Analysis Overview
SHA256
da4ad50fc99a3cede7ca93e3c3ee1af3dccabb6b15bb16bc5027b686867b80aa
Threat Level: No (potentially) malicious behavior was detected
The file a1d082c708ab54a0418d0d97a33cef18_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:46
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 18:46
Reported
2024-06-12 18:48
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
138s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1d082c708ab54a0418d0d97a33cef18_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa63bf46f8,0x7ffa63bf4708,0x7ffa63bf4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,6557748257480937298,15529649019814200994,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,6557748257480937298,15529649019814200994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,6557748257480937298,15529649019814200994,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6557748257480937298,15529649019814200994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6557748257480937298,15529649019814200994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,6557748257480937298,15529649019814200994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,6557748257480937298,15529649019814200994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6557748257480937298,15529649019814200994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6557748257480937298,15529649019814200994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6557748257480937298,15529649019814200994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6557748257480937298,15529649019814200994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,6557748257480937298,15529649019814200994,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | waust.at | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.201.106:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 172.67.71.57:445 | waust.at | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 104.26.4.7:445 | waust.at | tcp |
| US | 104.26.5.7:445 | waust.at | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | waust.at | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | v.redep.info | udp |
| US | 8.8.8.8:53 | 211.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_1384_ROKFSLTVUQRBCOBO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1e63744c1295cef66a18faffa702cf70 |
| SHA1 | 5edeb764bb23c2c5f790c2b915598b5543fea495 |
| SHA256 | b964a4e3af77aee03e644cf15cf1cb85cc2e66a0b97fe4f8864feeec918d92d0 |
| SHA512 | 226f2f37d5b6fc66d3eeaf75860963bee9a9f10c011b21ed4b5de152db2ef4d2c49235e958ec1d341245cd80feacc89dfa1abec8e7fae3b85e23af054d8672fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d62d8916-3e14-44fb-b739-5ddf12163089.tmp
| MD5 | 06a533b1454ec4ec1264e86a48f56fc1 |
| SHA1 | dce6f7fda0b80be40687ad21fe93e1dcea743719 |
| SHA256 | 97aae4d363cb1ea9e398c6541df7069b95bc8c91798bc3a2e9cc73916085284e |
| SHA512 | 60c9677e7837dcccae88fcbce7cc8ddd462fba7a7637f4ecc75726f8feba248cbf531d402a87eae7d1841233905180d5fc2cbde6943439c143f7fe39d0e8af15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 622947c84a59a715bb71b10179e6d161 |
| SHA1 | e3814d0ebca9200d55e52e1fcaefee0b82fb5e2c |
| SHA256 | e70ac330020f9fdd8bf6a8d6ea06e73d6504d1f3fd4e0514461ac88cca4485db |
