Analysis Overview
SHA256
36ec45d3494e84cc7db86c17117dd6284becae0593c34716be01fc30edc5865f
Threat Level: No (potentially) malicious behavior was detected
The file a2fd4fda0dcba4ad10a3ec5edd41d540_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 23:45
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 23:45
Reported
2024-06-12 23:48
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
142s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2fd4fda0dcba4ad10a3ec5edd41d540_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc47d446f8,0x7ffc47d44708,0x7ffc47d44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14012869465011535755,15613740083488662340,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,14012869465011535755,15613740083488662340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,14012869465011535755,15613740083488662340,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14012869465011535755,15613740083488662340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14012869465011535755,15613740083488662340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14012869465011535755,15613740083488662340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14012869465011535755,15613740083488662340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14012869465011535755,15613740083488662340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14012869465011535755,15613740083488662340,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14012869465011535755,15613740083488662340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14012869465011535755,15613740083488662340,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14012869465011535755,15613740083488662340,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.biohumussoil.lt | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.28.98.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| US | 8.8.8.8:53 | leshoz-ekb.ru | udp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
\??\pipe\LOCAL\crashpad_4256_DPCGIJORTPTLHCJZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 380f24ba5196fdf902dd34f85e3d7f6c |
| SHA1 | a5c15ec49e87c47e6cbdb822007288ad56115bc2 |
| SHA256 | 12bb599bda73585de0f8b8bd94b53d37e5059c3f96f916ad9326456baf4255e4 |
| SHA512 | abc3b0a49efba908911870f6b6a047e347888e717e5d67c7b7eecd0f0b801a721de0706fbd714c1cf9a200a3b2a7397ad439466a7c1987e47fe830463a4e826e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3882c7cb4f8ffc7342529750ea465e22 |
| SHA1 | 4d82e55e0370e26dedab5591719a7021001b689a |
| SHA256 | 7e15691bf2fc964f5d44a0b29f0ca65487bbff5f82f255707e39f4c16ab461cf |
| SHA512 | b79183f74c2c84c4dfca4c306a41b8c409e4cf8c321952d163b8189d4d00ab7014dc8dd677b257d1b5bf43dff07fc8bc95ebf02342ecf6a26f08adfe48c957b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1ea1b315896bb35b7822029b74745b22 |
| SHA1 | 7c21ead84d42a1cf5d5f94b5740b72ff7df5ba05 |
| SHA256 | d2cec85ef4437aea23e95a38f0bc1fb590c0a2bf5cf2cdf867e5c3b922bed745 |
| SHA512 | bac9e54d3334bfb280684216cb819a3b04016aefeb632770a571c07b6b2f858061475574df9d005650dfc9c411de98dcf404ff899f1d9bf93b5a5b6294609c4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 23:45
Reported
2024-06-12 23:48
Platform
win7-20240611-en
Max time kernel
140s
Max time network
141s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000000f989ae4eb4c061f5bc42fd57e5f96b4f035620f8cf14ee89ba0cba6fdfc69ef000000000e8000000002000020000000f1316fcee5ffafd4dd20d868bd7970fa75f366f43945970c90663fd900fc490a9000000027d7321479ab6860aafc436f9e5a9ac02a29a9a3f6c5b13b73907636570b29280f1cb5ed06c65a1e392b12295949414751b7bdbb974ab7580485e62e41533d64e82380cf44f3e55a8caf32d0ee2cab41b72b26bae7cdbf0772df591f3099e7135fe7d9847fe09a08196c66e0f9fe3a553ea4b7d1192f0fdd9c79798eac4e619648532ae417f5f45978da5e7d0815ab314000000010225a1b9a52474b75c88b0cce4f29a55ffe125fa36ad49110f8f15e64948c99c5105aadb252845617514a1c4c4f0e42d6f41a054a22b62b603df47bd6a050cd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DDBA39E1-2915-11EF-90EB-D671A15513D2} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50a531b822bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000dabd91190fd1cced6b8be44a0a6897c345b69efe10988a2bd77fd08cd502012a000000000e800000000200002000000079755a6a3b45de67c610c5819020b8c2cd763cf418f3bf82200e5025b54a54a320000000a1c48a17fea3f9881759aac4eb05c000b94f0247f853a79cbbb2ecfc51371a8940000000deb44327803879cf4b86a7b4ab53804aa7597288bf8ff9099006b42b8a70b399da8e407789c2f786f4efdbd4cafc4da236bcbc3768288cf664b46a4b1d5f523a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424397804" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2332 