Analysis Overview
SHA256
a9c0c4548dc66fbffa51b2d2fc764087712c8ca6db136db337694e04d2b91b04
Threat Level: No (potentially) malicious behavior was detected
The file 91f71bb2239fc6c4fe7e888720a22b35_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:33
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:33
Reported
2024-06-03 13:35
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
144s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f71bb2239fc6c4fe7e888720a22b35_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff9272c46f8,0x7ff9272c4708,0x7ff9272c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10402214024635660167,10988306503692056626,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,10402214024635660167,10988306503692056626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,10402214024635660167,10988306503692056626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1928 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10402214024635660167,10988306503692056626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10402214024635660167,10988306503692056626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10402214024635660167,10988306503692056626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10402214024635660167,10988306503692056626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10402214024635660167,10988306503692056626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10402214024635660167,10988306503692056626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10402214024635660167,10988306503692056626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10402214024635660167,10988306503692056626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10402214024635660167,10988306503692056626,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4888 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | corporacion3d.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.217.40.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | static.whatshelp.io | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 172.67.220.136:445 | static.whatshelp.io | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.whatshelp.io | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 104.21.24.205:445 | static.whatshelp.io | tcp |
| US | 172.67.220.136:139 | static.whatshelp.io | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_4988_RKLHAFXSCSCWFALR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ace77c0143f116940b1ac202841008d1 |
| SHA1 | 4e80caa3853237ab687faf648fc364fe537ce8c2 |
| SHA256 | 05750f5c06a8fc6df20b72ef96177c383e55bdf17f3cdc87f9b8fb1a0f4081af |
| SHA512 | 5cf263086361131ab22b3ec86d1c86f838f41f92f557ad895365e2db33ce7cc064f5a2a1f6307e6424b7bce7ac7fdf678ffe3dc59b2da3ab2f49f832a745e4b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cd3994e652e0cb94b0aa63b4497a292e |
| SHA1 | 5251715f2fb5880762f5f21cd32306d543f62781 |
| SHA256 | 484a81f35e417a4784271dbbe1ee59aca280e677ff12cbd73ba6e8348a68a5eb |
| SHA512 | 1a23207d0d4ef999ea94a3186cea1ebd1dac5d92c7ccfd17bd103721759cc97dbaf268055b42d04f545c256d6a7c5f5dc0e5f8e97d3368839bbd59b46c113725 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5a8d5c36-fa1b-4b8c-a69a-9e3f39b96cb8.tmp
| MD5 | 69747f55a7e3ef28cbcc63c365798e85 |
| SHA1 | bab6da6de320dc1978909a34c864fda79833d31d |
| SHA256 | 42706ba628a44a61a8a21baa95f960e70fc7009794385c441b5fedaec981e56d |
| SHA512 | 54397b0a74703a422312d05e0255774c2a8ef39b2b25cb1a0418b07e0afc28fac6b83fdf2864d4f7d1b9ea3167affcce596feb68d7f1bc49d854f666996db4ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a87befb95099c67c8edfa29cff5c3840 |
| SHA1 | 4753be3e33b897210f84041c37109fa5ef07f812 |
| SHA256 | 7f315cad634b3642cf38a02f756a239ec726ffc9fcf65c37ef1adad3d08da816 |
