Analysis Overview
SHA256
9c11254454058c3abd72888ccdcf30779952eb07747caa34f97ca00e64eceb50
Threat Level: No (potentially) malicious behavior was detected
The file a47d7def4114e10fff4479d5e7c94167_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:46
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:46
Reported
2024-06-13 07:49
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47d7def4114e10fff4479d5e7c94167_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0a6a46f8,0x7fff0a6a4708,0x7fff0a6a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,18402724180717121914,4378136983714301218,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,18402724180717121914,4378136983714301218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1828,18402724180717121914,4378136983714301218,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,18402724180717121914,4378136983714301218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,18402724180717121914,4378136983714301218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,18402724180717121914,4378136983714301218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,18402724180717121914,4378136983714301218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,18402724180717121914,4378136983714301218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,18402724180717121914,4378136983714301218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,18402724180717121914,4378136983714301218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,18402724180717121914,4378136983714301218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,18402724180717121914,4378136983714301218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,18402724180717121914,4378136983714301218,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4412 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.clearancelightbulbfixture.com | udp |
| US | 8.8.8.8:53 | jscontroller.stream | udp |
| US | 8.8.8.8:53 | magentocore.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.clearancelightbulbfixture.com | udp |
| US | 8.8.8.8:53 | www.clearancelightbulbfixture.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_4980_XCHNQCGSJVMIDSWY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5399ef0b54f6a8507c4cedd80d1ee2e3 |
| SHA1 | 0a89ae68c5d3fbfa3491879f261134a653ccf6af |
| SHA256 | e0de61318622b69797fccf68f45d9df54120bfffe82faad9253d4943d6546271 |
| SHA512 | 3399e2dd6fbe0a7ae28143a5184b9a830060775cf26656de380e665ede753e86c15a51293248fa22c8ff8d1a97b103329182e819aef4f87ca523702b4a0c541d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 593238c6ee33831b3111df847832160c |
| SHA1 | 6a722ebb12070f16cd457bbc8c825430b90a77ec |
| SHA256 | fc0b6445cce4cc3fb76d1a9a5c434921c40ffe3a299b57b7d6741be52bf0eac4 |
| SHA512 | 1858b73149cefe9128aabbc06c3015d43b6148b252e5c4c98ed150bf659c8707090fac2ecb4c30cf048499ba6c51b7f89307480aae2ff02a4e83a067323ac977 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 194a818a32740fe7202ba759d0c2c779 |
| SHA1 | 5600c89da6feed61c2d18901665859af40e47a79 |
| SHA256 | e28d31be23fe064ea5b3d34eb7f75283f27c519a09840de1a78756496d92baa4 |
| SHA512 | ed9bc38fccc398d23dba554b81b0310ecfbe1ce2c5281a0ab5b8244df503f40b9adde05b36577bca1cd1fa6f5e4c661335c10883025f881b24eb64444e9f259c |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:46
