Analysis Overview
SHA256
ab0792f30aba3c382d965ac7498f1922619d37907ac1126d33ce4b7f7827f93c
Threat Level: No (potentially) malicious behavior was detected
The file 91e1cc71333c78abea6bf2f6cf8910ec_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:03
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:03
Reported
2024-06-03 13:05
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
144s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e1cc71333c78abea6bf2f6cf8910ec_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5a4f46f8,0x7fff5a4f4708,0x7fff5a4f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,16091127680709502557,1374103759721238107,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,16091127680709502557,1374103759721238107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,16091127680709502557,1374103759721238107,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16091127680709502557,1374103759721238107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16091127680709502557,1374103759721238107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16091127680709502557,1374103759721238107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,16091127680709502557,1374103759721238107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,16091127680709502557,1374103759721238107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16091127680709502557,1374103759721238107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16091127680709502557,1374103759721238107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16091127680709502557,1374103759721238107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16091127680709502557,1374103759721238107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,16091127680709502557,1374103759721238107,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5376 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ir.ebaystatic.com | udp |
| US | 8.8.8.8:53 | i.ebayimg.com | udp |
| US | 8.8.8.8:53 | www.ebay.com | udp |
| BE | 23.55.97.144:443 | ir.ebaystatic.com | tcp |
| BE | 23.55.97.144:443 | ir.ebaystatic.com | tcp |
| BE | 23.55.97.144:443 | ir.ebaystatic.com | tcp |
| BE | 23.55.97.144:443 | ir.ebaystatic.com | tcp |
| BE | 23.55.97.144:443 | ir.ebaystatic.com | tcp |
| BE | 23.55.97.144:443 | ir.ebaystatic.com | tcp |
| BE | 23.55.97.144:443 | ir.ebaystatic.com | tcp |
| US | 8.8.8.8:53 | ads.ebay.com | udp |
| US | 151.101.2.206:443 | i.ebayimg.com | tcp |
| US | 8.8.8.8:53 | p.ebaystatic.com | udp |
| US | 8.8.8.8:53 | pics.ebaystatic.com | udp |
| US | 8.8.8.8:53 | q.ebaystatic.com | udp |
| US | 8.8.8.8:53 | reco.ebay.com | udp |
| US | 8.8.8.8:53 | rover.ebay.com | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| BE | 23.55.97.51:443 | www.ebay.com | tcp |
| US | 8.8.8.8:53 | secureir.ebaystatic.com | udp |
| US | 8.8.8.8:53 | srx.main.ebayrtm.com | udp |
| US | 8.8.8.8:53 | svcs.ebay.com | udp |
| US | 8.8.8.8:53 | tags.bluekai.com | udp |
| BE | 23.55.97.51:443 | secureir.ebaystatic.com | tcp |
| US | 8.8.8.8:53 | thumbs.ebaystatic.com | udp |
| US | 8.8.8.8:53 | thumbs1.ebaystatic.com | udp |
| US | 8.8.8.8:53 | thumbs2.ebaystatic.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | thumbs3.ebaystatic.com | udp |
