdb00d01aa1ec26
SHA256 a63667303ad65898892d3f5881559929a6f11c2b4602b6da8e7e4f100fdd240d
SHA512 7cbdc980fe6b0a1886b998228e9e368400467f2264165cba540f0ad261283aab3f5396c7a45fec7fff31fdd73be4a37fae5bee0f3707607e043850b07294197f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 741b13f2a2688df2bae8b14a784acbf0
SHA1 1fc136ecf59d73719bbc9a26c12361e7a847916b
SHA256 43356318d7cd65b703654959b2c86a5e43a165748d636e60cb9c59451bbcdf7e
SHA512 7b0b440afdd7ce2326b6b13137b9e802927179b4f355cf974ce5989466872ee5377b192f63ca8721ce76dfca7305ab8fdc976e22e17972b51cdc2c2b23c35c83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c55862be88edeff6d8eb9b78de1b1c5
SHA1 740d350f673ca7f0df66f01b7e32c578b5cf1e11
SHA256 63063a3f9a24c513afa9d92618762b451b1a641a121eaee020da455b20ad920c
SHA512 cc4cc8607fa2af820a9a5f6da91f1a98b7846ad276ca4394b805a64e78318b740f3915d7b3114d891b1b9e988bc8752da8f067e02629e3cef5a2d5113cc5f3cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7cb44bef81e0aabe1c5eea95558b11e
SHA1 8c91880cd942cd0256979667d1d0b9415a0f65fe
SHA256 51214af7a957e9b5305fce16037822fc2310af20db8545ce17d1605284c76656
SHA512 be767886f9e87de7d0a8ceea6426d863eb0a47f607914a658a9303ee48906c33d9d489d68aa18e1e9b6bdd1b02c815a7e996efc4d64f9173ee058c661ef4f6d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d5f837968b6e965b3eb81485e62955a
SHA1 21b129078e9ff904103037d577676644778ea8ec
SHA256 b2a0e144e50a5ebf09626aa0aa63fe32e7f8f6389803e9c593dcda436a3a98a2
SHA512 cf4949dfd23d87505703a27bc1947778c28840a295e1211900bee7f36347a5e78f9aa6af00ed5e8d663177997eef2d7c844956525b4ef88300db01cfa7119ddf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 207855a910ea27900ede6c8b7893af8e
SHA1 82a6ec0ff76883d2897bf138cf46e30d12e83914
SHA256 436f039afa1119d2c0f518ad47c655eeb9b64a1d3c7186b736338f4751aca88c
SHA512 4f7e3fd50ed2645d914ef08be4433a01de0e4d8ce245619907e729a6cf7c3042a2b86348813a0f543e82c088d2d26ae942d4fd5d54e823eadb5ae41cfa034cfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff618bafabf7b18afd5b74b0bcf99dee
SHA1 2d35abd94b7358f2a54f17df97bacb8bd871bdf5
SHA256 053dbe48cdc2450e39f85fb47d4a3581be6d64d931335612c51f56aafea336fb
SHA512 7ae894c713f954b4cb0edb6b758522a6f87f9852b4f03787661767f2b623a341b11ff22883dd5930b0b14bde7fb3997c4a83d70acf9326accd44f1823a06656f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a81b9c65791b0696e2d4a7c263a83d7
SHA1 2f6c023146f3687b779dfc7717d2f5a5bf306459
SHA256 932286e67d70c8d55f59dd7d02f16be426af115b020f94d04f38105ebf9ccba4
SHA512 b5731b3c9ef4a0aad65d9d0cdf193342a0682d316ddd9dfa974af95f8cb971b026960356027d5c81ccb0fa94d8278740bf028fe11fa0419a96dccd0f72126a8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9a26711e868d54c0faec4935502122e
SHA1 f2c964c27c92c05d090d592506f2c81a45e2d778
SHA256 cefa92339a70188d93711a12240310450ce9872909067a65c9a7521385207a64
SHA512 6f4955334829281a0f93c6217fcd43376f414a521e4d8d4370b4ec273183ca0b66887ff99f8557613ded660ab8330c2757ee913b8db94da4c02a0f4be0bc1377

