Analysis Overview
SHA256
d485b5b2f258c7db2107f0d33558d3ecba1efe321e75859007fcb64f721567a4
Threat Level: Known bad
The file 91446788394ba3bdeba8b1fed477c677_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
Executes dropped EXE
UPX packed file
Loads dropped DLL
Drops file in Program Files directory
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious behavior: MapViewOfSection
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 09:22
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 09:22
Reported
2024-06-03 09:24
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
127s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91446788394ba3bdeba8b1fed477c677_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92b3a46f8,0x7ff92b3a4708,0x7ff92b3a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16125943389641722602,3252597839033096547,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,16125943389641722602,3252597839033096547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,16125943389641722602,3252597839033096547,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16125943389641722602,3252597839033096547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16125943389641722602,3252597839033096547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,16125943389641722602,3252597839033096547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,16125943389641722602,3252597839033096547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16125943389641722602,3252597839033096547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16125943389641722602,3252597839033096547,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16125943389641722602,3252597839033096547,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16125943389641722602,3252597839033096547,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16125943389641722602,3252597839033096547,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3064 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | v2.jiathis.com | udp |
| CN | 139.224.192.17:80 | v2.jiathis.com | tcp |
| CN | 139.224.192.17:80 | v2.jiathis.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f53207a5ca2ef5c7e976cbb3cb26d870 |
| SHA1 | 49a8cc44f53da77bb3dfb36fc7676ed54675db43 |
| SHA256 | 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23 |
| SHA512 | be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499 |
\??\pipe\LOCAL\crashpad_4344_LLUZLUSDFJUEEECX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae54e9db2e89f2c54da8cc0bfcbd26bd |
| SHA1 | a88af6c673609ecbc51a1a60dfbc8577830d2b5d |
| SHA256 | 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af |
| SHA512 | e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f7f9f06565c24126883c19385a404c9e |
| SHA1 | e9f25cf03d544c47d67cc99e1236983683a1266d |
| SHA256 | 2fb6156528987d6d1697bdee716e6f754c2020ef961840f772aeefb6b51cfedc |
| SHA512 | 6d6ef97dfc1483064bbe914395761a09e8d78cc3e37a116ead5a36df64012602fa1461d866eeb8858d357ca9beede1bd9c1089215f56ef23601d5c2a5a3117a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b7a1bc0b106939f212d6cd5edda4954a |
| SHA1 | b0d8511f0d6ec476795d66c2affa0ba0e1004af6 |
| SHA256 | f67eb331740325e09d4f40225e442a9f5f389df5ba0d736c76c95bc9d69a1742 |
| SHA512 | b6b761eae8bade4e585c9072200b9c2d032a1f8eecfd4449a3b5187dd0d1554ebd35abadc3f6391ed49e6e70f70361c94228d00624099477fdd870cb23351c98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e20c238195e4fb4ee526d649a87a9d99 |
| SHA1 | 5489db9ca8c06071bad60113c4be63a0d95d902d |
| SHA256 | 5905547bab813bbfae44216bae36a8a8b53234225c2d48f4a34599b4ac5dc282 |