| US | 8.8.8.8:53 | thumbs4.ebaystatic.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | vi.vipr.ebaydesc.com | udp |
| US | 8.8.8.8:53 | srv.main.ebayrtm.com | udp |
| US | 209.140.136.209:80 | rover.ebay.com | tcp |
| US | 66.211.162.98:443 | reco.ebay.com | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| GB | 216.58.201.98:443 | www.googletagservices.com | tcp |
| GB | 216.58.201.98:80 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | 51.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| GB | 216.58.201.98:443 | www.googletagservices.com | tcp |
| US | 209.140.136.209:443 | rover.ebay.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | gha.ebay.com | udp |
| US | 209.140.129.54:443 | srv.main.ebayrtm.com | tcp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.162.211.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.136.140.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsrest.ebay.com | udp |
| US | 209.140.129.68:80 | ocsrest.ebay.com | tcp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | ir.ebaystatic.com | udp |
| US | 8.8.8.8:53 | stags.bluekai.com | udp |
| BE | 23.55.96.210:443 | stags.bluekai.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| BE | 23.55.97.144:445 | ir.ebaystatic.com | tcp |
| US | 8.8.8.8:53 | 68.129.140.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.129.140.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.96.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| BE | 23.55.97.144:139 | ir.ebaystatic.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_1472_UUTVODLVMYIUKDUF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\710a8144-6fcc-490a-ad61-ba2748cac463.tmp
| MD5 | 1a90387e5d74b40ef24d481e336f22a1 |
| SHA1 | 73f22887861c3e607f0cbfa311118c9b19f0f099 |
| SHA256 | 36a1932c3c5b81b07a0d497a1a93b4b8da0bd81657a91f984a91622975aa58f3 |
| SHA512 | bdfcd202c8322f0d06a58c5c8ba3ee1669b686522f9a8c11bed912fb7411ee475b0aad44b3188fff8e55c34604f46b93eab344acfa19d83aa39c0601dd284857 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e4f1fc1ef810fd4acb0fca71d20badb8 |
| SHA1 | 923ce14277da9b06470ef3d66ad11172e3ae625d |
| SHA256 | 46d7961d920cb844e8719b86a1da9ac19b58459f6ee52a41cdc623158b492946 |
| SHA512 | 28bd26bac95bd5cbaa41d1b20579baf544258adc9cde3befaf3ab49efdee42df516956da1452c7138244d9ca3b861e59419da1b00d7e780254d3e277f0359d4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5d675925433e04a580afb87f7dd0d09a |
| SHA1 | 63fe3882481e5902b9d3eb3c605b9097d580cb1b |
| SHA256 | 37e35a5542d790ab2b3c7eed042b31e6cc49718a4e16d3abc460133bc59aa655 |
| SHA512 | da78ccdbb09204c1b49bebd72227d2e325d1657afe2bb0e7c801b3cc04921d2949ec63b683d97297f311d3e2277d6c95fa5ae6226db05638d0ec100e4ef70a4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9e008cafc8901afa5c6eb2787531f6f6 |
| SHA1 | a4756718d4ac71245a6481a2d209a09716cbc95f |
| SHA256 | ed3bde3719c3a24aed29f28be37951514b317d8f98b2400710748645025efd6d |
| SHA512 | cf15d5f43b137ab5628787303d5aa2e626a5d8e9674a1d78629534ce90e3cdedce09c1685485f2c57cfe38c946eabedab236725d50a418f4ba4b7e123d5310db |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:03
Reported
2024-06-03 13:05
Platform
win7-20240221-en
Max time kernel
