Analysis Overview
SHA256
f5dcf6deb46d547ae100a90bf2ab276524947e491253fdb970fae254f9afc861
Threat Level: No (potentially) malicious behavior was detected
The file a42b4e53c9586128ca3279f6c82039b9_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:19
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:19
Reported
2024-06-13 06:21
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a42b4e53c9586128ca3279f6c82039b9_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe92d846f8,0x7ffe92d84708,0x7ffe92d84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,13822396734982251724,2251336949262798652,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,13822396734982251724,2251336949262798652,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,13822396734982251724,2251336949262798652,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13822396734982251724,2251336949262798652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13822396734982251724,2251336949262798652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,13822396734982251724,2251336949262798652,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,13822396734982251724,2251336949262798652,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13822396734982251724,2251336949262798652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13822396734982251724,2251336949262798652,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13822396734982251724,2251336949262798652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13822396734982251724,2251336949262798652,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,13822396734982251724,2251336949262798652,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_1572_XFBVQPTNRLGOGVEK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1e3aa3e7790662f8b4fbe4f463a25139 |
| SHA1 | ace675252629bd0f2b55a31af8d8d7096482c5d3 |
| SHA256 | f989f4e60498760dc39f37e330e06d7adffb0a8adf8c26014859a62e5df2d633 |
| SHA512 | 623faac164cafb4460b55c44c5d0a07b7e1aada6405f7ff866f9bbfc2b4556e255f1704f1ce2305e907168bee6ad426ec2b7992eaa8af07b027d093cc563f7a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2f17ef1fd99627bfc8473e0f296667b4 |
| SHA1 | 400b84aa56a0c1b878e667bc2de4899986991a93 |
| SHA256 | dcec0937482ce58f7decc3dc95b815df7ebe74d0f5fa021ab7ce8e5b68175874 |
| SHA512 | e4d8c07fa00304b259691d829ab1089466e4fa4ae2f4c8e6a77cd0b6358fcebfdff3811f9a36c68972d9f174ba4f567daf55c7374fbfb2b694d04d8fb8de812f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 93bcb2495e932a9b832b642b82f5c698 |
| SHA1 | 438930dc5966ce9404f9ba6823c8a8cc7c8ae2e7 |
| SHA256 | 22b58747e450ee6a46d6ccc27887df2034db283c084ab23ee3262948390eb0da |
| SHA512 | 2b820213df5140ab6a8000db388a3f2bb92bdf0efc2400cad99e200103626a7d703a2f74eca335f01cb6038b495a6b119c684a5560bb7c71df28e86802bd6975 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:19
Reported
2024-06-13 06:21
Platform
win7-20231129-en
Max time kernel