| SHA512 | 0ee2b06a642ddaa78d2a7e420654b30ba9f0e5e0597a0637d9c6076e565599e53b24365556ef5160b03066fc28853df36608544e6ab1a57f3a12b97f23c8be74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b1dfa0e0d0b32e70afd85494bf2327c9 |
| SHA1 | 64ce7f2b3a9d77235bd8df79fb7b1c063260e363 |
| SHA256 | 1d30fa66c28e294840fe31147f425d7fb983a742851e4c7815aee11391f1444d |
| SHA512 | cdb98f40ff152bafe49fa5d300ef71cb4bba51b928d2faa9054390bdcc73b1dad09cb97de19fcb07a4d9e54c5f9c01b3f43f981110578816ab5af6052a91aedf |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 09:22
Reported
2024-06-03 09:24
Platform
win7-20240221-en
Max time kernel
119s
Max time network
127s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\pxB01D.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\pxB00D.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 602542b997b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008d3a01a9c7af9148ba64c225afe2cd26000000000200000000001066000000010000200000000e5d4419600aa9b29eb7b67e0dabc1a01c2d48a5c8b3023022b4c67561d14a51000000000e8000000002000020000000b4016ad0c0611a3652f48fba0dca98179b8e1dc3223ea54bf9935712e8faeadd200000007a50533fe0fa960a848f5a0031b51fbf9351127744379a6f9cafac8ca6db6a0b40000000605e2feac45491eef919d4e10e4d89502541316000780e423ff518b344c5062025f1d349de151a71318902a0e5968745b443daad275c95f300db8a86089bc771 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423568415" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008d3a01a9c7af9148ba64c225afe2cd260000000002000000000010660000000100002000000073062fc13bb81323d018f2055c1a3f94b1854c4b892a703e0876a7818cfe6eed000000000e8000000002000020000000e367733ffcbea294769ddcaeb4854a69e4e311c6a527f2073bcce59236114bad9000000055d47c1e1071b7d6be58ba13b2034f620ec73adc9ff3568f37e40d8750912b75e5a3a224ce8f54f3248cab51e528295f9562c9f7c5f41440215742d46039a2869c6587230634b081782e82ae14e7cc7bd51404faa046b68d1427054ff9930fd1469c32c3c0223ca25b77d77461a6dd8caad8983ac6876cf252b3d5bc3578cfcd5cf8f085289f8651d128264a916d8b964000000036d62e603d5e7d680b2a383350863923c0adb421a7868b7e280cff46a91d9fda37866fc8ac4584615c417284e39918f3261bce4bb6dfc644d03c4d7221e9d7ad | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CB63E621-218A-11EF-8E71-FA8378BF1C4A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\wininit.exe
wininit.exe
C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\winlogon.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91446788394ba3bdeba8b1fed477c677_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | v2.jiathis.com | udp |
| CN | 139.224.192.17:80 | v2.jiathis.com | tcp |
| CN | 139.224.192.17:80 | v2.jiathis.com | tcp |
| CN | 139.224.192.17:80 | v2.jiathis.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | 03451dfbff127a5643a1ed613796621d |
| SHA1 | b385005e32bae7c53277783681b3b3e1ac908ec7 |
| SHA256 | 60c6c49b3a025dbf26a1f4540921908a7ea88367ffc3258caab780b74a09d4fb |
| SHA512 | db7d026781943404b59a3d766cd4c63e0fa3b2abd417c0b283c7bcd9909a8dad75501bd5a5ff8d0f8e5aa803931fc19c66dcaf7f1a5450966511bdaa75df8a89 |
memory/1256-12-0x0000000000400000-0x0000000000436000-memory.dmp
memory/472-10-0x0000000000400000-0x0000000000436000-memory.dmp
memory/472-15-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabC516.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarC617.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0276facfe91b166d466c4984493025b6 |
| SHA1 | fbb3f2cb6f1f043e8db8aac267b80e2cbc99e13a |
| SHA256 | 1e264c85c1f0e0a00cf1a3e0831bbcfa7ae1833bb0ca9e03746f7e296a4d23e5 |