120s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d652ab2f1ef5b547a9d47b3a09d940ac0000000002000000000010660000000100002000000019566d2fd1914a4b44b302ac3efe026bfd7a97286c288ad86d77e414d7df88a5000000000e8000000002000020000000946c25aa3709f086a140169199ce00f9bff6011afbcfff905ac19589bfd8a2e090000000a94d245c644844bea4c5176371c5beae11be2e4b4958dfe8362c06546ec5bbc11723cfdae22e3cda34ea63944cc31ba4fd4892fac8615b25c42b16073ce66f69d0088f387c7af29ff23a380cbd35b57185453a62a7af6de49f1ecc653399e94f8f48e075f3668ac8f5e5a107a2e6a70f478b53c60e963fd9a00dd73ac291f53ed5d7cb2700d6d4db06830c86498fd227400000000289b18fbea7d10c3d8277948e1b19ffda8b065e71ec70e3396378e5749484eb05d1a4f59c1d3bc42038b443376b8a50698420464182148ba4c2f2e3de32cfba | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A0DDD951-21A9-11EF-83C2-E25BC60B6402} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d652ab2f1ef5b547a9d47b3a09d940ac00000000020000000000106600000001000020000000b8b9337f6c98bf377bbd6ff531424329dae4350fb3f4fe32c47eb9b48a967738000000000e80000000020000200000006c31e2a26b8d2ebcd2724eae2480c4718a4f6dc534cda43bc52f00725730090e20000000f643843fd0105244bbb569b6e74b2413a83af254e0aab628a64024a39a957bc540000000ce5ca1caef88f4396f0fb5a47ea4a0f110ac8a0c7f80945951717cfad10cd05639a0778bfb11ffc59c9084b978ebf03245a719b3b380a25fc37b15d015b37e34 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6044b779b6b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581658" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2212 wrote to memory of 3004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2212 wrote to memory of 3004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2212 wrote to memory of 3004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2212 wrote to memory of 3004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e1cc71333c78abea6bf2f6cf8910ec_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2212 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ir.ebaystatic.com | udp |
| US | 8.8.8.8:53 | www.ebay.com | udp |
| BE | 23.55.97.51:443 | www.ebay.com | tcp |
| US | 151.101.2.206:443 | ir.ebaystatic.com | tcp |
| US | 151.101.2.206:443 | ir.ebaystatic.com | tcp |
| US | 151.101.2.206:443 | ir.ebaystatic.com | tcp |
| US | 151.101.2.206:443 | ir.ebaystatic.com | tcp |
| US | 151.101.2.206:443 | ir.ebaystatic.com | tcp |
| BE | 23.55.97.51:443 | www.ebay.com | tcp |
| US | 151.101.2.206:443 | ir.ebaystatic.com | tcp |
| US | 151.101.2.206:443 | ir.ebaystatic.com | tcp |
| US | 151.101.2.206:443 | ir.ebaystatic.com | tcp |
| US | 151.101.2.206:443 | ir.ebaystatic.com | tcp |
| US | 151.101.2.206:443 | ir.ebaystatic.com | tcp |
| US | 151.101.2.206:443 | ir.ebaystatic.com | tcp |
| US | 151.101.2.206:443 | ir.ebaystatic.com | tcp |
| US | 8.8.8.8:53 | secureir.ebaystatic.com | udp |
| BE | 23.55.97.51:443 | secureir.ebaystatic.com | tcp |
| BE | 23.55.97.51:443 | secureir.ebaystatic.com | tcp |
| US | 151.101.2.206:80 | ir.ebaystatic.com | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| GB | 216.58.212.226:443 | www.googletagservices.com | tcp |
| GB | 216.58.212.226:80 | www.googletagservices.com | tcp |
| GB | 216.58.212.226:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | srv.main.ebayrtm.com | udp |
| US | 209.140.129.54:443 | srv.main.ebayrtm.com | tcp |
| US | 209.140.129.54:443 | srv.main.ebayrtm.com | tcp |
| US | 8.8.8.8:53 | rover.ebay.com | udp |
| US | 209.140.141.61:80 | rover.ebay.com | tcp |
