Analysis Overview
SHA256
e020b96577bfbf450c66f1e9626b83c8afb1b222c72e29ba8e9c84a7e3692aef
Threat Level: No (potentially) malicious behavior was detected
The file 91de7f792406b8a04ab191024946ae90_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 12:58
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 12:58
Reported
2024-06-03 13:00
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
141s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91de7f792406b8a04ab191024946ae90_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f78446f8,0x7ff8f7844708,0x7ff8f7844718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,141852334290408149,6218046479884902872,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,141852334290408149,6218046479884902872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,141852334290408149,6218046479884902872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,141852334290408149,6218046479884902872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,141852334290408149,6218046479884902872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,141852334290408149,6218046479884902872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,141852334290408149,6218046479884902872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,141852334290408149,6218046479884902872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,141852334290408149,6218046479884902872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,141852334290408149,6218046479884902872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,141852334290408149,6218046479884902872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,141852334290408149,6218046479884902872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,141852334290408149,6218046479884902872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,141852334290408149,6218046479884902872,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3064 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.meta.ua | udp |
| US | 8.8.8.8:53 | pro.hit.gemius.pl | udp |
| US | 104.22.65.144:80 | static.meta.ua | tcp |
| PL | 185.11.128.204:80 | pro.hit.gemius.pl | tcp |
| US | 104.22.65.144:443 | static.meta.ua | tcp |
| US | 8.8.8.8:53 | video.meta.ua | udp |
| US | 172.67.25.217:80 | video.meta.ua | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.65.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| US | 172.67.25.217:443 | video.meta.ua | tcp |
| US | 8.8.8.8:53 | inv-nets.admixer.net | udp |
| US | 8.8.8.8:53 | video3.meta.ua | udp |
| US | 8.8.8.8:53 | cdn.admixer.net | udp |
| DE | 116.202.167.133:80 | inv-nets.admixer.net | tcp |
| LU | 92.223.84.33:80 | cdn.admixer.net | tcp |
| PL | 185.11.128.204:443 | pro.hit.gemius.pl | tcp |
| US | 8.8.8.8:53 | ls.hit.gemius.pl | udp |
| PL | 145.239.237.56:80 | ls.hit.gemius.pl | tcp |
| US | 8.8.8.8:53 | videostat.meta.ua | udp |
| US | 8.8.8.8:53 | 204.128.11.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.25.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.84.223.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.237.239.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.167.202.116.in-addr.arpa | udp |
| PL | 145.239.237.56:443 | ls.hit.gemius.pl | tcp |
| US | 8.8.8.8:53 | rtax.criteo.com | udp |
| NL | 178.250.1.12:80 | rtax.criteo.com | tcp |
| NL | 178.250.1.12:80 | rtax.criteo.com | tcp |
