Analysis Overview
SHA256
5146fe86505f4843227444f6b1910d6bcb223c7689efe32eccd07a81e84a7212
Threat Level: No (potentially) malicious behavior was detected
The file a4750cdc101d35268c3c5232e0d0e292_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:37
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:37
Reported
2024-06-13 07:39
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4750cdc101d35268c3c5232e0d0e292_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa974146f8,0x7ffa97414708,0x7ffa97414718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,6936006336950886148,3903919871867763328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,6936006336950886148,3903919871867763328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,6936006336950886148,3903919871867763328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6936006336950886148,3903919871867763328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6936006336950886148,3903919871867763328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,6936006336950886148,3903919871867763328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,6936006336950886148,3903919871867763328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6936006336950886148,3903919871867763328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6936006336950886148,3903919871867763328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6936006336950886148,3903919871867763328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6936006336950886148,3903919871867763328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,6936006336950886148,3903919871867763328,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | corporacion3d.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.217.40.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | static.whatshelp.io | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 104.21.24.205:445 | static.whatshelp.io | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 172.67.220.136:445 | static.whatshelp.io | tcp |
| US | 8.8.8.8:53 | static.whatshelp.io | udp |
| US | 104.21.24.205:139 | static.whatshelp.io | tcp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_3576_QBAEXPUFWKYZKMBR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 94663282c44cdc27cfe83bcab8c7bfe3 |
| SHA1 | 8d0424616c36c9011f7584f64cb4d0435dbacdab |
| SHA256 | b7bd1ce110a17bc232aa75e342c78580dc5be0bdf5e103ea309c91fc6d008f1e |
| SHA512 | 496d260d8c76865ef64b5956008ef2bc6ebae4f953d7ef0ba58601e9d6d560c4ad538f5bf7abce37e35f19e10c319a4666b88f4653080cb3233b3a98b3751970 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5497da0fe6e4d7e2b9b04b30c3773745 |
| SHA1 | 29c779339cd5e397d4da45bc69442f9379dd85aa |
| SHA256 | 87158caeb382acab52347c60c9f333945bfaecfe7337f8d2275ae501166a3235 |
| SHA512 | 13cbf6941d6fdb47ae8ddf9409f56fca48f317c8d590433ab7bc6a0063846e5835eedd1bd5077817136d289d564a845972a6719a0ae6620eb6b989f341747a07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 952f12b0a30713e598caba6bce97b654 |
| SHA1 | 5b4ba0dafc88df3fbbfd590bb5a82abc35c48dda |
| SHA256 | 24af4fded4feaf35909eee1c7d52b0d6a2b4f78859fe822cb06253c7d6f9342e |
| SHA512 | 5328cc88ed673c31e31cae11faa7c8105db4b19971584e5392fe4daad1475b7c4a6264bd5862bae9c94aaef0ebeba655d78e9044cb204b827181744639e3a44c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2a414ff87553fdb799aeed271812284a |
| SHA1 | b21e021c1580e89c3141054a3d98fa1c42cb5f43 |
| SHA256 | 11db902a9019ece1b603f3076a7a0d9514ba59c27b29b9e4a07fbfabfa399caa |
| SHA512 | 2b830afc49e32ca030c8c270d4a211cc4dfc64f187572318670fe22dbe88cc288a37ceab3c97ff4b059931c0630524d1227234f68a73f0356d236183c7102870 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d502a2a713fe491491140a2b9f15d2f7 |
