Analysis Overview
SHA256
c94d975b1720dabeacdfac64ee53320de2e291ae0f34d490d7c1a0a08098cf21
Threat Level: No (potentially) malicious behavior was detected
The file 80451044f91a73287927d63d6bc43ef8_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 09:31
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-29 09:31
Reported
2024-05-29 09:33
Platform
win10v2004-20240426-en
Max time kernel
144s
Max time network
143s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\80451044f91a73287927d63d6bc43ef8_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84d3746f8,0x7ff84d374708,0x7ff84d374718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,13634880129797698013,5776678389844857490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,13634880129797698013,5776678389844857490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,13634880129797698013,5776678389844857490,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13634880129797698013,5776678389844857490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13634880129797698013,5776678389844857490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,13634880129797698013,5776678389844857490,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,13634880129797698013,5776678389844857490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,13634880129797698013,5776678389844857490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13634880129797698013,5776678389844857490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13634880129797698013,5776678389844857490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13634880129797698013,5776678389844857490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13634880129797698013,5776678389844857490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| FR | 216.58.215.42:445 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | zippycrack.com | udp |
| US | 8.8.8.8:53 | feboni.info | udp |
| US | 104.21.21.131:443 | zippycrack.com | tcp |
| US | 104.21.21.131:443 | zippycrack.com | tcp |
| US | 104.21.21.131:443 | zippycrack.com | tcp |
| US | 104.21.21.131:443 | zippycrack.com | tcp |
| US | 104.21.21.131:443 | zippycrack.com | tcp |
| US | 104.21.21.131:443 | zippycrack.com | tcp |
| US | 8.8.8.8:53 | 5.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.21.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| FR | 216.58.215.42:139 | fonts.googleapis.com | tcp |
| US | 192.0.77.32:443 | s0.wp.com | tcp |
| US | 8.8.8.8:53 | 32.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:443 | i1.wp.com | tcp |
| US | 8.8.8.8:53 | i2.wp.com | udp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 8.8.8.8:53 | secure.gravatar.com | udp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | v0.wordpress.com | udp |
| US | 104.21.21.131:443 | zippycrack.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| PL | 93.184.220.66:445 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| NL | 192.229.233.25:139 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 192.0.76.3:445 | pixel.wp.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| PL | 93.184.220.66:445 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| PL | 93.184.220.66:139 | platform.twitter.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_2972_QTBPVNBRZQHFAYVD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3ee1ea134938a56789a95ddc4dbce25d |
| SHA1 | 800669b611d37cda130d8c152d25c9028c06945b |
| SHA256 | 0ae3f178a8f926a46d2c5d4457b7409d2002082b6ddd0a91c777dee796084152 |
| SHA512 | 0d36a8963a35d390e052e10f0708ce24e249b89b400e755a80e2c34231c46833ca407351672d6c816a6af891a1b008e8cfe757ba682ca0755d325a4884cc6655 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 09036c5eb6e7d2aca55947acf1fe52c7 |
| SHA1 | cdc4ef0d7cb24226ce259f4d682dc83e98b8bf66 |
| SHA256 | 7b035fb7091fd8012d6d00d5c1447032ff7fca8a3b22fc9517c4173c37bf4517 |
| SHA512 | 26b38d73c38427026952443c2f07f0adc7c14a087c077151d3c7af970c867759a0763f2255d3dd84aa8402c42bf88b3f54e57ef117ef07a6fc0a7e25d7f73263 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a55c611920ada83ce9d38fab00ed8f7f |
| SHA1 | 6b13b30cdd5f0fc1964ed76f40ff9db1ec30696a |
| SHA256 | 2c7828f2e50cfb8f869b93610625ff706187c19c493834efe819bce9856df297 |
| SHA512 | 753a950d0a674ac11609ab1b0be06138643cc2199e50cae060fcb0cba727c41236909418343328329cc1a3d7dd6504d96336d76af4cf6b2d55dec3970e8476af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fdf45dc4b42ade71fdcc5ea7c079c78c |
| SHA1 | 531326e6f89d11bbc01179455adecd07a1bd0d9f |
| SHA256 | 511529f3672d01a47d8c28d5d7db870afd5f0e77ffaede3b7ed4a8b4751536f6 |
| SHA512 | 5464f1f34356ce4fb64ea700c1d6abd2798865d43b4798291ee7845e72a2bea661fb4864b17e123688ed8a83720af167b0aef54ded8af705bf1785d1d5f098b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4ee36b79ed942f4ea052d7170004a961 |
| SHA1 | 8d97d51f43f1035ad9b438f9582a753a5bd96df4 |
| SHA256 | 9ccc93945412d072f222d60785fb3fb5de102b9f7a24953944c1d6d410c8be33 |
| SHA512 | 0ffbb85b6167d04262a1d91c250480a864219f42ba94d1a03f7eb28387b9d3c66014f62de8364e2bddcce0478bca3ee7f26d5f48b904bb6415935a1ec3184c47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 09:31
Reported
2024-05-29 09:33
Platform
win7-20240508-en
Max time kernel
118s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2FB24FE1-1D9E-11EF-91AA-4EB079F7C2BA} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000197aadc47a8e3ea3aaad193859033e7924f2bb1eada4512925ba23215981e2fc000000000e8000000002000020000000fb1e59fd927633be93741b94a6e6b7959a93c81e3b67aad38b9f3c51bda65b9420000000253bf36194145bfa8bcf520c9a8dff06dbc4dbb73412385ec8819d4eb51a15b840000000ad729f1d0f8c9aef15f68a664f685fda69a135eb7647eb2df0cc6795dd49a4818198fe89ffd56a2619e33bf34a910abf7ed3f986871c2e231138572ef7265e1d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423136938" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000d3d9c2080b9b0d85e8eae60749789e783b481fc9da145af6cd396a032cb38359000000000e8000000002000020000000fe25a9a1d51d2df4c1130a83da8210d89d5b84df0b8f3056710bc6f054d18ead900000006d65c6f9492828c42d2c13c11ed0ebcb72d5f2b2eed3c85a12f633a09293801443870e768b16ee42633998c070c714fe9643b6e6b2244722c57f4e3fb8cab8c22a0a64881401be9794ed4cf9cdfb44c2f61ffdc6a9644aae7b8f1fda45d9f2ac7289edaa7fa6dd64c2b0f9e8d56974b959b11677c85481fcb9f88b90af29b39240d05fb7ebe4738b3563bc7331b5c69d4000000028ae75f442a0460a20c6192912a46157d0dd928d91434d0a581ff5282302dbb1b7a3099de6369285a5397293cda060d0eb5384833b5dd90f45ab047707d90037 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c076f107abb1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3012 wrote to memory of 3064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3012 wrote to memory of 3064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3012 wrote to memory of 3064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3012 wrote to memory of 3064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\80451044f91a73287927d63d6bc43ef8_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3012 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | zippycrack.com | udp |
| US | 8.8.8.8:53 | feboni.info | udp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 8.8.8.8:53 | i2.wp.com | udp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 8.8.8.8:53 | secure.gravatar.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 104.21.21.131:443 | zippycrack.com | tcp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 104.21.21.131:443 | zippycrack.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.32:443 | s0.wp.com | tcp |
| US | 104.21.21.131:443 | zippycrack.com | tcp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| US | 192.0.77.32:443 | s0.wp.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 104.21.21.131:443 | zippycrack.com | tcp |
| US | 104.21.21.131:443 | zippycrack.com | tcp |
| US | 104.21.21.131:443 | zippycrack.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 104.21.21.131:443 | zippycrack.com | tcp |
| US | 104.21.21.131:443 | zippycrack.com | tcp |
| US | 104.21.21.131:443 | zippycrack.com | tcp |
| US | 104.21.21.131:443 | zippycrack.com | tcp |
| US | 104.21.21.131:443 | zippycrack.com | tcp |
| US | 104.21.21.131:443 | zippycrack.com | tcp |
| US | 104.21.21.131:443 | zippycrack.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar21A9.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Temp\Cab21A6.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | b9a6ce2d8d958f97f33e4c90383555b0 |
| SHA1 | 1dfc439a009c45eb482547d65aeee88675679279 |
| SHA256 | 35c92a56b5f0f8520f27ee9b8d093c80deeb4f7599dbedfa8619559986db3c03 |
| SHA512 | 0395ce6722e8663e946c8ab45bf6b28dde3d77c42ce893dd5d9174bb1c2c287b5ec4cb165ab2c606c13b39a72af14ea2d1b63bd3f21b766f8969b6d18db920f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar230B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b9bdc7f1d11c98da911975f8e70b112 |
| SHA1 | 6b666fd33c792f94f74242e040007f6b869393c9 |
| SHA256 | ab442dedd79cbd06afd0d4f43681a3af626579e24b61d1819b04a5429a681b08 |
| SHA512 | 2b8dabab3244fdc20d01d6f23177e47eda278e501eebdbe85f60b7557564555ac1acfa5eb17856a45b48df90681303711e498a3a35f9387ed00ab76dbcea95f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | c992d6c00ee48d0d81229c7356e0adfa |
| SHA1 | b4ae940d1c532f020fb70605159ee586968248df |
| SHA256 | 040e2b6232d207871ac4169b4657581054b45f53a938c69c2c879d76b2200585 |
| SHA512 | e67b7528523c20211c047c7c8ed81a649d3364c439d89aefe9193915d76f57e1e462dcfb9c814a801fd8490a0604e286365a456fa26b353710f8d47ac418e445 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66c78639d9834025c6410c94ae55b7a9 |
| SHA1 | 087a444e1fd92d852584a5f2acd22afe10bc51e2 |
| SHA256 | 75fed3646a518e144920c8be8d7b31ef3a643620e26792dcd1bad352de2dcf13 |
| SHA512 | 46021706ac24560b16fee95e793ff37e1df73f693bf7d55fa06289211c9fabc977efc94bb3a3dcc71ad14f66af8432a3c7f6d49e4ae9b17b930b8e9f5253616a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b5c39542e8d6488decfe7e56015a282 |
| SHA1 | d4bd23e5b3d2431e3c35f7a1856d0966ab77572e |
| SHA256 | 4e6ef6935dcf0bc35710fca2c5554867ca2a2056cf534e32e900ed67e0466a70 |
| SHA512 | d3610df1b6cefc695cf5d210327bcbdd45d6072bbd9f90afdc53252ab9f95a3b4ed473fd70e91518d82808443bfdc298f450b692ef522303930477400bcc4a79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 68057231a7d6ce57814dc21879e6d9e7 |
| SHA1 | 44b60d48844f4a9b3b496cf533906da678f8240d |
| SHA256 | 1222c39fd53844b471a3d16c7824d0cdc83bcf9ae3342ee9b8e6bdbe98c20ac9 |
| SHA512 | 4d2841000f77a3b45513bb137cf00c2bebae6188a6d5f96251583f567279b4049299bc6da458d81ff94cb245baf68eba215425acff6708f8b6b90a2e6565c722 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | c90575e0768c19282e379d5fbe679381 |
| SHA1 | dfc182128cfaf78e56dddf9c671e0d37a2165f7c |
| SHA256 | 42b7e7d1856d7fe90c927d82950da17f1414e7b9f1f5896ba29edd192642c744 |
| SHA512 | 6e453dfff0079c69b5eee59b14456654de10f8846da40fdbb72b4a6e657682aaf993b8b3abb41a67f3eab7113fa4a0f3aeafda39c29282018fb97819527214ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 4891ce2ad2b1d9bf9c55e4b13cf58d66 |
| SHA1 | 5ed11af7bc0c09eb2d4c59d52bafa5e9458d6257 |
| SHA256 | 6733338ab0df2440cbc69534b29c132da43ae2bcba911afeae0660dba47e0cc8 |
| SHA512 | 19bd8ebe4b57e69d6db51516ad34e77bd1e16148e1464fa29553f8c775caa32c397efac742db0c3bea98ec747ba98509eacdef1180bf0bd0854d84a7e6c275e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 398722ab9c4f5041188981d7a7dcfd43 |
| SHA1 | 1098df30618ce1510d8353b487eab2ddae15553c |
| SHA256 | 0dfccfbdf27015d2a8a160ebf9745e6bc0be41410553d09a340e1cfbc276dded |
| SHA512 | dd9a9e8691fee59c36e4b1e7fc69d963acf284685d95fcb0f2812c832944a23e8625991cd60e3280dcdfe216e45ee451cc5303116755c0190b6ad646974bf711 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3dd8f50e3ce163c729944c94a7cb80d3 |
| SHA1 | 8829f7ba5ded093ab4e839b1dc0ad8239bbf4608 |
| SHA256 | f498017475230f205df1ccc292645a2e95e613d57018faee0a0db2d095351a7f |
| SHA512 | 5be08e17e9e2583fa8382a7f76cabd888056f74854648ba799640061bb5bc989eebd051b1c3b844c9c75a0d4d58d31e9b289476ad33d407b05a3d0a847cb80ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 959611fcbdd7b703ee4aa65c091986ec |
| SHA1 | 9b22b47e29f583bd2956dd72c9ce0855fc9da73b |
| SHA256 | f64b16ec7283622d564c5e6cbb529274634e9238a2c1e0edc066b2b9a0f6dbc8 |
| SHA512 | 5a3b7c55f6b0a1987b1bf7ae74500d0d3dc9e6e78cb3eb0f5f3d83f2f6926f9ddb3ba2c3271503c2bd0e3efb5b7638c6ea62828f834ef4bbd85af850408fc1b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2430524faf80303e6d25cd781905f74 |
| SHA1 | 846b0e77243dcaaaf5e046875e69cf5fea11642f |
| SHA256 | b3aed826babc0849c1cbaeafd3109e6fdc009d1211ca87fd928279d34c16eac9 |
| SHA512 | 1584b69db1c977dd10f87108acaa5a8f21ef4abe716823cc92c7ddcc08c8b8bc6867d64153f641ae6b12e0e9deef1d98c00fb35fafb3d4db54e970532c507170 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8cf84417ab6fbcc52612d838c840f60f |
| SHA1 | 4e4cf6913a96df4bb380e48ad037023f0d44ac6f |
| SHA256 | 4469f45dab7790feb1c7ef240ced103e8cbc697d1a2de676567ffb2bd30da130 |
| SHA512 | 3e89efd446cd39490f1757ff1ca4af04b72c7b8846f0e0ad8897ec22adc8267fad335806a0bc31eb48bc1dcb51dae2c63fa3ce057fdb4cd699ee70ce076a6909 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36c0a0392426f69d5d678cf1826ef908 |
| SHA1 | 362586834eede9f64d1a76828b3f1cc0acf60a3f |
| SHA256 | cd34f643069968f3e49b4ddb0c136b7f5e7bf24f0f58aa21c48b1925193fb028 |
| SHA512 | 078493aa921f80a8373c86e84ab67400646d1e5a94512dc515c516d55eaa606dd03eeab047a98e32746c718427968a547957a765c21a4d3045465593b8fa1a07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59505980a45b98cbcedec2bcf5f98616 |
| SHA1 | 06171f1e58d3d31bbd9f082f720fadf4778df1dc |
| SHA256 | 2c65a4e358fbc33aed7a48927849e0302f931d210a3e3c56b97d8c23a7a787a1 |
| SHA512 | 15adb7ad3b5e863bfb08e7a4eae32472aae54ddebd1e3d502d36d9041acfe8c5492ba4cd7f038495841d76ce697f9b5982f936813cf8306f6dd5283e04b02add |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a2afc3ad0384a234e4e4d66be7de7e5 |
| SHA1 | 1ff13d569a8f22099496df7df82d8f109da38244 |
| SHA256 | 3045981baee02a619fbe8cbb3ced6a196341ed9f9abce3b28b08baa44c940288 |
| SHA512 | d7d111e7c973718c5ce349f2b9bf463abd2ebe8920162c3b89b8c26c78759fd898635c3aed7a90e4c3170856f5926b4aa987bce2eed3dcbe985587399d358b51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b5ddc6d755b4a106c816818b71a64ed |
| SHA1 | 9547e938e0f23b403bae6a2b989d0650f05a6667 |
| SHA256 | b7623bd44c7d4ad1e16dd63c346635b59bde3c9839ee22360ff24d814f3f46df |
| SHA512 | 3f15adaa39c52f04d312bb2237b78231a682e7e6340f38e02dfa04e17ab044803d9545ec58ec6f5d988d550d58d25bed6971341791f04b7cc83fbff8c420abc4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3439f9ce5e6597004c8aa84fb40cd50 |
| SHA1 | a941837a7b1fc7f30667164b4d589dec510d3be2 |
| SHA256 | 93e70d444bfc5ecd51398e276fa07d509837b5df004ca8e503ea57d524d8769c |
| SHA512 | d16f7d567cf4ba220bde27a4cb1fe2347bd5b93a2066d5a6cdb1853cc3d9be94b6a80f3db44d582afff8bc440e0d4c7442b1245ffbaf0667883b23db434dd1b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a32bf97b7c00a2bd736fb98c3ccc2b6 |
| SHA1 | cd8c2356ecb2e0e59be5e9213e1b34766a0a792b |
| SHA256 | 26f57d62289f900e34471c427de7aebfd481830ae29914ed71112e71c4bc581b |
| SHA512 | 67d183a4ebd45dd4b058a3307879a43474803d8f2ed3714a6897ebd40ff703635710e8677b12eec672cec3c744bc19cf649a26646f495dbbabf222d6fb34b5f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13be03ab11c48926b8a6a11682675fc0 |
| SHA1 | 3383aff15db99f696a256a74ae691c4d6cba2e26 |
| SHA256 | 71dbafafbb7d2289ffc35c50b7dd1241e653133014fd048e30e67fd66b7d0bb2 |
| SHA512 | f4aa8a4473c416e981208525e9251126b180994b930d1480bdaf117505656a8178662c3c67dc05939df779743a727eb03475782eca31e7ea7f341ff985736cb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d25167d923cd2acde4457861506e958 |
| SHA1 | 7ee19a5bf2278ac8581fd3ec382affe7e9f804bd |
| SHA256 | 2c870c27fb6be837acc17b32c6739f175134703fe1b1d44bfd4e8785af0f96aa |
| SHA512 | 670357fa73e185776688119c6b4562d33451b25197a9701f44918166fb23cd6a044e6ad1cb9c8f8ae8a87f42e3c9dd4b4b355f730e05f241e276a847b19b5b47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18449cabe7970d2602e0775630dce023 |
| SHA1 | fb3c45b925c15b570dd2d333b7cca7a981668b6b |
| SHA256 | d6d2f4f4dfecb5ce865ae46618476d736665da66a4050b641313300bead82502 |
| SHA512 | 7c8da2406435984ec33c9c874d5bfb6e776a5b968cba81dbb8c6947f0894a927634fea244bc5c36b0fb479806fa3117742e26dfa424d70c1977d26f4fba9e7db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 053b2c7c859247f648a20f47a5a7931e |
| SHA1 | a312aea0adf7dac5a9f4b663f77e2a71e0895d46 |
| SHA256 | 5ca8f54af63ff05a973c2db0f4a7b3f490e1a196b64dccaa641080841e2e8079 |
| SHA512 | ef5232e5619688df0ca419a1639f80e197a4417ecd3ea269affa43c71c0f8c97cb5658a80c0c4e2003659cd539194e097be26d8ebdc9d9ee1b25e7db63e4715e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ff857957fddf5c0990f6a80bc8420a5 |
| SHA1 | d340eedccd6b20240a5614a6a3a667df548411c0 |
| SHA256 | c7c74e70336b4fa7a5fc7cf5bbd3accc40f570f29c0a241f171f26c3d11ac919 |
| SHA512 | 60719191682e5433dd2a1fefb68cf66f519335c707841e2832deeb0596e90f801855884f0a13491041c52ea64c5557fea2ebe0cfbec2fcd2effcb95c69e69591 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d360ba8db27f92c7857441d874b18f02 |
| SHA1 | 584cb593ad18ac95e15990c11cd9f57b6c98fb2c |
| SHA256 | 792e9f3d6e0198b444067120e75e9cd7d1b2c39742df4eb0ff63cf65207c7ac0 |
| SHA512 | 91b8d3e325dd98621cee5a79abbc767be551837be6820e54120c8825da86a5770c89a643a34f9fd942e6218bba7cf14578114bdbc35447e954af63c5d950898a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e1bc9863bc2c226bd4e5f1f3c10dd7d |
| SHA1 | 73b4d4a0609dc8717a100ebc4e6a4dd59e7fed28 |
| SHA256 | dac28b0365108236da3ee49090207d833565a4a97db60d14a993e6647c2f175d |
| SHA512 | e20b1fd253d984b92a536bfdac19bb0d08ed4133f6abb3e7d25ce882c1e9c27adf02285e698499c5527e95c2283883b18a0cfddb4725ae0e62f612261c0c0151 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 047333ae76dd21dee22bdced692c3f9e |
| SHA1 | 0d8fb56fbed0de7fb27a5d0f1004b9297b52b25b |
| SHA256 | 4f86a6f81df94a3942861c95495978984194ea1f338bc20091fc7ba2689bfc33 |
| SHA512 | ff10e817c65b1d65949b7cc23fce44f9f078061d813a2d147cfa20aeae353c1a07a09032bb5315fb0f04b2e8ab7b8d2b7baa3cd58a5270410da11b7f7831d2bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9079296aebee084dbcb150c15b16c330 |
| SHA1 | 3e76f112217a8564a6c23f1b05f69b8eb6df572f |
| SHA256 | 9fc490599beca0e933fe7593133d580d45bc44225e0e63b9ba088d77d421e09f |
| SHA512 | 428ca053f9772293466a0d21e6d23833e205c447566194c6a109de36f7671fcff31d568a07caeb43b7163fea0bb3222b8303d50dd511eb4c6b7d75038e0a83e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6315d11d8f49a2f8d04b6938709d67ff |
| SHA1 | ef90c1c512b695709338f335e9efde184c5cef3f |
| SHA256 | ca2107f751b13a5cac6477ed5908257becd6d60fe1b8d7672e76fd1e9eddcd29 |
| SHA512 | 248ff58d6e9c2f1e1c430b487ee2f3a8dde84dfc84ca9be7c89a0fe85cee5ac8444e0778953ee50635bc52666c9f0398e125d7db545de6af9872019540579269 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b28036685b1eaedc80c2780389eb5b28 |
| SHA1 | 7c9806beb01360a81fce663c23265021e8854606 |
| SHA256 | 9e764e09bf5e5e03659c8587d0c404a69df9c74859648f2b92877c3af5acf7b7 |
| SHA512 | cc3a018b4db84776e7559c80b2ee76315724068f2de5656ab32e834775b735302d2a389843216bf1ab74ccd9e93a823fc37ccd291c01a91e7f2bf20c69e22ccf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 238f4f5903238d67ea6736510dcc2222 |
| SHA1 | b6d6ce27a4837d7cbca821a8ea08106d9f155db6 |
| SHA256 | df862d7478b11184f10d4181de0ba2af49b3015db2827aa084fb45a8cf8720d1 |
| SHA512 | 4593ed9838f31c32fa16d96b409161638199e5faf2652a7b28696aca999444e98990414fa8a5250c0b051b478e6e0887932a33e13d9c18594cc9c2bdfa75663b |