Analysis Overview
SHA256
aa74b6f4700a12d8605be78e0c1400eef6608b624c24f4a01627c03dea3d0575
Threat Level: No (potentially) malicious behavior was detected
The file a4e4fb52f0fc2cddb53130e1a909da1e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:40
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:40
Reported
2024-06-13 09:43
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
127s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e4fb52f0fc2cddb53130e1a909da1e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b7db46f8,0x7ff9b7db4708,0x7ff9b7db4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4069812278691185509,8806144353612987518,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4320 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | i.ebayimg.com | udp |
| US | 8.8.8.8:53 | ir.ebaystatic.com | udp |
| US | 8.8.8.8:53 | www.ebay.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ir.ebaystatic.com | udp |
| US | 8.8.8.8:53 | secureir.ebaystatic.com | udp |
| US | 8.8.8.8:53 | rover.ebay.com | udp |
| US | 8.8.8.8:53 | i.ebayimg.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_2172_UJICEQQECICTDEKP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ed6e43adcd3fc5b104bbf0b227f855f1 |
| SHA1 | e40d660f642a72179fb9839b23521dbb79cb7dd8 |
| SHA256 | 6cfe8120b42c66cb6e05bf65f205d25f1d4f2319ed1863660522c9a04f331bbf |
| SHA512 | 50f7381c030b2e121d65ef5d59df0a5dab2f1ab52f28de2eb8a4c9737d480640e1a97097b6ca61b1ea7a33463ac3dec7f6f5bfdda3f017a3c76c582cab779465 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5efdb829c26ff894a56084e92a03c03a |
| SHA1 | 8ae09e39e09c22ea4b43fd29b3728d5c2546fa9b |
| SHA256 | 59ffc70ff596dd1c17a0f10d787221f5aaa97de8de90a924c831a07d1724345f |
| SHA512 | 3694ee1b487cbedd46ccfd750a7ee6c9202a8b486c9425c0e6f2b45a4c7e2ed9abecf1f29658f132017eeecfc8f35878ba777aaaccc11f80a5f70d9e2383f603 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b1c7071d1ef376046d70dc0ace065232 |
| SHA1 | 468d22b99bc818076eca69b29a62f51dcfaa4160 |
| SHA256 | 2e130ed890901fb2ce50a9f766cfc3f691934632234923fcddc2d0ecf8534bc1 |
| SHA512 | 0ec90fd43ef80fdc853c4a50a947196afdba13ae470efb33e742e0ac4b79d810272e950a512a7d4a512ffc5cc5e445522254c9c367dd9c2c1f095ef19843e410 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:40
Reported
2024-06-13 09:43
Platform
win7-20240611-en
Max time kernel
120s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000005a75385f5a28e61513e5d7986f970a3dce53941d78348a4ac5f59a44304474d7000000000e8000000002000020000000e7b6f408fd8752c1408f3dd2ae62076cc401d7ec4509fe1b398beed22dfb8b7890000000ea6691121e070fa940c981b3eb7abcda3036f1f862ccc13c72a21ea579ec37e8fd92f2ca8bd591c480b26839d1babfe0c7aea8d2b2f0ffa1ad9d13177214e2d5f630756365e8239c8f609668f1f1f435f69d028233c3cd15b56194d1f562ecf4bbb3b11afe6af4b6ea311701faa01f80149e0b6cfa5e52a17b5f7db51cdae2f658ef5a2fdf5110c1677c22e7d5fe540540000000885ea25cceb61564d61c3c11b0a934de95b0e241cadbd916b34f5ee4e2a4c9b1c4cdf516d6f1e12ad643e0965bb9155b8958b920f82ba95054c84254b28c3673 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c05a58d275bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FA113CD1-2968-11EF-9E46-6ACBDECABE1A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000c943bc8b52b638715524f97108532bee6d8fcd5754b6bb0356ee7377c1747287000000000e800000000200002000000003ba5e448767b5e3ccb685258d0ac1233bbb16b8497eb078d48f6d710507b9ba20000000c812011e97dfcfc52a1251d73d171f6c0c7eb2d406c6412b0c762af4cb1edc444000000095d0cedd1ae737fb62cf408cb8a0bb17985b0035e60310ed8cb4932af6bdd1bd99db597ff4a3dfe5c0fe4d9df46cee6d123618fc147fe336afcb4a130e7284ef | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433501" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2172 wrote to memory of 2728 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2172 wrote to memory of 2728 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2172 wrote to memory of 2728 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2172 wrote to memory of 2728 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e4fb52f0fc2cddb53130e1a909da1e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ir.ebaystatic.com | udp |
| US | 8.8.8.8:53 | rover.ebay.com | udp |
| BE | 104.90.25.126:443 | ir.ebaystatic.com | tcp |
| US | 209.140.141.61:443 | rover.ebay.com | tcp |
| BE | 104.90.25.126:443 | ir.ebaystatic.com | tcp |
| US | 209.140.141.61:443 | rover.ebay.com | tcp |
| BE | 104.90.25.126:443 | ir.ebaystatic.com | tcp |
| BE | 104.90.25.126:443 | ir.ebaystatic.com | tcp |
| BE | 104.90.25.126:443 | ir.ebaystatic.com | tcp |
| BE | 104.90.25.126:443 | ir.ebaystatic.com | tcp |
| BE | 104.90.25.126:443 | ir.ebaystatic.com | tcp |
| BE | 104.90.25.126:443 | ir.ebaystatic.com | tcp |
| BE | 104.90.25.126:443 | ir.ebaystatic.com | tcp |
| US | 8.8.8.8:53 | i.ebayimg.com | udp |
| US | 151.101.2.206:443 | i.ebayimg.com | tcp |
| US | 151.101.2.206:443 | i.ebayimg.com | tcp |
| US | 8.8.8.8:53 | svcs.ebay.com | udp |
| US | 209.140.129.25:443 | svcs.ebay.com | tcp |
| US | 209.140.129.25:443 | svcs.ebay.com | tcp |
| US | 8.8.8.8:53 | rover.ebay.it | udp |
| US | 209.140.141.61:80 | rover.ebay.it | tcp |
| US | 209.140.141.61:80 | rover.ebay.it | tcp |
| US | 209.140.141.61:443 | rover.ebay.it | tcp |
| US | 209.140.141.61:443 | rover.ebay.it | tcp |
| US | 8.8.8.8:53 | ocsrest.ebay.it | udp |
| US | 8.8.8.8:53 | srv.it.ebayrtm.com | udp |
| US | 209.140.129.84:443 | ocsrest.ebay.it | tcp |
| US | 209.140.129.84:443 | ocsrest.ebay.it | tcp |
| US | 66.211.166.8:443 | srv.it.ebayrtm.com | tcp |
| US | 66.211.166.8:443 | srv.it.ebayrtm.com | tcp |
| US | 8.8.8.8:53 | gha.ebay.it | udp |
| US | 8.8.8.8:53 | pages.ebay.it | udp |
| BE | 104.90.25.126:443 | pages.ebay.it | tcp |
| BE | 104.90.25.126:443 | pages.ebay.it | tcp |
| BE | 104.90.25.126:443 | pages.ebay.it | tcp |
| BE | 104.90.25.126:443 | pages.ebay.it | tcp |
| BE | 104.90.25.126:443 | pages.ebay.it | tcp |
| BE | 104.90.25.126:443 | pages.ebay.it | tcp |
| US | 8.8.8.8:53 | secureir.ebaystatic.com | udp |
| BE | 104.90.25.29:443 | secureir.ebaystatic.com | tcp |
| BE | 104.90.25.29:443 | secureir.ebaystatic.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab6125.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar6167.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD
| MD5 | 285ec909c4ab0d2d57f5086b225799aa |
| SHA1 | d89e3bd43d5d909b47a18977aa9d5ce36cee184c |
| SHA256 | 68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b |
| SHA512 | 4cf305b95f94c7a9504c53c7f2dc8068e647a326d95976b7f4d80433b2284506fc5e3bb9a80a4e9a9889540bbf92908dd39ee4eb25f2566fe9ab37b4dc9a7c09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4dcb4f254c1b2d939273164725921c10 |
| SHA1 | b26c26acf98884853bfead8399cd3ead0d9b8ef8 |
| SHA256 | d10e882d802d5d1d87d449be531aeb96aa23b94b255a105c0d97be3b42344471 |