Reported
2024-06-13 07:49
Platform
win7-20240221-en
Max time kernel
141s
Max time network
142s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eb9a479f6b5c3a4f96283ff34c3f942100000000020000000000106600000001000020000000efe1e5e960a38103ef8fe70ac615cfc25bcc1e120e8856fc4209c2c20d52bae1000000000e800000000200002000000051758349d2158e36cc3242475faf41343d8be804302b69934d66950757f0d7562000000005d248ee1f8e5243727c275e1e9974f8e5c9859c0dd6515739b7ec15afb506a84000000070807d27363d3470fc042f38421523c328e974990aaad4973e61f7d8905a7e0da3db2653763be57e5070fa27beeab21a98cbbfc1d20c51e278b9678067448e45 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426675" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{162F6641-2959-11EF-B012-52ADCDCA366E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eb9a479f6b5c3a4f96283ff34c3f942100000000020000000000106600000001000020000000974637de3acfdb41534a3623a24b0ce33f584bc58196f1335d05cbb5f25ee81f000000000e80000000020000200000006d7cbd001d032b0abceef75f8e05b6bd8d2a96faee3eda0bf6df2da250c0340a900000007eb0f26b6d91285cbc5077d6a4a5a390660510dcfe84fa18c6e05ccc75ba649d79136e255bdda3f4e30be2e370922a4a56c333cd7b615c25896ba0dfb477bacb3af1d0b37b5c6a3549424a117f2b46983931c1620b7c1c9a86c360529c8f003d3cf88bf0662ce7789be0d841e0a0620052e8afa772d68dbd3e985c7f6b272db2ef3f5f75da304d776f9bb41662c6a182400000004b9bdbb3b88a89ff35dc50ceca910ed2e369af15b15a7b06abf3bcb83108cb0aa46a04c5694caa8f4e706ca25cb8d7c9501199edac9058797017e7b03c53bb55 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0226eef65bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1288 wrote to memory of 2788 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1288 wrote to memory of 2788 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1288 wrote to memory of 2788 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1288 wrote to memory of 2788 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47d7def4114e10fff4479d5e7c94167_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1288 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.clearancelightbulbfixture.com | udp |
| US | 8.8.8.8:53 | jscontroller.stream | udp |
| US | 8.8.8.8:53 | magentocore.net | udp |
| US | 8.8.8.8:53 | img1.wsimg.com | udp |
| SE | 184.31.15.144:443 | img1.wsimg.com | tcp |
| SE | 184.31.15.144:443 | img1.wsimg.com | tcp |
| US | 208.100.26.245:443 | jscontroller.stream | tcp |
| US | 208.100.26.245:443 | jscontroller.stream | tcp |
| US | 172.98.192.37:443 | magentocore.net | tcp |
| US | 172.98.192.37:443 | magentocore.net | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| BE | 23.14.90.106:80 | r10.o.lencr.org | tcp |
| BE | 23.14.90.106:80 | r10.o.lencr.org | tcp |
| BE | 23.14.90.106:80 | r10.o.lencr.org | tcp |
| BE | 23.14.90.106:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | ocsp.starfieldtech.com | udp |
| US | 8.8.8.8:53 | ocsp.starfieldtech.com | udp |
| US | 192.124.249.22:80 | ocsp.starfieldtech.com | tcp |
| US | 192.124.249.36:80 | ocsp.starfieldtech.com | tcp |
| US | 8.8.8.8:53 | mytokeasn2s.ru | udp |
| US | 8.8.8.8:53 | embed.tawk.to | udp |
| US | 104.21.7.106:443 | embed.tawk.to | tcp |
