Analysis Overview
SHA256
d4ff6c39dcdb9a00b641715797021b36c33021b0276dcf0b2142baac015ed2b8
Threat Level: No (potentially) malicious behavior was detected
The file a35322eff1c40ee85c6492d2627cd86e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:16
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:16
Reported
2024-06-13 01:19
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a35322eff1c40ee85c6492d2627cd86e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa292946f8,0x7ffa29294708,0x7ffa29294718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,16416799250286232295,2390719224225900788,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,16416799250286232295,2390719224225900788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,16416799250286232295,2390719224225900788,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16416799250286232295,2390719224225900788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16416799250286232295,2390719224225900788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,16416799250286232295,2390719224225900788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,16416799250286232295,2390719224225900788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16416799250286232295,2390719224225900788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16416799250286232295,2390719224225900788,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16416799250286232295,2390719224225900788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16416799250286232295,2390719224225900788,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,16416799250286232295,2390719224225900788,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5128 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gta.jucatori.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | gta.jucatori.net | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | gta.jucatori.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_1044_RHWHXAHCFXINWKYF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 999203af90a88bc142dd9e037e534796 |
| SHA1 | aced0b69acd7d49cb722b47be7fc095b11c1d128 |
| SHA256 | 2b1143ca33adf0fbaf6c926756618bc43b067b09719fad0d890d072b7bc44d81 |
| SHA512 | 595754c11f5a19fa33a988fbf6a1f7fa75d19bbe1e5212cca14bb0e91b819daedcbca55ab6d99b3f8fbfb1e8a72ec886aede28d43e83e13edccd6de172295b89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 45feff205fd21e221423e02a48e5a181 |
| SHA1 | 03d40e012c08d32a10f11fc962c474c9826e1b95 |
| SHA256 | 65569fffc9408a6633261fade38d6bcc9a6fcd6e98b2268a424ecd213cb38353 |
| SHA512 | 2f623908f4cacb18eec4bfa0e6f5e42773e3b78787dc9415e2761039b6cf85926585ac4b868932b6ea56898ad9108a72e645efd7232a0c9a3304be5240f3b772 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:16
Reported
2024-06-13 01:19
Platform
win7-20240221-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403274" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90f2a6712fbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000060ad266fcb09df448d0ab623ab98c9b7000000000200000000001066000000010000200000005bed74dc5f6df340298cb410f9f37b2e0afd4d0727fcf14e4b10c05fe8024396000000000e8000000002000020000000b2e91e95f1a2a5057660f89f37558ad654f9c799b981b334f6ef80c4329771d720000000cdeff7c70f07851a8434baee44d2766575aad179c273fce3d565581955ae224c40000000804402c6747611da28aee4cbd402736214333b655e9e5e42721532b93655db7a043b3c1468269d1b241d60ee69da299ea86478b8b809de9722dd8c7b74b0ecd3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000060ad266fcb09df448d0ab623ab98c9b7000000000200000000001066000000010000200000001327f9f06963f7bd67273527960f65c0d9b00e07627edc66eed4f9338ba69e8e000000000e80000000020000200000003eb442a7c783ec983b4cd00543071af66be88bd996e7a88be635b3854abb715890000000501f845d5aeef0f76ef3b20c6772a7c77aca4491f4c8a6b831d92135b1d17e853a8fd8a868aa379a1543c8715ff07753cf999e4be74ae650f491e05731b29479565249f8de4bdd75f63877eb58b964e06d733e6b6360d766453cc58175f7886e7c9073907e1afaaaacfc29c8087513bf74b28f476ed3f8fba0a8e01dfa6052426f42192171021b05882f83caf33cd27f40000000670be71c03f81829f7393d157951970b6757bcb94be53824719e1ef7beb6e6d3331e80086cabf806696fcee299d90de2991ada10542789b05192f5c0e04a4969 