| US | 209.140.141.61:80 | rover.ebay.com | tcp |
| US | 8.8.8.8:53 | reco.ebay.com | udp |
| US | 209.140.139.161:443 | reco.ebay.com | tcp |
| US | 209.140.139.161:443 | reco.ebay.com | tcp |
| US | 209.140.141.61:443 | rover.ebay.com | tcp |
| US | 8.8.8.8:53 | stags.bluekai.com | udp |
| BE | 23.55.97.51:80 | secureir.ebaystatic.com | tcp |
| BE | 23.55.97.51:80 | secureir.ebaystatic.com | tcp |
| BE | 23.55.97.51:80 | secureir.ebaystatic.com | tcp |
| BE | 23.55.96.210:443 | stags.bluekai.com | tcp |
| BE | 23.55.96.210:443 | stags.bluekai.com | tcp |
| US | 8.8.8.8:53 | gha.ebay.com | udp |
| BE | 23.55.97.51:443 | secureir.ebaystatic.com | tcp |
| US | 8.8.8.8:53 | ocsrest.ebay.com | udp |
| US | 209.140.129.53:80 | ocsrest.ebay.com | tcp |
| US | 209.140.129.53:80 | ocsrest.ebay.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1FE0.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar1FE8.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar23BC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 5650d042c83759c5c76481780557bfbb |
| SHA1 | d4a78d5a8b1f79f851a070f93e8666a6b31fb0c2 |
| SHA256 | ae5298e9c3360357f8442454a5784ffcb711f9aedc75817ee0e0f22d4cd9821e |
| SHA512 | eec59f713ebd2de2f59aed6462424c25c571504d1d4049b75903862478880f622b821450ba2f479957d8990c3e9482b376c7c159003d5d5f2562c76e749629b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
| MD5 | e179b3bb13b2fa492860072feefe002d |
| SHA1 | f08d0846f89079cf5c7496c25c9121a9ec73ec68 |
| SHA256 | 9db668f073799480d1e9b934785cbd0f216c52fc3de394f5213bb51252ecdb3d |
| SHA512 | 2dc63bb312172115c670da6de7f34d133e6a8298d8130d5162f35ea8ee80ebf2760911839e493861a3f01a870c1c9cc40aba3b7f47189e1a58bb3cae28b5ce3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8412d0109ef6543775acd173b311e3d |
| SHA1 | 7ea7c4a53c9791a13443c947431afc7840e8f5e5 |
| SHA256 | 578627bc4809545e481f2cda37c0d4a159c3871e69b8e4609c877bc127b1c7e0 |
| SHA512 | 66c5e8be2b9c5a5933e2227c6e4a51484e27223b76d82259a62fb0e6e61dfc9761bb56062e7bb58738d6eb2f2f805fdc243220269ce7e4cd51217a2709b4bcbb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1321b428b92ac359cbb15e93bd0c0558 |
| SHA1 | c9fad30379af6646cc56704f2e8630bd670ce11a |
| SHA256 | d9513fc6f85227f1a844fe4fea2ec56d3f7c9c5db32102126859a533a3a787d1 |
| SHA512 | 374ad5b651c525427647bdc6848fcd53060ab973149d31dfadb8460a9f774d6afc00e6cbe1744301d79c4e6b95e87156407c2ff75902dbe4d03f8e71368e5ed9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7a975725fb73bf0d7084d0f4da81435 |
| SHA1 | 5c857c6be132b6fe113e208b6212490e760d3b58 |
| SHA256 | 22a4d3b66adf27094e3a565fbaf7d0cf9873e8dd328aafd401eb15996d33293d |
| SHA512 | e3730ea1e1be0cffe9ca8006b3b69aec874db3387907cdbdb992e1bf52e6cae474ebb8ff6d8ea4c3c506d6d2650a9bc1ec9e6ce12a653c30e7e5b7726c16032a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da53e3b9b35bf8bf96af5e85fedc2db3 |
| SHA1 | 06c63ee3dbd0ef254417eee140519482c7079e22 |
| SHA256 | 208242ace25dc43456cd0ac6f347add37507a5b2ae2295ec123d874ec3647b44 |
| SHA512 | 6c61f78e455b7c0c8ed3d05cda7df215afdc6f42ec0feecce33926a35533934ff801285b6815a50a086560c859d73bb4151ae9cf7cae5d1a8ddf0243d97079eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e72361a17cb82072e65a63b44610e448 |
| SHA1 | 3a60bfcff3e31afed21914c38475218490fadd26 |
| SHA256 | 265c8e233785c3219bd8d783af3043b88ebe23f4674620c6c9337a0b1528220c |
