Analysis Overview
SHA256
87d05aa61d7f169c77cb7017cfa2468efc93b01c4c1719c590ca8b63eb87222d
Threat Level: No (potentially) malicious behavior was detected
The file a6aa17d6d1d34ec6511af9a46173c62d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 21:32
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 21:32
Reported
2024-06-13 21:35
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
137s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6aa17d6d1d34ec6511af9a46173c62d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd421f46f8,0x7ffd421f4708,0x7ffd421f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,9548088777193016834,16094567420747902046,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,9548088777193016834,16094567420747902046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,9548088777193016834,16094567420747902046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9548088777193016834,16094567420747902046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9548088777193016834,16094567420747902046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9548088777193016834,16094567420747902046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9548088777193016834,16094567420747902046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,9548088777193016834,16094567420747902046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,9548088777193016834,16094567420747902046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9548088777193016834,16094567420747902046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9548088777193016834,16094567420747902046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9548088777193016834,16094567420747902046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9548088777193016834,16094567420747902046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9548088777193016834,16094567420747902046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9548088777193016834,16094567420747902046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9548088777193016834,16094567420747902046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9548088777193016834,16094567420747902046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,9548088777193016834,16094567420747902046,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2984 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.graddit.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | static.graddit.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | static.graddit.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_5088_CAPHFPSXKHWIOXGF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 12ce9cc1bcd45e4c71532a281b0e53f8 |
| SHA1 | ef375b46eb6c8d2da147f7c84bd6fa5e89701fa9 |
| SHA256 | eda635c4f94e83c4a9cbe55015a9eba426d52c64b3ac0761159e750845514cea |
| SHA512 | aa390ef5d065d060dbe482348e7110cc0e4d2948c3e6d633bb154e88957c91d82d337cebf17cc9c9b4364c4d5be81ebb1095c74c61d95b5610946e88a0fd99e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 387838c2e98030997e5f769062e4d551 |
| SHA1 | 509214ff18a6d4107c76e78053b12b3209835ebc |
| SHA256 | c208454739df7213ab3d2c0d3fa84e1516fd121a370d618c5b6777256a2a4c49 |
