Analysis Overview
SHA256
fe4b76e507c584ef213be7cfdaf380a57046f459cd7c217d0e4a20fbe80364b8
Threat Level: No (potentially) malicious behavior was detected
The file a39b6b33003115ef5353cf8ad1e11dd8_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:58
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:58
Reported
2024-06-13 03:00
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a39b6b33003115ef5353cf8ad1e11dd8_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff896dd46f8,0x7ff896dd4708,0x7ff896dd4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13780171237416087095,2109565084275446014,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,13780171237416087095,2109565084275446014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,13780171237416087095,2109565084275446014,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13780171237416087095,2109565084275446014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13780171237416087095,2109565084275446014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13780171237416087095,2109565084275446014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13780171237416087095,2109565084275446014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13780171237416087095,2109565084275446014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13780171237416087095,2109565084275446014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13780171237416087095,2109565084275446014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13780171237416087095,2109565084275446014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13780171237416087095,2109565084275446014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13780171237416087095,2109565084275446014,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4936 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | swamiram.com | udp |
| US | 54.209.32.212:80 | swamiram.com | tcp |
| US | 54.209.32.212:80 | swamiram.com | tcp |
| US | 54.209.32.212:80 | swamiram.com | tcp |
| US | 54.209.32.212:80 | swamiram.com | tcp |
| US | 54.209.32.212:80 | swamiram.com | tcp |
| US | 54.209.32.212:80 | swamiram.com | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 104.26.6.37:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 37.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.32.209.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | quantumswami.com | udp |
| US | 8.8.8.8:53 | www.brimhallwellness.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 104.22.71.197:80 | static.addtoany.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 44.196.144.82:80 | www.brimhallwellness.com | tcp |
| US | 104.22.71.197:443 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 104.22.71.197:443 | static.addtoany.com | tcp |
| US | 38.31.159.179:80 | quantumswami.com | tcp |
| US | 38.31.159.179:80 | quantumswami.com | tcp |
| US | 8.8.8.8:53 | 197.71.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.144.196.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.quantumswami.com | udp |
| US | 38.31.159.179:80 | www.quantumswami.com | tcp |
| US | 8.8.8.8:53 | 179.159.31.38.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
\??\pipe\LOCAL\crashpad_2348_HNCTCRJAEWMTKUEO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5cdcaf02c373090181d3bbd851525bcb |
| SHA1 | 0426d3c6c9a040f7d07f8d4458d8c9bb3cd5d2c8 |
| SHA256 | 27d272583bc76306da8abfc4f7c1d0842a745d5851d09246e3b413ea279bcdc8 |