| SHA512 | a71a50ab22407d51266259b44fdda416e371ff23b3228a8c4ac56b25bb9e11db2c96e1e6073d8faac9bf44e5bca235c9e6e6b961370e97e43a0233c03818d9c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c2163d3bba63bf0f15394cb0b0ce4d62 |
| SHA1 | 9eaff2e9cbba09d251fb5b93da5db347a40d271d |
| SHA256 | 34e1b73fc48776dda8d011b5499499fece2be9a2ba9586084305467f5dff8fb6 |
| SHA512 | 76cef3b2589ed1435bbd40e6d16ebacec382388dc70c39115477ad22e7a94a5778b12a6841cfa1a2777bf7d9da50df710d2e9ed36f3df3a15d9ea2eb76343ae3 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:46
Reported
2024-06-12 18:48
Platform
win7-20240611-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000004efc8736708b3d2214f9e82cc20e7156a44812950e70fd421dd4d93e66dae5e3000000000e8000000002000020000000a795893510efa387ef3e29d44e0481d4ec508a7dacc84fdab8af729b0a2f84369000000064f99f7665090c22e261cf505e142442655c9b1125afe375471db306f970240a23dadff0de714e68ea8427a1e10093f0d0d163f4f40788cd8841b7e77cd1679e2b9c42dd842c2fd41456e120c5e995b9ab34ad5cc717035cf4828aa5502d11a5c36c70ad656c0e47aa5326b93c9735a4f6819fbb57b3b222b1bc6c65fad9975f12079e5bb5028dc6a2662a9aa35bb30440000000c259128ba4b0956f548feb161528124477941778a3af7d4395f3687c8f5511cc17a4798e76f0121c6bbc8436d4ed2f28229e7890eb72e48291ea6e8753d165bd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 606379e5f8bcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424379849" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000040cec7a83e6165d8fccdce42e4be7199b8436642fdb8661eccb728130cf09a57000000000e8000000002000020000000ab8269c9ceb79d82e6a9b8be69794b2966a4c424ec0bd430cd6c3bc38c78d46b2000000094d8d41ea90173ba8b2d3156b1924be32ea4a8ade7d6b97b2ab6f9d6568fe34540000000b474acc451f36a8876a1bb8bf19d5dbaa05e98d05c3339c44ddb069f941908a1abacfc67c669f184ece011cb5f9581d3f84b9433d372ccff17b7e7044e676c4e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{10542E81-28EC-11EF-A01D-D62A3499FE36} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1180 wrote to memory of 2384 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1180 wrote to memory of 2384 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1180 wrote to memory of 2384 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1180 wrote to memory of 2384 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1d082c708ab54a0418d0d97a33cef18_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1180 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 216.58.201.106:80 | ajax.googleapis.com | tcp |
| GB | 216.58.201.106:80 | ajax.googleapis.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 660b6e28b38ebe7e521064e60113fffc |
| SHA1 | f2c25e9f931876bf6834191ec5b409f47f869129 |
| SHA256 | 3e203426c4aa1403e940966905320c612ce4006cc87e03eb64058eaf6d402433 |
| SHA512 | 96868e652d5e0c25b4d0f0ada20d345115f0c6fda26d3cab724c0c1867386d2dcedc408c51f776b7e019ce2e22755017d99bf663cdd9fd0d88b26182c6434bcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | b6e06f7e9b599cbec7f5619fcc08af03 |
| SHA1 | 58776c9314bd5d286ab7709b6ac4230b1e8e50c4 |
| SHA256 | 3e823a1f097a12189c4f2754d48fd4ae70fd706e970e585eee8a32e85c295669 |
| SHA512 | 132fbf4a8819b7093c2aaec6d87c3a6cce12824a39b0fdbf5df960bb9551e00960636f9c86d8690f10fc3828285aa974e653463818458f8da0a26d7eb0d6aed8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 20f72eb18656eabe616c170586d86897 |