| SHA512 | a6a8ffdb9c4b657af95b8915a8aa14a4781897b3e8462f69bdc0e4acc72660715f237d414679cb6736fcfc9f64104e37ebfdaeaa453b0a5881dc31e237a40a61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 05a2589fb80fdba90a8f47f970007cb2 |
| SHA1 | d947b118c2b953ece072d3c92c0c6d89802ac6a5 |
| SHA256 | 50a2f926c24ccc3f6e3c820e86f467f3d46dfd2c4baf0ca741a2f217f486c5ee |
| SHA512 | d6255547634b8d76bf17345a1f1220cd6ea73279af6318dffb05e9eae400dbf6384a8338660dea6c93b0709755ebc2e01479c664a8407fd32b56938bbfcd5038 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 21:32
Reported
2024-06-13 21:35
Platform
win7-20240611-en
Max time kernel
128s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000008a0a2c41dc1c8d450b5a87de645496b71ae9276d77383d79a1e66356bad9dd3000000000e8000000002000020000000870dca22b731182f46b8335d3a7d2edd778fed77063bd881cf14dd6448b25ec120000000fd44b92657463f5000c1a64caf8fb94ba22e22cd137e621de3f7c6af2fbdb226400000006c745909898e477cc8671d3aa4dbe42cb9feb8e9140471163e325b8f89195d2e42fa39bf71b26aec4bab7cfc40f57bb38b5571e3647fa219cdb043de66e44b1d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{79B58871-29CC-11EF-8721-FEBBC6272832} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000ee703089b5c3e195442c97c300ff3ca234daafd3f4c7e8f84a31a06b752a4926000000000e8000000002000020000000d2c6b6e35f2b2b978068e8ff0132d81529f47027f6eac4d7d01f51c1d3eb013d90000000593fd7637a3cfc1448b84a7b2f499e6fb829871fe5efe2330ed84bf6cdd0d5c7386f4a51dffa808e2ab92bc5acb1a97fbc0e57a204e5c596fe4abf6a49da5e0696368fcadc2c028d9086c4462e14ea7c4db13ad0baf80bb17c47251cf7f9c1099767594a0deec82579eddcbe105f7952a0c0c1aff96b09a74220c99d6c5ea06921d1f0e1ddd876810db325c927f7a11c40000000aa809184b678dea00de04a2588575f20d2c4b00d0f65e36602fbd1674737130894ff655f908385c76b4e4c55a753321abd7c635401fc83f5b6b8f88725a7ba63 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424476234" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70dcbb51d9bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1752 wrote to memory of 1740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1752 wrote to memory of 1740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1752 wrote to memory of 1740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1752 wrote to memory of 1740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6aa17d6d1d34ec6511af9a46173c62d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | static.graddit.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 165.227.71.229:80 | static.graddit.com | tcp |
| US | 165.227.71.229:80 | static.graddit.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 151.101.194.137:80 | code.jquery.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 151.101.194.137:80 | code.jquery.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.234:443 | ajax.googleapis.com | tcp |
| GB | 172.217.16.234:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.cebr.info | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | themes.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | themes.googleusercontent.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | a08991b3b3149042115bebb75a76ccc0 |
| SHA1 | 4f1a11c57b43422713fcb9c7af450a3a547ad11d |