| SHA512 | 4645ec2971597d66fec942cf30779b8adbd02aa47d743bbd77b421c9180ecfde77d2109122f411899a5f78ad59f49bbaf799da1bd315375136c8698088d642a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f51315f90e17f9be77707bb65b40bba9 |
| SHA1 | cf998c84e8ac2841079af41c98aae6d041af2f07 |
| SHA256 | aa32405ecdd4f1a2fdcceab805658b0c4b73eee234aecff6389eeb3eb70c3cf8 |
| SHA512 | 06509b193dbe03ab33c70574edfba03f9d2f2f57a21cb9c589fc3a956c79e2e8caf94e378dbfcedadd15c48e687c457e8c6c682e34e315631879d389dc682065 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e737d90f6d9c357c9357f23f6d5d852b |
| SHA1 | 57ab1b77c2fcc442d2f6987ebeed162f8ce00d42 |
| SHA256 | 630e6cca59e9633f54f336d8c1d9bf2aad9c09d5a4f2cb48c2a6874b2bee28fc |
| SHA512 | df9e52f3cca8bd55f537b3c30eeb2828424ec9d678c3b9ca41a84626fe7dd0edb3e2f4e6ac1e39f980408d9f3c8b0555e02b42328df37135efd00c801d240439 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3c1ec48e26cf568d10286ac74bf9013d |
| SHA1 | e72dc43077539972ef733800df223c8a90bc8216 |
| SHA256 | bea31c1065ce184819b2e8725932592fe67cefe95fa9211fcf86e7b398e90892 |
| SHA512 | 333eee04235ecbd1206f693f6b7dd0ed4d4d2e5340d64e3cc5da63f0c5821ab94cf9b4c41c32e291f7805c1caa32154ee55e50b2d40bdfdadaa4325a0711845f |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:58
Reported
2024-06-13 03:00
Platform
win7-20240611-en
Max time kernel
143s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000052f407a21e0915c60e6cdf58334ec213e24f05f91fd0277f9d7ef65e8e176e78000000000e8000000002000020000000dfd9f03c5c20f278290ceddbc2e6160f01eef8b0da2163d672bb54f6ccebeb37900000007e1a5674fc4c519cffd114367290b03e6e12dd92bdb89abdee32577eb05218056b5f09964dcf388aa845d1e50a298f2b841d81553929d9b04c4a172c6c503cc3d568940b732d5ce9835f253c27aeda9b1b244f075dbe0bddebabdb52fbe371f458fed91259f1023c4017e547d744eedd311adba018d3f755c2ddf752901bc741e0fbcff8f33d5fac5b0124f5b4265d96400000009599e823798a1eab94111a4496dc764a4e4616aef8464f221215dff32fa1bc6c8c3d8384a77a4ffbeff39ef7d54788b895026661c04b6603c79a178885744eb3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CBA6F3E1-2930-11EF-8875-5E4DB530A215} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e01400a23dbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424409370" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000005c0db86d7583b0837ddb7b4fd56bfaeb353b9eec10d0d5b95bea74893653c842000000000e80000000020000200000004a822f692ac147ea1bca34bca9206d270f78e2e6533448de265426e00c6e1c60200000007a70fd22741d1e01665230a56a07bcba6415194b3cad7df216bac91e93bc3f4c400000002e40c33786d39b6c35ac696abad2b03a83264076db728bdc618ed938f620347faad6b8bf20f460e1ac26a054e1be0bac6fa259d227a44b6700284662d3eab914 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2016 wrote to memory of 2928 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2016 wrote to memory of 2928 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2016 wrote to memory of 2928 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2016 wrote to memory of 2928 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a39b6b33003115ef5353cf8ad1e11dd8_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2016 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.brimhallwellness.com | udp |
| US | 8.8.8.8:53 | quantumswami.com | udp |
| US | 8.8.8.8:53 | swamiram.com | udp |
| US | 44.196.144.82:80 | www.brimhallwellness.com | tcp |
| US | 34.205.242.146:80 | swamiram.com | tcp |
| US | 34.205.242.146:80 | swamiram.com | tcp |
| US | 34.205.242.146:80 | swamiram.com | tcp |
| US | 44.196.144.82:80 | www.brimhallwellness.com | tcp |
| US | 34.205.242.146:80 | swamiram.com | tcp |
| US | 34.205.242.146:80 | swamiram.com | tcp |
| US | 34.205.242.146:80 | swamiram.com | tcp |