119s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D701FDE1-294C-11EF-932B-4E2C21FEB07B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d9d3b7894e1bfb45b1b608eaf2b3f27400000000020000000000106600000001000020000000a26ba01210a5f459b017180a9c82dd9d45678b1b12adcb54251b277678dc0b84000000000e80000000020000200000000d86afecb3a192d7a591ef45c44682dae03839d42bc1522ab295502083c7314e20000000dce9f81cbb420cb736e8a4e4dd478d1ab45b7afbb80a82a0c710324b53542050400000008c42a3dd981f94fed79c8ab5cc8b47bf05f68296ae60018ba1d1818c04dad435dc2b32039cb9c54707772e510a04a0ad5cafbce3ce0cfd5f0b77a969e4e3a498 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10269dac59bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421414" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d9d3b7894e1bfb45b1b608eaf2b3f27400000000020000000000106600000001000020000000a938461b0c014fa532d7fd5b1f73ac76106aee1913ae35e7195e7f694f3ea81c000000000e8000000002000020000000d796b06f0213d23172df5dcb0b70d4b70ac6a1feddfcb3347d6590334444f67b900000007214e1f32f0925eeb003dbf4449be810520cdc67e9ae9120d5a57512ad4bd9a15d381d8bc46e44617a0ddf9930ffdb4e1f2978855d9649a5cf964265f9f9f325004e3715c506fb604bbfe4da8e52c636232bece24db7d099a6d9da9c5aa3309ec27ff89188582ac7dc01a5aa8f87f782c7bad042bcd92011b95580a0d9fe8655c82868c4ef0733f713e231b63398539140000000fb88e7bdc4044182e6c48ba95bb18f343d8d354da1eb3078b6db611fc097a68576ac88ec37a30407c54c722ec6759e202f53c201f879e83b74ad387823ee0590 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1276 wrote to memory of 632 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1276 wrote to memory of 632 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1276 wrote to memory of 632 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1276 wrote to memory of 632 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a42b4e53c9586128ca3279f6c82039b9_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1276 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| BE | 2.17.107.104:80 | www.bing.com | tcp |
| BE | 2.17.107.104:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24
| MD5 | 3e455215095192e1b75d379fb187298a |
| SHA1 | b1bc968bd4f49d622aa89a81f2150152a41d829c |
| SHA256 | ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99 |
| SHA512 | 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd |
C:\Users\Admin\AppData\Local\Temp\TarFED.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\CabFE8.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d78d83a956c061a7af1ee44f842039fe |
| SHA1 | 2ce0f320f8a949574bf350788d77d9153e97165f |
| SHA256 | 0b3ac8c96d1fc8e5f70115de283dd878af2bd87111490fee66eab3be51d64a6e |
| SHA512 | 9285e8334586d2f4585bfb905840b78d1236cf09b7d0d9b770feb18ff4a5a3092523bac106a88e9fd727533a42f58c2cd1bd58a40a62e8763ed271e74a6f4e95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 5d494ffd47d8f5ed05c57b9142f7d39f |
| SHA1 | d075a56a560f7fdeb8f5ed195cd0cb02b3c894a7 |
| SHA256 | 38594bee271853b42c04fe639f5f2514f768388b1ae5f28a8f87d17c41e17392 |
| SHA512 | 58e21171b300bf314eebae57ef2ac53f4e900815069c5d5096197aec202f0067bccc751989eb81f2da622cbe9a2442e926d468c0daea3ec3a7373d67b1cfd3dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3f3e2ea522748281e8f3f0298844257 |
| SHA1 | 7c131083f9736fa9882685f5fe5461d550fec079 |
| SHA256 | ecb0062ed02d9767c4e92e8bf4c0a77fddad7a693db1844f9c14f1803e0da145 |