| SHA512 | e797b601b38ad285d679c020fa627377cac9b65fed8ea7d3c5a4c7f70f42477d80cf5bf0b04fbfb7dd92377ce0285a20b642034ffd227e49211c07838601f450 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c81d0f6ef600b361a1179c620c943f7 |
| SHA1 | 50c566fe3c42701ecc8f25dbc40be0b08f7c5f96 |
| SHA256 | 2c31b3763004b52bba2033d5a56d73e0af7cc699578026cd2b94ab1b69596be2 |
| SHA512 | c54f7dd15a853d5f8dc3325720ad97e91fbe143688e32feee561dda404821934f9fbc97602e3561e80454ed99ed5f62eb37028ad5cb4b150986cac6cc7008b61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0adef2506b5711ab966920d8608911a |
| SHA1 | 3f2ec075703042f8e1237683d0ba09ed360132ad |
| SHA256 | 68ce63e44dc8d8f67105c2f80483effef3933963a8dd307b13495902d4d4e431 |
| SHA512 | 57d0040d34516391521f49ec53e00d0459110ea6d6960b4165d794c0f7df370ef456eb7aa0dc250329fe96c5c98e701387ad57297df31a0d29acf7fc1c6f97be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43e60bb98ab80767537969bc8fc53615 |
| SHA1 | a893b21c0cf9e5dfa2395030a0df342bc07b70b8 |
| SHA256 | 2094d0d7ba7e5962c345fd07213f1c3f0e5e888a66294cef328d9408ce904af4 |
| SHA512 | 9d2a89fa0526aa32ea16fc9d2ab324aeab40c515512025aa8497829b66de9aebadfc8050e2e98421d126b95dd7a6b52425c30eedb381bff2375df0f03b852f87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 640e4f371ba61d4aea5f2b643c1917a4 |
| SHA1 | 1edbec518a849bc9ddb28415708ca2551d311e0d |
| SHA256 | 10b60317cbaaa9a935979927cfa7d6559c9311942d6cde82432a21100bb5523c |
| SHA512 | a27ae085fddf686b8c0e9ac28434dc3c926a82cc1ca35ec8ad4e2a9721e857b2ec55431b93fd1dfa937a623c74a31a7028def65a3088d902dc3647fedb3c88cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d95a7c4a4d771734eb2aeb453cb84f55 |
| SHA1 | 086095e1fded923a11a8db268243efcad7b7b33b |
| SHA256 | 2f954af6101fa8832a0278b342468380e316b8141493de5848646c95979b0d92 |
| SHA512 | f66e1d4e94584d25465e1ae6b2ec84c0f4c5ddc19e58cc1f0905f14501c9a44b1a7d1ebb9a7c5a895c677b03c6d9df0a70653134a4bc564311591224270d655c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e831c5029ddffa101e2a0a3b14400a2 |
| SHA1 | b5b02913d75c5ec4d77c9f59b64fa4d6a0e5f4e5 |
| SHA256 | f480ce9f34fb89d6d1b647246666e691fe6fc74f386244e555df8dca09bf1aa6 |
| SHA512 | 586785f34d46d34c0b166f3661fa8bfeec0c0fbd049d80efa91f02c09e20579e4370bd0e2bc931ac48ec005f503c6438066bbe98ac753969eab804cdec1a791f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14079b1e33a4979cb1247351f6583936 |
| SHA1 | 449f26d1e56d8476a5ec042fbe2eca1d4e491de6 |
| SHA256 | 8270bcaf1a9ab3171256af057f1a458525d4b106c57633c2b14257675232566d |
| SHA512 | 71860be8ea303958b78c122e695fca9524e16138990df38d52ce1c49dc446fb34d84eb9a8ea018cb46515cc1d4f3c7deced065e21c49aac3c31c2721b2545afe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 84d7fcc2a00c335090ddf1d687227255 |
| SHA1 | 554c984ba3701713a89d93cfd09429465da1c288 |
| SHA256 | faca1dbdf49f565dabd08a53310adb706cb34f40530ee8457875628cfc5c141f |
| SHA512 | 17be36634a7dfef952bfb2c8a45c3e34206f1cbd80d331bd6ca28ce24fbb93f6ca06744f122557efa018dcc6f11aac3107c7566a9e75f98d2e7181909919a8fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e239897c44bb719dd12704349cce1166 |
| SHA1 | 90754cd9f5a87970b925b4d68c232b5df2e674e7 |
| SHA256 | 36527d4de3105daf196c4b228b4aee7a02481fb4d13ea7864cc71add8806313d |