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9A2631E1-2922-11EF-B2C4-6A55B5C6A64E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1744 wrote to memory of 3052 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1744 wrote to memory of 3052 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1744 wrote to memory of 3052 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1744 wrote to memory of 3052 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a35322eff1c40ee85c6492d2627cd86e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1744 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gta.jucatori.net | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | ups.gtagame.ro | udp |
| US | 8.8.8.8:53 | media.rockstarwatch.net | udp |
| US | 8.8.8.8:53 | www.gtavision.com | udp |
| US | 8.8.8.8:53 | storage.trafic.ro | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 199.232.56.157:80 | platform.twitter.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 199.232.56.157:80 | platform.twitter.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| DE | 188.40.105.12:80 | www.gtavision.com | tcp |
| DE | 188.40.105.12:80 | www.gtavision.com | tcp |
| FI | 65.21.240.245:80 | gta.jucatori.net | tcp |
| FI | 65.21.240.245:80 | gta.jucatori.net | tcp |
| FI | 65.21.240.245:80 | gta.jucatori.net | tcp |
| FI | 65.21.240.245:80 | gta.jucatori.net | tcp |
| FI | 65.21.240.245:80 | gta.jucatori.net | tcp |
| FI | 65.21.240.245:80 | gta.jucatori.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| DE | 188.40.105.12:443 | www.gtavision.com | tcp |
| DE | 188.40.105.12:443 | www.gtavision.com | tcp |
| DE | 188.40.105.12:443 | www.gtavision.com | tcp |
| DE | 188.40.105.12:443 | www.gtavision.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2C6F.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2C93.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\cb=gapi[1].js
| MD5 | 0fe383a7ddb9bbaefc3105b3297f5583 |
| SHA1 | f80c9d789f251909c7560bd91a9e1b9a10c26362 |
| SHA256 | d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683 |
| SHA512 | 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd4d9fbff7dd99f418d64dd9a031d041 |
| SHA1 | d81476b97c8a3f03d2a16c04f28934d7d61482bb |
| SHA256 | 635b6fa06fa24b67089d392593d586d5b6d329544716a9dbbbe5dae87d7cfead |
| SHA512 | 331a099545d7152e71466f187a5f58377c4473200c9f6f97ae4b57d956fd44fc8613d62ba9c63cba9ee250a12ab5a6409c063f000b1882de6110a26429086fa1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abe693ea8827a7e70396750c95769851 |
| SHA1 | 9a21d86a24d545eb4dd091dddaf2a144b499d36b |
| SHA256 | b88385d7082ffbb9263fd51e90ee2b1047bce353f6c58ca5475caa1bbd7104fc |
| SHA512 | 47d950d852ba4f3c7655db92bbf3e0eb44694c407fdfdbe94822c703dc3122b1cffc914cf4f05ea85709613af5b11aac67cfe68519d65772211999afb7ee9748 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67ac431970ce46e5736f61342851098d |
| SHA1 | d15f80f4b593c6df78d79d97e6318b8a3e8e6ed1 |
| SHA256 | d79f62d22988d88964360d8420fddbc907ea038a40516557f9bec82557252c67 |