| SHA512 | 0fdf1472bfcf9e1364b5252f48f270243ee06fa908add039178fd241b85ad00bf9e3ccaefc9a3a82020101940153fca070e0a45dc3bfb76cb29fd21469ac82b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0f20b514ff26f6d49172de1720a7783 |
| SHA1 | 6636cbb4811c25bf7c530b97c35013c2c96f6b92 |
| SHA256 | fa4beb65040b51d360fcef2fd794ee323c05e79c880d02072badf5a08fee9ba0 |
| SHA512 | 692c78098abdee7b43e39269e7cf18272abda3088b8055f5f0bab42886968d2ce71d09fee0886856a6bb61a5c35a91d6c033929ce8144c2db73dbf8b446c93f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4616f7d972b531b927154d42f03d982 |
| SHA1 | 4c333eb3fdc40d41d53ba39553b5282c10e25658 |
| SHA256 | 4088120b9c5582f09282d651cf86de2c5146bc8b1b0dafbef1428b390466384e |
| SHA512 | fe6aedc06d70b3ac54158000e98d6dad1a356bfc9337ca865cfc6334b397db187b4fbaa301b0bab27129a6cbb0b769dedfaf1c264af6f5f89b5ea270efef34ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1568d8718a4dd6854302066e9ca44669 |
| SHA1 | cfae024b490976e634a3655b1db00454e8ac67a9 |
| SHA256 | 3ab28ed22e98ca1d840d70cfcaff4d91620f268056cb21b8621f65db6a36a7ba |
| SHA512 | 6b39a9da4e2cf3a0b178224ec51a07c86068b345d72c49d2ba14fc0ab007af46b93e688a48d1bfe0a019964f8c0f46f1980c1543948d73ac002fb2792bc519e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1502b47f27397ca57d0023c04e5aa81 |
| SHA1 | 3f868b665bcb43d1c9802c6842d3fd29c15430fb |
| SHA256 | 68a55d11470da1d5cec66f7af1cf50369c9f8a72a18e09b1ab70e4412cfd0cd3 |
| SHA512 | 8c71023f9ac3ea0f8e88a2f3198b35c6dbd0516f479962ce751535cba7b2ba9ebb3760096c85e9cf62d4227d05e9a1c436df271b56be8a9322e385f8833da01e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34727a61b875b6e65b36110c92eb83af |
| SHA1 | 783639da3011130cdb3286e4561e9b3f702ec5cb |
| SHA256 | e62309077d74aae721334e4d6ce9c04a71a32e48e9cd70fcf61a5b3fbee5d840 |
| SHA512 | d88860751d30d44afb9144a3ecdc7e20d249bb9e49148a0552f46df03f191a6b974328b790dcf28a3e54633ac33fa97eea288f5be0525219e86ace866c426fcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfbb1907c8aa6286e534204220d28cdf |
| SHA1 | 6ffcdaff284e7bb81f93730e83e82b35bdd70b0a |
| SHA256 | 6d7fa2b40500c614ebfee1071bd960dca825a8fca4ddc52760291fcfa94a53a9 |
| SHA512 | 34ab0fed69e3b056c1f4962dfa556ab6d560f388b37b9b0ee190d6167d645b3ef721a47cad9fdb3ff262fa34c715c9aaea726809cea876f84cedbc5954ac1de8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b6966974a95192d34c9f751a3218452 |
| SHA1 | 4101991652969e7bc55f63568d9a5a2fbbcd15b6 |
| SHA256 | df5fbb2cc1b23deded7d0fea5e8c593cc889c7968a1cbd8697e438540ae38d7d |
| SHA512 | 307daeb4d8c29cce31362bdf0307757ef222ac658ac29bb8f2c28ce43b33151d09e2f1f609a70020ad61ac0db085745ba6fb8ef1f27fde9afed6030c9defdef9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e80b6236928fbd09be7e7d515798d96b |
| SHA1 | 651b8fae0c973b99439e3da0841cd092cb0fc0fa |
| SHA256 | 16ba95b8130abceccb94a0ab1cd30d91c3ed4751ad2f5d124bd0668e3bc563d6 |
| SHA512 | dc3adff0f4626ee30e1a22583f09319aab2b4e31fecf5785827054a63b9e77c5d4a2f3edd95effd22682ace5ec6862161afed9cdce0be871abaa144e61cff4b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0e3e00d1b460fbb75069a9f9001e670 |
| SHA1 | a0dac337fdc3e66cf6d73885b88dd04363a237ad |
| SHA256 | d6a80d29cfb7e66835449f39265ccaa122bb2a419728e9dc5b598e49e70bbac8 |
| SHA512 | 2ba6b00f648ffb6f534e2d66b8d45f4ad046c58d63c162b12368ecc87ebe6d2fe89ba9c245d0b7e30035f86826ee93cdab9622d3cfd0ba11c2815aae41a048f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8bbb99fa2421d1178ef102541309a0d |
| SHA1 | 7aa252533471044ab598ab5a4682176982e28973 |
| SHA256 | a5d7503e996fd15ddf221928c72047acd9212caf76ad6daf728482c1c8cbe67c |
| SHA512 | 72335e3db027ba353e6c8605887919124f201ec89843ee2cc478c4e3a75b4954182a04d22769325ad92eae89560dfc7000359826e20a8ffe815b3cc5e3c7cf94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be25bdbba54b125ffaa334259798a2f1 |
