Analysis Overview
SHA256
b86a3dc834b89f7ba9d246ed34f5c1b954977c4749ea955c040fa4e10011a539
Threat Level: No (potentially) malicious behavior was detected
The file 9176d1e7269d5a57617ccd88d6ac2735_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 10:34
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 10:34
Reported
2024-06-03 10:37
Platform
win10v2004-20240426-en
Max time kernel
148s
Max time network
141s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9176d1e7269d5a57617ccd88d6ac2735_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7e6746f8,0x7ffd7e674708,0x7ffd7e674718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,1491349623922060146,587530457922385233,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,1491349623922060146,587530457922385233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,1491349623922060146,587530457922385233,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1491349623922060146,587530457922385233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1491349623922060146,587530457922385233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,1491349623922060146,587530457922385233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,1491349623922060146,587530457922385233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1491349623922060146,587530457922385233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1491349623922060146,587530457922385233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1491349623922060146,587530457922385233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1491349623922060146,587530457922385233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,1491349623922060146,587530457922385233,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4900 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | hotnewsjamaica.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 8.8.8.8:53 | 1.gravatar.com | udp |
| US | 8.8.8.8:53 | www.feelgooddrinks.co.uk | udp |
| US | 8.8.8.8:53 | prem0.hiboox.com | udp |
| US | 8.8.8.8:53 | www.fr2day.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | bistrochic.net | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.cornichon.org | udp |
| US | 8.8.8.8:53 | www.cuhk.edu.hk | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 173.236.138.195:80 | www.cornichon.org | tcp |
| US | 172.67.155.242:80 | www.fr2day.com | tcp |
| US | 192.0.73.2:80 | 1.gravatar.com | tcp |
| US | 172.67.174.2:80 | bistrochic.net | tcp |
| GB | 88.208.252.9:80 | www.feelgooddrinks.co.uk | tcp |
| DE | 195.201.110.90:80 | prem0.hiboox.com | tcp |
| US | 8.8.8.8:53 | www.examiner.com | udp |
| FR | 52.222.169.9:80 | www.cuhk.edu.hk | tcp |
| US | 172.67.137.61:80 | www.examiner.com | tcp |
| US | 192.0.73.2:443 | 1.gravatar.com | tcp |
| US | 8.8.8.8:53 | b.vimeocdn.com | udp |
| US | 172.67.174.2:443 | bistrochic.net | tcp |
| US | 8.8.8.8:53 | www.feelgooddrinks.com | udp |
| BE | 2.17.107.67:80 | b.vimeocdn.com | tcp |
| CA | 23.227.38.74:80 | www.feelgooddrinks.com | tcp |
| US | 8.8.8.8:53 | examiner.com | udp |
| US | 173.236.138.195:80 | www.cornichon.org | tcp |
| US | 104.21.86.218:443 | examiner.com | tcp |