| SHA512 | e3ed48d32222e618160bd99543c602d138c4e7e47a677d2ceecb8850e23de663a256ea0c37604ccff8cbfb38ad5e0b246f3d0d2c4e854636f78fd08dbef50517 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 721a973b4b49c4c15550a23cca145231 |
| SHA1 | 606750c1a0c66ada7a1166b0a4d8cf4355399d30 |
| SHA256 | 714a21efda254e48eda8c90bbfead7c43a0ae6805be388c0f758d9536d3687de |
| SHA512 | 29487741a21a52ed4961219332ee0a3ce1b399fcaf9bf6cc5c1e631b625aeff730e3b015f3aab989e16290eb14b55f65a1258eef5ef166505d3257e1934b2daa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8bc14b89ced7bff3e8afb3158b69011 |
| SHA1 | 7c365d420e33b5f0b5f0a2e8790a09ff045db1c6 |
| SHA256 | 27acef40ea13520a6f70eecc178585d44ba8a33d03111943bd2dcad21df09bb1 |
| SHA512 | 75c1bb19b2b569b405d664866ff84ef41413e9ae8b8d514fdcc6c3baa88497305d8f9f731cc1e152412e3849356303650a7233f65050616bb3eff2ea4fafc9f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25beb14e68936cb7c7374923a3251865 |
| SHA1 | 22eecf78aadcd4e31c76dffc32ecff2fce747e38 |
| SHA256 | 10a47cb004bd6e94a00ff2690ce79b60c9c81bf24b72e09957a97d39234e5188 |
| SHA512 | 6708edbb0b1618e4354df7b5d2450c426f9c954e176fc747fb0ff01c96cfe02b06907cb0f31ccb2c15089954ef1111998ddb8d231c5560de74d1641943d60963 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88f5730e0d5e2170073a7c2dca3c9657 |
| SHA1 | b4281720ab11776531adf64591c2fabe8d68deb8 |
| SHA256 | e022fc71f536571c623273993c491a8ac16f276f12c84f592994cb1cd80b1848 |
| SHA512 | 7ff03f905228e69101877f00189e4553964fa7c8a35e13e032dd8de543b079a3f9e21f2cbad60119c6697bbdf5460de9194618ee54eefaf0aef2729e5a8c6d36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59287e862b0dc2ab622d82d21d4d1a4e |
| SHA1 | a91e7055eb9f78feb35d521dbe92f5c1fde50fc4 |
| SHA256 | 2c31cb1ead534d10f3777edb89df284574320974255ba0d590ffecbe3d495f0e |
| SHA512 | 55f66921ceaa8cb2dfbdaba9ec62dd8ecdb37b75ba4ff55e989c89de5a4cb740940589e2912f7934eee403ff5c9589b09f8662cc69ba772301826189fd29abb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e87932a33dba078d1bfd91bdbcb10712 |
| SHA1 | 28c0dd02076498daf133f45eb424cf1e6122bd4c |
| SHA256 | 889270445d5903d3fe97c96e99019318dc9bce9a2860fea9e3fe708bea9d3237 |
| SHA512 | c591aac0bdc6d8d47fc88d06bc5471dbb9d93b2ba43363c247b7a124143d9e9a8550735d0edb6d42a0e47188d23e21c672ad3373dac639b536dd343841ef1dfe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2942ff77eef6e8e1fafa26c9b3cbfb63 |
| SHA1 | 124898825caee1c30ba16953acefafb405581e40 |
| SHA256 | ebacf585c7b6bf2fa1a17924d5e1f04e528cdad9677050be586d5c76adc5ddd0 |
| SHA512 | ef1b9bd49c2abd218262ab09ae04e603ff4005148753ed72e99c9f0712e1db4c44a76596f1766b24d9e5b2ad62423a56f26f0eda23e7bd3049a0dea8810e6fa3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f9a76978a710b2e3b6b7f54ff7e9249 |
| SHA1 | 06c7dead4cf36f82936dae0a9c8d462bd0712100 |
| SHA256 | 046cbd939c0e73d6ff0e6ba4c2d94fe8c8bb7468b503f3ab22dbb7b6f3103e4a |
| SHA512 | 1409878f97e5dac12745afac10b25231d71d0d6c65ae536262b67afe73ecefd75755ce8abf9911be914197d56160fe9b66daac2d206ac4e08b2aa81471bc4fde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bac0a54edc924f08f0824970bb66b555 |
| SHA1 | 796a13c062de4ea80d2332250a0a5480e8985173 |
| SHA256 | b4f67ad62d8e5197f4ae3feba930e404c929e9ef557993767be7c5e1437a56f4 |
| SHA512 | 9bdc3d74cb0ff219a08c6e2ac5da67242ff53fb7e7e8903f9c402586cd9b292975bb6f2af7d47ac7f710738ef2b18715c2e058db34ed88e5b82982d5e7698d62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 847a124ef92d1839c014400db6fd3ac0 |
| SHA1 | 75080369e1db2eaf86605c2fb018196886427d1f |
| SHA256 | c8a65db8bbfd8abd4b16c6de638cd8c6e11b3e2271c74cf2fc4f1c287ca3d4d9 |
| SHA512 | be3404e81d4751ddd4de8743e7b4504b404f52e697f55d6cf1ce4839aa34c26e5232f10d4506610f02f079a205c22ee7b084d8798362e2764167df96d89aeaba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 4768eae6214bc3c8d2b7501f00152096 |
