Analysis Overview
SHA256
b87b734f2f683977f793eab8db35d761ee09338c56c09be54f33cb243daaef0d
Threat Level: No (potentially) malicious behavior was detected
The file a3d434bf741248a7bbf25a9ee0003823_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 04:32
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 04:32
Reported
2024-06-13 04:35
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3d434bf741248a7bbf25a9ee0003823_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcca3d46f8,0x7ffcca3d4708,0x7ffcca3d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6788883150624546498,10375650650147379281,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | geo.query.yahoo.com | udp |
| US | 8.8.8.8:53 | csc.beap.bc.yahoo.com | udp |
| US | 8.8.8.8:53 | comet.yahoo.com | udp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| US | 8.8.8.8:53 | consent.cmp.oath.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | geo.yahoo.com | udp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| US | 8.8.8.8:53 | shim.btrll.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_2900_DGJLUMFCHNFCNIZH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d4288238ded762ae0011b6f7b4477f26 |
| SHA1 | 3a1ca57157320b6ebef113de48d4a8eab9ab61c7 |
| SHA256 | fc3dd3f6c7608eb281bb7913de4feac5964b837d764120d443e31e1219280212 |
| SHA512 | 1fa292cf54af43354824105fe26bf1e9b86585f3ec03986f486dadbc505a8fa006b97049da4e61fa9d4fc9a6f7ea03771518a8619837cc636bc57aebfb93ae65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | de56aedaaf406a6cc2a37b5314726eee |
| SHA1 | cea123ea047e73d4c16b1e3b139f50545d69e349 |
| SHA256 | 38ad733589fd6e5f2aa8f41ffce8b6c71244f878f171c1889f22890786e024b4 |
| SHA512 | 824923661aff940d8b30f2191672214c31976e425d14195fccd3fa21bb27e3d5b13283f6623172590594610e8d9cc8224fa566b3f446af25e28d41811bf84314 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4296250673e8dd07ee1d051f9464a1c9 |
| SHA1 | 9c5d9dbf2970c5ce804ddc2d479a7afc991e71f1 |
| SHA256 | b6508fb45bd0fe025edf85681ba538dad39787bd8815b2502bf1e2572b8d96ec |
| SHA512 | 8933bbc30f8c76de8e27e8699e922719a6eee0428eac359ad68cfd53d4cb3796f6be86b716cbb96bbef0d62a0caecae7cbfd8905552d80ca43ee73e80bac4179 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 04:32
Reported
2024-06-13 04:35
Platform
win7-20240611-en
Max time kernel
120s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FB936EF1-293D-11EF-9E46-6ACBDECABE1A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0df12d34abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424415035" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000009851f64f905c1592d8942457fcc6f3baf4834c9aa82cf933c79df5891edce587000000000e8000000002000020000000a84d3186b27664f0602e557ddf320cf3793fef6932d77d1b9be93a1d018c2b432000000034b785221cf1161ae9c2a14124d5e58f83ee1eab097b9295da132740865b04a540000000b9834262c353da3f78eaf3a7cb828c6a8c36ce6d8836ee6d1508b4b978eb1b2ff9ec22cea77b1a73bbfde771a6488f4636aa6b7b435f95c52a7ca7876c3e6ead | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000002c5e0455e9d9d56bdb6d103a48707df7c435698d7769ec5943dbebd9349fd4d3000000000e80000000020000200000003366518c00657a5eabafad1062dfd8f8fdeb13762c2e4ec205dc07fc4944f00890000000118071a8f7bb0c1554c986b40d3331f19e4d2970d2c51fe935399ee69a8816342e1612b0811db3b491ca30a754a3dacd78776e7a2650789b688ae10ae9e48b1a3c38fc57815af3a5ce10fa8b5d842c862a2734f4531c47faa77a9dd4766dafb0649e7ff5445fa4916bc7f79389badd187193e27b943d2106a9c639662bdcac6e1b5c81063193339ad5a8a38c05ba9c6140000000cc36c1f741f31ae63441b30e471d230b523e670ce82937c9f42763d764747ea618272252bfab38743f910dcea5266fcabd90c9a3338c0ddfa342d8e03396cb9e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2820 wrote to memory of 1932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2820 wrote to memory of 1932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2820 wrote to memory of 1932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2820 wrote to memory of 1932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3d434bf741248a7bbf25a9ee0003823_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2820 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | consent.cmp.oath.com | udp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| US | 152.195.53.200:443 | consent.cmp.oath.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| US | 152.195.53.200:443 | consent.cmp.oath.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| US | 152.195.53.200:443 | consent.cmp.oath.com | tcp |
| US | 152.195.53.200:443 | consent.cmp.oath.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| US | 8.8.8.8:53 | mbp.yimg.com | udp |
| GB | 87.248.114.11:443 | mbp.yimg.com | tcp |
| GB | 87.248.114.11:443 | mbp.yimg.com | tcp |
| GB | 87.248.114.11:443 | mbp.yimg.com | tcp |
| GB | 87.248.114.11:443 | mbp.yimg.com | tcp |
| GB | 87.248.114.11:443 | mbp.yimg.com | tcp |
| GB | 87.248.114.11:443 | mbp.yimg.com | tcp |
| GB | 87.248.114.11:443 | mbp.yimg.com | tcp |
| GB | 87.248.114.11:443 | mbp.yimg.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar65AC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab65AB.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c9ad03174a3bda7c34a6d63330ab52c |
| SHA1 | 09ea47d6ff877403b37ca8246f772a1fe9d05171 |
| SHA256 | bdddf50b99e2433147e28055a3d7a712c313316feb41172ce93330351db746ac |
| SHA512 | 04085086c5d9a1ca7471022e457191b100084dfc89de88caf0530e612ff4190a74c2b30360399d02d8ce1a3d45a56d59dd6c11733dd3a859518d88200d004e25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ca2cabf2569c840be2dd82b9440225f |
| SHA1 | c448a223c8db6c4f7e0e9949e61c238b97f8c17d |
| SHA256 | 15513d7425fd643b01e26a16abeeda44759f3e7783e06cda0c5ce4960c106688 |
| SHA512 | 234fbff21d6b3aa2a4e7b9b2c9e2955945bf3674cf951dd817935d3d08b0f69ad96a0bc5b24c48a705213b110cbdc803be44b199f09a087eb72f810b96d54639 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0eae056c276e36ed00cb24808ce2e5f0 |
| SHA1 | b099dc4ed9bfbcf692d8d4f28aca680c4919a043 |
| SHA256 | aea9e221a8b501cc2c8e4c707750ec2c42e267654491781060bd467c838946e2 |
| SHA512 | f774d09653d9bf9a7cbf72fa9783fbcbdb482e3c5ec7871cb5f73a83b2614caacad81cc17252be541abbd7a56af8121a3410fb810a47845db7f1ff93d328ae0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
