Analysis Overview
SHA256
b403fe61447e911aa18b646ec5c79a204eea99abbbb4c8f2d3afaacc1fc16858
Threat Level: No (potentially) malicious behavior was detected
The file a42ab7185a7f18a436fd06a9d359e09c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:18
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:18
Reported
2024-06-13 06:21
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
144s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a42ab7185a7f18a436fd06a9d359e09c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3e5846f8,0x7ffe3e584708,0x7ffe3e584718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | js.trafficanalytics.online | udp |
| US | 8.8.8.8:53 | pekerreklam.com | udp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.106.62.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.73:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.61.62.23.in-addr.arpa | udp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 8.8.8.8:53 | js.trafficanalytics.online | udp |
| US | 8.8.8.8:53 | keit.staticweb.tk | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.buylandingpagedesign.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 216.225.197.236:80 | www.buylandingpagedesign.com | tcp |
| US | 216.225.197.236:443 | www.buylandingpagedesign.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.197.225.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_2952_YCWCTKXRPDSMCVUG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bf7795c9c0a4021486d66b526581a3b2 |
| SHA1 | 1a2ca59c21081a660c6bbcc70a6c6599edf06820 |
| SHA256 | 9f8b6a449a4494c8bcc1de51230739982898d368644181ef0684fcfd3e2b03e7 |
| SHA512 | 2dcb603b06c39afe6973557650fb143b6fe9a9b23b9e65f4a5e4ab37d27e075605d5e56a2dbab2d44bec1b1c6a2a8d21c9f48af8eb1850b5583092fcbb6f732c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a616419e2016e3a801574e014cdb9945 |
| SHA1 | c7794bfc5c63d4d50020b4bcf855536e65c27af3 |
| SHA256 | 7edbda14f7dcc173483dd9f1a2ac04588ef33b3f012a99127c86e14f62faac26 |
| SHA512 | a12c17a8db9e8619f13a563365657b944695cbcc5fbbf9907fc220da0556f5931867a6be611b91313145f9e6b7753b38aa7ae1d108306133a117b938394a9637 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fd448f7dbf1783fab46adbf232a8361f |
| SHA1 | a6e8f3a33b421abb9c572e577d0673aa5500534d |
| SHA256 | 01086cd58ca9437b27c0871d18747e63ab372b047d13133f131ecde9491be26b |
| SHA512 | eb4430e77500941372e2387eefcedcbd5a86ffefb307d88c48192488c19d8aab9060018dabf85432aaf0bce68f7091889e8f44312845b5f54fbc5ead8f74a818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c5a4c2d7a997de3a7505852455045c29 |
| SHA1 | 5aa1e9a141af39bcfc92ccc02ca9f0986cb94e80 |
| SHA256 | a5f41a8962213e863afb149254e8836719dec9df4ecf64b14268e9f166367bcd |
| SHA512 | de70f34c9c01b35b20509b27b9f4816c43102a17a845dc4cf64065abf051fe73a6ce301c33f4e630de13f4d79fdf70343a7ecd74ef628fada003f6e4515a21b9 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:18
Reported
2024-06-13 06:21
Platform
win7-20240221-en
Max time kernel
143s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C5D27C71-294C-11EF-9F86-7EEA931DE775} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0d403a259bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002b3c538e8e72874e832179c2258ceac400000000020000000000106600000001000020000000ada03ef184503b31c7f503f7fb538f0c8bf41a30d24cac43ef243cf4b574e3bd000000000e80000000020000200000003186f82f9847e75927bb772418bf64df39afd6f847e36981c6b59a33288df4b920000000512153f05505f77bb99a516d42a31f4ef5e337be96837213643c8b838f2f791940000000a0e026bf7ddb618806243df12acb71ffbae5c07c8416fd83957d2ca9b368c2aaae4cd3a37a859212096f785441e627e95ff0f48a09b021a01078e7d2752b0683 