| SHA1 | f1ad0226b1b6b495ab33391076d3972e9ef3aaca |
| SHA256 | 6f3dbd14b52c37465ed4942a5e9e5f21b4889254ff3b12c5c46e4a2dca1a45d9 |
| SHA512 | 2d92693c6373110481af52aa44c515efe6062d27f87570449b957b8b426876606218e460c61adba6c535041c71fc076a85b18468493ea7e68be3b091e4104b90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3c4fe5d55f116704987081e0e5f224a |
| SHA1 | cf5043fff2d8910088b9a6327891a652176f3b75 |
| SHA256 | 2ff134077bdbdd61dd73dc3fe2d5914f854d48df1cd7444d3fdeb3553b510d64 |
| SHA512 | 521218191fdfb71092b17c9b978153bbc0cd76ad3e6e8a9a29e9248d50172cc3b096fbdf7a1d2a29002926fa9cdafc5f5a654ad2f7f194afb676616dc03eeb97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d21290cb8203b8173707c59ac792061 |
| SHA1 | 5196883b0815ed94d7dd8f9cc95b9a98f4f59ea4 |
| SHA256 | 665447d91d44331eca60fa967706e0e8d196e55b235c669536d26005ff058cbc |
| SHA512 | 8eefbe2ffe81e7d097f4d4270368a44d2d199148bbfd1e645b18b572d644467e2b0cff0f1d1552c5e413fd25f98fd879d4041be231ab73e4a25c708d06d768a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48c30f11f520e2bdb8ad6ed06cefb6f3 |
| SHA1 | d970449a172b281cd5ac9631ce149ef8e449e4e9 |
| SHA256 | 374119316a1250a18e04ec8bb8bec73cee57b577e10fac1448df275caf363e75 |
| SHA512 | 0ca33bfa8b534107e1535f863742df4307575763fc3d10e9338438326e600464379f68daf274aa380feb8ac70fa2762e3e91a7e8f7c88a5e0e10c6ce45eed428 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3092a7a028602bb2b2f99dde323b9b70 |
| SHA1 | 4c2533c9bf3d3f2db13bb23578a2e9ed2341775c |
| SHA256 | c9f5f2d931b8014ec78713f723f0f1e82993f7fc5de8a2be5ceb0f661ad62169 |
| SHA512 | a0599c27c51010705ee17e9a5ac50d11e0cdb7fb4a2ab9fb3de3f783c7d72012d599236ff06eed12574139cd4b0d5e47149b6032967c0f4cb5225ebedf2b98d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8983250012121c7ee0c32af6ea93bc71 |
| SHA1 | 9e2ddd7cb3253f4722c934ea89e9399af9b18123 |
| SHA256 | 358ab8049b9723619063709ac6e7717082d9238dbca4daa0d2ed56d2112f58e0 |
| SHA512 | 566e8d03ef90a4a1c29155ffe6efffcc684b0d68b58ccde1d8a7c8f189f576227f33ed6f29cb5bdad2619fb63293343fce0a03085079c69d25a7220da2a2306e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | c5a2391befb0a6954d27b57babff7f61 |
| SHA1 | f98aeaa84df57e38f2ec400c2549deffb4af3c95 |
| SHA256 | af9825eff1be1df8915bd61cfd338bae68388b4a298b062962757f4267add594 |
| SHA512 | 8fa8a8b37713f19dc936a68f68becc03bfe7166d605328a649a18655c91412ba43b2ac0d41efa908fe5d2267489a1b1212b3a5de749abf06f7348f174ab17719 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b14b21a05589b600e5feafb2f1e5f1a |
| SHA1 | 655163fa8dc1751e649d1f5918d2dc92f6f42372 |
| SHA256 | 5e78651451bf596a23324fb123ffd0e4fae2cdf395874ca9a3f851309f1cc20c |
| SHA512 | 1033ec0a003ea899a4607ecaa8be5138e95f8c03511ff906c8609082099a1194c7d052f76b332d4e0303b23ed257ff6dabc41b70860d910bad22f0ca54e92e0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6520208e47f73e1e6f75bf0880a12cbf |
| SHA1 | 4a9bdcd0951b3aee4fd3c3277ad2bcfbfd2b0c4a |
| SHA256 | b516863c14cc71552fb9a45271ce80d4275b02eab80363970b9bbf0e2e85947b |
| SHA512 | 477d4b72b34b9dc7ce0405412a982e06e7ce94e4da90cd6f4a0f83e5894018ede2205a89397ae294ff8b44d627bad1b60fa7685e674d17cd211ab13d4ff4ec96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c88f2cdcfd6758b7374daaf042f64b8e |
| SHA1 | b7e8f15de0c411cb95945795a19f09082571ce73 |
| SHA256 | 3ea23ea303b923f6468698d76658cfe29d2b2fb99952a869e12aa6be4b186829 |
| SHA512 | a132b31cbde4d427dab9c1bbe8d070d99f8ed4b673988bf93704d30af4861b8b69aabf4445d85312840c94a7b97cb131246c9362f133b61f0dcf03947c3b1ed3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |