Analysis Overview
SHA256
999ac0c765a59b37343624a8eedf16bed059a136c61584c9839590237519d5d8
Threat Level: No (potentially) malicious behavior was detected
The file a354a995927ff316d1d843e6fcd9d5a6_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:18
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:18
Reported
2024-06-13 01:21
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a354a995927ff316d1d843e6fcd9d5a6_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd421f46f8,0x7ffd421f4708,0x7ffd421f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7717023464468707900,16561791467727337036,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3056 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | gabortho.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | gabortho.com | udp |
| US | 8.8.8.8:53 | gabortho.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_5076_EWMTEMWHAQSHNFJN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6c90ef647302bc78df968885d5575779 |
| SHA1 | b4bdb8c0567cec45861c6f66c38cf76fd3c24b35 |
| SHA256 | 454eaef2b74f7265ca827cbbc4e581455fa9eb9b89adbd963ce51cac96eca9e9 |
| SHA512 | b3ccdcc14d5da066432160717d042607971875f9cefdc89b2d20547151eca35ca5a4af4330b3f315e5c52d939d694484d83d3fefb0bc3fe559a5cf1be19188c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 509fff85f3e6b23373d083deaf220398 |
| SHA1 | 7d21cbd00e47628d34b8cea7b35d541bd2ef8d4b |
| SHA256 | e326c0de77d1617f4b20831c06c04dd43568035c4d8bc1a8a5490adeb90bf0d7 |
| SHA512 | 940f4b1facf78813f12d36a11bf5024462784837cde69363a62600c9c25ec9c72a674d25d35ead85f94327f47b1aa4992924aed399f3e50f0f4364c7f0c6eed1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 59f2a394bc8cf5d0d3cf6eb8b0d75baa |
| SHA1 | f8daaa581aa51ca68f7aa16779b6a2f99b3c7515 |
| SHA256 | 9ef6b1a4c3a90c466d8d121fa9fe608a9c41db63a9597ec3b7bd7b6164de1298 |
| SHA512 | 2a8a95b09a1c36dd7f6b64db6760c998c2d9e537b8d484eeb1a4df7631369f89a385c435fa9ae6702f7e5291d2aad7c0cfaa3078c735242e9eb6dd2325f6bb99 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:18
Reported
2024-06-13 01:21
Platform
win7-20240221-en
Max time kernel
143s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E1A39DF1-2922-11EF-B0F4-569FD5A164C1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b69f5b5247cc7b42b5668218c77eabea00000000020000000000106600000001000020000000edb948c7589e2ffbd464c532e1c1dfcf32cda54d19e3580e502893f5855a5672000000000e8000000002000020000000d3eb8056e3c8f32807d5913ce9bc1cf550cf9cded9f8ddd2bdc7c26fe9d97bd690000000cb9b4ef0617947ff0dd5a2adf50b31c3257ae61a5fc4c8bf4eb11d94eaba4492d8c6c99e8de88346d22aacbf00570c9f330f0b0d7ed90a65a6c8a1a7ac30a878d9066d753778243363668361c3abe6037833b7485a27982d6b17e143f2d21710e014229d213b12ef1b323d8271d1d5131f1b35422b38ec3d5b729cfa4da68122dcfecdbbc77376c78e3295c35935077f40000000211d1264a80c67a838650eb98d871e58127ff8a50cbf253a8fd33c735b83899e2a79768d4a9745059893e0ec4db51c409ea97fcae08bf84db250b534a1a64998 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403394" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30a888b72fbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b69f5b5247cc7b42b5668218c77eabea000000000200000000001066000000010000200000005ca07a741776b095790a4f8acd7e49b5d87e209ae6a10b37cbd48b20b4dedf0d000000000e800000000200002000000008d78004d93665688c6cb2e388998b30753ea4ba059e17e00ae1e50a03da3a63200000002aaebd4de2c854771d43a775eb7157b8daea944fbad44778c145501331d1cb654000000024032737129be2427dc903f0e01bf37519f0bded7868c24f55919f877485e302218c8c5008f73597842ba46969fb73c564da79c816b9f2a4f923f0eea1d32103 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2192 wrote to memory of 1672 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 1672 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 1672 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 1672 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a354a995927ff316d1d843e6fcd9d5a6_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gabortho.com | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| US | 160.153.0.117:80 | gabortho.com | tcp |
| US | 160.153.0.117:80 | gabortho.com | tcp |
| US | 160.153.0.117:80 | gabortho.com | tcp |
| US | 160.153.0.117:80 | gabortho.com | tcp |
| US | 160.153.0.117:80 | gabortho.com | tcp |
| US | 160.153.0.117:80 | gabortho.com | tcp |
| US | 8.8.8.8:53 | vinarstvi.euweb.cz | udp |
| CZ | 185.64.219.6:80 | vinarstvi.euweb.cz | tcp |
| CZ | 185.64.219.6:80 | vinarstvi.euweb.cz | tcp |
| US | 8.8.8.8:53 | maps.google.com | udp |
| GB | 216.58.213.14:443 | maps.google.com | tcp |
| GB | 216.58.213.14:443 | maps.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| GB | 172.217.169.42:443 | maps.googleapis.com | tcp |
| GB | 172.217.169.42:443 | maps.googleapis.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c23633ad1dc77656741a1725781be0e |
| SHA1 | e42bfb324bec193dfc6486417d0e5b6bd7cae973 |
| SHA256 | 30a2ba7f8c67b439af259a0e3f50061b57824974ce69f4cd4fc12d07327643a7 |
| SHA512 | 02b4f7f19232d167214f98bcb1ae3064866b48f91c0eb96ae2bdd1a392dd84d4fbf34d6b5f64a37b0cffd24dcb02b7473bbad48154a6a73a90daefc87d939293 |
C:\Users\Admin\AppData\Local\Temp\Cab35F2.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar35F1.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Tar36E3.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aac7f0c43c66e5e1655e018eea234e87 |
| SHA1 | 57011dfb916bf96300c8ab09a27d479c3ceafc0a |
| SHA256 | cb03956cf7c9b3e1e4bbbd7e945c50a3d707dfd1bfb5250c091dd73034dfc104 |
| SHA512 | b4ad21b23194067a3ef203f8c438d2b91fa396e96cb48ee08f67ece1abb6a39a00bc9c0f4f604541219441770d8e8de9d95baf5714312761c13b52e23b981425 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56ae748714c8054e7bd0c2e64d1fc728 |
| SHA1 | ccb6c765130a256024959cc384feef02b60bd10c |
| SHA256 | 82f55b65ee46db9f46114d722e919eb353780d83d5160fc8cfa1b9e7fa98d133 |
| SHA512 | 810b49e1b096db08de8e5c1ec022fe64abacae0659df79c4d1febce83e71fbceddc6fbe6f091cc642a6c906590b41cd81c88db99d9ee9d4dd62e2175a423c1ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c555f2e89d8ff1a61c212b0409866880 |
| SHA1 | d2f0c2f63071cb825b9249945e157114f7f55763 |
| SHA256 | fb4d1831bcc76d104c0900c6e569a56ad1ee8d6264d5d35eeabce34633715f34 |
| SHA512 | ebb154cbe50f5cd66080916b72f4655473f05b71b824ac5ed3af67a34453a21f614fd09e02b64a129cce62446413fc570cdde15f400210a3d3d90cf20d6bbe15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a96d5bc163d0902088469f85cd1ba909 |
| SHA1 | fd3b9f573c9b6e5f9e558d855aaead26943e96bd |
| SHA256 | 103bb3a3b4bb27bf750088a5749ec5e70df15f029d8aea87754a3021d16f0c0b |
| SHA512 | 9dbb8b63a43a9596fbebd3f6bf22079a2c385245e58df6ed23f4111ce7a7d2ca24644f2bb61fcbf1d00d5476edb41f76b4b49385f251463ca62db9b660ed607e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ceaedbcd4c8d540d6edc7ba10a6629f6 |
| SHA1 | 20e60e0a2cdf488d4dfbcb2e43038b1284ab3630 |
| SHA256 | fd530a641bed92ba6fc53d3fcb1c8973b6b3a0775e140180fc07324908188d0d |
| SHA512 | 935c60c53d18157b69b4f2574abc41123b114e47a5b97b055a85e327b88d68cd535f7f1e55ef37ec2e9d01c75b398aef3a93efad45a2daed78140b4fe97dde4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d355109681caba58b9c03114f06ac4a7 |
| SHA1 | 5131ab2d3db711596f4a0a8fea052fea94a3d9ea |
| SHA256 | 3554acf13b57c89f0e4d61d474eeabd1d24966eae063d0f3aae76153f21a437f |
| SHA512 | 6543acab027b7628033e613d9d446dc006b6db0674e58921bc99a7d44f6463599958990d4f18cc4b5fe0e754223750d134f9c9497846064becb2556da3b33b18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a92d927a45267d418b47eeb2c78323bb |
| SHA1 | d2b8febe6aebfbc00d8445432df46a7c7e61463b |
| SHA256 | fbedb796fec828094f35147fc602848ebcdc726c0efccd25d804aa2ad9e79db4 |
| SHA512 | 4ac85dd9ccb764fc3af82bbef48c5d930a3ab4c1f94bd1379a48a8a904962f7d46876fb6c681408ff56593b73be8a004a9b369f7f5163fd5868ead05fcc0a0d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b7aead3e61801cd670d035051b60c40 |
| SHA1 | a2f6d7fac67d7c836e650dac8afd1a54d3b89c0a |
| SHA256 | a90b80629e7e6fbc3ffb15c0efa179f9e30e18351217fc7cdd3a83e98508383b |
| SHA512 | 185b0deb6dc60250568cd30197d8f40d51c91e11012e5c19018e48d4efa3f42a04c40d9ca5fdb52fb0f82994f08f6730e4657a49bcb9ae60d9380b39d998f83e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 590a0b9c68a2cfd456b90608d9728853 |
| SHA1 | 4f6f370996fee5c352ba386a40f87e3bfaaae145 |
| SHA256 | 803c06cce4022450345dfff0f141e93680ca082de809c2a4209aa4c70966f323 |
| SHA512 | 589fc78221949104ddd3865b4ac1d8567d79757193141d5953b635d31c1cf03dd08dfd9581120ce90a265da18aae318e775dd876bea4413b122d995140b79c93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8531e7203db418fe4b7ecf4d569e4677 |
| SHA1 | 1f22cc547b597c0e269d2766d431c4c77e02d320 |
| SHA256 | 4beb106584efdc20018be756c74be8b8ece6ee1a4dee7d205103432f46b63160 |
| SHA512 | 6f045ccc90dbafdb8078fb302f8e82a9d0aad662034db2542e73eea840c67872646bc99c277c9f2ccfdf3ae91b99602ee25cc4196874ed42dc85664dabb778ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47f2f340cd2597f19384dc0e9f561779 |
| SHA1 | ad4107600c38e90a7cec22f067056c20b2873c05 |
| SHA256 | 5916d7063da2ab524f57951ba4a5e13233a46047073913fde5900a8acd149fe3 |
| SHA512 | f16f816b9b8079ea4b2019154d4aeb3eb2896fad8c38b4027984361ac61d93f5d37ab3a24e1b3355363604a3e2c32c400db58abe3b7e10e24abbd58e966d81eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 1907c5c31aed481202ac314a50962490 |
| SHA1 | 1cc6c44e735250aec70cc8929c490d64b5075c02 |
| SHA256 | 7e6fa6d9fe14a75b9a31691dde1d072fdf921e298b88caa135cfa21ddfb89168 |
| SHA512 | 3dbd201e5854a86305da86fb3c496c791333c088630de1cbd1ead6a88b9dd913fd015326f0a2793393c48fa450ef9712c7d47f7da6faa7981dd07b8e4fd02851 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93e8ed911b20037d6fd6970dc56670ec |
| SHA1 | ca9b279eb4b656d7ec68040850be8b22d1a47ee1 |
| SHA256 | 90692b75b1f62ee0115acf654d84100de391f5556565669bc9fe5d1f9466b0ee |
| SHA512 | fdd9d6bd84c1d2bb46be01a65029db1dfa9d2689397e817ee7de9836425a3c6e796cba3c14d201e35e6a9ef17b71b3bf53d4262c065543ffc817aacd81ca525f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7a47837f23ead026a3e325fee044fae |
| SHA1 | 9061ea570a1fbb02f5e00a0827d945b134232052 |
| SHA256 | 39e88179db97c5abafb143b23dadc488704d30da546f239ac5177b911f6b8a80 |
| SHA512 | 26079169ef96e8792b626461a09ac056b795048fba59c51517c998f8c0c5db6ef6e4b99537eb1ff19796baa3b915f458dee5e70805de18faa98759d007f957a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b1235a05c231c57960c10b80fffeb62 |
| SHA1 | 8017859de595369565f2f865df6760501c0602b2 |
| SHA256 | 939113e6bf7df1c377e9e19b8fe085999362c71c7a00f7a708e0351e86410d60 |
| SHA512 | cfe72ee5c272599930ff1fe21563d78c641f0d56c846cb93ff7c0c655bff9b528fb00387a7e6cc3d7b7e00195f1ceefa4a52cf0cffa9676808fb18237ebfcf53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe38f1bad6cf35aa3fddb0ea2a1bc9fb |
| SHA1 | c9f28a594c78da4ec038257a8455f80852009122 |
| SHA256 | 332050ab17251f470020e43da8c875aebf7b519a7eeb2a47757a581429865598 |
| SHA512 | 17743c02e571f75c764f2473ef9a50bff36053a4c3794eedd60e94b6c1fa8d4d60ccfebbe8619dfddf4faf0f3c69c114fb90749dd1478188ec86b784a2c0ce3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79bec97c6bb0428a3ab3b7434ba64c3a |
| SHA1 | fb6014c598562e1b3b11ec4be2b1bc894bcf87a9 |
| SHA256 | 6dc5f9231e0400a7b643ce53c32baccde8e4701bfcbe6484964d01ab7aa81767 |
| SHA512 | 32d8012edcd6a695f0c277b9c8ffa1e4c4ae96afb529420750d6a706ecacde7616928a254e618323e3d5187bee2b475abc536e243e372f4d5f5239553fe6250b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14babe59e23d067bbaae18455446f5cb |
| SHA1 | a925f55c623af55e7957a1f94a69102793605786 |
| SHA256 | 081fa149ddc5b0ba80f930432f6793074616f143ee0c27d97209d66eeec8990b |
| SHA512 | 07f6b6b36311367d33991402a1187af030716792682f6cb7c8eba10749e5a982cd9033bb5170713fadfeb1a4522249cc52c1d8583e4fd9d443f0a6b0e7f51ca8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | a0345bb5040afbf636072e2d85cfcb50 |
| SHA1 | b6ff9603672998958be1ba6e583430e10308c054 |
| SHA256 | 7609279652341dc10b991666503914ad52e8459d72204d4c7062ec6a21837611 |
| SHA512 | 392252fb6e8de303123eae791a1e8ba2bbbcf658d0f5df8b5c33c8599b33cef57ed81a9245e20d070db13ffc7c62587845302513ab01eb12450e73b5398c06df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 960b4712b0fc9472d628d08600323227 |
| SHA1 | fab0096d07fc81308f2e78ea290122eb20e41c70 |
| SHA256 | 60e010e657edf675cc95b77827f17958ac72e5b82000e9ecc31d17aa9a5b8cc3 |
| SHA512 | e95c8bfb27db277019e9a31c40e68bea8cb75a4e3446bcefb28d01b92a2ddd694e99b66d43c7575df826efbb1e455bcc74e3cbe615ee99b533ad9f8234e4ec1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c1f0f1cfd20852b56e0981f7f126024 |
| SHA1 | 57bb72ff0716ffa01637dded72e07658ba0a2f6c |
| SHA256 | e54a5aa8fcb052bbb3afe7dacd79b8d8af2f8494bf1c4f09fb542a95afca04ae |
| SHA512 | cbf129fb0831ae3f79bee4bcde3d9605e7c504785d1a8d3d961c5b1f32b8508280581f7da8fbced80cc62d18aa0758098cc009b81d3c2b8bc41716758dae8a44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cbf7a5068843ca587e4db468c01243e |
| SHA1 | 405748e6113b08aa8bfa3acc082f38a2a54f00a4 |
| SHA256 | 4ea2690c08b429fb406c5a241ffabccf7ad448eea33dfbfa59eda8f6fd58bf79 |
| SHA512 | 186837844c941da9abae231211485f6f6a4ed230ebcddb0c1e4870228681ecc69bb95ca7cfc6e7bf3090f816817231b07d5746804ce9a205967621d0c2ef1511 |