| SHA1 | 10556e6eb086601cadf02d2b6da1b5e3e7b6a990 |
| SHA256 | ee7fafae01dc5c2eedca61eca55abf88461b80af88a23611109487765813cc05 |
| SHA512 | d5df965496d60238df6485d60e72d85c4e190daabd5550e8f4bac2dc6ab2cdaa295a0849f5720605f01c64d4e03a0e054e0fa435b31562498d8e1bdc3296f9e9 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:37
Reported
2024-06-13 07:39
Platform
win7-20240220-en
Max time kernel
141s
Max time network
142s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426100" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0b3119764bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BF7A3EC1-2957-11EF-B73D-E693E3B3207D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000230a201b4775e64b99c2bebcc743228e0000000002000000000010660000000100002000000071c3f32df474cc8b1a87f28e2dd8eb540d081fc6f0e51e6cf164e7955a20f482000000000e8000000002000020000000ea5bc7319c0d709e0c9f7fc0d5e8fa735055b023dc33928c232b5e492d04c29320000000cfd60e4774f2952922f6294d9c97a1946f6130a61450c4542f0310a28d557451400000005b2e39ea0cb1598b579c6bc3fe9d60af6d62c1246d868d010bffa00288bcfb4e6c2f0071fac3df6fd038c078593e236654f19daca5e33bdb59eeab921b745565 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000230a201b4775e64b99c2bebcc743228e0000000002000000000010660000000100002000000006cbe9244407758e284777e47f1f2942364cd4a4944bf4d0a77b61d282954c79000000000e8000000002000020000000774b05bbbd5d12ccd47dd8f1426c3df59af4086d6c351988ae25f84c582163ee9000000006534533246e121e160b44ad6d7722fa8fdebcc6de60511c6f3358e85cc7478d34a7e889748e8cc6568500b3072cfa624d2bcd336ea71495d2a327a49186b3f6b6907ca5160652238bc17283a5713a882d238e26e61f2967537798d067edf71007dcb9242df076415ed20f0537a217463bdcafb08efeeea90d7d745dc5fb0112397a23e0fe3f627799ce52ffa059105640000000c98df638600bf4298580173229b7c0eadfad5f47c1204d48ea278174fcbe0397675f2dec912bfb8821f03f6bdd32f3a41074124544312ac0174abec39fd8a676 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1640 wrote to memory of 2756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1640 wrote to memory of 2756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1640 wrote to memory of 2756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1640 wrote to memory of 2756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4750cdc101d35268c3c5232e0d0e292_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1640 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | corporacion3d.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1DDF.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar1DE2.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d705aac0fa370910ee1a696a52d6eeb2 |
| SHA1 | 95f270c1565c517f5a1da113d6d7bccbaa0edf3a |
| SHA256 | e206a2cbe6099383a04a7c91a8bd560a179801a19e6c764e29a6f1bf08f5766d |
| SHA512 | 0da055dbfa272622f9fac043b7abcc113bfaebfe42ffac3f081bbb13102b4dabb40c36c1e100498061f0934a04fcde4162c63cdefe9ead7cc97ba2c76944239a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1EE1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10bf51de3f3a5b3b5b963403a9560bb2 |
| SHA1 | e32777cd7b14eed556edd1b5964b254a81c825d8 |
| SHA256 | 9a6e7c5723e5d824052a4338f39cef40ff44e4c4df1e086ea55fb6760f84f85a |
| SHA512 | 196f9a795a87f54fb354c2905cacfc5d7b4bd9040455281c1f34e55e37afb40d491d5e6a06665b46c5ccc6eaa590bcf45159995007f34a204a6d7a2d30c676ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27b624db9757d72af58d4a3c1466c8f5 |
| SHA1 | 0b7330769b47cf7667c81afa8eaf8be5ef4649ee |
| SHA256 | fb14417280bec7edd0d10e07d5b427b4e7561dd299a0d2063dc8f6b352e7c0ad |
| SHA512 | ba4a2be2fb44a03468880617d0ba7de42c44a247b75889aeb2219d4b61fd84664724c11c6f9c5cbc26e231ba7e98ead281bc9c93d83124f86859cfa22ad4990e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b7302659c6caa75fd7f942477bbd22a |