| SHA512 | d7f6596eeba1fbdb69a56ddbf1acc68d62ac2891c6768a19c5b152628b54fff0210261a1edd3fa98494d89d6568ba18709a64f819243586c6cec3a59ec8c02d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef1e330cb31a4768cc730413639c3aa0 |
| SHA1 | 12e25afe3f34a64e6a66e4a58da001ed26116c15 |
| SHA256 | 25f1069d4a0d0b4c9624f2af74fcb5ea0651a11a05cb02a776ce09789b229ffc |
| SHA512 | b49fb73cd7f5c81e304f6b2ff68e7ba89193a87076c425ba2cc0739196958b4080b7d24d406c42fd0b8437a7239b2964966d852cbbfd9b14159174f6338e91e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 8f59a875e238ea5460944e82b876abb5 |
| SHA1 | 1298bfd4a73c33f3fb9a3154f8b5bc396948daf9 |
| SHA256 | 09bb3052bac01ba522e390dc8c8efd35aa89409452ab5fc2cc4ad571ef6f7b2d |
| SHA512 | 073eb263d0d9489cd560913d717962688ed544e7e371b7d8eac88b93f3d8e117c1e9596c455e1901f49d52e3498e28d87a94adbe5605119fa482f90ecdc102b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 194151b5450b339759212cbe6877443a |
| SHA1 | 2074751a09ef66ae02d4f4891245eee67d1c01e0 |
| SHA256 | 97bb4bf4c487d6f0bfc4386bdc05039f24c7822f16c91d7423ddf744b2e2c0cd |
| SHA512 | 905cc5e89d5a856bb597cc58d4059e3199afeaf7ab57285a2a3572566092058050096a12e79ef1df0f3c363fb796a336175af8fc8aefc2c747ebfc19f8bdcc8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 11558029a6d8834ff276d31d201e2af6 |
| SHA1 | d3282285ace11ae1b18918298b58f4bc71323c52 |
| SHA256 | 462aa179bab0e0e29f02abc75f80be604eb0efc66283cb9de3b2e4a48682fc5c |
| SHA512 | a27885021c16bad184fb5987c6c74ccc92f0dae25d3060bd9da066b8942e649e94690b366c67f4f7131eb6361326b32f918351c0b96f36f62f62fcec0c236bee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a627d034d6b385f2b60378eba08db46 |
| SHA1 | 6aa8639a087289533de98246710608b7ab1ed365 |
| SHA256 | 2a0f7543f4273623768185e9084a307edad6a8cedc7b250f84151c94d9364395 |
| SHA512 | d36274f656fa32c9973561c20909149f55463227c0790c701c141d57f39c808235e5fc418edf1eac8afcb5983a088e396cbe4b5fa8555119aa35af3bbd877edd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36fb74d67c7b126c9f58adbc7878e085 |
| SHA1 | a826cd5877e3e32a74c62dfa7ace9e971a0f4ae3 |
| SHA256 | 6faab9a0d238e2b5555011feb64eefff260d616e55d27cc72c7ed55f5163aef9 |
| SHA512 | 9e2205271fc9880f8aabc963bfc5a8c3ef52302205cadece4e3dd8b22f31258ee5cfeccf30c3e09e42da906201e9c30d62db9aed24516ab70a0ba6d548daf7be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8254dfbe43cfa3c2da80dc670e326dbc |
| SHA1 | 86299cbe3c52292f913d9ae5b1b2f78133046b72 |
| SHA256 | 39fc6c9201efb97099a0861cc97f453989806890847f239de72d6ce1a32bcfd0 |
| SHA512 | 93fc7f64c6f7391190b4d5ddd1aea7384d79e4fecb497fa3a5d3dcdf69253f3273a2e8b92840dc8680c6b5ca801c48eb58fd62d040ac40ded44abd7041b749e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e73b777058eaa287eb9289e101930835 |
| SHA1 | b3e600ef770dea813f59fee5bb0efa7d38543ae2 |
| SHA256 | bd6fb20d14413084b604602ad3ad8b4f4562812262b6525cc836ccc2eeebf7ca |
| SHA512 | e4ef5b4e1a58ec57110fea344f5e2c60ff8aa6f6ed5497e818828ea778bb2d10850c4652e5821655c75ec325e915abde6cc81a5c370dc92049b28ae502589862 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c7988bd891d90ecd4e18743182af921 |
| SHA1 | 2c5a60d5b94eda7e2cb3e74f7c9479af25b3ff1e |