| MD5 | 7ac7045fe88b386b1096f31118f3b70e |
| SHA1 | 0f71f5438006c22a9f9d05b2db17b80ef78c7550 |
| SHA256 | 490b8cf2e936ef6bd123535984fa2562862049aeefa9549b05df3e961190d7ba |
| SHA512 | e632960934dccb877eb3594188070ee35df64b13351cce1df2e09e1e2f4cf2d83ee3d7fe89e6ec297ae5b993f291f824d199b77b73bfd459b9fd4d0d783ee956 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
| MD5 | bcd41c432e68379ebc095ab038bbe4ef |
| SHA1 | 55d7225d7acbd5367e34e4bd7c927089d3154489 |
| SHA256 | 31701d674d5bd540b10ad5a7fb0a25d328c20cfff300528c37c1afaa9b525bfe |
| SHA512 | 85c93b56f76aa09d9af81433f852ed37e4396ec7402f436b58cc256a6ecd02294360d177767efe569ad95e6ad3f06738baa9e29da31343d6e7ce6d9e5c828165 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6363aaf9f59c9adea571382e8549b80 |
| SHA1 | e3679801914a8ca6ca0056df191f7e0e6a97ac7d |
| SHA256 | 5fe8d85590d9bbf2798b27eda44689ab56e2e3987a971696ceed0eb612d26a5e |
| SHA512 | 1739fda7b996213223f85f0984e256fa7105f9df2b0a76077c97aafa981abaf01ec59fe1d2fa1b72af9e3dbf97a14ee9dc2df24e015aa90a744bc606fc05c182 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7599ce96eb812e88a653174407c9caa1 |
| SHA1 | bbc3427efef56e21292cd2bbd7cb44906530d757 |
| SHA256 | 8ef2eef3cd13f6cffa0c7b899d7a727bab4b6c2818b07e13edb8527b1c28a978 |
| SHA512 | 39c3895fce9fdcef5a68e906953ac6673d4ab6c290b3fda09c8539eed8f7aacb0c7cb104a45b3b309d4dbc6ce918dc6b356d309ad51532e8a4abacac830be88c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e0b02d7055b86bff695d3fa30ef9456 |
| SHA1 | d0abea5ee1f753bb87b608ca47c95c6efdc0f208 |
| SHA256 | ea65e4221c46511868098b8b29bd6fd9d423343627564c3ab204885f865d1783 |
| SHA512 | 16196d562e9250a992ebfe96f4a011c1b88b864470611ffb347b98179ad323ccce06c6be406d6eb50fa870a5ba3557bb24170ab0136b9a9987d5df2a3deb5c17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ba26c64507ea1e9ca9e34eec86ab785 |
| SHA1 | 257b827f17ade58a70e3cadd8baf43f0193fe384 |
| SHA256 | 013ff2a6b0d8e64877ed13a9e0d1f0dd458306b6d8c2445e25a0a3b5d0eadbe7 |
| SHA512 | c5f35c253c0434789ee4d54a07f1e63232eb2ddd8303a57f5fb6b4d5415bff95acc0e9fcb0ebe203e966cb066cbfa4f18a6638f783596b26ef1f728cfd7eba6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66761136c91c1ce4de328b2a0906b92f |
| SHA1 | 4be23d74c31b36a713ca1dde3d1da6f4e8e2e847 |
| SHA256 | 2f35a2a5c46bf0abe2d0a97cdbfdcb0302125c08130ec9fb1d478c28cdf6fcb9 |
| SHA512 | 7f24941740f5ddf15147c8e8bea1ab811e5197a18fb48505bc536f1ad07c551ff8958f4d03fb23847a65c26a34a7d830023ef050f71fc5aefd34bdf23706b3ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 508d15db168ce8deae5cad588f513155 |
| SHA1 | 0674ab7cfbc52518be67781e456519b7a4f36269 |
| SHA256 | d1b407b696b504d0cc80a9c64c9a893ab2f7540759e9c095e4226a407381b1f0 |
| SHA512 | b6be20fd4be39c33237f4d1b3598e6bd71c962f821ffc52ee7b6220b0a16d8c5274e44e5d989a755c5a602cf6cbb4232c56e675327f88d5688517ce585c06332 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac276361d3fde15a6e9c7418591f6755 |
| SHA1 | bb5815c92580187dad3e6cf05c015fadd7123ad1 |
| SHA256 | f12736b0d2c96b71d7ce96adef802c92692baa9fb296ce960a8c10784959f3dd |