| SHA1 | 6e6ee1336cf5ed0e562fc282240fbe240dc1467c |
| SHA256 | 218b02fa944adc5e12260ba8003bb34d8f65035253127c370c23efab934238d7 |
| SHA512 | 41fb7a5aeab56434c46831c70a91af41232551946e584b6d50dfd6077d1329c16d9672e0de976710180148ce5c5ffff8b6ec9153e3999e8d988c88c6a360dbf1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1af700903e518713d374e280972c45ea |
| SHA1 | 1f289a6b900dc1aa8a08c324b47aad06e400ff44 |
| SHA256 | 7c0665545e693d3bdfdcb1bd412c42595a628f35bfe0ee86a91cbcab59c29a62 |
| SHA512 | 06c88fe0664677836e394f1c1cf76bb60521531c1f0145548ad5e6f2a5685d150809469cc225c82d43404998cded7a204a44caac8814036a6075a1b417833d1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32921fbf7931e7799cdd3a9c4cc02913 |
| SHA1 | 3e293de3bf79465aae64d969f19ef2cd167eb09a |
| SHA256 | b97822bcd0b3e1775d22c89456c6940b8cb4790f6bc336252d98ab593be127c4 |
| SHA512 | 8cbfd3ce743e14ab7dac4104ac0eb3c74a2885e598e31e4cff2e85429b5dabad81e037bf6f43cc5118c7e7f3699df4cafcc2a04d82a9b9a83ce281c461f24ca6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fb8d301a15328431880c2a18aa665e2 |
| SHA1 | 4dc842bda51934cc018259d09953c2a94e4e7f1d |
| SHA256 | 5cfe577bd300c4e8dc7cb669bb0f86d5d150435400e6cd33a5aad67fc59f9da0 |
| SHA512 | 48e9095dd8c08837721f017e3f1392dab3718ef40a440375d68b12f2c5c7bb98bd1dc47ae5a2e32515eba0fac9c102905c98190a3de81d4d941259553a7574bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4da3b2b703c5f05a41b02d289beaf5b |
| SHA1 | ee98d3f3f83793175d1cec16b3aef8c23c74f40e |
| SHA256 | 64eacd07e995b39e316ed4ad2ed137d509fdd18a4b1588c4c99ab0093a9572ae |
| SHA512 | ce0ed943dd566026cc8d9d05e31a837fc0d19e4a43832505eee9f441d9df938e652b5313fcdf5b6d0942b53e254f37b6160889024fa8b1f43c9301de18e7c84e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ead0aebed64a894ec3408f8eb7d2af0 |
| SHA1 | dac0139cc9f4d1a05e5d53de9632e66ebac8579f |
| SHA256 | 3d1633c3af492abdc2efb224f977f2e1393df9ab1d445b6bd4666699d16030ed |
| SHA512 | 613ee9c6ba3867084b06261817695395328e4a583706210487616571bf828b64248abe4385e7c08e26ef46936697762be56a8a891c8f3321ce0ff187ee153741 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63042ba38fe19eeb29504a0817de3fc4 |
| SHA1 | 14ddc38a4774c86e43d45fb67caff156ca2831d5 |
| SHA256 | e8bc486de0116cacfa84fe2ecefe979d2770900e9c0148f99b14f1d7281dd7a3 |
| SHA512 | 17e6e1f8fb790d188a9571fc28c80a1aa77d552faa8bec56d01f78a62131a03fecd0943f5c7e4888c5ee6647d2ddf2639a81869bffd800a407ae2ae7492d0d50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b0091b3d4946c9ca19f5937961ef341 |
| SHA1 | cbfd29915a4e70a0095200b2409518b1e0181a37 |
| SHA256 | 8033710745d9e512be24680cc5056576cf315865addb24ab96606dc7014621f9 |
| SHA512 | 10a704007b333c80fa1fb537312299712a973618ed66884497010411ab62e26aeac27080e9b0db34d302ff0153e9351fc46cba572b28d0504b5d56ff9475b307 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 571c9efd31e920b0aa4e1a2dea4cdec8 |
| SHA1 | 392f1018869cc4f1a995269733a8a998af4dab1a |
| SHA256 | 3a19933443e218fa953a173a0b2056dae6c421a1c3316d39f2559685c31f8a57 |
| SHA512 | 2b4c153030c026473826662f31e0da87f620ac351c88d9568cbdb01669e980c0d7d53743ad2fe011e279363861f8fd4b9469507aab9d770725b15a2a9b1df510 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e602678d56f23e5485113770c53b2e3 |
| SHA1 | 3ac15e33658649ed8a37ed044da5e722db683016 |
| SHA256 | d4c3c59e1a3eb6976ced3bc37c664c0e8082ac549ae0c3e80988846241435e50 |
| SHA512 | 1faf64abf5181e1041e97685874349b5964a53fd8d3570e2bd8c32e346c72b9f0244a3dc10504f8335cca653c0b0062d80f73e7624a940ff38daddad1c5f1174 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e35f0f0cd5fd27b1bdf35ceadc483a96 |
| SHA1 | 90a1a825180d3f3d64155fc2d0513e62ed4559c9 |
| SHA256 | 5a858bfe360b0d6cd4f5fe4d2a6cdef1d331234bee76859a5f62e312128c8e95 |