| SHA1 | 0cbd0ea8a2f1c328a0338b6fddce8ff5058f7ee4 |
| SHA256 | cc1c77740b1df2ec906c67abe4ad268e0eb9b616ca8b5aa79e6030c45e957e97 |
| SHA512 | e5d368c9bd038f76da552c3e197159921da06e3e7da61090c1b1c92efda2220e9b7915e906170c169ba2aa9cc985b22273205ef283e317f49dcba38edc633984 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | bf5edc0029620b179e9279132a4591a8 |
| SHA1 | 3cd1d17c942fe42384d249617bfb1e2ee16bcde9 |
| SHA256 | 21e82816c69c6626b48653798326701002c91f2acc803aaa4e41c6b3be822f69 |
| SHA512 | 0d304cf94718e43bfaa382d6a50b92ee796d1a42d9790846ac4bfb914ceca47c4c9f42c42377957b0efd008cea13effad647460b2500e180b328a163ffab05d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 6502e1a9e5c263501b40344d12570ae9 |
| SHA1 | f3c99014e5d2090068d0b23f2cb8dc8b6be6586d |
| SHA256 | 2559f8681c69c4fcf5bc736a538e8450b179e015bc32ac7bfd82617dcc365e89 |
| SHA512 | 6d47c70f237bc09d82296876e505c2ee357cc6dae1161744053964ac8f39ed0fb0489f5faff5f7ab37fdea2d083bbdc8bcb62c106de39393649d5eac52468245 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | e23d957cd812e6cc99f4bc70bbcda2d4 |
| SHA1 | d74053d868ae4bc053f7f6c7ffed8b4488f8effe |
| SHA256 | 77c5f2d38065731c2a2b2bceefd8d83b8f9023542a17ad2b75f6ee429e393fce |
| SHA512 | 88469568ed41852d271700a86bf2834abf33b6ad7cfff501b62f31f9136b5cdd655450270ec50ced19e3abfc338652c64fb001a71163baf7cd40613f1f4155f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_95776108E5303B05527E9B63C6628F47
| MD5 | b8c98570bdac54a4d237a6fe8bb72622 |
| SHA1 | 1ffde90d4f028e7cec85b5a07ca1d9af7788b46a |
| SHA256 | 060875e976ae4f23c9e5465e2370475b87f33ae4c7805f087c0e04afd1f931c7 |
| SHA512 | 04ddd914654b727261cc61057aa8b34b0fd827c96cd188a0d0a014fde5b8864168d500f97b0d8a4f10980e6d2b0d14f03f84925e67136331e704087bbdc63748 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | 475069426f7c5fccb37b0fd3771ceecf |
| SHA1 | 6c3e6f578fa8f3bff44a1f698e0d77c2d506adb6 |
| SHA256 | 9a17c4c23b08d98910faaffa2911de9d23ef63ca5e9e50bbfe7a0b5719470e0f |
| SHA512 | 2604b287db60273bc18e22b6d3fb7695d6f16b61861fcea8dbbc00e3778218e75141d849f836ab791af43b36e55437cabd1303cd2257fcb21d76b84ce9dd206a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b0dec3d9edba54452299028470d5511 |
| SHA1 | bae89d1f4150a8086565356d0af6cbcd915e5a32 |
| SHA256 | 4f49a87054b4512bd5c732c8da6fdddced4eaa1a1ddbd6b13232bbf16f198e85 |
| SHA512 | ba6484a13264051b9d8341e847d4d90260186dc953b97e9d384f2d52ad6d630a594c7e18c81be6b521e9b6d524ac3f57f86ceca019e437b29e141a4b0df0ee83 |
C:\Users\Admin\AppData\Local\Temp\Cab28B8.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar2969.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64c1509f37e3ef8d040ce7676a275d26 |
| SHA1 | 9c7d70151425b46abbeda45b7cb55627575661f8 |
| SHA256 | c7b7cf2eaa12cbfc8f3fb21d9fa105489ceb9bddceae749737a1539ad3d8510b |
| SHA512 | 5375c42e774a82d404f57d5cb6a90bca1da3e44e6288d9fde42104c431c4d10ad39e9072d8acaa0c762012f7c2d871b6189d41acb57f7ba30834634e0d7fc0ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d9db0a7011d10d741e3389c8336ca9b |
| SHA1 | c936db2c5335e050fe906d958dcd54b409cdef8b |
| SHA256 | 4a737a9581e8bc92896612eaeb9a5af197aaa1cd36b80bbb0344d5425d2292f3 |