| NL | 178.250.1.12:80 | rtax.criteo.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.1.250.178.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_4472_JQVNLASCEVNUTFCJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 76be613bbc2aa59f612c69962d682ab9 |
| SHA1 | 2624ef286a1731d561f49d34904b7c4321e2090d |
| SHA256 | cf43f6e3e44ebb2d37efa4accd025709cd099c61be1c09f8613ad167732285dd |
| SHA512 | 08bbfbaea5080f9b3d984606992c92b146723f911bb26abc00b471e04e143cc5ac37918040059265a327120fade4f3b3754ac4cd11cf0a81e0ab586619ebc454 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ad9bf976851d9c6203508cce634de468 |
| SHA1 | 180fb158a3bc61191e52abd0d31f89b0acf81813 |
| SHA256 | 463782aa1eb7329602ec6073ec0e1ac9e6bf84dd40bbe7351a34a6176b282078 |
| SHA512 | f2073a04fd249a3fbbe48a1db841d8feabc01e718b8b7a38caf551612ee66e455bb5be38d8fd6424943ce739b4ba47fdb5a51a9dfd43b79c6f25def599bb7998 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 51474b965155db116743664884bb6698 |
| SHA1 | c3b074d430d5ff6d28af8b18d50a282779e0f1df |
| SHA256 | ef7811d0c154cf62b075a7e47db294c994e8b7928d915776648fe6ff51e5567c |
| SHA512 | f6f953238b7b622cd00195d424e0a23322e55d62921298c0bdb53feab72a30f6e2336d95ac70e346e027a5c876565da9e31fb5dab61fc1d47a877f0a14ea611d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | af99deed50a54561a207146644a17a9e |
| SHA1 | 5e79ad9a9128b3a524e0e4f841e5882ef5a3d60d |
| SHA256 | 287cd720b018db6c01f42694097d443933caed5cea7bc69c40d2ba946f156ba9 |
| SHA512 | 18a57d6a12432cf075449f801b76db8fb3b5de219b39f6d09805812303f2746136e32081dba020f0ccde9b3fdfae5a28e1ec60e361a94541d86177475805277d |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 12:58
Reported
2024-06-03 13:00
Platform
win7-20240221-en
Max time kernel
143s
Max time network
143s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000aaaf5163e9460840a306543ad49429bb00000000020000000000106600000001000020000000b2a928b9dce2c6e990de9ea632783ae2fb2fd611576c60c52bd3413824306230000000000e8000000002000020000000bc2dc1f36a65a3f377ccac74bf54a58ceea38f12dee8b04c6d7fbea0222682f12000000019bb11476105438a2f0738fb366bf944d3c0f51112662fd25c91898e1b8c0bda40000000c542c252cdbff7ea0fddad58cfaf841f0ba19f2c62767f222897b6ec031c432c3d6e5f44d818dbe75d1a43e7a825200a53b2c5d39f5e4f7bb6ee30a20eeaf9a9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0a48ec1b5b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581352" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EA657251-21A8-11EF-9969-66DD11CD6629} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000aaaf5163e9460840a306543ad49429bb000000000200000000001066000000010000200000001f302033a34dedb14420a017ed8ecedb595f3d46abb4d02948060f20c4571022000000000e8000000002000020000000731027475610ae409aa3ca4bcf503fc19197d3bf1d4e681fcd8c95ead2af3e1390000000fd6777cb871141fc057ec3154a22417819709dc98f8bf8eb3c4755ea0282237ebbe7067433e7900a9cdeca8f92347cd6d6cbc8d4b9a49d1f6336fd9dcbfc98459ecde4e386fb16a717906d3c9a2ecc3114406cb4d1f16b0590bbd4169cbbdf7a0d1c8d4d44d6435867ee721ec7df659a2b89a73c8748552d52aac6ba9090d6de6367b859dabd9e04061166118fa329a9400000007620e6b79f80a99f5b51ff721e8d2731c6a35198ee03d0f0217158da3fc81fd2b0d189d488ed40d975c877bc7bf7e8b3a90e55dca2f5bd7b29a5c734c8c325da | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2948 wrote to memory of 2944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2948 wrote to memory of 2944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2948 wrote to memory of 2944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2948 wrote to memory of 2944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91de7f792406b8a04ab191024946ae90_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2948 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | inv-nets.admixer.net | udp |