| SHA256 | 827224a17beecdd911e49e0f09ab9665246f781744d1241545d6aefe2e67c788 |
| SHA512 | dc3f8319b0a7ab3e3a37447cdd60b3772bbb5e73cd44e9e58c2ad979dcd68f48f675c8a0a2626e9d3af5d4c664a9dcc52b786b69946236d8f89d12371d987fac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | daef8bbe1f4720c7c403685f9a79cc87 |
| SHA1 | b7bfe2173d7e84da022567688fd22a3726a99961 |
| SHA256 | b0d6af5e4701ced050b731788736adbcb6e76e404983e8a17ac4afe848278279 |
| SHA512 | b673496e396e22cf33f104af19ea255aa074cb8c9d0ea779baf2b818297b59fbd6c3b37663cca29cfb9bb28fe3ab745a4e24977a488f6c7494c6430b8e238c6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | 7b1741c1b825eb84417708afe78f926a |
| SHA1 | 038bff19848caada3c89c839eb0772e666e87092 |
| SHA256 | 1e645ef6cde8e774d2958f4e2988ff3470be621f24ce874c929426fdde8a22bf |
| SHA512 | aef01e0fb5a52894b90bba998a9033e14edf4ad2dac1a329a5a13709a9157fde4e6c56cc5504bda373ee2efd1191ede0c4529072910dd8a7550ee16069094da8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\halamanav[1].htm
| MD5 | e89f75f918dbdcee28604d4e09dd71d7 |
| SHA1 | f9d9055e9878723a12063b47d4a1a5f58c3eb1e9 |
| SHA256 | 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023 |
| SHA512 | 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 399cb60a4edb0c53b2408d9c19f64d95 |
| SHA1 | 5a290917edce2b552f910ed9a582590c384ff3ea |
| SHA256 | ac87c058adc04e0efc58551ea90704dc068a32c83e426681a625123ff947ff91 |
| SHA512 | ff2974017445f60e5f479e05e02648b282d72e2fb216de43734c55390726291b2281a7f0626dc0cd5f17e629923e0d77b5d9b8212359c13378acfaba8b7d97be |
C:\Users\Admin\AppData\Local\Temp\Cab4146.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4148.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b112d26934605e65b7fd907502029e2 |
| SHA1 | df14934dccabd0b272af4e6de4e53abd2346c1aa |
| SHA256 | e8b74c41711af3d9fd854ab9050d70d9a68baf3f983cf0d557a0330b05bf79db |
| SHA512 | d9fd098905affaf704a0a65ffe8c5b583a5f68dffc06422b667324d465f012232eaebda4a480534afbd10d9ad448a3ac087b1ca1e964e0c227f5ef4e5f2115c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bfdef869f59f679bb4731e804784a30 |
| SHA1 | 795cfe1b308eda6a9736094f8cf4108367496fd4 |
| SHA256 | 7c9221893a7e4ab7762fd90266dcccf39e8591afb76b02eb420faba7d42fd696 |
| SHA512 | 792c72644145ae04bcba37b8a0e50e90723fff1d8a4310dadf00d36698be538ccf3cbb187a58cc8caa58b7aefe139323138abdc6a92a262aaa10d76eb31240ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fecf96f16aff47ebf6048427ced15e90 |
| SHA1 | 36a09623e8a8f076553615eece619d591886ff0c |
| SHA256 | a29cf5994e16f38aec305c34f84b13db2aace7118adef4d61b63a70a7ccbc4d0 |
| SHA512 | 25892da1b9a799943a31117f8674545c7ee9293e73916218bfad907371f485bc76f7445567498bb034b9a62d4cc695e43e97e88eed71bc6c167d90a8309767a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 874c769cae7089b250eb06e6a62137c6 |
| SHA1 | c1289221161a94c7506ae65d00e7d8bee5da06cc |
| SHA256 | 94df71bf7403d51dc1d393988addabf5974189473060ce2a549b61eddd28333a |
| SHA512 | 6208207c4ea99d92af73b45eb2cbb6845cc5aec7a6b5ca8c251a75171d2ed5cc38c616c2305fc03cd7f128b98e82af21a30036f8b01eb16f20c5eb4b68121b1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b822949f2886c5a0fa26a03c4cc3b319 |