| SHA512 | 65ef52f1d50840267bb2d8e473f764813e9650dbdfe41021daa3a0580e36a9574a7f2c1d87d0d28999edce068e349edb8212ee0f417e6c81279f2ca966fd4bec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD
| MD5 | 0b04e29569e58111b28219ba157d8b60 |
| SHA1 | eff206e250cc7cc704c721fe546cf6fe7319a461 |
| SHA256 | bf031976907405b010c6c814a22e8f6531457465e1baecb1db77cc700ae405ce |
| SHA512 | cf1b3232e83741898e861af2da2a169a52f6214de0d8c661b0b4eee88a659fe9e06885951cffce27e70a6ffacff56207a82073a692329f772cab13a5a5f41b56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | aaf642c144cb3bd3525180135ccd9cd4 |
| SHA1 | 9090f98c36dfcaaaf9acbc11663625ef1bf8e251 |
| SHA256 | 7b74d59821064a65268409899c4dab29b31d5a3b03f0a711a8d531e3998f8a92 |
| SHA512 | 83c37ecb17feb1652e0b3f64968025be7f5fd605c9c16d958c1ef70bc395a4dc16ee8e2c030825d1fdd3c3f6466aea438c43f09bf916442b2982622db9ce5931 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 2042d864f2f9468acaf68787829f594b |
| SHA1 | 1e09ebbfc6a1dd0db5736337c4c71eb637697672 |
| SHA256 | 35e316b6341b4029d27b28bb2abc4f03a816ebd63c1e47810d0dd80f30fdc559 |
| SHA512 | ee6159c830e16d0f38fa6f1d00f5364827439d92e194692354e4e0ee740b2f9b313d8cba06ba26026710a1e6430636322e894377374479c293fdcefeb7f827d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
| MD5 | 923f81cbed01b4d75b8e690c035f50af |
| SHA1 | b2f22797e6253607d8752a8bda3c3a4416f58103 |
| SHA256 | d16a303cd9aad6ac97fd4596f6c5d64ab780624f7bf8396bebad77b79176279d |
| SHA512 | 00c020be41e3fd6d5d019bd9c7918e879d88e3925d9077aa03c25c2f17808fd6408cac29ca14cb7a13df1a4e5ceb27c9dc2fada15e9462aad10bf7406fc6091d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
| MD5 | 84bea47eb23d8bfe85c6e4a9c9b5758a |
| SHA1 | 6ab9a3e182dd25f6e9ec868f23c1ea9eab38b13c |
| SHA256 | eab8aff5f1d5ccfdacb2348958c1ab90e9060f5760ecf1b2be7ef178200fed51 |
| SHA512 | 373a53f68814f77bf71df2b196da03e0aea238bec1d09658fd4e4b0422ca3ecf36d915da56bef3ad8b58fe89e680e6c38fbd8be1b7f5493f6f6df0995dda9723 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
| MD5 | 03d5290042e96f52d18bbbd028367dc3 |
| SHA1 | 573a3a446e39d471cfb223dab2b1482792efd57a |
| SHA256 | 78729a57848a71b1dcb57b182b979e243e6e86151bcb588142a7b090816b1514 |
| SHA512 | 4090ae38b146e1b12c94a3776cbdb09f1dc8a22e9b49f156d475cda6fad70d4d644c3d3fe141633ba4705ce68cf9eb9bcd14ce77a05718e6501a1da8d10d4a24 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\0[1].gif
| MD5 | b4682377ddfbe4e7dabfddb2e543e842 |
| SHA1 | 328e472721a93345801ed5533240eac2d1f8498c |
| SHA256 | 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93 |
| SHA512 | 202612457d9042fe853daab3ddcc1f0f960c5ffdbe8462fa435713e4d1d85ff0c3f197daf8dba15bda9f5266d7e1f9ecaeee045cbc156a4892d2f931fe6fa1bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 514c563c7e98f473bd1f1f973168d0cc |
| SHA1 | a7a11437c06c0be9a7d379325834439ac5e3776a |
| SHA256 | 2101005933b850a9fac45beacdd2bbc2fd20e2fad7e2100a886fd311cfa4deea |
| SHA512 | f33e6badbfb29a3564a5f066ce77b4bceb57488251a45ccd39023baeb38ccab1a4148c036698c2f90b03ddaa3452fbab76982d6bc0f436e4aa1e45dddc99aae4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92e9256e83e8c001426307478ded45db |
| SHA1 | 19d9afff1a80863afe358063d7b891e6395e219e |
| SHA256 | 9ef9a2cd3742f459357cd1a6a41304e3925539131a2550a109d336757730b251 |
| SHA512 | 2976c277ff45c4a9319a306de9959b81d1cf34e8587658f65efeccf783b90e79b4709a721b0846ebc833f9e7c313db0fcfc6a75adc59ab7c3e22bfeff1ffdb7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39815c318367e82c6a9be54a70009854 |