| US | 8.8.8.8:53 | feelgooddrinks.com | udp |
| CA | 23.227.38.65:443 | feelgooddrinks.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| FR | 52.222.169.9:443 | www.cuhk.edu.hk | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.155.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.174.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.252.208.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.110.201.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.137.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.38.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.86.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.38.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hotnewsjamaica.com | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_3628_FEUYQUBOFYBFSOKH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5deb1068a803afa480d6bbd562d14a5d |
| SHA1 | 5af36ca708fa2f48624df6cc91a74991746736ce |
| SHA256 | 1df05704dd584ede3e836a764ea1b199cf3f1c7e0719bf6e20837f748e220241 |
| SHA512 | cee95001a52db8db1b0c2428e29cf6825b536c4143c39ce66add90c26cbdb902198eafa4eeff518f8b593200491830180f40602ccda582eb5322ecab39bcf135 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5757f9c008c69e009082d8b1ae81147f |
| SHA1 | 09c2178881a16d8576894ecc25fd366782f12160 |
| SHA256 | afb5b54309ad4c2bed5bb2ae6ca3330fd19f0cd036ecfce119c4dded4e393b11 |
| SHA512 | 82fa12fabeb48ce640dd21d496e6d64cfdac04bb35a372fdd9efd9fabc5aa93ec9c5b0b56293e921c547ea0f59df470579e18256c2954671928fdc30a47cc715 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b422037bfa8e9372b8870d0835bcfbba |
| SHA1 | cda0c270928a63138970b73254724f121aae0fd4 |
| SHA256 | 07f04b93825a5a0d808047a627dc1a6111a6407d27a142ac13e548121704906d |
| SHA512 | 648fb4c48d0569e79627d5e02577e50e9101b2c4fd358bfc414623a57bc5892fe156c812f1c242f894244a344762b8cd2a27e73a3adc802f9047005a17f08885 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5ed50f4f9f6822162edd987d51b22aaf |
| SHA1 | 512d90e4ea802a78bb90ce0278f83ec753c970ac |
| SHA256 | 516bbadb551b4d89bb0fee96c6c596ac1f74031c0d59a91c5128461674aa3002 |
| SHA512 | 7562dcea521f853fddf8642b882eb4a60388d1a951cd2be814bf77673adaaa5106dcf90b617060c4832a51de838fee54031c825f80a7d10625befe9c5ad61433 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 10:34
Reported
2024-06-03 10:37
Platform
win7-20240221-en
Max time kernel
144s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423572768" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f04eefd74a01044cb31a63aead4f40a100000000020000000000106600000001000020000000c0eb1994c496df45fe07b5af6f6cac2a74e234ff51877f5618a30f5b8c7121c7000000000e80000000020000200000009e5cff4bd17bcbe5a623342adc75a4f2cf0ac4579491277ed0330a9c08c88810200000000f1b71633fff7504aba87888e62bd636d7e44d7d24dc46a6ee3e2ea6956738a240000000be21c905ea9c5e23fb803d01d9bbc3fbd9c6f5ae13161a1de68b7f2fea765fccdc2d54135fdae81d7763a24a5910244d22415baa45aed9322298673a50fe099a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EE87D351-2194-11EF-9542-4A4F109F65B0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f04eefd74a01044cb31a63aead4f40a100000000020000000000106600000001000020000000276a29d23023c68062205f802b9f709bc4dc31426f1d50fe4f959aad2a515c51000000000e8000000002000020000000ba7ca659fd5111c6197c7a2bb0941614d897fc2f0cd46ed75f0fe237385db81d9000000037804f55df385cf5bf0d7cdaf8b08c6af15101308fe6122094713c128277a88b8a845662c5dab7f35b94b3fb96dadc47c4c3226deadb4ddde07a603f3068ce4efd24128a39894a8108877e42347f2b223786afdba956f4fbed3db1ec5ed07a0797b8c13b11d7b7ab279e82f7545f4b957b5c03c104de81853d6da684a65d81127eaf367d9dc09e7f408cd8a099208f6b40000000e64ebfc53cab293a9f36bebbc46252557bab7dbcf923f0ea7741229ff2a1ac46ad4f40d91b2f14f692c436a50e8aabd13b31a27dc03eca0739a41d694f3c65e7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d01d16dca1b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2796 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2796 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2796 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2796 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9176d1e7269d5a57617ccd88d6ac2735_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2796 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | hotnewsjamaica.com | udp |
| US | 8.8.8.8:53 | 1.gravatar.com | udp |
| US | 8.8.8.8:53 | www.feelgooddrinks.co.uk | udp |
| US | 8.8.8.8:53 | prem0.hiboox.com | udp |
| US | 8.8.8.8:53 | www.fr2day.com | udp |
| US | 8.8.8.8:53 | bistrochic.net | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.cornichon.org | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.cuhk.edu.hk | udp |
| US | 8.8.8.8:53 | www.examiner.com | udp |
| US | 8.8.8.8:53 | b.vimeocdn.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 192.0.73.2:80 | 1.gravatar.com | tcp |
| US | 192.0.73.2:80 | 1.gravatar.com | tcp |
| DE | 195.201.110.90:80 | prem0.hiboox.com | tcp |
| DE | 195.201.110.90:80 | prem0.hiboox.com | tcp |
| GB | 88.208.252.9:80 | www.feelgooddrinks.co.uk | tcp |
| GB | 88.208.252.9:80 | www.feelgooddrinks.co.uk | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| BE | 2.17.107.25:80 | b.vimeocdn.com | tcp |
| BE | 2.17.107.25:80 | b.vimeocdn.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 172.67.174.2:80 | bistrochic.net | tcp |
| US | 172.67.174.2:80 | bistrochic.net | tcp |
| US | 188.114.96.2:80 | www.fr2day.com | tcp |
| US | 188.114.96.2:80 | www.fr2day.com | tcp |
| US | 172.67.137.61:80 | www.examiner.com | tcp |
| US | 172.67.137.61:80 | www.examiner.com | tcp |
| FR | 52.222.169.9:80 | www.cuhk.edu.hk | tcp |
| FR | 52.222.169.9:80 | www.cuhk.edu.hk | tcp |
| US | 192.0.73.2:443 | 1.gravatar.com | tcp |
| US | 8.8.8.8:53 | www.feelgooddrinks.com | udp |
| US | 8.8.8.8:53 | examiner.com | udp |
| US | 173.236.138.195:80 | www.cornichon.org | tcp |
| US | 173.236.138.195:80 | www.cornichon.org | tcp |
| CA | 23.227.38.74:80 | www.feelgooddrinks.com | tcp |
| CA | 23.227.38.74:80 | www.feelgooddrinks.com | tcp |
| US | 104.21.86.218:443 | examiner.com | tcp |
| US | 104.21.86.218:443 | examiner.com | tcp |
| US | 172.67.174.2:443 | bistrochic.net | tcp |
| US | 8.8.8.8:53 | feelgooddrinks.com | udp |
| CA | 23.227.38.65:443 | feelgooddrinks.com | tcp |
| CA | 23.227.38.65:443 | feelgooddrinks.com | tcp |
| FR | 52.222.169.9:443 | www.cuhk.edu.hk | tcp |
| US | 173.236.138.195:80 | www.cornichon.org | tcp |
| US | 173.236.138.195:80 | www.cornichon.org | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar171C.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab171D.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab1740.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 599d78ff9f5d40b54ce301fe1416f978 |
| SHA1 | be1e6b6827aaf64bf6633aeb3f559bdf671ed36f |
| SHA256 | f95066656e659bbd67de9aaa4d1119ca7634b0d24ecf62d64af47c04effd1177 |
| SHA512 | b023fe99fefd1da2430db19069d9fdeacb73ea331692f15a2a896a88144bbc2ce1563d1d4906c554660037f8b98614569a20d456b0bad977092398c596adfb2c |
C:\Users\Admin\AppData\Local\Temp\Tar17C2.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a9696ebb47e49ea98083818abd3e4bb |
| SHA1 | 50a22f55215717f31372ec7b2dc4ab9c61323722 |
| SHA256 | 613b1e245c1f0b110c76bd8104a2f6bfd5673cf8baf165df8409b2abe9eda2a0 |
| SHA512 | 8d2ce1d036934b953246fa12cc4cd5b79cbb657e303c1b8fdd85e6deac2e229e97bcf917bb99f6751181b0280022da61b383f91a1d374721477426ce3fe41949 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 077f8d1739cadbdf0ece7eddff699f96 |
| SHA1 | a6774f3f66d61c03bedf8724e038819bc2d60dbf |
| SHA256 | 4e61f9764b8a5c111a82eaaa50461709ec4bc7f7e6cdfd2979b6ceb91429be5e |
| SHA512 | 66f7f579c55034c937bf759d642000ddd31e295e0b4fe38be0ab95723655c5c1701ba303ffef02f7a442fbe448211e9b1c978c72f4854c1ef84fe9d35e732102 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ef881d31d72fff39ed08209a38e5274 |
| SHA1 | 973f704166bc471bebb6c3dc06ed6a554b46c7a1 |
| SHA256 | 3bc09d29dd0013b29c76f9af7c581577359e7e4c22d9821660ca33a6fb34475f |
| SHA512 | 45a994ec3d7e1a23ca3205042b76c32468cfbcf8f0552834bcd0dc372335f4aa94921ffd4e6c8535c466db24d68d69e45d78fe7b7790535965f05ef96a0cda35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cd8cb3a3b038e18d4d135b6b2260974 |
| SHA1 | f1c0834b74c138c2ec6cd3349798c4e7b3cc3e43 |
| SHA256 | 8879681d7e224965b245a161c54e1e7d0f91f397de1adc77c9b7fa64885fe860 |
| SHA512 | 5d47366c5330cd8a0057d15d0f647728db30b31d9e944db0ffa361ef99b2a1ebd0f12aff395940ac470fc5f120e981890b293e789858b14e6e9f57dba4e17af6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32f049c63c47db31c54bcac69ba924ef |
| SHA1 | eadd466ff705f928242bc92e81ff0f766146093d |
| SHA256 | 08b5f727548652b629a558d2ebc0d42986a9fbec4c75c55ad39dd88c74118451 |
| SHA512 | 54de1c00983b96f3ca9bc1540b9e127522e17d169bb697f7ce5c462166bbf94c3f7e1811ecb32a3b4c2e75bdcf3d7c1e207b5d9a40f1f2c5233a17b23b2a4ae7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 1db2223002bc1a1723006df5d0cb5060 |
| SHA1 | 13fea85d81816a2cb28deeb94e6041117548d1b8 |
| SHA256 | 1ea291ca4e1d29faac68e1366c98df89d587873261f562567eab2e7de46574e7 |
| SHA512 | d686d351cfbc21b401ffafb7dfaeccf557df84bdc3b5cac709ad2ed1a8a2a6993be5aa53152f4d2ad193cc0b08d562ab9c8881bd695d9fb6eac6a437bd5e0f15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2a91f62fe22960406d2f312d010d107 |
| SHA1 | f56bb7b70a4589b50e3d7b9b62b3d7455852025c |
| SHA256 | 04703c5ec316865a3f8191a14c02cb999df41894f6ebc4bbec3a94e149f46d92 |
| SHA512 | 0f1065f0e39da7e8a3a3ecb7291a47c692c551aadbbbb7d88cf33fd75b3050e03c9e78787015443e017b10c9551b9484c277457f53941a3b9c1e414bc557a2fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f16199d1a034cf62f6ef72658c9bc2cc |