| SHA1 | 84f192b0a9f6f954d22b480d75b545c49d040c4b |
| SHA256 | c3cd10197e2cc3ec01c9484e2c5cb7be81da2685c3d5f0bcaf3c371bf1cdd38f |
| SHA512 | 7803b0acd9b1939895d5432146977279a5d575f75fd0bbff0350218e985c0f712cc6c50f2d0f6c787214840bbd619151ba082b8b83d3ff079aa79de71efd0dd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32470edfcca89da41ec01f0dc369cb55 |
| SHA1 | 99df118d2350072af7768869b7d7ad23273e37ea |
| SHA256 | b0020f4d05f2ce7acd171cda843f4464e7b2673600e3212e9050abc17f50a805 |
| SHA512 | a506a933d18a2cdb0130b2f8b5f68efdc4b84cd912a426afa3a6a44fc74c7b9b60f7afeb999996e17694736c8d65f54c5a7b6800f2db90999d8baa1c905515e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43f90694cd6d6a6db503b2e7c1d1edaf |
| SHA1 | 052b13b358192ffb38ad6dc9ff2abc0009e90eae |
| SHA256 | a4695a772f201ee114b7bf0b3321652e37195397b0b6db64934460dcca8b6a88 |
| SHA512 | 2ea95f39ee5f688695cccb2152578a280f8daa805bf629e2c252f74b8cb780bc11b85d9cee7babea5be0ddf07d6606ef76c8e120f06818496e6c5b590b691aef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c92620e4d6a85841bb0536bcd611425 |
| SHA1 | 230e8f2962f52fc3be9607d1b3a6737a99a27df6 |
| SHA256 | 6685b3e5d52f87519b445b3e690a561ca50dbc6d49ba2a6547feca5dfe476838 |
| SHA512 | b9d622da54d90d60bca21c466603b9d9d70115ef2c0ef2719a111836c247fce13562932d93e4bf9bca78fea0dede0494165d5d0b2d559aa176756a1ef823e928 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\jquery-2.2.3[1].js
| MD5 | aacc43d6f308fa362ac85e3f4fb2b30c |
| SHA1 | 09b2fbec3c6e662be486da501a913d4b93ad39eb |
| SHA256 | 95a5d6b46c9da70a89f0903e5fdc769a2c266a22a19fcb5598e5448a044db4fe |
| SHA512 | c535148b1cf98ae0569ea06233ecc7a5fa3253a803a44967286fd0700d52c4bbf2fe3b5f5c406330abca012c50769fde9a9a9f24559ccd0d92f5ca2d94a5d3ee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\css[1].css
| MD5 | 3187b9d4ff2216aa2bd4bae3619088d8 |
| SHA1 | ae776868e2c0027c4527022724f5d59b05da6c66 |
| SHA256 | a183f0787e54c8fec34bc4fd2a3c41f10c5f45a8f3510cdf6316bdb3e5215034 |
| SHA512 | c2eb02ce0a2a40f1c61621dc6b42e7ad7659e829c3a8f12b7bee2f463c31e868d59c6a0e01c30e864080caaec77098efc47b331863f1193bd637c88cfe8c7d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0DW1CQS\css[2].css
| MD5 | cb39a89917eec0f680f2d31bc9fda9ff |
| SHA1 | c8574e4f5a6be55eaa110fa16c01b4695441628f |
| SHA256 | 63b9e7deee11b4ff0dc967aa0c0cdf89b0c9b3094118d1102f7507556e63a08e |
| SHA512 | dc4442a2ff2626988a48e549da8b151d6cec94c813a4b0f6030536f8afde0846b89a49bdad6330649b07c5efe7926544e90f94f7db0bb3b42ecdbb7bff738953 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\124887373-widget_css_bundle[1].css
| MD5 | 430d0f52546401d2f8c037bb84952ebc |
| SHA1 | 446c9de67e5cc8c01e2108494fa0055693dc6993 |
| SHA256 | fbbb7e598e30407bfbc0e1415bff3127bf07ff9282937b87330bac620e919696 |
| SHA512 | 6b9f3d0332aedc15d05e0f574e8710678898355cca6b16ec452fc9c3fc80cd4a7e7b45361f0a4f7faf55edc5f6c0c76efbf235b022a895e3aa5a06a4bc843830 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\2982899471-interstitial_bundle[1].css
| MD5 | 59bf05c1c56d68e36ab8069e5ea2a34a |
| SHA1 | f636aef02e6d242dfcfcccef86cdb4d0101c3756 |
| SHA256 | 5d6bfffe8a2c758b3dde8cf549c904226a928713ce4db67b0f8d3862c377e344 |
| SHA512 | f6690b98c12df293c080ba2c62ba6d290d691cfb352ad726e5b749d0caa90510f11c9defd18f64fbb8a70b469b42bfb6529f7abedf0d54af6aa2fe86b1dc41a5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\jquery.min[1].js
| MD5 | a1a8cb16a060f6280a767187fd22e037 |
| SHA1 | 7622c9ac2335be6dcd3ab8b47132e94089cef931 |
| SHA256 | d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f |
| SHA512 | 252476e9f94a6db579e14cdf1197555e856e6b80dbcd78c46b9345ce6605a1cd69da0dab2a4c475b51d2103404d2c61acd18490e005d625eca06afe4d75c8a6c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiYw[1].woff
| MD5 | 57a8f14ba2567b39ba4013db835af389 |
| SHA1 | 101b638945cbb93990c70eac567cbc060c573cc1 |
| SHA256 | 7210e1fc5e0b71011f6d821fce7aa459b4c2452af3fc4dc0f493abda10fd13a2 |
| SHA512 | 57ab3b386ad8487341a9767c099dd209523fc4b571efa74cdff4b8ea85a7c452da90e8f10406f17dab5f74dc64750a6cc0dbcea830169ffac37458a7abbab8a8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\BngRUXNadjH0qYEzV7ab-oWlsbCGwRs[1].woff
| MD5 | eed6edd3682ea4dad7d42e43648b490a |
| SHA1 | 3c16df451896fe5f0263d27bb1e44cffbd86ee41 |
| SHA256 | fd3b97c19b90a1981c6851327e8289243e44383a4fdd8e45353214867eb5b5e4 |
| SHA512 | 79e44f268beca9e61506e12fdd1733c6e822e90020e1118a0fa325bf09682a7b41dd9d17533e41c85014e63fcbe8c65225224a6fc63495617e0b14d639c1b973 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0DW1CQS\3896558673-new_ui_static_pages[1].css
| MD5 | bc1c901ee3438ba354e28f967f1f1de4 |
| SHA1 | 996c4a49da61847b4cd5dff9136561f2f529691c |
| SHA256 | 1fbfe0101489856a0d7d235c9574f87cc23b4dde7e28d85615d2cb5f7d349ee5 |
| SHA512 | e5fef48d7a31ac6243ca0cc674d2adf97fe2b7c85fb3329c8e95fae34a56f930871944ed43ea61b8f02672b6820fee6096f8a223c750b54882f1a57d00b9f846 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\analytics[1].js
| MD5 | 575b5480531da4d14e7453e2016fe0bc |
| SHA1 | e5c5f3134fe29e60b591c87ea85951f0aea36ee1 |
| SHA256 | de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd |
| SHA512 | 174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0DW1CQS\671481879-analytics_autotrack[1].js
| MD5 | 1c4256076fac77893331db4f22a9a41a |
| SHA1 | eb8a7de989615278406bee51533b6f4f6a71c841 |
| SHA256 | 57f24a99b10ad3f6431e857b33b26015c29c4cccced30375d222a35f0c4f9bb1 |
| SHA512 | c12e91755540380e3b4b7ab5c9db1b6c9f36d81a2aa1d4396a365db37163a0b2c75bee16629b13132d79b9eab0ba2318da6095efc6b3d00d6df587c3c49ed6ce |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw[1].woff
| MD5 | 3eb14f3838ada50e10f062a895c3b9cf |
| SHA1 | f570b2fe0688332cf8c4a9127db25433d9a1ebaa |
| SHA256 | 90556675373ea9ed1d0e9b5678426d69296b6801c906ca378bb426aa3d6acdc3 |
| SHA512 | cee1e0f1a0903abe5d00e0cbf1150e990494f950ec7b1f5dc50a832562db30dc1dc6ae437e49c13f50e75274b11703251d0018cdd340ba3544d3a16d319ea6b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fcc5436dda47e821713ebc64ca9486a |
| SHA1 | a8efa580337277f2236cdc830c4a135cb7edbdfd |
| SHA256 | d9be4983f8d612a133b4248ac757b2f621a5774ed2455cee2e482ce902b548f5 |
| SHA512 | 6a78c7f54a74e9827d3ced01d73f0375056794bbad1a52e617b7b990f6fe28d29a175fbf299b3524aa8ab78b54fd8e59d31355a7d006b2581a209fcdd1f94d7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1dcffd1c4a4dae3584a6034bece7e284 |