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9229e2eb0d727504f81e5249afae7585
SHA1 5330b700790ad29e46e05170959e88847417a667
SHA256 85f709396b5d3c947f4c76a173d422cf4cb4debf80a32dfc4ce429b6c6dba519
SHA512 5f648e6297261f4415043ae7ebd651f33759e6e5884563c8f36331fcfc8a60b2f1f4e113129ad9d668aae43c005d0bf9239d5e9631c73fd534322f282ba2d3fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 2886a9507c5057d831e8fd976c817f74
SHA1 19ec9dab4721f5a590507680ec1c620f89288e60
SHA256 d739785afaab27d0ea7e154368263788d3055b1cdf9ce56d90d1ff388db4193c
SHA512 d40747b8d6b894d2fe4cd029f43940a205ed0e92511185622a5fcada1204a1f43894e0fd78d56abb3d3578b312c62635f803d40f41c10ad1aa97561007f43ecb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb2a2f942c7f7e335fba26bd5d3330b9
SHA1 de43e1b45aa53993dda66ca117bc79a7a86a09aa
SHA256 abf06040c54e76778034e1618ee2ec3a60a09b3af8bb269599ced664c9665a91
SHA512 90cb7f78161f1bd7db25b1dc34d8eae6423f108999cd4ebcbe901120a8004d51f8f78f1ed8ef3bf94d1d2eb6152172324f04148578b1335451592f4057d77fad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bb0faeb2b6fad50931ebdad287f5fb6
SHA1 5a9e3630bbbc5425de404e5eefe3a19d3d5578c4
SHA256 edf4ee54ead27f3379c40518f8c87a835fa4856bec11b5b472655971928dabd3
SHA512 652d4f831e4f3ffcfeb476b699dfbdcfc93a346472e2c378b5278d4995df39474b6fcb1a0ea2662176b29733c1e7b7b2886fb55dc9dc286c222229bb24c9f891

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d12cf1d3c11fb60b8a6abee6ab23ae4
SHA1 078c8b043d5c4d67de4f83a268d1e70eace02a03
SHA256 6aefc3c7215a906ea9386b46b7364543e85a59212e14d8732d6befa54006dab5
SHA512 667ddfd651893ffbc71398d8722e419e37517799b6670e8a32f4db84c29e0556ad649ff161aadf170e32e17517a9be97c618b2d360173887d94d891791284e1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5db3d63d275d5567f6a879949a5caa0
SHA1 c9666a3a2d601c6c988dcefba60ed1a20cef9fd9
SHA256 4af3a39907ce78dd4299df056e0e1ad981adbd5b4e1a4a26573e4ee7a98a7a2b
SHA512 1eeb47e11389a1e8faeded6f058dc093ecdcbfb8ca02fce782ac173c5fac8a6f2d6ce70a943a2142ad75b90e10dc7bd85f242a95d7955e81ddfa121632d94f92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a17ec53fe5d9146544e49b63da1e1c5
SHA1 689568a01783a0833f8c04b661fd4aab71c4088f
SHA256 c25fa0df7e3c33319cab0fe28d740489867270b8433ebd4b75bcccfe6a0c3456
SHA512 f08d33e0aa82bf3274a94e25957e47bb8c4fff4147bc2387248ac195fc19b7e53ee0941388492e838ecca1dd994afabafddaf5dfeebb8c7706fe33a1d50a4a87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ae06f9347ace80aec79e2e9bd0c9915
SHA1 4cc9963fb122a5b2b14f396bf930378950ec39cc
SHA256 fe2d868389d9ac51e8401c9c124a99913ed77175cb76d2da88d0055130129948
SHA512 b0ba7745070a203a217fa6edd4a2fd4dfc31d1576716232c162e0aebd1826a9a6fdbf3ac8798aa04e53ed766454629e71fa61fef372c4a4e6beee25512c3d73f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 c3df78d49bf02c13f4e924f96b9d4db0
SHA1 d61ddde1c79a9466be0b2f3e89fb6551fb6f7e2c
SHA256 8ddee6bed5951a401555d7b1ebd5c09c5708e2c8838b2f5120b5c654630b780d
SHA512 d865e18f94ffa17cca3c7264e48b31fc089b7d3a50c18648a0e6d3df6d5383721620e1936d23d1effa7cfda28d811ac06f70bff8e2275864b73508a7a6c1a00a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ddbac6fbba5dda6ee3ee413ed15bf76d
SHA1 23fbf1a450d9931cf0968f2087917abafa454847
SHA256 1fe870556562d053a11fbdc070fb112dc97036ea1f5e031a73882e7c0bea6367
SHA512 f9bfab7fb2d6264c09feed073f938f853083c74b3526687c344b3da391c1d849ae1d909ecd54867bf1e759b5c1b73e3e6dd4254a37ca455c60431f4167910fdd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8036adf6bee432e684b8e877b2a1054f
SHA1 506e88f203b15fe7e37207e4c3cef32c93464f6c
SHA256 52b7a8b726c16ad9e4bf24a83502ace6b0bf0b877ab1827b9e5a3d6b611a20ec
SHA512 8c74aea5d8509a7999a373b73d9f2ef1ce0e47a088af263dd78ac58a8852b6074482ce58f1ba997a88b7273a21d31c128fe4a522e30ba8b4875586f81d56b652