| SHA512 | 2eb3fc5fb341b19f10eef36a0e8320f345716c7ee10d9d1bec4c628605f1ecadb8ae1185e73f88f920010fed393917e1cf54019846ddd8a3bd6d64407534e537 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 236045ae7717020dec8f77e7d6d29f92 |
| SHA1 | b34d7b6aad75a671ed1bc796a71b2a7b9ab7dcd1 |
| SHA256 | d0423895ca565b49c2bb52568c0570b5dd1329a10c65e8d4664f913cb8dcb541 |
| SHA512 | 8713d38f5bfccb20720188135762fcd9ef87bf00dad690d903cc919d6ec97f168c65d9379d4cb50eacb2e40c1cd84ded8fd29a8a1b130c9254394c2550eb6923 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:33
Reported
2024-06-03 13:35
Platform
win7-20231129-en
Max time kernel
146s
Max time network
146s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a863629e2d238144b43b87db9551752c00000000020000000000106600000001000020000000e542f193281cd4a291c8ac385928c37b7407c07339d4458b9059e5af6f37a942000000000e80000000020000200000000d81214a18ab95058bddcf505704905ed2c3a1740e586b675d6d107d778fc9922000000058d31b7c9fcd6dc3c9b493bf2dc5cc26d164466f180540c7ecff12246b946189400000009e8d08932a0da2fdac785a665042fbbd9ac4c257cae331e2139373fde83d1e3c20a15173aac2e5d82b5ec3159b087e5ca461e0c507b6a8b62181db56c66628bc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 208973afbab5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583468" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a863629e2d238144b43b87db9551752c00000000020000000000106600000001000020000000507250dee40f5f202ac50392b5855d14e011ac337cf94567578240cd8d72a2c4000000000e80000000020000200000004faa8173958b2a48449ed255afc270a33171e2e4168e63a59179e225b5fd5f12900000006c00e9e126c8448013275ff2d2464b5e9255bde825a645b554c5364a261b1d94f696c1e7455df23a0a9dd0ff7be3a5f555960ed38c160efc7b41cf644638e936baeb980449b282a648c3dda91581e9d470ecc6b2a19e76a7c33dfc72fb843f7951c1723db4a1097f79d2ed04608708f0b06331a4f7431c02498da391ae7d614d51437b1f86d03f97bc4060196a0286864000000080d30283d1cd9556963b4a954497e666506210be45d34e6d9dad4786f452cb2bfca2fcd503c420d8cf7b96fb1300373c2cde65a2c812dcf981c88c39d292e6f8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D7B61561-21AD-11EF-910D-CE7E212FECBD} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2232 wrote to memory of 2376 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2232 wrote to memory of 2376 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2232 wrote to memory of 2376 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2232 wrote to memory of 2376 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f71bb2239fc6c4fe7e888720a22b35_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | corporacion3d.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1367.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eac3d5b407e9d73f6f10cef752db4431 |
| SHA1 | 76efd8193318cf8f5a357cab199dabca7f07dd39 |
| SHA256 | 2f020b2765486b7275275ff9931aa5bcf7a0e305c0e87123cac830c3444f4f5a |
| SHA512 | a2755667d4e7c91b1c6f7b6c27353d87155deabf376078549175660ce814c2003b53d4e8990d5cd1fbdbc1ebd5bdbeea0a385cdacf4da1459b41df144177a1c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a406ef670ace668ba3d3f58430c65fe5 |
| SHA1 | 8ce2eb2ed1fb728e701f38f0f8e5529407b29a3b |
| SHA256 | 97a9541acd086adc315b75ede2b34cd37330c8c7d8a922dcd5b4b7dbe7992b0a |
| SHA512 | a958868c1816fb5702a11e7b9e73a3d3bc4d675c6fe3afbd768898bea7eec51cdb023a8b7fb53bfe6e7c6cdb59dc9709a337b868e8d2431410c0f549906b30fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ad1469f1afebf4270a2d3f83426d972 |
| SHA1 | 6cc7c96b752e5077b99ddc9ab852bfc31753445e |
| SHA256 | 5bb3ba10c8ee79fdd8667d27130382e6bcd7918f73e8dc4b946731116cad730b |
| SHA512 | 8e58fc70ff941eef9fe10dab7864213d4b11d85261cd7f1482638b51b3caf49ef6f97ca0c296308abcab85df04e674b131cdbd5c60d7e44d1b9cb2ae2e3dc441 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b65943ed50108b9aaec400fadd5e6c40 |