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002b3c538e8e72874e832179c2258ceac40000000002000000000010660000000100002000000055353763652fb7bb9403408d02a42b1200e3591b087194db66a523e1d045bf08000000000e800000000200002000000074c644bf2e5c7a1edcc2a20d6a1e62b11661c10a923cac95ae27077e68ca48f990000000ad34d2944e98e3e3c8506471067779c6d19f02c6ac1de1b06691b37697e91b8eca5ae598e7576685b3b3ce918c296eddca28422d3cb64fe3434c82b80f3146cabef2462f37b515ee4979b6bd4444b8885a2de961398ab92d4cfc3a84c5d5cb80f3e958adcbd12fd4a485f1bdf46b5d9c8eca7b35b56924f28418475ee4f3415f79240beb9a4549c88a6ff873c208cd6040000000a3caa7bc03412092592c196ef07defa643c76ee0c3e9feaa1040c328583c8fa3dbe5b102c658842e3c97d4aebf43022e5ba5d2514ea7953844068615656ebcb0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421386" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2180 wrote to memory of 3036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2180 wrote to memory of 3036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2180 wrote to memory of 3036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2180 wrote to memory of 3036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a42ab7185a7f18a436fd06a9d359e09c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.buylandingpagedesign.com | udp |
| US | 8.8.8.8:53 | pekerreklam.com | udp |
| US | 8.8.8.8:53 | js.trafficanalytics.online | udp |
| US | 216.225.197.236:80 | www.buylandingpagedesign.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 216.225.197.236:80 | www.buylandingpagedesign.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 216.225.197.236:443 | www.buylandingpagedesign.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 8.8.8.8:53 | eurofit.ro | udp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| RO | 81.181.253.2:80 | eurofit.ro | tcp |
| RO | 81.181.253.2:80 | eurofit.ro | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:80 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 8.8.8.8:53 | keit.staticweb.tk | udp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 154.62.106.68:443 | pekerreklam.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\ie-fix[1].htm
| MD5 | 5d8d79c3cb9af023240b1be6f5057aaa |
| SHA1 | df22980677b134e83d878893f7c7984e0d78a240 |
| SHA256 | e8b101a7c7f64aad528cc734513cbeb02243c0af37930dc0f3239749cff184b6 |
| SHA512 | 66f432b622cee0bcc06cbc0f833de1471ea36c295b4cd93eb848d97e69c2252acd2fc8972db51ea35475a424f4d6cb5001325525fb04f71b8704eb24de1c4008 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18a7d791b47ed5427110b5b721af43c9 |
| SHA1 | 13ea4dc705bab0292d0fb8520ce2f7b43d43d6f3 |
| SHA256 | 67f2af043a53f9ef1a8e10cc2525cb02dfa42337b1ec7d940502a6b26821bf81 |
| SHA512 | 9d66f07c7033f0b74be6f8e107d31173845bfaa9906af3892a7456c5f756c39dba62dc58578ee45d1be390e1fbf5fc5e820ab4f6ea777ffb786a817775ee083d |
C:\Users\Admin\AppData\Local\Temp\Cab7486.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar7488.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Tar7569.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81e24b6923f7195065877131355672f4 |
| SHA1 | 2704165a5e04ba9cb03339d4792a1e06f0b977e0 |
| SHA256 | 71ad43d88cd095247d14b6c62e8ab45592172afbb4361bb3cab34652dde2ea55 |
| SHA512 | 8a9a77381ab726f615901048729246e6d879530ee4023e4e5c246dd54b1cd1e9e7c792e7816dd97051ff3079ba70978fe50f58ccb004c38346b5e7431a5a32fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2861ed3fc4a67c53ef7cce8df5756809 |