| SHA512 | d70e59a65098068d9ed27e78babbc8d63775e458aaa16da28d6ad7a5bd0485c52ce39a2ae13779267b6b5924e40509632ec8d081856f64bde1bd0b218593827e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 017272faebb76bb62469df34c8e950a5 |
| SHA1 | b2bf69cc01d6ff2b45ade2a926a1c4939caf95e9 |
| SHA256 | 27bc433d2740a96e79afecfc38bf3a14ea42f9d32ca7d40e80edcd717b31003c |
| SHA512 | 3881f18212d7c05f7f4ce4dc5660c065d2b4a7d1b65f608d64ad89a01804261cb847ffdfc3f30ec9dadfa4446490416e60e9c73d0fcc01235866f55e87e09fdb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a410e25d07654fc559dfd5391b666ec0 |
| SHA1 | 94c73b142835ee6be4b783fd406fa2c15917033e |
| SHA256 | f378109b319326bb9ba2c9bcafd1100941627c5662c2b05ab758eec2b01f3da2 |
| SHA512 | 653efedb9d53511d9c03b1e4a6841738bb2af9cc49ed35725b2844d9460aedd6b37274f0ad95cb1e2c3ce7dfd7e9f03c467a78fe7f460f53e68b6fce80e29453 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49a37f43c87ffab56f46a65faf8859b2 |
| SHA1 | ae561711aef52697feac9c0b4a79a4c71727e8be |
| SHA256 | 727a490e2b49f7794b2dcda28c06a50a134fe97442ff50b1cde29eca11ec1c68 |
| SHA512 | cb48959d2c13d951796d9c3d9c44bebfd9a3fcee2b90fed93d350fa3572e9f56b46c62cee4c2c5f377da2fc03656329c0bb30866440d522d26595f444611b51c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07e8439ca6664e9a2389db02aeef6cef |
| SHA1 | 5bd56c04e95b8c15006071c1ad29bd5a9b81dc0c |
| SHA256 | 0297612ea73c99e73a8885e2b28e081a20921246c1d76fdaa1994d43a6e184ad |
| SHA512 | 63f4e82ab68104205c3ac4d30c016b8bc33d3d5bf3876e0d637062a1189d61f61caa563bc0cdb43ea104da474cfff68115fba80fe3c9a840c73c871bec7f0643 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eae5158c251852457ac460ab51a70ee9 |
| SHA1 | 4de7fcf38751a17ebdff7ddf747cfc2bf77842fc |
| SHA256 | ca55b61202a937295bc704103d5d140ef83f3704a54e2a8abe2033119fec7435 |
| SHA512 | 21edd5db5d86f710c4a25484eaca2e57ccec9ad9a67dddddb5e6d0abd693a6dbfb57d4c638b2975de5bfd6b7111deb328979c23d062bdd6468ed2ef34661ade3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24a7aa19d8d18709b28d76f7c69519e2 |
| SHA1 | d464423c0da608afdab40528153f3849b69e5d6c |
| SHA256 | 0d01c7e0770b6738ea296d318876af274e10581c839807f05c1735c56ed5dbd5 |
| SHA512 | ddc19618bcacdf52ef12466562e9418d8d4c322eea8cee5795df89114ae37fca5f0fa9a5122ee2344c7662f7b929c29dda5a8b68fa4b136e3c6cc0b9f8ab09f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e349f3b2e54697c5e7357f1d77950609 |
| SHA1 | 67b76be90a40d4b2e5def9083af85bc4b6b8e7ad |
| SHA256 | e4e79d7184fd0d576624afde1a62791e87d38d0ec3cc53aa11a8572ed2dcb13d |
| SHA512 | f167616922eca1b45e5e92e6d7230d5e01a97b9f0ad8ad011adc3d7ce3880f65deb83c7201cf917a57b0d2072996d2ac78288c33f29ccde6d5139c7df16ed30f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6cad1c09528ee1d2bd3d39391ff7524 |
| SHA1 | 85afe45505401e267969af18a4111daa3df725eb |
| SHA256 | 5e0696975b7068dfcaf5a89f1356454565dd3eeace76a5b31f91c6bd93327dc7 |
| SHA512 | 45f001f02474d29e23ea21ae91f1b85d11f6047731ee2f338eec54f67bd21aa3b48dfee204027674770268f83f388bb58b4935f99b4199c7676c45b897d09731 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77740fc57f9a045c3b6a7cb21cd3bc1f |
| SHA1 | 2185cdb5db5fd89ec08b11ddb7327f412ddd90bb |
| SHA256 | 4eab51fd31a5f8c51647bef212e17ab06628deeefc347f7e3ec7d7fab93eebe8 |