| SHA256 | 075f1e7d27d9d529d3c0c8ce028efcda1087643160f92f6df30635f60f783e4c |
| SHA512 | ad1d9067ca6bfd488220de2fa5e3e5c3cce3fcd7104373ab4c1caa9165f4ec5fddc0028f5cf82953bff281f26964fc92d773dce63d2fe35d5bfc8a3481e01197 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c88781caddac765bd70e80f9648bc1b |
| SHA1 | 400f85811be0b564d8ab702b334bafc7f93f6b0d |
| SHA256 | e46f80e8b116718b38a0e43fcefc6c282bdeb3d7097a84d52274456421e6e7a4 |
| SHA512 | ff600c63756fb16644d555a0be16b848def00d8a99e683b1f1d8f9b0b26636b8281eb22118c0fb2b54a6d6287931b14bb3a62645b6701a586674caa11ebd934c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0101de7b20ee15b6363458bc7bb3d044 |
| SHA1 | 0d61e3f9bc0750cfc923ede66bcc87f5b5ed83f5 |
| SHA256 | a90fd893fa27e6574647f3b2c3d65dde5284de53f99a6f61585a3083d8c82d4a |
| SHA512 | 1ab5126bfaa5c7e8496139778b8e1daa27195204365cbcc84415a54b31b51348f2f745715de8e77ca1288952ee1a1ae59a13d9baa6d153ed97bd4c7de60ef222 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8283de227bc3a59a78d047a7d284c56d |
| SHA1 | 5bba39b34f70e3ca7388bdb2833a4773fe669eae |
| SHA256 | 366e40873c5128f3548227e083269fb8c83dee193b0a7f9350163dce5a4d4827 |
| SHA512 | 6f3b0634191a65a181dee49c1a7a54f9b9745fae18739e21f7165c4b898eb462afde016baa0c29251bd38816d5c74f6f0975b66415b432635dac180f1c6cbc80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5467d259e56485bccf9daf29d3fc1914 |
| SHA1 | 670833ad37f0177c779008c3bcba48d5c72d11bb |
| SHA256 | 152e3e02ee94ab1f24aed1c42f2324870a85b60dfb58d9d662ec21a4bceca18d |
| SHA512 | c070b24f12c80237978b736d6bdc61d243fc55d3ee15847d6619c79289d5911613d820acb183d04a3296f81f8fbf5d6093a1f8200e8ebf94957faf79d347793b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | bae13160f23aaaae227787d45dec196d |
| SHA1 | 088f496dd53fea8d82726a04949453cdf2b3e813 |
| SHA256 | 1057def55d21935f37ffee539d6bd653c47cc4364bebaeab0a99e979caa21a40 |
| SHA512 | e0345e56318b690bae3362d6ebe2db9dcd0482cff85dde97bb6742b3b9c1896756c92886e780824005758ac3101ac78894864a1c0abdbc055a66f6f8c08f77d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcb32019963a668fed7e5a2a5a4202e9 |
| SHA1 | 84d89a9f6c03f2455c13f63789b6d758ef6347cc |
| SHA256 | 02155b616d25e99ffd829e975def539f08de0ac5f3ae8897cb5017ce98864699 |
| SHA512 | cfc3982f87fd03c903146a137828ce2c656b06d3c3ca08d8f3f2ef1799d48c2c45324408283f89285b8ac182dbb6fc3d7c34e13d50253ef6c26987e52bf7f9e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 984bfb07e43008c0bb9e8c09f753cc6d |
| SHA1 | 95d13e6c7219be00dea45d48121f3a118b855c4a |
| SHA256 | 9d82b068b1971df0be8b18ac25a19a9c576b33fddc077c9b3f09997131a64262 |
| SHA512 | 88e00d0bc90d9194a53133660a7c3dea22ec1572effdb100b3b160df8037ba982e1c016f8556755bb45098d875d1a6a5ed15a984d6168290bda2d725e64d279b |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a3cd4082d2dde55c1b54be99b0a5207 |
| SHA1 | 654503a11d4043aa96305c48593bd125b7434bed |
| SHA256 | 0f9dc5a408cef4ff813149afe1af507400b1c9502265913fd3c6bf0040c7d811 |
| SHA512 | 5f4b96dbb2776e8f4bc00e1aa86f4796b0d344bdb95cda00ed1f6d5391be5a9446541170c07d2a150064cccfe89004e9d553bf6b50129290641d518a95c336a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ecd6be88e96b84796eb0b23027ed8c6 |