| US | 38.31.159.179:80 | quantumswami.com | tcp |
| US | 38.31.159.179:80 | quantumswami.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | www.quantumswami.com | udp |
| US | 38.31.159.179:80 | www.quantumswami.com | tcp |
| US | 38.31.159.179:80 | www.quantumswami.com | tcp |
| US | 216.239.34.178:80 | www.google-analytics.com | tcp |
| US | 216.239.34.178:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.bestoldandnew.com | udp |
| US | 50.63.9.5:80 | www.bestoldandnew.com | tcp |
| US | 50.63.9.5:80 | www.bestoldandnew.com | tcp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 104.22.70.197:80 | static.addtoany.com | tcp |
| US | 104.22.70.197:80 | static.addtoany.com | tcp |
| US | 104.22.70.197:443 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 104.22.70.197:443 | static.addtoany.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 096e05d053cc34a4b9fa837248159f3d |
| SHA1 | 2262f06080147920bfe6aacfdd4142cc217efa00 |
| SHA256 | cbf57704b9213aefb45c5c54e6edec44d46eb03afc35fed5b63a12e6927d5a62 |
| SHA512 | 79da4e5e5e1afb98db44a8b3d823666ae4d6299f4d49aa6e17a1c4b010da401c6d954ce97be0930588858f971c3af760e56c25fe4cb977a1877f58ffbf865f4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d3049f1a4b143f13261e38abab901109 |
| SHA1 | 1810917619ef7b98f40697c12f35a75575665f8f |
| SHA256 | 69df6863aa24aedecf107a7e2e0353d592c52a5905cc2833d824c2298733e9d6 |
| SHA512 | 6af844057e960d6f4165f297891b676492281fc4abdd7346a220b1972124fabe2a9e0f7b3825c9f67c1ed885262cf6fb994c4dcd607c1981005291a240b6e958 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\Local\Temp\Cab1C86.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 869968eb49f12551631fa180457d774d |
| SHA1 | 96bf3de9e2d5f55531a0553dba3cdc45566c813b |
| SHA256 | c00409fbddd40575aa9a7552fc0d4a50b46fbb56dfa71be73145a8ac7e0fa765 |
| SHA512 | 289ec457480fb45e9e06c6d788d7726d851a1faff6de50e85e6af10539af3202c3bd2d1a643c1f7c121efb7f2f305bb4a39968f6a12983b565a58dc3d2633cc8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\domain_profile[3].htm
| MD5 | c805c52e51f4ff16b83109c70dabc891 |
| SHA1 | 2df8f659c9d802b9ebfcb150e1801e227578a90f |
| SHA256 | 428055f5f1089b8729076f858c1e69333652902723616f3639f0be0d5e5b32d3 |
| SHA512 | da4d7b0a6085e4e75c51cc75bebb511779688a983caab4384ecaa09e1e94f948dc3b890d6affa271529d5b877ca7d5283a9abf6812a0ccf52c9fffed0443f264 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\domain_profile[3].htm
| MD5 | 3e443d8de0e5d6d6fcf48b94fec877b5 |
| SHA1 | fa07ac1a8dd371d80821b40884894971528bfe67 |
| SHA256 | 273d3a329192514d1b9db3efb365fc3483ba2477d00196552bde76a3e9a12f1c |
| SHA512 | 66c7677c5c0c035e853d071a2e82365cbb9516f740b820df574ce79ce889931a91d144ab67b16f57ba4aa1281f9ef11b4ab018adf001ec910a507dfc552d5fa4 |
C:\Users\Admin\AppData\Local\Temp\Tar2255.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4f13215e1299583c7532e84fb15a305 |
| SHA1 | 4302f22b1c253996ba8e0b5be9e912aba0c0929d |
| SHA256 | 2ce6b6b3b2a004da9e3af00bc644fd0335ee5b2b9a3b377c32517ac1458a7477 |
| SHA512 | 1f8465ddf008ed77d2ca79e5b266f3c1af7713ce37415e91fdfad51fc7876ddd393d01714f84b4b8a618098a8406ccd6099a84494097ff9fbd2fbdfa594ebed9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb9d8f7763c18ef8e63155b935b8c2b9 |
| SHA1 | a36a6f8665be59dd60c3a1a658500f2491e69566 |
| SHA256 | b841b132453e169f7e7fb8c909bf3e7809ca286f84295f246cf846317744659e |
| SHA512 | 29a430c2bccc04fdd255e3a9bf5f3a9c9715133f0ece47a46a20ca385cedf792adec2aeef20cb745c74cbd3e02a18d9a92ddc58429c4a82edac12d16340f59b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59c12aa4bf4f0b7e6b653fe86f794994 |
| SHA1 | df163b924f75f30916412f49c792c93fa9ce8d56 |
| SHA256 | 87d1724631ad75567b890fd5390b5efd8ac207e4436c144bbacaf56ecb0fdc88 |
| SHA512 | f7107c5fd5dedec10c2f3107508654ca121f061e0ebe3992a453ddaec6b997d515cc808d78fe7c707843814b237f9ea811f2bf7ebf02da8e723d5a32f11cdbc2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abbeed9734e2addd5f646af72eec9fbc |
| SHA1 | b9536831ac067bdf06174e4290b6dc8607a6abdc |
| SHA256 | 4be3e1440ac83dfc3c38e5320f36aba1cfb6ae647c62c96da0591aaa13174f2a |
| SHA512 | d650d6645d0b5f4238b2e51e15124c25028bb3fab0319e08357e47d8d1a9a79b2e69f90b975be5b1d47bf3b7a78823b3c1de3c195307b15e6f1432eab3c9ab83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0dc54d31b9b6ea021b1c6f604b94470a |
| SHA1 | 87d3ca78f80a007679e2d4d7cddc39e199a9e3dd |
| SHA256 | 8f7f7d8eed744ab75d9cf845aba4a983cbbbd702fe7b2d907010999b30fe4cee |
| SHA512 | 58ecebf67409970be3089ce780371ffd44d6d0714767450bd71b18b6a515d37290035c479c35a0ff7ddd64b7c0dbe205307de2c95369ad7cae1cde3406dc20f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf1ee9d8463dc729c51f6f1b9c20c381 |
| SHA1 | 88d705e7c954ca1d99e00ed5e1ab19e03c6069b5 |
| SHA256 | 565b7af37b51d79ec086885410be614f3b185148e1b810d524e4c41a1aa56399 |
| SHA512 | b6dc057d52cf34ea6231332ee011e5beb68255008710179910192fabc10c4104fc0c76f4993835ce25dc7eb27588a62c6d4ad317b4224c9eb88f43d67c4bd439 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d23528f175a3fb0d95b2be30867b9a72 |
| SHA1 | da867ec5bdd3b1ff166651f49156afcc42597954 |
| SHA256 | 5e6e707528cfc204bed0bc7ba4264546ac2373a5873268d1f35a7cc9bb2e7a5f |
| SHA512 | 93596e1caa09b95a066fffc810b701efcd1f3b1db5a2b2a6fc3202f529244de1361e8d61720eb12e0133d293952240d78a69e9b957de58ae709b891de62fbe02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff1f2ba6a00e0b62ba862ff895e01466 |
| SHA1 | 16a5a478ef64d225c2118efbfd065b92e8b741f6 |
| SHA256 | 8e4cee753e178e9ff1eb9f427563a33c46395e7a883878375c978777ea3a7f2a |
| SHA512 | 048221a95990c3598661e23038d7196331b08f4b544fb5e1b42d5bd4539f5666d85a5c209d259dd35cb9e2c6c9eead8d85639456ec45b125110fa59bf7be314e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3a1184174874aa8b5bbfb43653ab447 |
| SHA1 | f4075f0cfac684e97c110309f31fa520a60638f8 |
| SHA256 | 9660d9cc87689a0a52b2918495f4b6e74b5efdcaebedf1069e5b32b6fdfeab8e |
| SHA512 | 4e2c717fcca415d284b0657f48a5833c4070404ec77a03768a64788264718716ce9a5faeff208152652c2e3fad06ceca839c0c94905628378e39a924284e6673 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14aee26fe9c193c7dc6bc9a0bfb45b70 |
| SHA1 | b9ca55ab44d23b385d050d40d84f82cfc0d0592f |
| SHA256 | 0b5d3270b93c53296cd96c4f29f8fb56463df89e757959cba98faa4b3afc48f9 |
| SHA512 | cdac47a4ca8d891e95c1afaaaac829f308c047f55305c475762e143894bbf672ac76a97a431c8b5e091483dab030d1ef3090638027e5e45d46005e0bd9f8dc5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e6e43996a7da7858f89b96347dd71f2 |
| SHA1 | c2c8034389c4ac9bc3fbca922e4a18538aa08c9a |
| SHA256 | 6d63404bc6f80c6cd19704045d224849c4ffb285c13814201f2ec8c7271ffb56 |
| SHA512 | 9b6b3a1596912b629bcf2f83a060138434f17878a557835e404ed0f338955fe5fe55ba4ade6c00ea7424e83a70c29407a63ecfc533b8b75e0a3adc552d8d7230 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb8223924b05872be396491e8a9b1f8d |
| SHA1 | ed2793c3a7e8de93a96fc939634d12bf7210f55b |
| SHA256 | 61381a71d220bc3df013cbf72685fdc4239a81ed688d4c8a8d45a3045e935d55 |
| SHA512 | 47158a52b92935a7d38fd1a015e3ae0eff241e81a2fd7e3bf1a4274b1c70d719efcf4a73773d97824ac87b2d4c3e55e8b13cbba37c8a982e5509abaaa7dc53e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfc012c5588708acb1bd25af5d752dbb |
| SHA1 | ed023300d49a36552d3c9b31fd301ab05d682826 |
| SHA256 | 3a4c87d0f7aaa0c6da1b506d3d6c6b3b3737a2773623a7a27f9e6c4ce83d64dc |
| SHA512 | 8660bdf48ce7b1a51962cd9970b6e775b575a6eeff9ea051303694813596936af5c0dbc8c498f300485324bac7ef79548756fd2b97afb0f6ef9b09b03be65f3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29dbabfd07c7077ba9cef3f28df26202 |
| SHA1 | 22a840a1e64dc819da2a6a897154034203f9192c |
| SHA256 | de0f57a07b09a0f1ab37a68557f0bd65e68699d1ffd07069c237a973e0b2d460 |
| SHA512 | b20132fcc09458da6ea5a0d351e628427249d00f63fa9a3a29623d1ad91a0369f12bc25bb88e5d19ca31aa6141a0889d21d4619ea4726498ca6f355b3ee5418c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c78b3336e46aaff17180f4785b05625 |
| SHA1 | 9b1f85c4e513c5db15c949631b846153ba93e464 |
| SHA256 | b0566a464704306a8200df308e6ec093186e90db1874652bbc0c0f0d696a5a4a |
| SHA512 | 808acae53be3d116d226daf1c825daa170cf6e230d1f212183702fe036c1e5a17394393e9491515ad952cb3e1896497f3362039cc911411face603fb66c72c11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8960b3af270c7acc6562568a74e41084 |
| SHA1 | fac414d7031c7d26690c87c9ce13b236bd1168e6 |
| SHA256 | cf50590190687e042996f4bda2f91e34477799074ef1f542e9a6d5735c24b170 |
| SHA512 | 3b02491c55caba44b39ac08dd754bdae8913cd096cf86f459063c5e6508ce9de34ccec977747dff0dc01c545d8fb596bfcce7ed86a3ed7ec5074f80c3b3dae0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0059743e64bd3996eed36dbff506afe |
| SHA1 | c789ef48b567fbd35a876c3116443355b7e49900 |
| SHA256 | c659f46886f2ff4fd2da5936b16ccd10136c6f0632903ae096b12c0294c92095 |
| SHA512 | b81e1f676d564999a1b013c13f04ddd8c10b6dd2e82621d5788098ce7a523cae4e7b05385699cc0033aed9fcb83455c22533c9446a745b19c9cd2ac61947810b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ba2c57da36acef21aa78ccfa34c533b |
| SHA1 | ac8a539642af2c396e2ac29fcbe4f5ec97a70f47 |
| SHA256 | f1eb1f6c883179905a085905e663ba5fcc8e608c57f850289ab9f21c477e9506 |
| SHA512 | 59df2aed43a4f1aeb6b0796e69035806625d1e66b25464b6b40309cd6b32c2bd7237bd79c16bed052a5f16349096c2db145f9d24b872c06d42677735569e83fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3b5c642b659adcf36b62a9dd27adbba |
| SHA1 | 579e33fb415f65d04cf6ff0831f49a2a24d9af15 |
| SHA256 | 98a0c35ff9a584b9695d68208f22e60f672a6aff2de16aaa1c6eee600eb24582 |
| SHA512 | 9898026a972f37cde082578d5f30cc1234c56e2758a0191b60435128d46a6867ae0a85c7f4d899a77662ef47b9ae7737447ff270ec00d458b7ce3dfdd9cbab33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f6c815fcb04ed027d4733f111739c29 |
| SHA1 | 76f1f5b1080203c86be7b99ce9d89f16845ea055 |
| SHA256 | d043928e9f6cd537f306b0546c7256162825a6a9758a3be958e8bac13f1d4bc6 |
| SHA512 | d8284abc224da9bb8aa04c56d55573c3e2668a275133fbcb478b98d4c9e42b818c6831dc910b47c5aa77a915657461b494be05c26e75b61febc7d09ee1f872bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9ea985a229b73169c9e380164b6432a |
| SHA1 | c015171a0a42ca879fd1ab83038b27dc72519b86 |
| SHA256 | 842fa00513c08de64bcbff276866a4375e1ee4673e09d7fcae93d247d2840011 |
| SHA512 | 93dfc28dee0a680fe6dc3594fd7406ea5654cd8dfbe43e116f097803b2d842b8f6fce57346e2901460b19c518e590593fc11d6cb87da419751f294fbf8a27e7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a566c203ac007361d7c507cc2b765a25 |
| SHA1 | 8100f4a0aff3e02dc88e0aaca3e170a08284accd |
| SHA256 | fe9e9cd022ac5b501a2ec830b5f51b83ee7c6d13906d090929a099c8f89464c0 |
| SHA512 | 4aa518c6df0e0c8c37900867a3d90799ee910caa6d5c773d711b02ff6768f6323b5c4010ac685ce1be9e63e4f01f08c8582014dd502022f2712339284570a898 |