| US | 104.21.7.106:443 | embed.tawk.to | tcp |
| US | 104.21.7.106:443 | embed.tawk.to | tcp |
| US | 104.21.7.106:443 | embed.tawk.to | tcp |
| US | 104.21.7.106:443 | embed.tawk.to | tcp |
| US | 104.21.7.106:443 | embed.tawk.to | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabE53.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27d7cc5bfffaa87f3e592377443d1534 |
| SHA1 | 003b3bd5e3f29a2e230a71600ad48a63e377ee88 |
| SHA256 | 8dadb4c4b4c58ae18dbb9ee65438983b54fd2d746d5a3f4ed918719e91e6d3d3 |
| SHA512 | 17861a9ad2f15326840f5714ad96431a14d222055b4bd373ab3b1897c409abbdd806fbd547d853808227a6b202c0221ec905d4413156a12d28bd12fc2ae41552 |
C:\Users\Admin\AppData\Local\Temp\CabF42.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarF84.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 4c75a980c668c439572a8acd8d8561de |
| SHA1 | 793629ec6ee9f27a4de12e9cb5f772affdcbe62c |
| SHA256 | b86bfb7748f4ab80e5d340baf5485be38caa6c450ef9e309f94010505411155a |
| SHA512 | 03922731114cbad9338f42bfd642a3b9012cb7a90ef50e9f8c1f5a3864184b0dbc17104f547fad8b09cecff915e460fec3dd22a4c8ef35b6a57a66b5633c5af9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c4868ded48c820dfc41d58f5b980658 |
| SHA1 | 417d6d7d8e95f21d7f49a79b30ad85489e57c8c6 |
| SHA256 | 88d28ee6d522bd07f384ddb0c984ab2336e9e0e0a8f23be1288b9342331784c7 |
| SHA512 | 4dd13ff0bbfbe49c3456f57acdb11a3137c14d8d5f2b65db805392e6d3a3c707bbf80f4f7751f476cb08778220512d9eaf642fff9ec696eae1281bcb38f84b89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bbea5bbacb3ae7bcd78c8827d85579a |
| SHA1 | c45480e91d56e3d6fdd5c1520e2517e29e981d7b |
| SHA256 | 224140e3386f51b2e410239f8e4afaa77001da5e64886eeb1bfb97249941ac1d |
| SHA512 | b18fc0f67fe9d265640a5a4c0266b9085f1c41ec682be3ba19f9d6d7fa481659cad6cd61592717e00973a76b7a3074608cada38eaa009ce1a86d1b85718619f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da1559cf4e78d61db833ae4770faeb2c |
| SHA1 | 433c314f815801652cfb774caecbca3e27c881e8 |
| SHA256 | b227deafd734ad27963e1dfaa88074b0703ac742edb4361298099d7e798e81d3 |
| SHA512 | f9d1a7a0c5c7418f7da3ae27667dd1313869b079ce598d6eef4f3c540972848b9c0d66530e5583fff34807b801788452aecaa777dc11b5f496905560a6a319f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f61653c513d720f8d9cbd3d192b0d15 |
| SHA1 | bfed4a1364b4856845536ea6ca422d0657ea08c2 |
| SHA256 | 77ba7aae9393ba900c24eeec679011d34b85b73d7be5708b88a80660cac24b48 |
| SHA512 | f9a124f452d4215db0f7c5fe7bd2d0e498eee967b865db3309397a58992f9fc34f6ca42d711aa68386a37ad7585754cb0e27612f16aa0704a4962f2b90ec2870 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a09789b3162acd969fad1508ab0c0ce |
| SHA1 | 19d7bbb0844e438537c981051c50e31af47a4d17 |
| SHA256 | 6609d2b43b7dd614cb9ebcb6b9f6feb10d01668ab751debda5a31839113ffb59 |
| SHA512 | 64db119698557b657e528d4e698f7a44beeaff4eac743ef44d904b883a9bb7e6204230e710d2f2654e6f79b71b560cfe6b45fa7d2aabfea10a71d274fb27aeae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09423abdea4173ae800f60406ca38d0a |
| SHA1 | 40d254ae6bef3067369b3690b6eec98a7d94827f |
| SHA256 | 9009c037c365777e346f13a4e170284d482c7b02959f98e7835abb873ca5939b |
| SHA512 | f5e9a4b8ceff73351996d16ac9bb01969aff30649a85a32813bffb6bd64b5fab135e7610f90e42950a253877f3c93c4b20623886e1c207c278718e29510fb1fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b00053757c4aa24a128f1b9a882e1b97 |
| SHA1 | d3232f36f3ddfc289e4091508765b6dd81afa2c3 |
| SHA256 | 068efd2b2a8e61d4b9b9ccf693015f18105440ef8fcd1f70f9707fe0f70a7f4b |
| SHA512 | 73419d38a534532a5f85dd82c44d0b075b0ca56bb85c93dcb5409ff26240cdfafb6caab78c1e6ca784b5fe75c5856da3f8566e5d1e2cd046a38833e994613643 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8a6718b16a4081fa76a9f895a50afd5 |
| SHA1 | e3977f2f978f03900e7a24de09db1e0544f08fb6 |
| SHA256 | 7958212d4fe87e1fc14a96d4efe15ae1f582e556d8d9bca7a880dec0c8300f78 |
| SHA512 | aa8cdcfa59fe74e853ad7d61a0e97badaecf709ddcef8bbeec33ac845137a489ed32f9cd11c6c35c36f1259799f0a33b87885873db83145af93b3c58ffa1b8e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8183cdd170f3eb16393a23f5cb7b364 |
| SHA1 | 99302a8419107a114e6f110bff40b7ee05766989 |
| SHA256 | a67056c965941fcfa5a3a86a5d2fe29a6b6fe45df82a0ef638784d94b4f9d3fd |
| SHA512 | f1e41c0305a1f4334c9f639831c776dc68c081025adab63aeeb777893624246033ed4d8572003376e0d946df386b4699285f8006d00173c05c95236cda4d2cba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 048753e9cbd6e4c0f01b8b671eb46c1f |
| SHA1 | 53c944a8a62ca5ac0a360803e50cc73d4bbb235f |
| SHA256 | 5cd1acba83d00c8f635cd8da8e3ca04a1565783cd917241b5a62d16885f3660b |
| SHA512 | 07dd1fa6087f07c367689767f594a36b0b6552e797ddfdb8646e7e0f0de6864aa0410eca2d6591cd30e0fc76fe68c407b2754c03fd89ec825fd6b563e3264ca0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff6aa19dcc4991efffabe61fcb939d55 |
| SHA1 | 6fab795ed45676b4626b2bade0284dfbb00e654f |
| SHA256 | 3f93dd4d7c9effab48fdf2eb6489a26d2eec757b9f78fd94d5b05fc9a2039266 |
| SHA512 | 414b6cb965809cdeb27baf941d2b53f1605e136325df5be48284504f7a39e99ce66649ea40fc3fba7af91aeb00648350b8d013530a8d6123e21fcb2c93652859 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59e8ad57feb2d6906182260523361fbf |
| SHA1 | 4ccc7451cea01457e919dbb2c323d06b2f1680ad |
| SHA256 | bb6ba02274ef8a4a4ccaa7e462c0d02b14b41e8333565620212a2851d4303919 |
| SHA512 | 9c450cfe620072e3ac4fff162e9e871a2a7d98674d3731c2769b28a0a74371d6c952d17b47128052fdeeafdfb1e93e7a962cf82448c1b72b589950b7d253b815 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | daf56c6a1811e95d54f4a99d684ee4bb |
| SHA1 | d4770ef80a497aa29596e1c2ef3f71ae5b3ac546 |
| SHA256 | b9e77ea8e2907f787d082d0a51cfef55e1142156fd6e38b0c52cd259d2f3bccd |
| SHA512 | 44a01319d6ac39dd9ec6992686a610968edf41af93f8729202229b28347a4f7b25f9d9674c217748d0a72782c05a58b03ff4be0708bbe2eb706b0fff587fadc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 9d7df37bb292acba0066eb79585bb10b |
| SHA1 | 42c488221fae4d083b75f536cd5b7785e849cf97 |
| SHA256 | 3c5093512abcb7da6493f7c21d697c50002f089fc3cfc3411ecb7ddc6cc55802 |
| SHA512 | 8765f8321a704d42d2f18bd64ee132fdc43d0fedd89e150c1ddc0e1d091308880860bd872d1e878d4b0ae34c5f3e586e0c4b33f17648b8f3eb77e2b21d4443be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ca9c6964b15c9fbe68b805a8741b016 |
| SHA1 | 7237dfcb91d3fff83a88edd2efca18176535d966 |
| SHA256 | 6525144b35662b61e9d6c49fa79ee48720972cd5bfc588c5f2f620189b20450d |
| SHA512 | 582efd87cf69ca5ff916817f8a550123eff25f2a8ffe1b677dca6ae0c8ec37cf9a3ad1c108a3cb484edf96615489bcb1e97fe19e360eed9d036613953dc80a1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e109f789ec6a32bb0eef3ad602982363 |
| SHA1 | 791cd3dd33f65f89c02af3b2717f1834a9b2f82d |
| SHA256 | c1ac361b041f62608ec256a1f0c8b466a002b62c8bede5e56fc65527bfce4616 |
| SHA512 | 3605710dacb77a0d73caf501cf884d1f802e0a6f71a62bf29cc1d9a745e492edd4041e32d649e1f5a654b999133a8799f2288af418afcce952f707a25a499ee0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 096b6b13bd9d441d91cd4f9bc7aa5c8b |
| SHA1 | 6e735ecb8bd2e3a34b23a7a1413c2268601fb29a |
| SHA256 | 0b4aa4328d1b7ae0846c7e7e88f61c623e89d6f88af82bb667405eb8b9b6d23a |
| SHA512 | c6a0d8fd7ed390e3e543a4a4fff917dfbec38b38ce62b7bb5c0d8d322e20bde905f07979295c98202da5f23a988f7aa40c7f164d49ea12ee95e10473781c6335 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d24975d9325dfde55d4ba06d3a944803 |
| SHA1 | 3c4bc352066a91dccc885a84fd2e5b0e00c7d27a |
| SHA256 | 09544aa34c22245cdfb16d406f2791cdaba73fd591f1b603b91f66303be332b8 |
| SHA512 | 895e024f7455368153864930901b3a7ac48b13bee54e353dfdefe63a54868956685ac1aaf7bf28333fc4a1156863df594eb5c1471869c0b17aa72c7abe6368ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3fcd454b5cc8ee6a1df1372eb4c1d271 |
| SHA1 | 1840c151cfbb91a6ad8475eb69dab28cbaa96a43 |
| SHA256 | 3f6a0103b331db3f89b99de9509a65859acdf6f57d8c552bfcc6477e4341a733 |
| SHA512 | 3b9f545811f6c81d9bda3433a80fc5fe5d79cc222065436a54be121971e95a0af3724248f3f23bbddfd56d2eb15579537aea25b5c2862b9fa6c3cdf6cd4ffeb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d4b57d3c50b72b08d33a6335b510fd9 |
| SHA1 | 3a38ce3e793ac1c5a0d9a20dd820b7ff97c74d84 |
| SHA256 | b12b7617ea0f3ff834cb8442cef985c36379e4d6e2e6959d6413e248858bf002 |
| SHA512 | 44810a98b372093383c3eb6920903f900c43bab7aab9011103f05bdf86ec2dc5c6591b0bd65c9d90a49abbcc7c7ee4be9af342c064c65f7c9870af19476475af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 038b55c4f44b37033f2ccaace0ff6bfb |
| SHA1 | 9b75d3639560efe09878cf4ca55e08c3b360d6cc |
| SHA256 | b0a08d4fa80bff9fcef2d82783d80021de60dd529de1b89f8d09e1e2c50229cf |
| SHA512 | 8880d6b3cce6908ffcaf5a9921ed38c0c069d7e2a33e162747d8cb5e712c019e39ac7b7a89444cd3c2866541c72fc98bb9eb3240839f5afc773a214b0752abde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a00c7a375be23c573c6f2eb62dcee94d |
| SHA1 | f8ecf04ccef9e716622c452aa94193a56868c7f0 |
| SHA256 | eaa56cd2a9df32a3fab2879bbe24808d2017f0660167536a5cbb62e1b92de4ee |
| SHA512 | 187b4a237ed01633b61d590388d77ff4f3ac35788df7988c4e92a4a8c1843363f05d8be29371fc2ec65bec30116ad8cbba02bb7c4c978602fcd85cc34df265b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6277774f1af21a8b50adf30d404930d2 |
| SHA1 | 78af2f603e45e251f8b5ee4375ec2f7ecd40b6b2 |
| SHA256 | 07c82c88c593871e22004b38cc29b140adf2f079e5219f5f5a607feefd6ade2f |
| SHA512 | 0486021843a9c5c04104efddb49645093332faf61adbfb9b2d17c06307955647b6766adac8fcb36921bc135f5102008256d201b591b826e0c0e583380d6539d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f6c161a4f33c30298541e2a6e72dd0c |
| SHA1 | db0d4fcec7f9349f5bc465a54ee907397470a6fd |
| SHA256 | d479041cb9fc77dc2a8f681ec52cd19a52fb81490425b99b3f971da4c1c54583 |
| SHA512 | e33ec87b180b54ab17cf94135ac1dffb63735c4118819df8e487786430bc8e83d7cb4bf4dc79cab4454f36b4678a454aec6ef1285b3cb61e199f9dad80736594 |