| SHA1 | d843de4b34d000c5ecf803bbe105abbe5cb97296 |
| SHA256 | d0955a7ff063a1dd9f2039d2b970944ac5b53305d898b3871db39e6380d44577 |
| SHA512 | ec7766c20fadead0771e7058d0bd768f8f75cde940d151eef64d76378effa51d8026286bbee2bd24ae327b92a553ea1df1a10147d28fa94e8db3698a2fe7a250 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d28d00bdc39dcca58a4e2ce373ce437 |
| SHA1 | 45eccb98840d6a7d0c951c7b2aac4b0233e7ca7d |
| SHA256 | 86b8a22ae0ec64c2a6ab67ca6d49b26285a6e7b1496f2db5c7b2def851056891 |
| SHA512 | 5ed6ae310e791ce9af8ee5dd9b9d08c1ee0676fcbd0adeaa0e9d712a613c2e02aa61dcc648c96a0a0f1c4321846714e9a6400240f174d0b75b65f87805e5dfc2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b832805bf6c67d506bd3b918fdcd5de0 |
| SHA1 | 9459b04693e0d54acc2c65768dc6f3c550f3d9b5 |
| SHA256 | 6a471cd2e2557d15194703cf9bbbce41791ee46746bba0223bb50926f98ee920 |
| SHA512 | e3c3a412aa418bbcb3c7cc13a122059b65c453512c29df3b8d23aa9fa27b5bf612d650e810d91bdaf51bf951c779ff165d66346a7d6ec5b7b163fe95e0cbe982 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78eb1c37d2e4b34e526607c41cf41cb4 |
| SHA1 | ba4b15d2d0e9d57b9ee8619e3ff88ad270a092f9 |
| SHA256 | cd1c63df010da5c2fdb2a8800eb7084d0035fc3c182935f2ace1382b38315c5e |
| SHA512 | d91943edc567164bc650106f80177399f2ac114a0887cb848237a1e38723a9a1955a80b2310de8992e76546a9dfad8999c5c957b80c3adee93ef8d686f154d07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df2208267521c4dd0c303d662fea1498 |
| SHA1 | b1c0b5045c38d7dfbbce6aa873056ba522711f72 |
| SHA256 | 89fa025149f1a13ee27033e3456204073b1809ee78cd58d21a03642435f84875 |
| SHA512 | 5af10b2e8e89da8481300578cdae71e82109730369de61901b58540d141d69f15d874efbf62dad77f2879ff6e09867f41f713ddb118226f694cac35ebba31bec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14e8763435ce213a263ae37dd5f40312 |
| SHA1 | 356fd10b8f765d368fc63ff07c4053b2c48545dd |
| SHA256 | 7810c97fcf8a83c2c8ab899265a57296d6086eca92b781149124a3c5df424a49 |
| SHA512 | f5b958192bbeafded8d4d0d151cb7622c50cd1bde14e19481a5e01a9f97e156f5942b223ae9a19d43ed1b858779f8c00b14619d3a528be07987bd2a4d183ad65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bce5138d218a03342d9cd31f2dcd1589 |
| SHA1 | c404144245e8761cba386881d548c0739b03fff7 |
| SHA256 | 91d32288deb34229460953fb3d1b15700fc2d389e02d2ca017c72f00bd662e96 |
| SHA512 | c5d6459c1afd9dc45d1e9a9d436eca89cde8686166f1a9f535f422a23e10c982e08b2a47049f14f162eaf74ea4367b0e3d3f0f569f888fd88e186bb0aa7cc72b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 713ac4e6c073f0d2fc1e7b3bb423c114 |
| SHA1 | 16985c068766c5f450e0f8e0c243d6e180a5ed1c |
| SHA256 | 602ea3a700c227183fe0b81068af09592a7ad60d0c037004b2ff4df6f398a952 |
| SHA512 | 4294964855938fecaabba4a9b4dd18d253cb3ddd8dcb7e6282b2f9a9c1c3ad8d9ddc656ffe639b524f0930e84fd9961c47509037b188e0a87adaad3b8b014332 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ca1ac25394bac491dc40742de242cf8 |
| SHA1 | 7f94d83cb7a3513b0bdc11a2fd1f985d69867581 |
| SHA256 | e8979f32db3f2f39dcd47ddc74d1f372d8a5d6d01a61c6aaae2e0350157de374 |
| SHA512 | 8ccd00f5c0e6d56abab933153412220d9b90a006f77e6647d71e8273e12cf74f340427dc51b7898814d57025e84835546fadcbb1643b516bd450ebf92878c07d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 759db61974c3cfd40c87190b2cefb857 |
| SHA1 | ba6e4e9601d51097120c19c5c2287a2407575289 |
| SHA256 | 768944bbb6a8ff0dbbb68e825079097167465c6b1ceab0d3694b0cfeb1de4a56 |
| SHA512 | 44754ad22bc84a886a02e3ddb22b7ae8fe089822c77b4bce9641bf39c4009351ae3075883c2db16627f8b8f511181c6bffd5ca74cfb0975397e52f5149d21f0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 908f4dcd420ceeea41ab3303e05be056 |