| SHA1 | bd910e0e63a6fc079da4d7cd1f24f66fcce864e7 |
| SHA256 | f013a7417c67fe6a3c897e08d162ccb6364f19f2404b4791fd846fef073f343b |
| SHA512 | e8a67dfca0f8385294f95d8bf6192756b4648f738bc07107fa865e3288d488e54d30fc4049b3c5999c2fd7ffa23cd29db619b657d601231fa31be77fb550e3df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2972b2fcc07a56174bb4a0ebac45a27 |
| SHA1 | ca92a221ca604124c718b5ebbb1eb4f029ee16c9 |
| SHA256 | 277439b07505149cf1b4bb1a366e3b1c8faa4885031e88460e9328f4fe9b3b42 |
| SHA512 | 29d1cd8827d0a5cffe833b250324be4cecaebcfac7a8d54cb5e6c8f7139fd22f1de087e7f356aa67160ce360d146832dec5649135889ce20ade55189caefb121 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93405fa50aba5304d35758790d9a8567 |
| SHA1 | 2d6d22ff4650e784dbe3f7237283eec2a8f58686 |
| SHA256 | b1887fbf7849ef9e33c162999aa6aa9ea6baca218f4ee7386a567f6d07edb8da |
| SHA512 | 06a8480bd2dfb4f0617d4c03c8099534b7fb7c20258534fccf00f718b67214426ae669fcaed700b05076de1d3dedf38bbc35144c9c22ebf19bf682b6382fedce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e90e86b3ab99434f744de84d54f21cc1 |
| SHA1 | 545548b150e22c82f2bc1d648873f2ddc7561386 |
| SHA256 | 9d443eda37dc11185f8dba65f4cdd7eeada38a9ba85f65c61450bfc090aa901a |
| SHA512 | 65a9d117cd7e3b5aaae2d1d9704b5377fe1d100075d81eeb2a3c126a76951337e567ff160911450867c011cfbb4ed09bdfcf45fab9051c0d79486c9ea2288445 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 0dd39deb59a05d39c9feabc90f19c620 |
| SHA1 | 24856884f8cec97f49cb126c8474e73ee46fce38 |
| SHA256 | 37986aa6fe09ec71f767489abc5e95287fe5361fb2de89f86922938a6d31fdd8 |
| SHA512 | ec64accda63b36b0d2ecad64b8e09e568631cab82f2b1e4f933ffafbee70cc78e12f071520621b11d68a6f583b9b8e64fefdbf7a7bf7cf3af3c187be126194db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b005466b3897af828693e49f7adcdc3 |
| SHA1 | 24422692135cf0d157a318915874263a652358ac |
| SHA256 | a670cae1cb30fa86ac53af05f6a8704ca7d710491c6ff187962fe3fdf34c1269 |
| SHA512 | 23d08de5ccc53aae310dd80e9940b92d427ef127ccf84b93e066ec392b00345c20031c1093c2033011a376ead43579e96abf9a94d35686cc3168af07ea6ab970 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 638e76bb73704f0c8c07c0aaa5238115 |
| SHA1 | ac24c5a557fb17c8b849b01427505c4c32d71a9a |
| SHA256 | 7d5c6414d8385225c54af2171ca613910de3a2072e5cd35e78ccd23de87dd9b1 |
| SHA512 | 378b9ceb5049e49677096e44ec27adbcd8fa229bb19e552626e83674f40d5f4d5cdd82248481c41dd930679169c866e958f6758b0c150ac42f0d77a632681d2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eaf7b1cf17651b3e8adfb7175bef1b9f |
| SHA1 | 00e89fd07d3da76ab4a3be25f6c4db99c044aeba |
| SHA256 | c1c89b452ba9cb8d869246503a354b8da5cdf70b3408a45f27d2e6a42cd1c5b1 |
| SHA512 | 268ae80ac6bfe5b88c231a92f1677dab5dfa3a15d965251a2b2b47c1b06dd807521ae1b5907aa27ab2417cbd809eaeba930d294db10905f99f4251727e61e1e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc4785e110e2f9691b9378d212a5e4e1 |
| SHA1 | cd6d2bed4e48608c0271a720fe6d5fffe9c92966 |
| SHA256 | dd54dfccf291930bd26f01409fc75c7397166f07c9306cc578271c24970858cd |
| SHA512 | e1ddfbef9e68e1991d1d83fab10ba2a39d851e567d2907bc56c734b3a2dc4efea0e4951c55e4aa2c8c8652040ca533a1a9a812bb86c94d12ba3554a7e145fec2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 708dd8fb5e575baa44d78dff48478edf |