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 19:16

Reported

2024-05-27 19:19

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1963350821" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31109226" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A33E96F3-A6F3-4CFF-9A22-99440460A8E2}\URL = "http://search.searchlen.com/s?source=Bing-bb8&uid=93ee8c57-d60a-4710-8f2a-e66a3cf7c487&uc=20180109&ap=appfocus29&i_id=email__1.30&query={searchTerms}" C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31109226" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{A0A19462-1C5D-11EF-BA70-F20C5DF75BB0} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31109226" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423602367" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A33E96F3-A6F3-4CFF-9A22-99440460A8E2}\DisplayName = "Search" C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPageShow = "1" C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1965069472" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1963350821" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A33E96F3-A6F3-4CFF-9A22-99440460A8E2} C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A33E96F3-A6F3-4CFF-9A22-99440460A8E2}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{A33E96F3-A6F3-4CFF-9A22-99440460A8E2}" C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchlen.com/?source=Bing-bb8&uid=93ee8c57-d60a-4710-8f2a-e66a3cf7c487&uc=20180109&ap=appfocus29&i_id=email__1.30" C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\7a389dd16dc8afc9bc06bc5883045d0d_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -noframemerging

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1112 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 search.searchlen.com udp
US 8.8.8.8:53 ie.search.yahoo.com udp
IE 212.82.100.137:443 ie.search.yahoo.com tcp
IE 212.82.100.137:443 ie.search.yahoo.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 11.179.89.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 39f991f6e6aecffbe2db5dcecf1f226f
SHA1 b512ccfff1d83f102d75aa8f78df0c7051bd2df0
SHA256 6911a1c252519f8cb3db2a3eead8863ae288e14c699866b2bc580cfc0f3f42a7
SHA512 3d7954ad14d8361a0f9a5939c0b0290bb42fa32ac2da1a809d3985195347898f4f0b1d0c1e33d87a6d14d61c48fe3258d7820a0bece6723b0f6e18eb60307e71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 d3e94f29d708496b9e4df5e1bddaf16e
SHA1 9cb3cc14b2b0104e380259d28b19b64f19d76973
SHA256 a185092fa00d7ee97738e8da56c6ef810e94b7722ea62c5ed6a71fed465467fd
SHA512 4ba87ea1ac998a0a736a8295eb83a66ce7c4e8e7c9d06d19b338cf2743b2c5682ca7be7c2ab5b145ec0f82300ac92b56e8b6ce2705e19a80577b960e09dfd670

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZURVPW13\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee