Analysis Overview
SHA256
9b9e1a06bb8c70f8cc98502589c2f94b8fb0db23cbddb2554d38758d3f8c990d
Threat Level: No (potentially) malicious behavior was detected
The file 9106d68c0972c01a177a0dc7f1ec1457_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 07:56
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 07:56
Reported
2024-06-03 07:59
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
141s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9106d68c0972c01a177a0dc7f1ec1457_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9d0c46f8,0x7ffd9d0c4708,0x7ffd9d0c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12369746613736850904,7458540180338983635,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,12369746613736850904,7458540180338983635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,12369746613736850904,7458540180338983635,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12369746613736850904,7458540180338983635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12369746613736850904,7458540180338983635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12369746613736850904,7458540180338983635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,12369746613736850904,7458540180338983635,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4860 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x47c 0x4a4
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,12369746613736850904,7458540180338983635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,12369746613736850904,7458540180338983635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12369746613736850904,7458540180338983635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12369746613736850904,7458540180338983635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12369746613736850904,7458540180338983635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12369746613736850904,7458540180338983635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12369746613736850904,7458540180338983635,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | planetjuly.org | udp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.249.91.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ww1.planetjuly.org | udp |
| US | 8.8.8.8:53 | ww12.planetjuly.org | udp |
| US | 75.2.81.221:80 | ww12.planetjuly.org | tcp |
| US | 75.2.81.221:80 | ww12.planetjuly.org | tcp |
| DE | 64.190.63.136:80 | ww1.planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | syndication.exoclick.com | udp |
| US | 8.8.8.8:53 | www.gatsbyporn.com | udp |
| US | 8.8.8.8:53 | www.dmtinc.cl | udp |
| NL | 95.211.229.248:80 | syndication.exoclick.com | tcp |
| NL | 95.211.229.248:80 | syndication.exoclick.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.81.2.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.63.190.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| CL | 45.228.210.46:80 | www.dmtinc.cl | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 104.20.19.71:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| US | 8.8.8.8:53 | s3t3d2y8.afcdn.net | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| CA | 149.56.240.127:443 | s4.histats.com | tcp |
| RU | 88.212.201.198:80 | counter.yadro.ru | tcp |
| GB | 195.181.164.21:80 | s3t3d2y8.afcdn.net | tcp |
| GB | 195.181.164.21:80 | s3t3d2y8.afcdn.net | tcp |
| GB | 195.181.164.21:80 | s3t3d2y8.afcdn.net | tcp |
| CL | 45.228.210.46:443 | www.dmtinc.cl | tcp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| US | 104.20.19.71:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | e.dtscout.com | udp |
| DE | 141.101.120.11:80 | e.dtscout.com | tcp |
| US | 8.8.8.8:53 | 248.229.211.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.19.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.210.228.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.201.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.240.56.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| DE | 141.101.120.11:443 | t.dtscout.com | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.120.101.141.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_3444_NBFUSUPUSTBNTBVN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d00bbb3d59fc124dbf7cb33ac6c45144 |
| SHA1 | a3db3a42dd8e6299e73184221707c05ba7989475 |
| SHA256 | 6fa4d7da3efc83e856432d41fe131cf02be81ea09ba0d603eecaad4a2226942f |
| SHA512 | 13bb60d856f3a5f921d772641892554bc04b6dd2ed31f73d3161406780edb6458c1fffa0f870bae4d40a8e1c375d1b47cd7f663f2ca96a8a031789f3988a2323 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5d68157473a357935406adb336def9dc |
| SHA1 | 51454b1994c5612b7e339907a6b6129df1f370b4 |
| SHA256 | 82a844f18b88a3975885a606dc27441dfedf83289d6572b356bed7e266e087be |
| SHA512 | d4a2087088696bde481c4906571470edf81411d11e31006697990cbe3e85e98bba2aeb42e606fd5e3e2bd7763dadf01224250df07922750c5c02ef11a0b78ce7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 40718ad4207e64a5506e262fefbf73a0 |
| SHA1 | 6d5476292a08821438120a6b18922a25568c2400 |
| SHA256 | 704658e13f4827e668c259688b1aae481d4c81bd112c197b2b93ffb2fe666852 |
| SHA512 | 2ad6669ca718d167aeed8a2099c49b86318db0130e753a73b64ce89ebe80789f1052bbc4745dab8d8d2241a44a9e65c60409afe169c375b47036e4fbacceca69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 42586f2031b281ccad9c4416365ab112 |
| SHA1 | ad23dd23d8281717339d600aafc5729ac5d54dd2 |
| SHA256 | cb50e4eccc6d5a42d4c322c85332b026855c64034326783fd0434589b3bc3312 |
| SHA512 | f912d3f8774859cd6fb46d42888fbf2dd28b6ffa5d04673db6050a6549d75061193dd3bfda5b9f0b209d45a0b4dbd18ca3b9a78ab00108fa232f83a1238e90ed |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 07:56
Reported
2024-06-03 07:59
Platform
win7-20240508-en
Max time kernel
142s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000009213783156a7f1d34c57e49e7f8ccde896f5e1811de23d672d974c25c570feec000000000e8000000002000020000000184311b57d6016301152cf9fef37f609b88bf44aa4a4502a1b970e031948b135900000004b1d20db184e7eeb9542e6fd83fd578f92bb720363855434aef9c1130474c5c4401931a0ce6acacb908f11ca168a9435a9fbd155839c11763add9798951e033229a2755e8a976847d3e1f51ef2be8bd2c6e6302bf1861de973261759250bdb1544d3d208838dd5918b17fa306b2290b61bd8718065ab855e404a7c4d062622d7e8f45ea82d6a71082a0f7fbb9bb8d6f2400000003679a27921854a828260f9588b1660cc813444a2f28c82eb2aed6001fb7a522ec8902cf8fdf86251bbba851619f564223f1961a2cc66ce2e662a75be1cb2c412 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563256" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C8F70311-217E-11EF-BAE0-E64BF8A7A69F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000bed247a7e447165121ff4eb69562840a2dc2652bc12fa43ad09d3922904c315d000000000e80000000020000200000003f4ef23d490e24304874c7ebe2afd4b2a7e4815ba4eb4e7d170af774ec59dd5e200000008a753a9bfe9c0226cf5de6fea497e3df73950e97c47a196fc2b607d369f71f3e400000008418c9296fd72ff9d44130d692743eefd02c6814dac46a16a2d85f6fdaa7f3cfea977cf6187fdb6626d1c85ea1f6165b08b0a40876bd0efc3884697102aba16d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5047f69f8bb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1612 wrote to memory of 2996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1612 wrote to memory of 2996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1612 wrote to memory of 2996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1612 wrote to memory of 2996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9106d68c0972c01a177a0dc7f1ec1457_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1612 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | planetjuly.org | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.gatsbyporn.com | udp |
| US | 8.8.8.8:53 | www.dmtinc.cl | udp |
| US | 8.8.8.8:53 | syndication.exoclick.com | udp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| NL | 95.211.229.245:80 | syndication.exoclick.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| NL | 95.211.229.245:80 | syndication.exoclick.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 8.8.8.8:53 | www.gatsbyporn.com | udp |
| CL | 45.228.210.46:80 | www.dmtinc.cl | tcp |
| CL | 45.228.210.46:80 | www.dmtinc.cl | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 64.91.249.20:80 | planetjuly.org | tcp |
| US | 8.8.8.8:53 | ww7.planetjuly.org | udp |
| US | 199.59.243.225:80 | ww7.planetjuly.org | tcp |
| US | 199.59.243.225:80 | ww7.planetjuly.org | tcp |
| CL | 45.228.210.46:443 | www.dmtinc.cl | tcp |
| US | 8.8.8.8:53 | ww12.planetjuly.org | udp |
| US | 75.2.81.221:80 | ww12.planetjuly.org | tcp |
| US | 75.2.81.221:80 | ww12.planetjuly.org | tcp |
| CL | 45.228.210.46:443 | www.dmtinc.cl | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 104.20.18.71:80 | s10.histats.com | tcp |
| US | 104.20.18.71:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | s3t3d2y8.afcdn.net | udp |
| CA | 54.39.128.117:443 | s4.histats.com | tcp |
| CA | 54.39.128.117:443 | s4.histats.com | tcp |
| RU | 88.212.201.198:80 | counter.yadro.ru | tcp |
| RU | 88.212.201.198:80 | counter.yadro.ru | tcp |
| GB | 195.181.164.20:80 | s3t3d2y8.afcdn.net | tcp |
| GB | 195.181.164.20:80 | s3t3d2y8.afcdn.net | tcp |
| CL | 45.228.210.46:443 | www.dmtinc.cl | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 104.20.18.71:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | e.dtscout.com | udp |
| DE | 141.101.120.10:80 | e.dtscout.com | tcp |
| DE | 141.101.120.10:80 | e.dtscout.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| DE | 141.101.120.11:443 | t.dtscout.com | tcp |
| DE | 141.101.120.11:443 | t.dtscout.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| CL | 45.228.210.46:443 | www.dmtinc.cl | tcp |
| CA | 54.39.128.117:443 | s4.histats.com | tcp |
| CA | 54.39.128.117:443 | s4.histats.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarF05.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8cc2ef4e6e7e44c30e6dbf622607a51b |
| SHA1 | 50e3f991133e812eb0a7fbc7024fc5aae7804265 |
| SHA256 | b247870d5ef5ad2550005e8070aa5caca76bd139f583f2cf8eaae34202ddbc8d |
| SHA512 | 4cfdba653dffe201741bb68bea96b370056ba59892e37af95f2bcfe8e98f806dafcb1522bc3c934f318da0ab9a8353073b9ab65fc4af03bb38c93d438523a303 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e938ce24664aa4fd74f805f9a537b088 |
| SHA1 | 924711a0b898eabee574a894fb0da8dc38c2f5ff |
| SHA256 | 3a2e6b646ddd952ec305ac0518cd4b757472321abd6776a0bed11b2ca5bc9111 |
| SHA512 | 213f2460c713747c4f91f09a1b89995e3d8ab46b6af67cedd99ac6b79e8613555c3a147e1f6dc90d5c13c7bd8e4a672781ad4796d36fb43c1817512bb3b0c894 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f6cfcdcfbc39db249da42ea18790962 |
| SHA1 | 3b04ad6a613a4d54153c060c09dbb138137e834c |
| SHA256 | 80f7609ffd17074e0d9ce778e188bd84d03da644126272d0c4664b57d1344d62 |
| SHA512 | 0a8ef30c6b6e12b126daca559ad9fd3daf4df4ae37662c9f7d8929a06d3d73825717d15535c21a56fc3dad2f6b5e49644f07104a1e01efe74abf6dae8935159a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ce5976b7a74a2bb669a0443f1cdd8a6 |
| SHA1 | 18c2539fd4fa844c1d83c522fd67c47dbac69603 |
| SHA256 | 758a3bcc989c81978832013bcb4ffc6cd65c80c11c32d94a107e6002ae2ebc38 |
| SHA512 | bf595742d46a83bb0a21eb335dc8d178ca11b514daa0e6e726426792f8381935ce84d8638722b476a062a7111ee3c7d0cc0640538c39b6c6fc2a6bc0979df067 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8820a9c7dc5b35869d4406439a515fa |
| SHA1 | b8ff898e3c4b4a53a5d5de1642c32c56cecd3d8e |
| SHA256 | 509f074c7d61278f51b558e84157cab95cf3d74cbaf0c010d7fcc70f003fd509 |
| SHA512 | 665cf0616f27384f0183f6709447e469dcc3d9ac42d70ac654d7d9864fa83fc61d8a11215fe25bc82e202a766c28523fffa09e6bb3c027023dd5c16686c95d3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 736cd4acaf4e98a105c0046e7b8a2773 |
| SHA1 | 35899d94dca79eeffeb6872a64a051f3854acb8a |
| SHA256 | 1b89309af0c75cce618b286a413928d24ed2b7e9e2369b4d9b47b9cb51eb528f |
| SHA512 | 887ab60013d0c94cdb01e0f8f43199e312f8692270abbe5e99f7edf5af231e8877eba636d60c67f56d8201032bdc3138b62e29c3f87472bf768549665fe76f1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29f2eed8c783cd0d34a1dff877572458 |
| SHA1 | fd999fc5f65513802cd9973f9615583145cf4689 |
| SHA256 | c61cb9abd909a30e9c8d8e487e863c301a1563e15d683d8716b31dca737c142e |
| SHA512 | cce6bbcff5d3ad19aac03b662cc1490499c8816cdbf193b64523ba1e56bfbef68ad3cb527efe4239e5f4fafffd099ff0072d9f4860b02d4a81c4eba581d8f1d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46ac8040e4474f88bde47b17f626da28 |
| SHA1 | 5c3af3d3c6735de67a491c48863632ec135b98da |
| SHA256 | eb2b7a37474e96e26a2f3199e73c04ff02e3172cbdd55d767403eadcb8560f98 |
| SHA512 | 15aa2c668bc6dadaa9af0dc21e58ef6f7afcc204c44c1717f8384e8fb6dbee4bb2f48212659fb08cafecd60209a419c56de98ef9090a86b71af71c208908cb3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14c2c2a27a1bcc33258122c8b25faee0 |
| SHA1 | a44b4465eefdc93351d6506d34615c640843725f |
| SHA256 | d787388b147dcf583a4aa5dd799d0274cf881519085ca9973c021a3ce7f2db72 |
| SHA512 | e9e807b530391601c582f2e20af4e8a3fe997aa92d42aef5676ce97119be52a926e42abd888d71661934aecad010803c0ba77290b6948e4ce5ab585aa8c8c046 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e46f3fb8fc54ad7f1fff8633614a865f |
| SHA1 | d905a1012fa8aca5d3f45272d824079fcbf96212 |
| SHA256 | 454115c86e7880fbcd9d960233096243e0b9440072f942341f400a87a7d6df8c |
| SHA512 | 0166b1a341f144d50a9fbef7caaf106fa31e66620c8fefa18f074dee430a650395b670c51918fdbe91f8bc56dd5d5067647ad3ef51f1782354c61a51d2bd74cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a562566f82f0bf0ed799941e4e977c1 |
| SHA1 | 62d839c36deeccae925b3af4e8713565a46a57bc |
| SHA256 | c38c664dbca312975aeaff419671fc33d6d904dba0dc5ff65c6e9ef9f1e445c6 |
| SHA512 | 396d2fa84e915d4b2fabc1f9bdcae45aa90c1f24ff0278d49ed721b15ebd95d9e793448059dcb355c294bf8a627817d79b2cecd701bdf90b30b2aaf03ff8e20f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVBQZB4R\e[1].js
| MD5 | 20c4317df06918eb01577871257848eb |
| SHA1 | 4bab2a2fe08919be4bb1f231f56f3a9158792b24 |
| SHA256 | a9578b7b9a921eb03bdca64107746a4c4511797f86c3fa5a06f5c765fda9aee5 |
| SHA512 | 1e761b9881f225ac067b0087a49a82b8245825c513cd18463e62bc964e5f53b51c4d7ebe210d83ea8ef7dc19722dc76d0154fed3f6df255d5b5408be1ccca5bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b14befe6fda64952f777a3a8e9695857 |
| SHA1 | d3c8bb20632c8bd263ba2e09e0e9964f24875c50 |
| SHA256 | 91d585cfbddabb2968b8dc42e822b81db80ccc46447ce71a46f7388886cbbe25 |
| SHA512 | 077f686c791a9ce93ff28bb39992b2b7120a1ac717b57638920c78cb51897d63c4c9d61b5e4291a25745502305cd8fe56f90d43555c6fdfc2876b861feddaec3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80769e18e4c83186d00840ff3f20ba1a |
| SHA1 | 85b6ff80b6e779e740b2e6eda50382d10e2a57c4 |
| SHA256 | 03f044ada67a0e846a10cbe7ecf006c4ef22a29ba781ca758ee065ed069144ba |
| SHA512 | a29f9351c7cb67db2dd5686fef356f216358b0ac41f4da46133b04a3b3f55f8dacf17ad6b10972ff94aa24536225e4da136d88e1d41ded21472afb5a76df7463 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b920b4352ec591cf99d28a7c13eba1f |
| SHA1 | b5851510f238a74eef229296fd65ca1f59f1e5b8 |
| SHA256 | 7d92ac87bf92049a1f9ec138753c558a2b325c575541acf0c32f1133e5aef3dc |
| SHA512 | 19ed4c00ff10f9fea31c858bf1127cf77b7eedc1bb8d589756f97c22498e9e1de337c613b92c149806d505560edd4128a35477c6d05207042b56c401e8224611 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 440655cba7bc87027c05551d01da3b5c |
| SHA1 | b3d20ce54d0c73b09bd2b09b41330ede2750cedb |
| SHA256 | a75b6eb5b82d00a9e859b39bcf6aa296319610af87d7a55ef19a8aebfe0da5f5 |
| SHA512 | 1a4f6b71751271391996bb3cc3026e567942858b5ca5b00cbc0978e40aaceb1cc1789f6eda8831c752d8003755a59f04d10df450ca45f2bca18a358c72365a2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b22df5227259c153e8e2d1067faf9630 |
| SHA1 | a61f0aa485849e3dad24c56f3d4e196a40dc84a2 |
| SHA256 | 7b6339af6a35eb108218213850779f6948693596e522c387566aaf2ca7f93c6a |
| SHA512 | 1b76f7e7a2171cbbf2900d74b93e465902df8f67db4b770cb9959da5fb6e18f15c83c1ad91715a095ee2b2551c18d0206f4c91f85b1e662ab18d0bf9716d9df8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eff859a764ddadfc2a553f5be2a8fa66 |
| SHA1 | 332c5a9c3457520c42aa0554c2292351df9cf7d3 |
| SHA256 | 89008cf4f2efcdebf5a38c2ee4e22dc49c60bd35b99fefefd1ed75c817c06203 |
| SHA512 | b5002fa48c6535dac0344e64980512c83288cd8b56c94423fcdecd1109a8f632a0f6377f755d88a451bc30037762d9d469731b8fb231b1c475a17c861b893aea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e159cbff231a6b93819970f5c414874e |
| SHA1 | 8214f3b8a7fe85338cb36b9ba3d14432f204c2a1 |
| SHA256 | 53df52def54f6c12d0e54dc4eac5739bcf47f1dd6ca55e9f2be16284859b0d24 |
| SHA512 | 890a8eb21d99d2f025b4c51ae3c480e49dc7b8805efac3e425f2912f617352e97897d8269a51a1d9d6be442cdd77fa0ae96ed11e19d9f422a5d0a6a6dbc681bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d674504e6a82dcf61e4031f1486fd4ff |
| SHA1 | 7d87b06774937f9f436062698f4f98e97d1710d5 |
| SHA256 | d578ab2ef60e919dafdde0d4fdac2e05224fe4e0ff6bac03e8936962ef138fe4 |
| SHA512 | 2746cbcc1b2740bcc24c858f4b0a513d2f50080717cfe23300c423a053783a97d5c4dda7f4083ad6e33faf68adc9b696c8d3424da6ede7cf3d9f06a81a8dc6ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d43a629f286fb5f11113e799f95ec35 |
| SHA1 | 8d93c7daa997003c19d0e2724796a7c96c556faa |
| SHA256 | b82ec9a26addb008796713b98c25f76590da378014e3ac1c4fe175e20fcb3bd9 |
| SHA512 | 3c3759041683c0bf9d9b08cc7a960450d433ee587c09a66b3dc3266ec12bc916f9619de6dae5c3b2ddede6f523ca749bf5dcb408eb6997b3ae7d807833c50edd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 673e34188e595cdec8c3b5972a16688d |
| SHA1 | 3f6a8084f0224165135467990f8ac53fcb1cd1d1 |
| SHA256 | 358e0273c14c72e2399b4a9b2e46ee2a792c82ac82f07f3dd4f32f9626273642 |
| SHA512 | 80ba49ef6af190ec104118e2e0ed1991fcd4c4faca26ba8015d008b37e21baba31eb59ac07bfc83f7a6be6142934178186185cf0a7306a8b805277f977d5381b |