| SHA1 | f340949f2e93e116c69238d08e64b2d694e710e3 |
| SHA256 | 2dfa9c0023cabad8f3eea2560095c8ec9d05afdf9258df9e24dd066fece18a20 |
| SHA512 | eeb5ee49aff3626d5232d1cd6e2521a8b28a09aab725e26c063c5fdd9628e775634f4f807d904cb9b74c3f797d1d93e2dedf4202765c455523125247d90a6ed4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76001d6c6cfaed4a7d02f20ad2d0dab7 |
| SHA1 | 6b70db3064c8f6145a9e58c66d9d2f243b4c3876 |
| SHA256 | 0f763f44285c5bf5e61f890e688fc97f6ac653ce7aadca1453b146d2da6690bb |
| SHA512 | 148861939929bcc05014133b29f690221b72552c3b08ed8934b6947b1dfc2b15405a89f7c2ccb80067b5955e6ee1582ffea1f7bf28de62a062b3b0361867de5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73bf38478e759ef391baf0057c699128 |
| SHA1 | 0fb913f43126d53d314b092620dcaa877e1820ae |
| SHA256 | 1f5f13f2aec7a5204a2d99edae6584c58bdb7f172e7190db729b1b08fb233fdd |
| SHA512 | 372f6ba34ffc76118768414c3be48e3fe1ed16a3cefc238a317c432e016e132f7ddbbf114cb1f3480c5e421bebf1393820d9876b444eff11b1c9bd7527832d89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0733e3acb7ea23f4d621ac5ce4c24e92 |
| SHA1 | 6b07d10635c810c9af982a755fba24dad1babeaf |
| SHA256 | c4a19477ea4e8dc1b0330cd98cea4d1e63d1d377c59646a1a0037d475097c8b9 |
| SHA512 | 463f713393d7d1375545d7ccd51047f79b588e4498ce6f15486bbeb1788a259d2196bac46a62f132575637832a00e5d6864a60994714e01170879cb316312d96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73115e3f93522fae6f5328c69a654984 |
| SHA1 | d4623713b62e2aee759a60222f65b8b7e3b8ea54 |
| SHA256 | 865cbc6f79dcf98ce17707e9ac07353ba5abbc521a4941ba756ef32241bd502e |
| SHA512 | b202570b071f046ebeed819f5a53addc90d11ba38f7894a7f13e2bf7dceb7bcad052729b8d18602c8c94204e5d93273312fb13ed25db47f41f3dd117fca7e289 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e02b66fbc3a75cbf0cf6d20852eab7f4 |
| SHA1 | 9e72a765b0aa07157602769b1b53d28439227bb5 |
| SHA256 | 4f71dd75ec7136d444ca853b32f4d09d524b550217c1b75ec1cc4c8dcf554ec3 |
| SHA512 | 50aaf540bfeb6f42c8e564efe2896317e8c02a3fccec128868228150c4a2969bc40200c92cecc60babed41d9b6a61bb0cf45167f451876c38c81be0f16b18c6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b027fc646d568a79227b69312f6a58c |
| SHA1 | e205a339e7fca4620f6d5086fffede8e17c5a9f1 |
| SHA256 | 90d28c12222a83dfddbdb469d0738cf07c1d4afcb169b80674e25aace98e1d23 |
| SHA512 | ad6f56d4cf55f27a3057fb61b82351681d0ecff2d9d5e46e7a081f82f7e31f3c2e60de03a40fab2737f1a039e8c7fe61b97c90504efe8505561ee951f02e6ea1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30b50bc02a7a5c2e0fc96db5c262d0ea |
| SHA1 | e94224d7326713d143be898a7f43c02d9818ddbc |
| SHA256 | 12ceab71e49c2235ac5620de235cd990f4645b26080ec74b7e7147c447903fc0 |
| SHA512 | 562e05bb6bb96ded8f7512ee96c9463f7d40a90a491240cf52f968727d485ae16b61ffbc9709f33125bb5d8f767bb0309ff89d94f032d052160d74019a481522 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53ead724f9019fe91991dd893612110a |
| SHA1 | 17886dc0a013aea725b610d14c1e09dfab37de31 |
| SHA256 | f01fecd264e8af32ca5519a6e9fd23ffaa69a8600f2c80b091a347aa7b472579 |
| SHA512 | 745ac307c8dfc17acd245489d3404e0681f9bc6e2fb7051b1289b9d12f515a52d620f52655aa6ecf919be872e0b3df360ed4de24b91c7fb3d3794f7ec12f88df |