| SHA1 | b52f52a31628e0d9f2c640791b9b3b1df5a34fdb |
| SHA256 | ee315661c8a3c8dbff540d0022ad1b82f1b164fc7bec47c80a1a808d0ac3f177 |
| SHA512 | 4df5f274b2dadcc024d777b6942fe073bbfa9974a54798b4d97b9f6580b2e98d2fdc240257a93263c74f6681cc6fdab299c916a40afd4251518749150661c394 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0b6b27cec1237527b8ea6e541c73802 |
| SHA1 | f7d265bfc011f0adaf998da699ce7d3e49092bf1 |
| SHA256 | 82e9e0cbd6fc4850df2eb53f449b49a092750dba18e499fbe4c7ffc6723c3405 |
| SHA512 | 667c55fece259a0b7300702eaf21ba6e83c3e8cb1377a00df74bcb65af026cc30e772bb3b499427c685f3e51720cc2660f39d35195a369fcb16fac663470f0e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57be1d0983009f28784cc51b0f319a3e |
| SHA1 | 2564dcca189a6eb638f8f2189f728d98e125b453 |
| SHA256 | cddc53b9d0b6e994ca14fbf7e109d61d04369d2d586aa201901dcc0492acd68f |
| SHA512 | fa1b7549f467006575bcb8950ba2861d6135cdbb41161f27b22a6e328868a9bc5b63c1d694a54a7760935ce946d53ffea92f259a6a349545924831e9bd96ac76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e15fbf98f0730c939f89756f4546d7f |
| SHA1 | bc59087fbe16bacd137d86713dc3990369f019d9 |
| SHA256 | 3f1e33b7ebb19744292a8fbf040f11b016eb18255758a2ff93dbe7b032ef6ce4 |
| SHA512 | b60346edc001b43b8fc046d6d7687d2d2a027447573733eb530e883de2696b4339541e8fe4c4869a1887dc4d60beff820cd98e6a12f913e09eff0fc91fc7f3df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d60ea6546c70df273ae1e36647c8c87 |
| SHA1 | 3cf3358bcf50dcc162794e9f84aec14af8e8dae2 |
| SHA256 | 6c1d9aab5b599263205b8309a2c90c87b1a72d02230f5c35e33c7ba1bbb72164 |
| SHA512 | 906a9f0c9c0798b3f5a6f437bfd60f6c093ea4e38593b54dc06ddf50b101fa87cee4aef9b6dd6765f23b334c05c403dd5c75937aa4c040a47da4300cbe8c7c59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb254ceae0a1acf0ac2af2e5ad415c16 |
| SHA1 | 34fcd05ae59a5ede2ddb4325d3fd34a7feb4a548 |
| SHA256 | 2f1ee84061909e8a3124f0c16e8ce984a419f4c56d5e6ab2d66292e11d4fbc21 |
| SHA512 | 42aee313629dc1aabccdd8a9cfc3111444e94c0aca29a8f7838541ec97a95618938dce61d8d7e9a44516d8b7eb711ccc96a70438f2e07383d1c12eba416d4411 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 142385b9d31b47e36bdf6a8b6f7f016e |
| SHA1 | 37e4bcbb68ae49ba83c3e68f003c4d5b1c03efbd |
| SHA256 | e2955497cb68e2a2f38955c6689186b71c9512c8e803dd277ac67e1b3a2510ff |
| SHA512 | 9066cf757b8e2679cf0e4eeb43fdc5420dd8bc9a9c18125c2cf8e77674cb5a29f0e7b6e06575c2e0602f5c3ebb8d5c9ab9502ef02fa23e4338406c7b59835ec9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38b4afe6cb8883beff47b7cfdacbc29c |
| SHA1 | 2c065dd7f15011950d56d8ae126f6e76f2e71ff0 |
| SHA256 | a31416d6887eb6c3d4c14ee4eecefc9d79b20961cd80734a6aceab92acda1b78 |
| SHA512 | 8b285bc08e221e9f9066612277cb2a0ce48571f32f948556aeb3fc75d2326db0ab9803c9ad77bf805756b6b9e18a36c923038393f999c19a8d7f07469d3fe418 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06f7c55b4142fddfd01d760446857afc |
| SHA1 | 233c042f9ea825540354140b1a35f7d594bd1b06 |
| SHA256 | cc6f5a8a4d9cbef22d4b04e6eeaea8253d2ffe3132f1b756ac87dcc76fbd6b40 |
| SHA512 | c571b0db3ac469552d0207130685472101b0198e303b143de5b64af9906ca50c61a66f2b122dd47d85b8cf355b57ee83d696ff5c367b8cafd879c6e2c168044b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01152f152783694a2dfeb8d255a943d0 |
| SHA1 | 96906e325d26e3b056feec462bfdf91769da35a3 |
| SHA256 | c517035cb62ca5154c6fd2bb94334e83d0b50937c3a193cd62bb8a37df227235 |
| SHA512 | 99e8f04f609506c18ffc980d8bed62ee8af9855989f4b4423f06ff63cea3a40709cdc51c16a19ae9c8d44f974050b72c62af534637f02c40a1a741cb8d61a23d |