| SHA1 | 29b4bbac31344fc09bead3def62e8222ae835044 |
| SHA256 | d969da48fcf44fce2f59596be736bb5a8568d013f6d52a80a9b67bb18ae75bd7 |
| SHA512 | a36c0e8dfbe26deb1590454daafde58b61e30efc9c8a34d62b1a0b58d87737154acd587f965a3fe21e0b3a322e1976809a084234f61d5e4cf13acab9583562dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 177a1ce12ad804f030fde22332bc6116 |
| SHA1 | d6fd43b327552a5823e5919f9981bd92d52928b6 |
| SHA256 | 950b16b8a8b0a2ebe5a04aa4c7865f9d84614ab4738b34c9166e638e59082709 |
| SHA512 | 841a6e5b262ec79af9589b938300df822fc19f959a37ff790c3dab7fa3339948d57e210c7dcfb6863b055869093baec62020c7bc429433a89a340ea2281ad20d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b13a2db92b2c08b1e419751c1b3d2073 |
| SHA1 | 596962e551a5faadefed3049b8435d0f749eb447 |
| SHA256 | 55b6beaace979a2e7b84995c7704bbf2b944439f140a38d7536c65b2b8291bce |
| SHA512 | a523be9a2135c1180ecc14d2663a7e91be0be22401ce7d9c47acfcf66ea969fba04e40cc88fe8c3122bc6a44fef7f16b71894bd8ef3026f670e10e52ba725cdc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 510be3cace734473efef7d4592b23233 |
| SHA1 | 2ece409dfc56ae72c563789a9fe9d54c787ef3c4 |
| SHA256 | 78db68d3ccbac2ee4d9bbf1cde34b48698b96697a1aa1ee6d4aadbcdf3e20681 |
| SHA512 | d5bb392377f5ac4736775d4937f84602980a02a68f3d4415e7ef0496912dba1d817bb85d8aa7926d8abfc819c8d1ac30da1f8ff3795bee8b60dbcb01dd2de4eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b00127fa2223ea5683d755f0f26eac62 |
| SHA1 | 91933de6ee16db4219d3e2a5f248037cacc45df6 |
| SHA256 | 1a1325f6afde7e6d28b1788e1726a96ae68f56ebe819c56a85af47eeea22324a |
| SHA512 | 350d961b5dca57fb3e9de49273ae199b6074d82394f1e8f775ca8cc11c4cb5374b65dcb2a1fff08f02441ff3c2cae7d5eaaef82326d80683ddaa8f7b481f0a9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98988e6cf683387810adf5428cefefc7 |
| SHA1 | d608ce62f574c7bc385fdea99febab999ed2c5a3 |
| SHA256 | 890399588caeac8f7a14a3dc222c6a070392c12b45dfe760368c2a1eb13efc4d |
| SHA512 | 74188e05aa5ee4b8ec67ac1549d2a1a8b5f61a04d126970e8e37264b1068969061b212d9032e9356a5babf5a56ec0be8d216dbe9f773b58cca60699b800e4f4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22d41cb970418b25c29d3fc38ff5c3a5 |
| SHA1 | c4b0ec4115abdf3a65376fd670e41776a6b74e88 |
| SHA256 | e323fd576ceacc738ab36ae5d17fa3f9bebce3b86e0bde97673070169a267992 |
| SHA512 | 7162a954e544fcd8aa41bf19171fb3296edd6c7cce36e7ec42ff2d2de25deba68be23e371902b4813c5045e18a40ca282701a55ba04a43a5ddb7a1fd7f82151e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 791697f47fef08da8160d50291b45353 |
| SHA1 | f60a46f00da9b99df8b11218349de1e582e1006a |
| SHA256 | 719793354974d85d2a958b0851f59becd405a4b00440e3f742d40bd15fa99564 |
| SHA512 | b0709ca0ff5c648900bcdd8c15a6d7549de030ee17fc6bd48203e401a3216f76ddb050bbf2d7d85fce90d2be8f5eedbfdc789ecd724b7cb14f4e22b910bb0389 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e56c01b4f3fe99bd0ab85b692a1c0e8 |
| SHA1 | cc0b0b53e36eb58015d4502ef3034103b1969074 |
| SHA256 | b8bd83e49da36d6eb5b493db6eb340aa9725627d70be55de661e8d34516abe7d |
| SHA512 | d74603cf582410df91e157bac79b7548b3a855b42226ca8e01c637478844e6a134e35f57106a1b92e22556269bf7e8869db2a94112c39fa502f78aa57c95c7c5 |