| SHA1 | cf606912b03db9a49d4723cca4f800e0770a8984 |
| SHA256 | 8fa881c4812e02b52eaa4f810e881d09a87da798f082daacfb6e5fe87bf01f9f |
| SHA512 | 27738446c3d9a1f289b4fbaf688c14a5a289886e448b63ca070843592545cd20bfcffab990f5f73549b3af9c877d2fa3ec24e4921fe0674a51f16d901c55b9eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f8f76c397a84c85634c031c23bda46b |
| SHA1 | c75d84b5e028a9799c7405a613afbc11c880c034 |
| SHA256 | 40368e617c57a94d7dbd5d3ab0ef4504921b3132e8824053b186d68c7fd9894c |
| SHA512 | 19204b8c6cd5ffb920cd399dbbb1ac1e3c882136f07f97b307f0603880df89acaab7fd242c62ffbf66481cb205d464df411a8860a6a3f4e6ed2e651e04717a6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc9586d9f17ccfa02fd8a3a81a486111 |
| SHA1 | 6ae1800f70f0b406afeaf7c902fd3ad2d4ddc29d |
| SHA256 | 1f1309916d3d4ea903e10a7f35b9eb685741ae63186ec632f2492e00b01e8d9e |
| SHA512 | 1d37effa7dbaf89e6ea0eea2a9ff965bf17d3cfe22666471bbb0f88fc0b4197900cfc76e67f3ffb2d1dde3ca4ae359d1091506397e186ceb31ff16a5be177e90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 320cde019a9f81319821b3b08645ac5d |
| SHA1 | 1b80499cf3e441438f5bafb5597aaf884e137c43 |
| SHA256 | b3e881d5706eef9602916ae3e9cf8f8b65b8b6998cd2adb586a696291572e640 |
| SHA512 | 6389feee8708dd84819839fadaaab75a70b0927ecfb0f516df9c26be41505b3b69cdb275640ed8273940430d1385c3961176688291cf526e4028c85271d72f10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3ab70c499041ffb58713c04ee3b9c76 |
| SHA1 | e0984871d8b5aca0fa615647d42726bfc5e467f3 |
| SHA256 | 53e6a01af9507e285314b73e5f96ba213fced5ac42161fa59748b0259200d3b3 |
| SHA512 | 15445beade6bf3b14c2dd24b7f0c161f37a1625a5c4b98d0194b3176b3c6fc2b10b7038c4210e9477bb3ebe540d851df00af01d96f678abf22538d303d480fba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffd1de8d54a0d643653f0eb5c56d1625 |
| SHA1 | def555025f9300d58962745d6067f106454a2914 |
| SHA256 | e6850cd1f4e1042caf18360054e0af831a9aa9f7f2ff580bca7a0735c95a0294 |
| SHA512 | d1cd878ad3ee60676131059f49b1581d1ac034ec688b7f93d03b4ece52713a309ec05f43b0f8a8bb151203f13ba05ea1aa0f84b122b40cb2f20a70c53cd29cd6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d90e614500c773a0b0803087b29c7314 |
| SHA1 | b4bf24aaae3d60766acd93d4384f7495dcf9ca1a |
| SHA256 | 6376bb4f7360d87f293ff8ac3184625c49bdcd4cadac28de7ce7af7175d47120 |
| SHA512 | 920ce8469a2fde6f10d7655898425d9455b6be76d810f3fab1b9a5a1946cb44641a79f70fe45066e696ccd4f4625430f08d0dc82df123abc80298e2554473287 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fdc20c3088d655010b06a88e141f46fb |
| SHA1 | f4f347b406c0bdb77eecd70ca40d20d357b038de |
| SHA256 | 245ab1be58b667ee0166c0f7afc0c6c990a833ca29143b6638f80e8338b824ad |
| SHA512 | 44f3ebbec4c0707297674b46d1f42d469976f6661a8b83195bbe658d056aa53c04b9a0c7f8029c8cceb1bcbed64712044b3006b69ab1a86b3af1120ccaf2f3f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbc14cffad21ff34c02628464fc003bf |
| SHA1 | 04e30b26d7203fc21e504cdceb6895bccb6799b2 |
| SHA256 | 06ec1247acdb630ba8534731f2d8668f6d4cdd6cc084d901bb32c69787845b91 |
| SHA512 | 7b74d71d7183dfa9805a928029831c78530000460541dd7ba08495ecc9e3c06c3e5b1ad3864c58604bf880a56d5234a0fa6bc553d7048f4e212938045c0fc0cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 823c58a86833b0720f518b0844ddd5e1 |
| SHA1 | f00d215008e47f6ef65437e478d863c5155a691e |
| SHA256 | b5bb6f06b86134a931f643e140626393a983cae60c1eed52fa7307603a8e22e5 |
| SHA512 | 471df8afdd058eb637cb26b573de029f798bf6b8c7a3060ebde9e5dfb38bca1076e2204c0ba1a5f864faf7d99b0fd4e974c6dd8e8d37418cb67790cff28d1584 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85be96526cd8abcc37ecc382dc93e580 |
| SHA1 | 4c2eca41423fa158931b2fce59d9bf86030151b6 |
| SHA256 | 6924481978f5605990f65c2919f2937593ceb1ff64c138e9e04ec835ae522152 |
| SHA512 | 2aefae6bfa18905f537451a0f880f07f61e2a34017c0c5b7e557a17155e35eb8ebbac81bbe664983b0ccf38a457a50647eabd1d564935ee60f2f250c479e9ced |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f0f00fe2c27ce30f57f22a21181563e |
| SHA1 | 77fbb2a83ed4416ecb4850039a0e12a79121c125 |
| SHA256 | d772477b5c42fbb6305b9be57182acfd74c8f370145fc525d2afbf0717db006e |
| SHA512 | 6248eb79456d166ffb213c696325a73ba92a2edddfe957153c8471f5080760a3b5fdc2187025000d3fcc0670153cb2fb14e56c3b2c3c53615ad1c500ca5d9d24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cef6d85f2142da5e82813d728e564c45 |
| SHA1 | 8b240bb629722516525908e7f23bdcec481ba2a8 |
| SHA256 | 446fcee2f5af04677def9df6bffdbdbdd6947c487d4214a17ffbb6df4767e776 |
| SHA512 | dae293ca28147af3389414f2d6aaf43072128951600a73e8f2c6adf9546b8e7e90188985727ae7b81e846a854a89187744d3b4c27e10934eb5a9663715af8c4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ebe176cccb9ba84371b7159d150254e |
| SHA1 | 261927988b7a2e8e62e74e2b553adb49cd2920e3 |
| SHA256 | 2a59c9862b50a5dd27f4a1587d0607fd350bb899d148abf54e1137bea64514d2 |
| SHA512 | 5d5fac1d5180dae05a4760b9d662c75b53723a413669d0da25a162ef89bd8230c83d96cb7588bbd84e6fef22f567783ee26399e745ca8f3d32dc8380eb9d9270 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8c74ebfb3b4c7011539faaabef4d288 |
| SHA1 | 0d602e3c2a5b2eb936732911bacc00153efddfda |
| SHA256 | 151dc3b00ac08802483d8879f717209017cb2b1ecbe8bfc588bd2714d40cb343 |
| SHA512 | 9b98c74a3641eff77ddda097c2c3284f4a058d5754428d1bea248431e15b2964ad4e6a4a987d969aa54c5423624e4caebc7363eccec8eaa625060939e9c3616c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa9328a6ed70f096ee59b91405e1d44d |
| SHA1 | 613ccb2fffb2c7dcbfd51f8ff041a89f9e6b2b5e |
| SHA256 | 0152be808562aa905b2deea2e22848c905bf108876096041f9b6b3257b3c9a8b |
| SHA512 | 38bedf56cfe5b4c6b9e2618246e9daff6ed88561858367958613e82def0697617a19c15475d4320b607437a60de4724e84011e0f5154a35e68e3f6b40e625318 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bb193710601cb09a773b2c2f005fa1d |
| SHA1 | edaf226f32934e717201f78f411adc12a95126fa |
| SHA256 | ee563d49c4ce09a7fec9a99891a57063f5c53cfb49525bf187e925fac84c4c9d |
| SHA512 | 2b2a16f87af342c6a276764b0a11d3c6cf21109b8a4410f3316fc6174110916eed6202e83c085f05f0fa7642374674ef61fe8e3b928e1f9984673d858f7fb148 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40fb8f198f356ad11509fdb36ccdc5c3 |
| SHA1 | 725925e9a63fff60f76cdc2feb2e244b17df8707 |
| SHA256 | f88e765b5ae6d811d523b645594847d07204847193b64e2f49a173f7a2d6d654 |
| SHA512 | 76cc5acc1a3fea18eef830ec3f1354bd233bb0f4c24f04d8b82ec7da75fb47adb7214447b0d9c77c9d27140c7d9a731d41d5379ce5e3b479f6c61ebbc00a5ca2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 772805f244296111a91b5015f1d0d9a4 |
| SHA1 | 030e46f1ce0737ecae8934fc00737dd84c1802a0 |
| SHA256 | c7f584559df3d885f2791d2417bc3c91614cdd758bc0e77dddb6a0982081b107 |
| SHA512 | 57d9593108009a4ed1b38826a87885c4b620e3ddf316e49c90c7e30bc0e72982530b24d52225bf5c2763eaf19a1589b93cee841945e5a19478905e7a6b2c1cf7 |