| SHA1 | 682e80b9d007cffca2afb56248e021a40de6a909 |
| SHA256 | 824141bce2839b349f10d1e92323fde6fbd9e574992f44c5a4df4ddb41a5d4cc |
| SHA512 | 704f48ebb2c673059eb73eddff3d8a481051e978de91dc596d137f71d05d5f23f0e65665f3a5d33bf2678da661629b13ed49616fe460a1b6315b30ec3b93c4d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f73e6dbf53ca3f7130b0a15c6502fd3b |
| SHA1 | aefd9a41cae1ced0601098e4ed31c6c54bfee95c |
| SHA256 | 039cfcda4020efbe4aa8ceb98cb09ebe24dec62b74ec330a186331abcbda7bae |
| SHA512 | 6d441fb85b176f10dc738975811e03ce7b4f5d2bfb2f8e53c3dae7febb88862408b92a16e7da60411e7cb62944a4a80b8479a6cf6f1c711371e0195851dfbe7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64fcaccdeb715cb3f9a8b90a8de30508 |
| SHA1 | c69bfcdfc76cbc3ef3add50c510a1efafd1eeb23 |
| SHA256 | 85106e09b0c506a72b9dc933698673450f6aca09bfd21d4461dc775f2c14e638 |
| SHA512 | 6db1880879f4adfb7f34e3c6f1f9ea7f02637973ed9251e32f899a4cd51e88df833f0e72ef63173604e989eda5db1847c176b7bedfbba7d72087cb2252d742f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4932829096ecac4b3a350a96deeac03d |
| SHA1 | 2b07c71370abac2129496a7c25ba2aa4fa44f954 |
| SHA256 | 2c86befcbbcc8569c92b0a2be13082c1530a7ce860b087bf4439093445e0403f |
| SHA512 | adc8f33d9e8b8e7c08d1cbdf8a6cfdf19f13cd1672832974922611c8807e8089d54fb70e1341069a079d8fc63fc8746e0dba03513bf33b22311b7c0ac1932451 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dafc743039ac7ed6ecd1375f90333fbb |
| SHA1 | 3dcac584cae51e5dde9424ef424239a6e1d5801b |
| SHA256 | 99534ec9d5484d9f7129e8d78f87fbc4d0762caff90f6c9cff008d90bed19668 |
| SHA512 | 3d5cfb3daf2bb0dd58416fb8a208f6149d8781265a9ef47e10580e4ff13cf136f5f032d4fb6111b7476340a15821617630c085056b804899ced2b4877625a43f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ba45362308738631c074f95178ac87b |
| SHA1 | 51db95b0663870592588eda265255502948984b4 |
| SHA256 | edfbb1bd385810e40231d399a7871cc77552ecb378ee5e264d5a4eec207c1e21 |
| SHA512 | 146f69c441d0521ce4bff6fddf08dce4ded9fc35b82e93b8362c17cad0da4d818fc6e22db6522cea0752c0edcd4fefc510eb8cc2f9398661ec0d5fc19cee230d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 2cb6225230f2d8ce42739904fd130ee8 |
| SHA1 | 887d3ec4dc24c767cf1188f3156bb94d2ebf37eb |
| SHA256 | 65fd4f429bcd3c9a8f88d72619ee119743239e37d7221dbaed7e25e706e484f4 |
| SHA512 | 221949571ba8416f5145589768030545cc1858f4488cc8d93ce1e1783c056e2550275cb2ce743344a9f1fb5073e1db1f0b5fd230d54f3033e654e8f5ea6f819f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17bcec68a1a5b610cb081018c6bbc946 |
| SHA1 | cdca4e14c8f3af3d01a6064c6d51cee4b6570f70 |
| SHA256 | 370b7fb00586593fd569cb0e719eafdf7798f56b448d1a6577ee5c0b3e1fd597 |
| SHA512 | 618dd9cdab8e07f48e3440cbb21f9e97086b482d328e10931a8d2865a13153c5d29520a97b6bc59b9f5453b814a0efa0d5cfcd352285309b59f22b30a2de4c6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b48335d0ba0194b73d099466b8efa832 |
| SHA1 | d55f08070fbbd049df6d663ba5eee20ab029b26b |
| SHA256 | 789161dacfc6f1306e6e0564848d9aa77bcd21a339bb595b94801df2950a6475 |
| SHA512 | fe25ad5d4c5e1997327da2746da67861a1ee99b7a5098095791ad1236185afbd597fdf25344ceaa8d7604bdf927b301cd99cb80eabad112abbe2695ac15a1150 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5bcefd3a69b80d3c7f4eedc8b1d7ce39 |
| SHA1 | ef9a6d89dec86a313e971606af04fd15535faa93 |
| SHA256 | 091ca3314cb4b1efed388c87ecdf11e771b8eea67eb89a2a6b72b110e5bd1ee5 |
| SHA512 | fa0f4926c0bc10b27b89e8118266e28d3ae5f808943b31f763a862c9f3c3c5ac0a085b6a53452507449ef05321be9a6cb968ab6da2b563cf511a07423e7a037d |