| SHA512 | 3374d6d56205a931f0311fef5e412531c8bd808d32909a2832a58611cbd03229a73c16ea22c1f6d07cfb953c478c60b15e87c290758df5f2806c84430ad2294b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ca40789ae18a168b87d9235f0276039 |
| SHA1 | b3875eaa6d88670c862cd99aa8d627dbfb84312a |
| SHA256 | 7e93bd10af656b4286a0b3f561b10263721a89ab6bfc7f2e2e3ed90207115d83 |
| SHA512 | 18529a297765050a3d3172b5d8042c4914ec607874aeb3d0fe53556d15f879904d8c71639e41e87d400cf17acd329ac7d7ade37b415b2d7820ce9f45eeb7efae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 685f43a0a64fd3960da2ebb31b25c1df |
| SHA1 | 9486876cf0713f9f0761e713cd695b47fe884ea3 |
| SHA256 | 8e63afee89cd907d751dc46345fd978dcb2aa0a93d9db3679114a490fa095676 |
| SHA512 | 5ca1598a90be8cfbaf7efad391cdee92256cf19fd7b3d8246e856a2f7078c0dc44cce527fcab28584474f63bf8dc04ca9b7aa495bc3251ba2b8148fcce599b3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c95695bc8b1432c75a92a6a74000838 |
| SHA1 | 0fdbeb4db961e2d6a4ef92708fad07eb4a794840 |
| SHA256 | e640205249d289430377c872177d8a0e1424b82d3850d5690f5060001d68401b |
| SHA512 | dfb48cb38e7e9d832b3b46cde0b99f51c5b23ce5d7fa483a051ea50f13693ccd391c4b3d57619d10985509f65ef635428723cf01f6f2c78bfc018918bfe97d53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b9fa361e575f298d80648ab5f4f523f |
| SHA1 | 8db57c6f197b0cdc815cbd534e519d34dc6c9d52 |
| SHA256 | 03e052fa99afe5e0f3d710ebc7de358430cd96c1b9eb49b038bc6ea751e31727 |
| SHA512 | 69fb221332b37ed7ba9a1c16d3648f1d4ab4ec173dfd32aa2266ed50a0efc66b163aba35efb2a185644743348958392a90562be01898def89bf8eaa769e33169 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f895b2bd0a4d4bb78bcc0124602e6f1 |
| SHA1 | d93f34d19227f2d4b6617f68d0e0efabc895e23c |
| SHA256 | be1f13323e3220fdfac1af1c5dac67a9975dd290fc1e69d2d4a1796f9c488c52 |
| SHA512 | b588c419c3e3761d51cb2ade488d4f792942da6d98bbfec71c94a350f88a78f25ea3148b2726143ce9d10d2ffd1635fc20ed2c5bcbfc14400bb38e66019bc66e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7537993269798b20905b5e2c3fbea856 |
| SHA1 | 1adbce479d2c2f0a43d3b527a02c92fb11e22359 |
| SHA256 | 92e35f4f31012eaaea454f9b779e22334e71a0f5ff8bb1a9ef099d11cccee72b |
| SHA512 | a00496303f515d5f9bcbe585cb0023449e70b2859590eb7cc746ca1589ea3fc3315db9a17ef899bb8195f82132911e1808943d860478d90ee67d148e3ff0f875 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ac155d4e439325d4306695bdbe11c35 |
| SHA1 | cb9faaac8b74fe984f1dff15596ce42dedd691e5 |
| SHA256 | fc8d5767f77d9ca181935e92f880fb95e7d034d355e3aa9573b1171b083ba752 |
| SHA512 | 1c15ba42a2a81067e501bd45a29452300ebeefc321b4a9087eafaee563c7c4af266267f5d42f8d2b8ad4547888ab016f04d49689ce2c438f41fb8e601e094376 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ffd12b2b842ebfc8e866a7912eea541 |
| SHA1 | a72e99a5b11d1538a6d4fb438743cd27414e3871 |
| SHA256 | 4a0a62846bb28d972b9508a100a1098881e763dea3218250cc9d21a722486636 |
| SHA512 | 283959906ec28060525fa9e4081eea5a843273ae110747af2f58eed358c1edde311fd3a8a5f24fb58a52cb9a608867c6f3895c1ffba2761266c30b2b8bef67f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e94e237b7bc7f0b7212a21c8c3a89f7 |
| SHA1 | 3eefc8ec4ba2d9e42b1787bd4440cec4b92843c2 |
| SHA256 | fcc97bd3b8e8729677925b17c1961eb5aaf70e2b8afde81e072415f640f2312f |