wrote to memory of 2256 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2332 wrote to memory of 2256 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2332 wrote to memory of 2256 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2332 wrote to memory of 2256 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2fd4fda0dcba4ad10a3ec5edd41d540_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2332 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.biohumussoil.lt | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| US | 8.8.8.8:53 | leshoz-ekb.ru | udp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| LT | 79.98.28.6:80 | www.biohumussoil.lt | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4F6A.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar501D.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 619268d5dae6b99059879cb5db6c754a |
| SHA1 | c4209fdb19ae21d6bf2bf799dfa9f6fddc736361 |
| SHA256 | 6e4f316f5280172ab3ed1b2aeffdd4b542307f2c3788098751c2f732a36213fa |
| SHA512 | 52f5ea620d561bd45cdbab40d83f4c4d93907714adc7eba0779253081326b450d50d25f3b60a3827faacd8580e328c9097cafac076c8c312354b857976dc87ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3d5cd890b24a8fc4e2512dd5a58b473 |
| SHA1 | 404362a2ed74dab6c9a09aac8260e2d4562d0498 |
| SHA256 | 97b0bfef3d20baa6267fbb2b00b7bbc6ade80a52c75152319b30d47ecfa9b89f |
| SHA512 | 888d144569614a1dd94a9a8362f56402d157367984eb42b15b5d37f023509d13392af309c8076cf8e4b98ecf0c6fa7eb1f936d3b1eaea6f6a89e2374a2fb8df2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b46b8d59197cce4ec4680bc0f9538a01 |
| SHA1 | b8ad98431d0b7d96977722fa6a8f0fbe18098660 |
| SHA256 | 0af1f6c5394fe8b87ff16d93ec9dd44d34c4d04c923063e376516da46ea358c3 |
| SHA512 | d19d4ddd2e0794c7be59b1672fea2a90ba761d065a0848038bf070335515afdec534af4af61310368ea9c6eddb2e7a89b43c4e648ac4eb61871659a5a1ed75f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acf61dfba09f15bf352834b05a0cc593 |
| SHA1 | 297f6ef1117ad830615ac92b51d8140b081aac3b |
| SHA256 | c8133a065dc92ca145ed6d3170e0547775f3d86478f1d3c390e0cab824f9d4bb |
| SHA512 | 3016af937db84a810d95106813c5a68607df9fa8ff568acf2642464b1302a4fa2cdd44fa02d7d4b3d0bd170f33dbf84dc230b89031ecd060d20b80fe7b02be2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41ae76752b34b74ce98b21fa1110135e |
| SHA1 | 9c1af18bbfb28d758ec7d50ee2a4b248e98c83fd |
| SHA256 | 0ad3c0ddf3da5caf0301523e35eb5861b92730543137d3abb50f51bcb9be0b0c |
| SHA512 | 12969576d070e76262b695ad7dbfba91ebddb4c769c8948b366de8554caaace3cedd99f50ae5f59d0598e08aefb60f0f08e472b9a63333d2fbd07f116295382b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ddbbb973cc1eaedcea15c6031d88d28 |
| SHA1 | 8952fb42df1ce6f6fd0c2e67137486afe15f4ad3 |
| SHA256 | a77cd3c488842da24e99ce63ba726190a6148acc9e4f0240d5d44e8c4e07673b |
| SHA512 | 8eb5962edc0b77823c541e7c2ed09dc1aa8c951d980748e58b51d027ad0f90bf281af42285b18655d9d776743c23005519c2f391702cf514bb6829c46a409730 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 156a2375e2a65fcdb9e6ae20e6d34684 |
| SHA1 | f2e6e82e80b9ea45b583f2f996990fd86c70415b |
| SHA256 | 8edf0e8b93c39d0e1354b46aaa38e25b5ee0a7f95ee36f534703dcf45bdd1a06 |
| SHA512 | 583df963b676df2f368e51d89d9350143e429720aa2bb33c513aef0e79a937774e0114d75a58e77f175f6651fc502217d981bcc24bdb27de2570d4789a21d6fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7922be873bc664969fa7389ee6abe214 |
| SHA1 | 1d0bd3b6c25a567bde470abbfa6639c0e1357dc4 |
| SHA256 | c32d3cde6132262d625ba2a6eb89a8175d32b577bf1f5a44711f4270f8f53c15 |
| SHA512 | 77fe29f33a74d7339ce6e10c7dd7e9a899bd8db3e7ee15ad5f201e6fa877915a5f47640501d77c56a56f23c8dbbda901ab2a6f09a649e979818a0e082a0215c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e1765820faad0d272d0a72441a2daba |