| SHA1 | 5676092b4d79302a2b0bba3f21fca0e1b59b03da |
| SHA256 | 3b5e72eaf2e158af2a072dac999104dd3526359715ed4d6460f19cf8e0595b61 |
| SHA512 | 97f0d82da78749adb45eeb4fcf321f15c282548a6d965f2e77a353ad2ca7ff7ff35af09594dc894dd80907f0488024665ee0e5f6429c9104b98880f810bf42d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00b904fbf79ed82dc8a7f03f6633a8f8 |
| SHA1 | 663eb3b1674554f613bc55c728ac02f977e7894d |
| SHA256 | 0b295bee3e62b72afaed3710336f1cf6ffaceac4a76ae47221920d1e69394a46 |
| SHA512 | a246c7b58c60d1cf35f7ee0507f41f8ff3b98d3d7f77e4c7f697440cb27e1d647ae0f726fac962638f0d3801ee5e0530aab85545f1c368dfa506033a99b2266f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0cbe34780ffa7e0ee59521778e8eb2b |
| SHA1 | 4739e2c5cb5e9c092cd3fa4580474f41f7887b1a |
| SHA256 | 9549b053ec977addd4df5764bcf3223054d598330c05651974eeb78170ba6104 |
| SHA512 | 2fb1eaf28aec309d56ed5005337e7db60a83f7fdf9b2b37708301ae48b00707ef6b4386ffb24ce18de28973d983d2d40948f091be317b67022b1eb8cdf71e314 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c47411f45676ed839cacbef7696b70d2 |
| SHA1 | 9e3cb939919e637871171d926613a633a88270df |
| SHA256 | d68b70c41c7397026aa13d3a6f641945d5d91abd0176001ab64a37303400253d |
| SHA512 | 5e14100cdc727bccb0e3cb5d73c27abaa48f0e8835d91ce4820e403de89c3d0579c357eaf8701ff2421b96a170944f08f3aded1cc14941ed91267505e5775031 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac411a70e24c9277356444d2fb3b4af3 |
| SHA1 | 192b36face0171a28b8e074d7da0a5d3e300e5a8 |
| SHA256 | 0de6f9ca3c883703b5e79b2b1505960efa221368e4187de6c343e30b7190e4f2 |
| SHA512 | 718c7fa4c591f62e9c672763d11f83f3d5c37362afae39811b7e5b5b8ec7e4c699d30ba37a38f38d446f244d20314c4789a360795914901c44ea5cd1c01e60da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2648b6ecf7edf73051813eb6b57bdff |
| SHA1 | 1cbd81b98967f927a6bb3714713eb238707808dd |
| SHA256 | 46e457915c510914779eac3d40b29931e7c75e8cf0c29e44127a21fe7c85c36d |
| SHA512 | 64db6f127f1bb4c910aea1d59ed42d31c66ad7b5b18b0a01c8a369c3d00dd025f83d26e84da75ba077cab1adca2fcceb6c4d28dc7bf71cd161d287bea7f6159a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7de915944af29b14ef357f417fa412a5 |
| SHA1 | 8ee486b8d65e0c38e8613804f2c25831b5e406d1 |
| SHA256 | 801d3d9461d085e75ff993b08718a5c8b5ae1f64b030373664b7cd7d25d6a515 |
| SHA512 | 2ca79f8daf9fa176e93a8c697b716c0d12fbdaf13fbc656afc32ee2b96b72b1b063db1715d891407b47942b5caf233003fea1c7fa5ff5eb196126521640a41f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89e2beae492eb5012de4f1422c0c6129 |
| SHA1 | a0af9711d8801f76e86e1b382256e387610dac8a |
| SHA256 | fa1edacbcf6d6b57ba5540e71bdfab297b2b60670f10fb0fcdeabd9ab28bf2b2 |
| SHA512 | 544ed96dec8d2b536938586778dddb837088990f66d62f0cd2ceb29ba1227119cc2a5535728306a0497fb0a13f81e24e88d70f463de54ad8a165cf6a1f98e719 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\blogin[2].htm
| MD5 | 6a3ec8fe2e3b7457e462694053842103 |
| SHA1 | 1d5ca81892ac24d2f14e5f99bdc57dad7b91b6c5 |
| SHA256 | c9716a6ed7efe3832d2acd9cd0a50a8fa73330e3065d8e57099de7ef8b337cd8 |
| SHA512 | 5288e7c15048612be65a0487cde4696bd76628602149d20ee1d9d6eeb95323d44d21fd8d792165bc45ee86676b975311b193f76223ea1afe2d786d4b9b8f1ab7 |