| SHA1 | b4130465aa3e98c99b10a3cbb618e58eba56fad4 |
| SHA256 | 3cb1e42867e6bb623943bb4a463f4c37f670927466cc7da958ebdd290687bc14 |
| SHA512 | 7990d5dcacaafa5382d3cff4029e2a16a41a1275be9edf3692947c2f77dcc73a5aac391e5a6992bbbb91b74c393be6109f9a6e4d00fd7a72bff76f81eebf5e6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8ab4c2b773cf6fc2df8fa643f62c51b |
| SHA1 | f3763020070225545b86b2109c8586bf22a6addc |
| SHA256 | 1e6f8d6037e5680e7fe5401f6707fd6c863359a4349630b2d11f6e12348c6729 |
| SHA512 | 5bfa39e0080aaa087a2d2d348a5059c0dbb93934b15f7cef612ca1de659ec39dd1de0da9d97e8429c9f451f60e58236346f7c08e4cc3fcf824a7f5a52b7f1d15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8602f1aa1b448e9292dd627c010ca308 |
| SHA1 | b5068bae93da746bb2034845da255c1b6db6e7d9 |
| SHA256 | 8cdb51f984e8583e918cb939e912cd14226491aacb118b42cce3bb4ba42996a2 |
| SHA512 | 43e798384bb4b44bd532669b6b829e64232db4401d798c900d399c58a16496a93784084b0c53e9d3024d8d84465d9dfca163fbc19bfb2148ee8284ee5db056c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8040021c61abff8f21f60e71975966b0 |
| SHA1 | e8555c7ada1a5c67b5bec83ca8097e117ffe0cb0 |
| SHA256 | 27c2ecff51378f48847f5b9c077e523863494322c2557ca9d9620fe1997b5afd |
| SHA512 | 96be1fba12740b51369aded020cde8562868742eb4c717e62074b920b9d235df54ce67b8d565d1f5805e66ab6cb34a501af196de5f5e685447d85a623b14e733 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa30d546ddbf0882d8cc762d59a767bb |
| SHA1 | 518f2e833abdb76c7c0e8c3eb2861d30cd4dbb81 |
| SHA256 | 06a8c2e59c8b7b6a1e50769596e2269b5693e5b00360d58fe86963ac833376c4 |
| SHA512 | 84aaa36ab7685529c88295a30b928d06e5ca1b15b016395e26e6e01e18fa9b6511a6cf247b6a215701040a9bcd6e44cd84820181e28d9318c59df742728c9669 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 339d1cad11b2b5184337f1250fce589a |
| SHA1 | 351259f9bfa67f00633e8c7116a06f3a233b33ab |
| SHA256 | b16516db4297174f8e51a2078b10885ae8bbb464d3c8d4eb2047763d1e634c1b |
| SHA512 | e6d0a3661bc7bd17ef2ea8aca2d41b73f70b40e42e963dca7b0893d5d93bc8a7605b10f2687d5db040b9bc55b97b450775758988dd4168aa2ed9882576654b80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83de17ef61fbc0d4d327a12ac322c809 |
| SHA1 | 38a80206bdc5051995542dcee4b5c67d46e9c2e6 |
| SHA256 | 4d35bac9e17a36f477efb3341793e7c20d9dc2be6be118cef01f916945f6d2fe |
| SHA512 | 43656a8cc0fccc408c060163e4454daa8cd0385a2a9d738e8784fffb3317dbfc6d6213e340d6d58b3a5279476cd238498e66bed4b460ab41c963771ea3332725 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08057e6047ff394bfea1640dfe8582bc |
| SHA1 | e55827de5107915a41e1ca94d9da174146878ba8 |
| SHA256 | a8fe38b54b923b160920528d47f6e9be705519d7c0535217352674107e11ba65 |
| SHA512 | 017277439ffc10f47a38cc1dcaa381cda6b8b696c4874be15c56a6094ca8b1a8f04fb7109773b1f256a856e5a054a0432944c8459acc289a5268d065c7349892 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 7f0a81070d6538185d639f8e156d8af5 |
| SHA1 | fdebafac53f38c9205bc8eb2800beec12e16dee6 |
| SHA256 | f606b2e2c8a5ef66b8396dd791c671d70a465c1609d62b2b08d405c5a878a876 |
| SHA512 | 0fc1e0dc1712f9526bee3310e399e746401a138ce50b0c7ae2d43d17b5906f0ab4fe611d2ee248cf6540c7eb2eaf8bcda35de44c837495d0e2a5410d9231d4b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b9e23a7c2d79b3d6324ad754a932f76 |
| SHA1 | 2d7d6e5dfef6f3c84d3b8031e42ba657582e658f |
| SHA256 | e091aa126975dfa1b780a09bbfbf4c204e23e7745f13076f66becb4ae9e88096 |
| SHA512 | 413127b5a9d8af5032035054c471d3d8d0743dac934f4f28ef777f82c38ff7b7def03c16f8305b2d27e68bfc8b5ed6bf522f3b70ef94e2f4f13aa6793272388a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7046a5d4867017e703d1ccc035ad951e |
| SHA1 | 519944a504b96e2e355d00950950e7cec0dca29e |
| SHA256 | 8b17feec46fb3692d69ee465f60128d84c8f94f63c85e0fea712ead74c434ada |
| SHA512 | c8b54f6c89341e4abdd01d4361a279c4fdf940b31d41b0d87299d274a164f7dbf8ae318b77c30229ffbad03fa98b517b8e470eda606c4e1c044fc60c611723dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a60399efa0d4f128dcdb8fdc1a235fc |
| SHA1 | 546e55e5c6892cc4f1b2bb625ca1c59a05636b3d |
| SHA256 | 66bbb1a4f26d799549169399aaaf3da98adfb8824891c3102de8bdc58528f5a8 |
| SHA512 | 93875d98df683f728ac23b41a793150390c0ff8e32abec5f8ab41ac75a92d970f9af8ac180edb637723021e2ab89b192cde19798ebdd0f9499dd9ab4fb7d5789 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5687963b4301edfb17cfe89820686fed |
| SHA1 | 73a36c54ab3f995c051eaca4f67ef826bdf8fad4 |
| SHA256 | 88eefbac5de04893507309a6b25415da84def5bad5777293d696ed886701c99b |
| SHA512 | 8d69f8fdc7ee713613520201cd6b5291174128395b0a98c106af2608e4b3c63099ad185a3929c260b4c42a3b86f1fe6bffb343889a4006da839e8ee90453ad7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0835a5b7bed28e4c01b4eb0937bdfa0b |
| SHA1 | 43b6a5e077948c89fb3958907d09291fec5cc7ed |
| SHA256 | bd767a52b4d935c5e9c2abb540d7506baada7fda3eab4afc18f2955bdc8b82a8 |
| SHA512 | e3ee917363b988dc80dfb700c965a2bfe01570614a9bba4e376a70a1bb0d498cf065cba53c3416d696fc01372a6ccfbb5f69e323bcb72e17fc47bcbe4b2399be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6633bebd4f6d21e138746e8b22735f2 |
| SHA1 | 1beb2e3fd54570df7af91e377fb11d42e6d789c7 |
| SHA256 | fca2921ffddd11e905d4917121afd2bc7d4702ce7daadbf939823c11a3b6c724 |
| SHA512 | 87360af34bf16abf6b665d8252de0f793e5544441dc88de39138b0d627a96bf3c35208ebfe248e5debc337f439849002be149926a283449e7de7dd0867ce1015 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b4e9efa1334fad5e15ad023f96b09fa |
| SHA1 | cedc677f5bcc3aeb594b06044035650742e93c0c |
| SHA256 | 0fa56501b7e2cb5665ce0be3ab636cf6d849073de41dbe629bbcf2982ef3a011 |
| SHA512 | 5337ea276f094626413165080c1fbb49ad3e31276b26f2e1d7799a2f1a26759ce1b2288551f4059fbf841ceebdc552fc7a2317c8645487210948d6d061285aeb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 992b963b8bcbbd95033ebdddf4a55014 |
| SHA1 | 32879a0c680c8ceec22fe9cbf90e001fc113c8e5 |
| SHA256 | 302c44c1d50702e5fa9fcdc140fbfbdcedf385b652fac4a9719674b58d2790fb |
| SHA512 | 985db8a0971011e09eb924fbd6aa9a029109d81d352f5c1300385fdcb5fc60644c6f0321590c8b7aad7a3d1305a6658e4ef0662fc475a7c83ccee79e5837f277 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5937304de6f7831d523a71e8139ab852 |
| SHA1 | ef98d3ea21e9ba31e32a5cc149df294819930ab3 |
| SHA256 | 305ffd47875d384f5c1bacb1779815aebca1cd0ccb0c30abc2d00fd4de4ff71e |
| SHA512 | c169f34f80c02b388e2abc28ad3f7fc45ccb0f23b0aa51ba970b5b3d625008c2fb859d17a18f73a5a391e6925e258bb553832a56ff94c58a6f5d1203687800a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b6a6addb0b5b8b4d2d1cff7da5ef44a |
| SHA1 | e2cf3a8b37a3709036709b2b8ca06c5169bf807a |
| SHA256 | 96f69bb150325971ed023ab83c1d339382a014c946fc713be836d1c189e44982 |
| SHA512 | f8059989e1ec18aed11921a98ac7fb89869be76f1441e29d69d4c238eb389b148ca53a1cd667bda13040c269bc25d8d7782f23e71922e0a638c82c3855c78962 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4716c4740627943fd7961e20b431f9cc |
| SHA1 | dd9c5229aa4019d75441b222036ea071216614c5 |
| SHA256 | 87d4f9583bd5f138071a6efac05c202c2ee5f1d6f04b4d5ff1bf704902060720 |
| SHA512 | 3130bfa01ae2b66184984aaa757201ffe10ab01100ba6de4f2b956abdfa062730e38cf5efe381cdfbb09bdaee27f1bc0d558ccc5db3e864d303e6e1d9add7d2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 135f9e087bd2ac281c22e02cdd2b3265 |
| SHA1 | 6d30957fac19cc688dac27320d75116ad65e4797 |
| SHA256 | 8777d40a14080ddedbc0c6dcc24abed26d57d44fa2018d571f0d2672ad75d66f |
| SHA512 | 7103b6388c10ccc999cd785b668f610723184b28e22d79ee765ec70cd8ed53a7e609efad8c9e5d4a473ee44c46aa3ae7e6521182a776d1959f2cc4e813da8f7a |