| SHA1 | 8b0964b3e089a44ccfeba27d4c4da5ce8711b21e |
| SHA256 | 384a6afabdaf303fba31bf89de5b170ab7dc846bac599b8caea8ec5f47fe320b |
| SHA512 | 79ee10af79aea696f790fd8073de9fef9f3f0c93e335a5a3ba801e89820161febcc71f69c9538afbcabab2c37019b49536bcc5145f5ba1e06f72fe967396220d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea5b2f2b6a72500822e658fefb65c4bb |
| SHA1 | 3d174e2370a76fc7b9dd02a491898b211b5cbdd0 |
| SHA256 | ee293e506b2ded95c8aeb0ef867c73f8f8c488cc6acd7c6c3c9430ce1ecf3199 |
| SHA512 | 52cd7fe12e4931adaac7cecfa876a77855c07a92e17e6a0df0d1dd80ee258ce94b514f41d234c43dafc6073ea05f3f74090615108a7232ef71dc7f7129843a5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d5259511319c6cff079a376c3849dad |
| SHA1 | 3d100490c9440cb5fd5b48138039547b039c72bd |
| SHA256 | d6864d54f0bebf063a5ffb8a55cd58b9544034c1fabcddda00821d00dcf09f63 |
| SHA512 | a957a73e080af85955809a61e7668944be70127a58b885a322473ef171ec92b16d7fd957c3b4ed3629cb7a69809992f9f0f91387dd7dcdffa4adac656cc546dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3e0949c708e330e7f94778632ad671b |
| SHA1 | e86a5a7573fa62b2711aa7c7759f31547deda71f |
| SHA256 | 4c50a7d6a9fb244b73bf34bee7dad67ad8ae8cdf1fdc0d9f1ebbcf65b7b33180 |
| SHA512 | f3ba2163832045f71e295c4880d526779e07d8443c82d48dd062c1c9c5a74d24502a88b1633ea24152a0ac7d38031a17aa593ea37626d873d3456b294f1c216a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8671c787cacea0287a5735cfb791f577 |
| SHA1 | 22b4bb8b4edc688244121a49f5bc1fd7a2f3d706 |
| SHA256 | 5758a8aaaa22381c52bbe00adca07f985ebc5bfa7865e0c3e08a3650ef687a24 |
| SHA512 | b55e08f9f712c14de45d35f46c023574d5154de63da71bc0fe4994e247c9abca2ae0f303c830cb48d0dd295387798d4cc2809754ab9c670bf0a335036b043403 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e925773f5299dea5849b07fe20537e6a |
| SHA1 | b5e09fe385d179ad86eda31a3c343e49c1030a01 |
| SHA256 | 650695318ccd1c6e9ce9725c077c750f7d6560d4052616f962f7bcb423e5ad7e |
| SHA512 | 38a5d5b58371749d0d739ca2c3228c04610efc52fe7f5c8fab170b601c4e49b067106e6ab77924d212c0553cb4259303510afba9e54bf3fe4734837048530b7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8bc8d17366da80b069a95e347658a15 |
| SHA1 | eacac1d4a87be358a245db87eb9a34f048f1c90b |
| SHA256 | f675e439200d350d9c30eb7dfd51c4ee7c895898cf65527e8504f473a5cbf273 |
| SHA512 | 4c8323df808c91b6e8a56858093ebfaf8f488a3ae5c37628120fcb1c94e0f061c1a8719b3be11eadb9b1f3f12183c25f468d5eab466e766fcbab2a0965164437 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cf087f8cbc3c5185bc1a79ef483ba0d |
| SHA1 | a2e236e9fcaa99b7c6884ae23046ecd37cc0c317 |
| SHA256 | 43230845e8d4a042e5c4b97830fa4c8689851b52fcdf4dfd1809f56ed6d67263 |
| SHA512 | f80950ef8790c44c5c8e08927ecfba13c8e6359364b72032afc390ae3bf2f94ba7c160a76d8152d92cbbf438631849869a6ed4e34527a5ac79b31476c640cf14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2204574e747998625029b8107e2bc50d |
| SHA1 | 38832a99aab129512abaa5ba959858c161ac8fba |
| SHA256 | a31983114f23a5bb302d6c2fcad36ef2374a14e64558269f9d2f0f526a81ba57 |
| SHA512 | fe4c1d34bcd4da27b24530dc35a25aca1da5973ea515c68ba94d0ae097df0a7cfa0292ce777871257f28d80fbee07f1b3e9a0d6625785bc54bf32d876acd1f8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0442d73ba4818fe27f6b6abac455973 |
| SHA1 | bdb82d9e89873399412419adf47b63f28c3abae3 |
| SHA256 | 1ec6860d27fbeb9ab52f1074d731b6349108b19894d2003d6d40fe25446731fd |
| SHA512 | 46b34196ebab8e2eb6c99873730a4cf67173eac158b7661a0ef5f66216c0d0db05b6c97176b29c63fafa99f37ff01fa3344acaf8a00c46fdc30a3abb2a458ac5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab7f3f59d38cdcae2d8162c6ab080cfc |
| SHA1 | cff4e45a09f5e38d1322c74ebaf4802b7a9bb7fe |
| SHA256 | 6de199a4bf6a9e2767d90458862c198e7c61af843065ba42628d00714e236904 |
| SHA512 | aa9c207cdb63b7a9414c2b22104397da050e4c2e4df54d91e21b9c0cd1a77ef3e5987d6dafffad1960bce11993644c7bc2243f5010cd941f20375ed2ffdf82ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7db760e9b89091668096b1a9028433b7 |
| SHA1 | 00c4eebeb6e210da0602c8996681221cd7f06a98 |
| SHA256 | 3407a70ac45aa979abaef14bc8bd1c77cdedf4771b3e175f6135af264fc5a0d5 |
| SHA512 | b5c4886f291e8a9e7def7e2c43f232d8b708363001bdfa2ee890573573b0aaff3c4ab21f31e3cc8a285a1f91887817c8fb491dbf8c986012380e4f1e3d477413 |