| SHA512 | e818fde93985bd366a59e1afe913c16657fbfa4b0552edb791f82dafdb1663f632fe62f5fcc211d3e49801ff9225ac497f384bcd39e5153eca894079490e84cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 4ea1a5245d94c4746b4bb7092080a2d9 |
| SHA1 | 464a8b383c00fbf2bcfd80a5e9d49183c8fe0520 |
| SHA256 | 725e5862cdcc17b16dcac73e05cbe17306ea7bb05a90c6654249aed3c97297a8 |
| SHA512 | cabff946134a17f5a381f201236c7ed458a632dc88e93b5699de02b99bde54f6455f3318d694b46994e24996a243d847bdadeaa324f630e4286a3871b8b4888d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 872c40b0748cb1e912c924aa3f098dc9 |
| SHA1 | 5bb0c12b07531ca33cef9e83110927f82547527a |
| SHA256 | 3874be047af25172e17cb4a78f71538cc63334106426ce22898bdea81ddf507c |
| SHA512 | 7b479ea5960f0ff1830682b8541ded056195f79360191a6a0996ab70be58cc87286ca7a94fa9f913ea79cfbdef2fdb875c58b487983b5a46deced22c917c470f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3cb714d5a73568e03814c220f75df8d5 |
| SHA1 | 1bb105394c5e499b7e1311fcb74e20a4f40cb2a4 |
| SHA256 | 7c43ff917263288f1aed0c94f0ecf9d4f21b31fb20d2d9c8e9ac48bc05220871 |
| SHA512 | e87ed3cb8bfa0526e511bacc1e7724eb8df10de51ab99b58380cb19d8382a2e3c7823fd7b49e48944b624d483f1d9f868d2aca136fad044768cf6d424b323139 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d28a2552205491954f8fe69ecf0f570 |
| SHA1 | 3bdb8a63c0206214a1680712ba54521933b3df18 |
| SHA256 | c01660e2eb35a9915a212c8b5e49d573cd199be7b4a02b3f0c15c22cd226504b |
| SHA512 | ab413741fd7a89c1da63807ab62dbe0023177afc325ed6a7311235c02f4131827460a937cbb819089ed298dcc6a354e010f91b4eac5b54edc1b4492b75667f1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4dd857f8762dcff84692b5694716fca |
| SHA1 | 577e33c7cb7c620ffe66da6a573331822957fdf3 |
| SHA256 | 8942ca4c3d6c6f20ae38a694b5b606e40907d835c07b0364d5099ac9a3acf28a |
| SHA512 | 494b08b22b14bdb535e21852ab5fabf2727e9f4637ff212373bb72c936ab7329f2ca47f4e584c64b13f97716c156edb4aca9e1da55bd287d41c80995e806a2b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2105c58a14c326fded98bf2ef05070c8 |
| SHA1 | 4a238be93dbe79c93a63df7d79d2bd893885e372 |
| SHA256 | f1dad2524d6e21612e36dac3cdb0a78c35f616f8ef2d8a38e8a3b59f51e143cf |
| SHA512 | 41a84d9260101d361af61228744460c620c19f7e50cffeb29bdb266653277dfa56968ea87341c4d64ef1b2c0e762c9e17c9069a9f6632dc725eaddb7a0c19565 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f17fd5121e0f290e4d674df446cb62a |
| SHA1 | 340a03fe27d0e847d2a6e21d44a95b99aaf461a5 |
| SHA256 | 19698cb184d7bc57a7cf1475be1896cdfe39619c4bba5388f622228bd01e7ca1 |
| SHA512 | 1fb3e5f69b4fca5ee17259b29287471a1b4662260a516212985d88c835880ec30fa9da57ce46db2cd9cc6b3a64eac7282d0fdc5c1584650c779689677f0c7785 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | dd90c656d19a6c128c8d254b166fdaf4 |
| SHA1 | 9b156dd309d283a9c264c85ca2303c5632e3dfe8 |
| SHA256 | 7477e4a62f7174ef42abe00aee4aabac70584bee10e41fe35f676f18818776c9 |
| SHA512 | f801ca88186ccd0596ce6ed94cd467fd4f77ccfbae35cba8ba933e2f80896cb4776e292228f0238cf094fbd23480e7e39a84e90d0bf3a7b2178d8db27fdfefa3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdef7439611527b6562f1b5eaaffcadf |
| SHA1 | ec894f4dc16c2a0d7b46edb4657f4f931ae619b4 |
| SHA256 | 2e8785da86210eedeac582f26c1f7028968a4e57fc8fe97bb39daad4f54a5dc0 |
| SHA512 | 81c1501a3f785593b859329d0b2866db567df6a2878c31e2d06063ce0f67597e30867d60811cbb81b63fb91cbd2ae9d4fd53a2ca0db8e8f697561ece6b804097 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c6f45bd77e90d76fc9886332c4549db |
| SHA1 | d0be986a0991fae58211f6b9fac892c3b4e35f8f |
| SHA256 | b87067cbc393cfa8ed5efd993111fbf049030954046af4c43073ce12a55c81c5 |
| SHA512 | 9bf741a34d38e4131c0d1d63a50dbd02633a1ad4c7698634ec17eda7e89f71797fc7bef59fc5c85837e0972d4daef353864f4dc65d462c99ee04b15d45960401 |