| US | 8.8.8.8:53 | static.meta.ua | udp |
| US | 8.8.8.8:53 | pro.hit.gemius.pl | udp |
| US | 8.8.8.8:53 | video.meta.ua | udp |
| US | 8.8.8.8:53 | video3.meta.ua | udp |
| PL | 185.11.128.203:80 | pro.hit.gemius.pl | tcp |
| PL | 185.11.128.203:80 | pro.hit.gemius.pl | tcp |
| DE | 116.202.167.133:80 | inv-nets.admixer.net | tcp |
| DE | 116.202.167.133:80 | inv-nets.admixer.net | tcp |
| US | 172.67.25.217:80 | video.meta.ua | tcp |
| US | 172.67.25.217:80 | video.meta.ua | tcp |
| US | 172.67.25.217:80 | video.meta.ua | tcp |
| US | 172.67.25.217:80 | video.meta.ua | tcp |
| US | 172.67.25.217:443 | video.meta.ua | tcp |
| US | 172.67.25.217:443 | video.meta.ua | tcp |
| US | 172.67.25.217:443 | video.meta.ua | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| PL | 185.11.128.203:443 | pro.hit.gemius.pl | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | cdn.admixer.net | udp |
| LU | 92.223.84.84:80 | cdn.admixer.net | tcp |
| LU | 92.223.84.84:80 | cdn.admixer.net | tcp |
| US | 8.8.8.8:53 | videostat.meta.ua | udp |
| US | 8.8.8.8:53 | rtax.criteo.com | udp |
| NL | 178.250.1.12:80 | rtax.criteo.com | tcp |
| NL | 178.250.1.12:80 | rtax.criteo.com | tcp |
| NL | 178.250.1.12:80 | rtax.criteo.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | a3ed64c50a15be1c4e8f7cf58fcd46fb |
| SHA1 | 8631c2206d07e1542e3de1883c1950d16ecdf9ee |
| SHA256 | 7ffa2592cc192ed63e8f7bc25952734eb3f7ff5ff45ef789e389e23ebead4839 |
| SHA512 | e4bf3f920235d6e147cef7a7f44f4ddafaa9ee6cd620ace66f9020fb3135327e1edbba4939dc7fa6d4abde2093f0db38ed42d3ce987a655e54c461ce7ece5a56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | d4ae187b4574036c2d76b6df8a8c1a30 |
| SHA1 | b06f409fa14bab33cbaf4a37811b8740b624d9e5 |
| SHA256 | a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7 |
| SHA512 | 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c |
C:\Users\Admin\AppData\Local\Temp\Tar2041.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab203D.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2155.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df3e9880cf71ceb57a9c3ac45f301337 |
| SHA1 | 05759fc045cc57eb0aad2cecb0deb851d690336b |
| SHA256 | 9b59f029c809f4dcece5df5228d6767b83ccc4ea972f0afeb33e87c7cb6607f4 |
| SHA512 | 50e5c6c51ee7905087e7879815d0aa8d3f24a2041fa2c6f2423ac702452d3da82133107a40c2361a91ded29d4a5a75e04434772474a5def867d7bf8595356cdb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 618c64a666732478b7a65538ffa15f36 |
| SHA1 | ea8978960283deec7530e3d4629e9077a4680785 |
| SHA256 | afcff588eefe7d7d33c7334082337b6e6b71a853bc749b79c628877447638f91 |
| SHA512 | aa2020275288661af4f5aac4dbed7747aee5a65d86e4a65bebc79f90f77887a7cdf888987d884a2141313db1fcba37468da8db986cbfe3a197b7ffb881bf7a94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5cb438bf0a2cfddf82bd9826e3eca07 |
| SHA1 | e62924e88df5f1bb286a2ef2379264ebb07d9238 |
| SHA256 | 9ce5189fe9d3799007c09ae4c3fef9f75262119281945f9e492d57b0c6fba7cb |
| SHA512 | c94a669dc624a74b3ffdf954f0384f6da81b7727cac84622d2ca9ac81f8cbe6aaded3d05fe56baf98883d9e13f9303423cea5c17e87f9269775d35f0d3ea8ec9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bce700dddf7fe14e819a0b78c86bd84b |
| SHA1 | 47f3c1fe237c39d5ffedee26331fa7da5f1ac18c |
| SHA256 | 4f646d258baf2a7d26d868333e1f657dc48d807f2939dd692869fa6852c98cce |