| SHA512 | f9edb1a9307f63ebc1e6e7fa291b612ffbe3d6605674f3307bfa411d3149b98c396490862f8539527d9b923a6dfdcc646f6cc174c45d90b782656f4b4b3c660c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64e2f1fabc0a4f20fd61bebf0498a899 |
| SHA1 | 97340c77efd8867625007c3e8a6b50d03a693924 |
| SHA256 | 180c72caa2bc6f2f31901ef9d265d6d9ebc6d08a651c7242d5f2ffa40d88c5b3 |
| SHA512 | 44b3bf046332ac91421ba33d48074c2a991fedf9fe37d1216d2c4e531de9dcf77d7933703c652852c23e5682da7631de728c32eca1d1bd651ebbd62b3cf0706f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5925febbefc971f198325e16c342ccdb |
| SHA1 | d6d005de1e2a84080004fcb32e40e56857a737af |
| SHA256 | 08638424f30031e2587cf558bc34146bd1dc5548bfc55f71ab2417d0d30b4db0 |
| SHA512 | 9daec1f24fd5ba3641170e591644659da9283f8a6ec673a1898d8ae25bc2573047eb430c7b675068f481837525fd70b175aa8ada2a3df448946ba8760c2d7993 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bb5a32ce4ac6fecafc474db34102253 |
| SHA1 | 55df1003c12e26c0faf715f7ae264b3d399ab2ec |
| SHA256 | 18e2a1b21e2fb8a8b494ea8472274a6b810b58c469c409d8885d142ab3eaf032 |
| SHA512 | 143eee9a2fd8e895b344e7af917a2189eb2afd33be3efd471021199528ef2b11997c04757aa194c8e9fbbeaddce9d98d5ab49259f7977e85ef88808509fa974b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3aa9315c6b5af8d8c516c5cd76ad382a |
| SHA1 | 0b147bc51c8a3deb14e89d87903c14ee197db5a0 |
| SHA256 | eab854ec62b0244f9e57e30e463d232aba8097bd3c036288b9aa202d1db22efc |
| SHA512 | d6d5a6d6f72ea712fc669f524e294d8605f3d3b2c02c00aed515768328398f12189c6106ddb02e92f4ab0f28f833ebe3fcd5ae1b354d7d29c1579addda91be14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65f847a079bb7963230516324745c7ca |
| SHA1 | 31eb4027892ef095746908dc383f57813ad320fa |
| SHA256 | a3ef48ec76ab9c0b17da0326624fdc979e9b19c241f113cd7dbdc1682e1f7ff4 |
| SHA512 | 56a34084a5277f8a27c87c48c552540e18895f08091870c254667c77c2c62565493e92d005313569fdbd06d8a7932f49dc8590edc888e59a176f74ef7bdbb98b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec271b2d32b82e10fae36619c06ed1a4 |
| SHA1 | 1a4dbe8e9ee78173d21c1e2a1f1356be2b8e49b2 |
| SHA256 | 66858906eaee9a0caef93da333242197bb09a53ffc3858f22238cf63300a2a1f |
| SHA512 | 35f07390a7af8371353c508847fd19c2c308b8755fe3096cbcccf051b83f022b6291071d1333fa56a4f2bc76774da9c0ebdeafd87a10d100878a7d7ee71560e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a1aef5902c38a36d0cd200f07fa654c |
| SHA1 | ec9a12838895ba0b78683f0d7f2d29f662c497dc |
| SHA256 | 89ac32e2284d382153ec41c0707a6cc966da23955b6067d548f107817c786d10 |
| SHA512 | 4349b99e133b821fe69bcce321250526aa747a8bb26197d35ec206bfd317d3071e98ee884b87b1fd846fb6096cfb095caa7c49b2d8475ea36386e17b5b0ba710 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ade0044c8fe05934b6006a020a14964 |
| SHA1 | ca99c3ef69b42c5c4851d7c3b2283efb3c5f704b |
| SHA256 | ed18d32e6b9a9958f2947a4a9344051e7ba3b79a97683b229ad37521139d4640 |
| SHA512 | d761e9edf394f3ab05feb5f1f8257908e94309a380cb65833962881ac46928560af6653a7a10c56a4c7ca32ab61cfe3f9f6cff862b6e870a38569a68907f23e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2467a1576bdd8af34a16c198564a10ad |