| SHA512 | 27bb9a0c5f0616d834b08802ca536930618c9b131c1063f4ca2b138ba1669d1c74eb6e1b35a76f5610fc11b0d7856e978ddc50119891646b661ab5155ec77fea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b842181b480ed387656c765806b1ace |
| SHA1 | 41af10c9a7970d771502cd69925b0101cfc03821 |
| SHA256 | 44efbec75d981d87aa3e9b18e2ffaaec020ad09ba34fbd699a2abedee03f89b1 |
| SHA512 | 4292bc856b77d00d842037d2906b609cd0157d06c9717bf90d59643df6bbb9d3375d65de59fbb9682c7d8ef2d02e52702f44c2fda88abf81c1d548ee3ebeca43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8cf4959eeb259676a1cbfdec1c37a74 |
| SHA1 | 6a0b1001b00cae20b52c856ea221212caf4bf6f6 |
| SHA256 | cf028e3522ab5b431674d3def10bd841727fe6e94fcbf2db02703d99570374bf |
| SHA512 | 14964e85ff8493721cf38c1d718edad6edea9b913986d926fabd0e8836026b5026ef887c1f754437f02bb4edcbe98897ad303ba2b45793a4b5493e58cc4d4a73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da6ba6fc1012c018f43eaf373bfd1ffd |
| SHA1 | 4ee2989c2d3adc6e6929da84108ceb664a2bc6b2 |
| SHA256 | 7a4a9cbdac5fd929e6537b208b2c8ddf17244bc8c4819f06069e4218e980b2b7 |
| SHA512 | d4fd26971d9074e64efa3001cbf3ccc80657f3fce8dfbc6259c709990dead0a385e5db5c9797629d88975f4422d2f0977349eb2d92de4e49cceacb7265d14ff2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 027fb1cdbdb33b69260720e4baf26461 |
| SHA1 | a5d63e780e50739365585eb7eeb94c5b0b306e71 |
| SHA256 | 08fa484066ca4bcf2bd9874fda0cce2d1754f7eae1416079e2813ed14e0c5937 |
| SHA512 | 4727f74343a63be6b576953f0e1741648b4d25cf34949ca958c910a942959fd5db2cfd80a8055b3e825a7cc7120186085c37fb1ecb8f94747179aae8b8386196 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 585effacbdacd19d2a3fc3d45571349c |
| SHA1 | b25b37fafebc089920da0d3304d7fc85fc98e9b2 |
| SHA256 | 7f417ee40abce83e0a0509e2112cd14cd1f665c39c499eed915f089400a70f20 |
| SHA512 | 7e10c87a84dccde4f06501a1f345d6e1d026d941e6d8a629ff87dfecb893c38207b7241fffa794b849134d68c74bbef43738fc2d5e699a1336a6bf6c7575b31f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95c31d7a58c9872adde0e663b5afcd05 |
| SHA1 | 9ee71ec9f2370c7be609082077f1fe2807f8048d |
| SHA256 | 2ab977740f115c2c7b61801ce9d07792584d62c69561ca26a8587ee512b9cb81 |
| SHA512 | 3dc149984568b99aafabb449a4a654a742e276188d694cb0aecc8c3551c57c1a9c7546a58f0553371f446bfd03c6999e5f8fb2ae16e376909f8112ee1fabf245 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ebd19817906c59be48d28ba33afbab0 |
| SHA1 | 57561ca2e8abff9a9a7eb9ada935c1e8e9fbbff1 |
| SHA256 | 3cc003081d1aaabc18a8fb2d0e3991a21a207f79eced952491b22034a08c518a |
| SHA512 | f5a8b25f99bb7490b5b292636ba4d1b137ca9544a92d4b8f470d6f8dec9503893d0f6299eb9d329a45b29d787cd09bcd41962a249780429a595a640836cf9d2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 610f2c921dcf95a404be059c3b37b875 |
| SHA1 | 77a307ffcebdd987eceab858154e49a324c8755a |
| SHA256 | fcec8309d3e1112fc2a94a3f6ee8774d1b87737f15741197472bc2621e81c47d |
| SHA512 | 857064ca81e88ed6f9a6d997d9074d3879a4dd7d5500fdfe7005731874117caa36bdd9dc1faf3be4d3542c9d1179ea938ddc0f6fc82dfcdf1e6878e04b3b46a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7940247be1c317f9a6047bbf2a6151b3 |
| SHA1 | 40801d9eec04806a23e9b6a1f12b3f27cd9bce0b |
| SHA256 | e36284b8bdd6defda4a28c6635cec7cdcf47f848ef41583187e1acf70e4a9689 |
| SHA512 | 03ce54d603d2223c55a163df4d312804e5170e347aa3099de44731d2442543e16842ef67f327ec736e8881c7e62a9f56de8837ba2a0efa2ebe5c6df0c4cba4bb |