| SHA512 | 934e82b8507753dba68496ee31d5bd78558b8c24274841c7af16e64714b2b8ba2483e82ad8bb19712fedb77cc0ab8234eb9b987b3b2409bc6352d27dbf1906df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f09db859102cc012e299ae8a153b2ec8 |
| SHA1 | 2bb97e15b7d798c8db36e8c9d49f7736033220e1 |
| SHA256 | 62228041582ea8049787165a909119f48780d283a27552677f1cfcea6aebbd7f |
| SHA512 | e56df981e5e0aa2096238ac466d29ed1863f1461a1112b8b593f7eac33fd2b0ee70d22ba7ca8e25131a056b34f34ddece6c4789b3e6d7e7c0a8976bd4f3c6acf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d94d986fef9101a1241608b2dbca14af |
| SHA1 | 52aee848f06f8c8f5422dc07628810c60d056d0c |
| SHA256 | 1051c9fc3931ae58406cdd9b2f68b3b87638b609bed40c5476c99ab4c2b9ea89 |
| SHA512 | 3a9cc60c2fdb69390b28a68a0a47f216551df85802cde37d638bf9dbafb7bfcb65e4968b30f58249d11fc398aa888ddc648df49df724e3754a52f2ffcd5e5c45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14d4a5fdd42be1b1e6edc32eaf63440a |
| SHA1 | 0e40d54ece43bc0664f6ccf861787c80149e7760 |
| SHA256 | 8d523fa51434ac566729c997bf31a95dce90162e1962e2a54bb008b43a308ce4 |
| SHA512 | 4bf92b8e0ecef41d27dc8267177a709d367873cc2fd07beb34ceb72cfc1724fe23f111345e592f4c6cebdaa9c80c9f5ee03935d02069bfa3328241cc033a221c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcd10e373517164908c2ddb4cfbe8088 |
| SHA1 | ae8d92ab4ef98e1b1f12b21515f8a9a532e62daf |
| SHA256 | d1f700d2e5bd50fa9fa199fa124da8294556e8754cde8d14229c886cdd4d3c59 |
| SHA512 | c4b67c10d3645aa9ab46e5841ab58210e57fff78b22a2121f20b795d45728ecb8ae4333870ad005dce2584a2463dc76be4dc85077074c45e4a784ae1ce61b3be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81c8cfbd4b03e70d3e1f2c86d622f9de |
| SHA1 | 030b86f76cfcacd67f1ad2414b0fe0dfdeaf2dfa |
| SHA256 | f976b46d70f702e56ed0b95c3cc2d2efbd0107fda3ad78ed04e7c89d5c860a63 |
| SHA512 | 409ce7c26edb0df4f2c270a14f88599fbe429796e92dee03c6ae569026f179857b579af925aa751babfd75bdd04c5a30b76a414501879299b4b07c107637e300 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0d98410a851e06537d50f63f2f5203c |
| SHA1 | 25516667137706dfc92c97498bb0ed25c6f19292 |
| SHA256 | deaa1e0820985b2f191860ad5e6a23d50e7353270d813615b0caf8a4e6f5d987 |
| SHA512 | 80bda6c3775dc42cb98e0980c80dc00cea2c7513ce0fc0821651836d446348771c60f5530e47fd0bb75aef9f4c6e4d348dd2dc3a6548418008305aad4c9ed180 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0efa368ace9f28fdec6a73d8327da64d |
| SHA1 | e3e7a22ef67a1bce68bedb733fa2ed59452793a6 |
| SHA256 | f58970e095abc22883a5bc00e08385d8d89849bfc0015014e82683633443dc09 |
| SHA512 | dd0509aa7ac2436da377e09494a2d33909123bd96e8d6857272d3454d432adf7884d39316063e4c01c6c2cc9ceef96a7dbeeba93b81ce209e4cc47536438444b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 115780ec0f3a171dba3966078f3f7cf9 |
| SHA1 | b7008a7ec248270ec45e746f10e0a3e027da7d9d |
| SHA256 | 5d95cdcb0aad54c90740b9d05580ac91e178527d4213bfa38404dfa97b126932 |
| SHA512 | 760f4ae51a290ab7aef7f83fb0d972ccbf36845d9babffa92a4d9ab55af21488e3a53927accbfb78a8545e5f046d55f930ff9613283ce6ceddde7e8d5bf95ff5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fd3c0ccd76750489e68f7433486e817 |
| SHA1 | b4ae10f0e8ff968cb238fcb19ae72bccacdef748 |
| SHA256 | 8309e6194859f11e90aacbc7045bb08f8b72527cd0647a9c92ea6c68c391a4cf |
| SHA512 | fe1d9569119d2b8ca7441a352c9623237ac8ded71d154d7b3aba6e6fedb663ed146041db9a684511ff96974c9b060f0820430f4ab45c64d0276c314146596054 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96649e6b1d21052b7619a55b7ea6eb76 |