| SHA1 | a375bae5b5d07f5d51d75a8771c8059cb6c84c60 |
| SHA256 | a5c103d604b39e1bf6d260c3e1fb72c230078dc3d02fc147681123c3deae9c6c |
| SHA512 | f71ee65f3f41fa23d621dd02d27e4117f9a09fa71cba369040cc74bcf5a7c0d7899c269375558729501d38b81b9c8db31dcbfe7251f9d10282ab094034a7089f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e768f0b36c3f82373b4c4c0ee89a372a |
| SHA1 | 89a42cdabb267a4e90dd9c2934d091e9dbea67ff |
| SHA256 | 4ed8dd1e4595847f4649e1817be2d2b7855b92258b9853624c24bc604ac6d1f4 |
| SHA512 | 0aa88e40ee4901dad9a90a4b9c09d6548d3439ef6bf2357791fb7e6c8bf5d91ba0adcc9d732247bee1c05fa91bef22dcbff9442f52c0e9eb6fed057188f58cd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7c5cf6f10fe36779cdc43aa93cf96d8 |
| SHA1 | ffa9ed413ee66b05304372811501642c075af811 |
| SHA256 | fca605b5c98d44748fe242d85bd42accf82d9b54003289944b7aec62532a8399 |
| SHA512 | e6841b73b539bbfaeed8c29e48e6fc99af92b535ea366b97f6e18a1b47a939e92289344a5c8f740cb9004d5cd3d199d7b9636fe00f2e2fd23712d7a11a3b5c42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3179be76cdb5eea0f17a91554193a3a |
| SHA1 | f2f80a684241da9087e54e2dbadfc3c8f35639fe |
| SHA256 | 8abd0ada64846ab9dd2d7058f275fe9c0bd55810cd703b270fe79c33c302cb99 |
| SHA512 | c0ae089faf6fb46fcabc454db6b1a1f7fa1736f6bc1f935bbc933173119cc80c341e94e9c59a2cf0c59f998e64fdb68632b690a9740dcf6e254609f95ed65134 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88bbe198eb1cb4fbaa322301c9404ef7 |
| SHA1 | bcf13a1ca2f717b73788c996096e7fa4902e5e51 |
| SHA256 | 4e546e7f91acf661c9c314d76047d7102c84f79b89f61a2eeecb3ce930912861 |
| SHA512 | 10fa9fddad1fed27bf385b9da552c00b16a09fc5be6e39559b802ae6280f5827c1c4177e97b917879eec290c15b28245692bb821f7c515c10027db0607ce762c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6eaf8836128df8442acb6ccedbed428 |
| SHA1 | eb91d332a51ae7291907e336a8252887ccf8b4e5 |
| SHA256 | a2ef0d7f6380875a9f9d6d5c8c2cff716c1360be5aafc6bcf030b6fc59cfa4c2 |
| SHA512 | 39bf4362724a835ad8b97503c4f16bb4fdc08eb11d99e6b4527dad3a93e04748756d3c6aeb02c05bef346f6f3a57580ae9e462e3e8d535f24e424208b1edc593 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25da6d634791b28a337464fd86765bc7 |
| SHA1 | 015f5214b357a3fba3bdd47d395000a7cba2dbb1 |
| SHA256 | 7b5b13d182970ece02dbd7fcb1bacaee4aed76523d84f4aebb63e1266ee118fc |
| SHA512 | 557adb0a0ed6ffcaa070fea55e5c1745d8eb54ac3e6ed8ca53e538dec194428128c463bfe68d90333e4635b3b8ef46ea42bc7e15371b8a65bdf2ad95410423a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 556cf0141a103783e9999ad53a12c918 |
| SHA1 | ceea30201cf477d2f913f8b03baadad115b499ec |
| SHA256 | 8d016d3ca734f33ac892c8fb229ab9868b6b48c9112e91f1d696a36456c001e7 |
| SHA512 | b252e4487c609fa71958df1e38d515c1b64f30277655606eb02cf9420a9eb7542e03771c69de0f2a55f5cdb632870f23fad4a5f0538bafd6692734d9c2ff1ac2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b8c981a5b311cc60e13b870284ab2f4 |
| SHA1 | 7a336e8bc5941ffd0af5e20ad4f10e1b78abd922 |
| SHA256 | 37657c197186409fea9aff480403fd45ee3c6011409f57df96400ced3523578c |
| SHA512 | 5ad35f6e7471d11a355fb68403e333fde4f9ec971f917e015aa8d18fb10f2f540003de7a1c1bf9c9135d9265559ada1747f2adc47f3f5b6f86beeb7327032fe6 |