| SHA512 | 2f9a813bd966bcfb33ada34ff7f1168f83517fe62c8fba330b9e5b9c45d1e795dc03c5f28745897809533bcbfb81f08a274210363658be8be491865f66971522 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bac3dcc0857b572f83316dc90a9e476b |
| SHA1 | fd6d2d2fba56e56235c4859419105dd18e468536 |
| SHA256 | 86500e376db9e789994a17ed18a1b5180c5039d8c47b68a6ced8c29d3204bd97 |
| SHA512 | 3267cfa6d2027b917c5e9e2e39462ff3819918054e9acee605ed11ebfe710f61ccba3d5bd051afc79d071389173663b779cce02597cd10f75a340710c1f15977 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24d96a60c7d3018d5859f7ebabea73b4 |
| SHA1 | 228c0e8b85db6a56a0cdcb13eb59c0b4bc28726e |
| SHA256 | 3039412cfb7067f0502fecb482c294afecfe1d9554d8c55b5be3217da6c7bd5d |
| SHA512 | 02929d6e1300b78783419c11dad1ade8d146b5b56766374cdce22d688a7d1c8e07dc8e6c38a479c3bb62804bdb34f7cc7e72c799750d142fe95a3c442d73a9dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb22cde64fb6615fa6c33dd76bd642f9 |
| SHA1 | 3704013eee04749e306ba712bf26037e01aa14c9 |
| SHA256 | bc43eb7e2bb992ef34e67a3951580b6dcb45430ecced994c2b63de9905d7c9ee |
| SHA512 | dc7c589402d520b3381756be5591118f0d5f0a7525dc1f0bdf8f274c9c46cd82d831da0454d92dc3dd2553b30c6d7a4ed196a72c3bd8b513ab535b5b4b088cb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08556db0fbf977b55759777a6d85aa07 |
| SHA1 | e9ea41bc29643bf8402a16c878f367f359736629 |
| SHA256 | bb97be47e147de49f037c7da15180c36f131a2ee6941d1af034ec1555ac0c4ac |
| SHA512 | 1890bf18f4ad0b6f8e4cc9651dcbed619161eac3d23f7951a3dec3e5024fce20d35ed7452fd63a0f48c731f44524b24e17052594a79776a4a5afe60c2a54fe45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a811d661d49fd1c5eeb6b8dea4abef6 |
| SHA1 | 52578b6a2da278f62b68e407c1dacbb3d4c1091a |
| SHA256 | 0d40d074a2d11aeabb6212c220a42017a7afb2bfdb35656fedae840ed9bccf3e |
| SHA512 | 6d882166bb89d1fc46832b8e3b17a4659d7f9d2d114ee6eed336f3ac3245d0968d01abda2046e350e1f5db3514f07d46b0f619f3b30724a9647d6a762c3c90ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 5d92298b2a07e957e265dd91d1a38d9c |
| SHA1 | 691eafebed4812c6a81d2860595b723f792c679a |
| SHA256 | 3b2beffe23a8126ec2bce5456445361886e5bc6dc3b34a7946a0b3d92a1f6ff7 |
| SHA512 | 9f69199c19ff17a76799d25a615ff0b53d7ae55335c05d9599668936495e90b9adfb0c836f223e7b08ffdb16b210cc9cc46991acfbf88d4f3e896ebab8864821 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9691fd4df20858e3b874172e2a1912a |
| SHA1 | 76448571e18404c3a6e4767f2273324018ccd700 |
| SHA256 | 0189fef413f4c4ea1d740cf75b2469101f2076d93eeab9237290b3aa45927fc6 |
| SHA512 | be6ef9e80bc0554938336b680f46fc0f19b5960f350a431523dd7900374d7a02457b05ee9c4778c61c9a5ca1fbcb04958aa2f5f4b9012f9f0485e8335838caec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18bef36496ec9ca3781116a9655766cb |
| SHA1 | 439779a49c346c6d76369f738df91d9a78265de4 |
| SHA256 | ecb1837d684263b300eb3e385205b57e5d43c18ff29d2b0843032a49e2c3208a |
| SHA512 | a412bd0151e91d7fb3b8c4f181eb626c5137fe5571152badb158dd9661f8251adc9860baf0834676e89a8ef98395e70c4ee1093ebe3e41e25e181276a97a77c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0fb3fca16fa9f5466c5b0fc6c45b205 |
| SHA1 | 2c07eae97e2b8b9e108fbb6f36b4b38a067ee2f5 |
| SHA256 | b743da9d3f4ae8be14f99d16d773418f928743110559371cbf10df3d1caa0433 |
| SHA512 | b99cb8aceb59aa1d73a8fae5d045c805218257884a1e40dab4d7eba0d73e89f64411d233847ad100f051edcc956fe7bab073b893a54455c985cd7cd086a6c917 |