| SHA1 | f27428087a2b9b082a893982bee8f3dacb1b7151 |
| SHA256 | fee138a7912aeb01c1a2870e6d4db92d9ffca22bd395d22e0c8285967d6df322 |
| SHA512 | 8f631db22a52b50669eac751611aa1a2ae87b760e1e1a7ca3f43014cdac39254e6850554059d9f1258d88fd7a500cb63d3ea690eb30698eb582e0d312476878b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | addc092699b02e25ada5b449b3ab2eb5 |
| SHA1 | bdeed004d106a655e46f9265eda9707e382ecadd |
| SHA256 | dc5ee8cb90103b98e62c5410870a0876868b49ff2ab7b17a6cbcc87d2054e86a |
| SHA512 | 9d07a2d18908baf96593b0e20df02c844900ec607ef00e35472882b49fafa734016e48877c098e09305ea2efc8876c8dd8c86b370993fab43f105ed0365ce6cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f15d9bd78441b6db6cd94be001524ed3 |
| SHA1 | 63dc45a6cc246c6f71b25e099a3b3fa6da718a00 |
| SHA256 | 013269ffdff869c7db3149facf8955f513eb2380c208663e68602c62b50e55af |
| SHA512 | 190a4dfe366ffd522ba5b429530bd7f267dc9d3eb4274dee0e0d90990ca05bc439cdcb944d5d11b81cb0ccb4d5be09798157923bdafe4bfbc24135628b85ebe1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6e84f9fcf704633258543dc94c19f48 |
| SHA1 | be360722ff97fdfbfa8f9fc54345350eff0318e6 |
| SHA256 | 68f7cfd3a94538f68e55361812ea01e803071c901747ff082ef7d90e37341710 |
| SHA512 | ee8e503a06cc058d1a4c4986c5f1864d7bd375c6383a16908ac93318be8ec65d65415ce7fe5c155d5f3abe6aae9c0b5728ec7d102d53777b633cc2c67638c75e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e171972ac8d97e81cd4f8f9afb785fe |
| SHA1 | 4c2f53c0b1973bcd95d9a8197a63e9dee63f0d36 |
| SHA256 | c68b3baae659b9663b1fe153c6e9e3f82a720b754e25d6bf86f387a121f73d25 |
| SHA512 | 5814a132e310e9252702c1abde797362b7c9a2d53142c0cf320c1c50165800109b53ca419a0a226f4e5928549dbea8188b7c5ad329f4a21a18b6c0ae6aa8c3ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7fce76b1fc720b8e703434ec4eb24db |
| SHA1 | d493f28ac386ce20b7f73f3f6c90b644409ddb49 |
| SHA256 | 88eb16ed50cf6b6e9eaade662769b27bd25e0b57aa081b28d1774e390811ca1f |
| SHA512 | 0d25786f67560fb6b50488531597dd9342b43cfb815d22165b2cd3e0793131ed32ebcc638560b4865e6db8248310662d8cf826da86789d6b6a0b6a6a22773caf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0935045685734fb3191eb25beee1b650 |
| SHA1 | 4550a6d2374a558cace9c6f88367c89da9ea0718 |
| SHA256 | e112262805c54e9bf1011c4c841d2436ac6b13e4aea8fcccd23b651c0ade9a9b |
| SHA512 | 4c86ee7c5ccb178bb454bbf2f17fb649ee372465829fbb4291bab0e11e95825d65ae8cc8efd9d5f5f2c27edd0e589a169a614377fe6c02de884545cbbfd3d7e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 3afeb14a9e157711ea9f6dc6ab9ffb0a |
| SHA1 | 10d514c4266e4d646696e44ba2161ee3d339e542 |
| SHA256 | 49438be9cf6b5dccfb412bc7f10ffa91e7027f20726648333867f1582cd765bc |
| SHA512 | 07e01912711117640b82c4efc6e12426b3eb74f4bd58c0192030ea88f9baf901efe97fd9ee63ae7d276f3fbbd957d20d8cecb075d15dc5133eaf8d8d077a4ff3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0518332889b56eaf3a4fb30554250aaf |
| SHA1 | a1d26736c77ca2afadb1962bea691c7ce3a69a1b |
| SHA256 | bad3c9b87fe3d32b1be8a975f94ad8ad125cc7d2171e95d6e166176a86951bcf |
| SHA512 | 2b0ce8b672c83f5fc70f73bf45eb9334ad1e8c5b1a4f3f93f70d4c2ed78ab16eb93c0e446cb401b3f0b8d784d553fda4120d74c5099b77e3bea84b5dc8b5e397 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96bdb7e0d6ba07129ae20c8078ffd0c3 |
| SHA1 | a92113e3a228e3e4573ee73ffa5a72ffa753ad80 |
| SHA256 | 6b878610d1f1aefcbcf3acfcc5648a39e052f56d6818471e1b91775151df96ed |
| SHA512 | 55dd775b3bb78b7d9da0efc634f508729eb98d643c518302d61ab7078841f484de54a26a2db237cd80e9094b24d1144f654e349c976ebd736e96c85e0cebf9d0 |