Analysis Overview
SHA256
185a874879dc14b69fe0b69c79c6198f98032aa57a1bf2af07909db05e47811a
Threat Level: No (potentially) malicious behavior was detected
The file a50b40f07de0cbdc20b08479b86c6f40_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:18
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:18
Reported
2024-06-13 10:20
Platform
win10v2004-20240226-en
Max time kernel
147s
Max time network
153s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50b40f07de0cbdc20b08479b86c6f40_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4848 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4572 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5792 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3752 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=3696 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5912 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4860 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5316 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | google-statik.pw | udp |
| US | 8.8.8.8:53 | google-statik.pw | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| GB | 142.250.187.202:445 | fonts.googleapis.com | tcp |
| SE | 185.130.44.165:80 | google-statik.pw | tcp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| SE | 185.130.44.165:80 | google-statik.pw | tcp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 131.238.35.23.in-addr.arpa | udp |
| US | 104.18.10.207:443 | netdna.bootstrapcdn.com | udp |
| US | 104.18.10.207:443 | netdna.bootstrapcdn.com | tcp |
| US | 2.20.12.87:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | www.idraulico-riccione.it | udp |
| US | 8.8.8.8:53 | www.idraulico-riccione.it | udp |
| US | 8.8.8.8:53 | www.idraulico-riccione.it | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | 165.44.130.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.idraulico-riccione.it | udp |
| GB | 142.250.187.202:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.idraulico-riccione.it | udp |
| US | 8.8.8.8:53 | nibirumail.com | udp |
| US | 8.8.8.8:53 | nibirumail.com | udp |
| IT | 46.28.2.29:443 | nibirumail.com | tcp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 29.2.28.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.177.190.20.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 104.22.71.197:443 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.71.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 104.18.10.207:443 | netdna.bootstrapcdn.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 104.22.71.197:443 | static.addtoany.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 104.22.70.197:443 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.70.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.89:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 89.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:18
Reported
2024-06-13 10:20
Platform
win7-20240221-en
Max time kernel
143s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435751" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{37F39391-296E-11EF-822E-56D57A935C49} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003585e3ed40648849a2db125fc8d2a7ae00000000020000000000106600000001000020000000f6ca4e791b2356af09083a2439a419d66718ead9144f09ea2f934473abb3314a000000000e8000000002000020000000035d28900a10d3e0d0ffb94e4c6afd9ddca3ae4536a69e743d2fd1a168b49ca9200000001eb59afad52f59a5bdd94bf6deef222963642a0135c9301f6ce4e464b2b9b26e40000000ebab5dfc3e9c4baef43c7e0919ab1f477178d75f090933adff7674b66cf0a684273495958335ce132c25f6116a710ecbfb075f20d3c082a36b251e5b3ec3eebc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f058b20d7bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003585e3ed40648849a2db125fc8d2a7ae0000000002000000000010660000000100002000000092baf22081e2dda7223852c372adf72414a79235726edacbecd700cef6e5c83a000000000e800000000200002000000070aecc03697a2f430da16b5e41cff3e612d8bba99d456a39c9923a256a7e015390000000d56634ab19b0f615806835389131d156c65ad8f49f4df4587714ae09331ac4cfcffacb0bec6f08cb3ee95061dde4ef28867d0985f8a90302d61ddb224798cac95e6215cf4c9fa9666ee6afcd8f1f124fe07b591df0af138cca9c00ccfd83b5a5b39c360d9aa0cb538558660f4cb262392ac03d586f47dba2f21de9d0c0e7f41f90e9b86b70bbe568201a03701651827940000000fc1954bee45012281ad2dff8eefbc73e47eb67bae6b859d7670b1249ded747a28e4b5e2942345f4b92aaa1778af61a32800c9b54f38b974b7491f2afae906519 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1504 wrote to memory of 2324 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1504 wrote to memory of 2324 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1504 wrote to memory of 2324 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1504 wrote to memory of 2324 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50b40f07de0cbdc20b08479b86c6f40_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1504 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google-statik.pw | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | www.idraulico-riccione.it | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | nibirumail.com | udp |
| IT | 46.28.2.29:443 | nibirumail.com | tcp |
| US | 104.18.11.207:443 | netdna.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | netdna.bootstrapcdn.com | tcp |
| IT | 46.28.2.29:443 | nibirumail.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| SE | 185.130.44.165:80 | google-statik.pw | tcp |
| SE | 185.130.44.165:80 | google-statik.pw | tcp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 172.67.39.148:443 | static.addtoany.com | tcp |
| US | 172.67.39.148:443 | static.addtoany.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d2a18d02aaf3efe7eefb435129eb652f |
| SHA1 | 6b71a2b8f96f9e47570a9c7f00d5b62ec574a6cc |
| SHA256 | 0d96288236885ef3282219d0de76b67a69d57f7c729d0d1508ee84ecae2985c7 |
| SHA512 | d9bc15328c87abe2b70fe850d3a9334244077737253c0b647e8b151a48047151d6975c4977ccfd1cd12d1ad777c70c96eb8188517a0f4dc5d55cb29f16c37d69 |
C:\Users\Admin\AppData\Local\Temp\Cab202E.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7456c3bf18b625d90043f60f82153c24 |
| SHA1 | 7fd7be6ff2f5b4103f2ab50f0533a776a25d5142 |
| SHA256 | 0e0afce7598e343ae6e3246222a439f60bf74adb26b28164f318c64b890e8b38 |
| SHA512 | e31ea3260368c8839053bdc73e17114807c9c09295c9065e06c9c062c4fded5f7b3a6832d623049558dadbb37c7ab45e85c2ef991adc0cc30f6e70495f022584 |
C:\Users\Admin\AppData\Local\Temp\Tar2293.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2395.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5105ad148fd1fb4c0005d97ad0bafda |
| SHA1 | 82bd1c0248b657eafa89fe37273ebb9b7148d0a8 |
| SHA256 | ee5e9930439d692565ae08dc1a9bad90f287a0ebb41ddef6ebc7172498660316 |
| SHA512 | 3c60af49e972a5bea72f93a209efffe1590aa3a5e984f3ec5471a6914da5612db832c94e39b459aa2ec875c2006c5a2b176e62a0c10e242e69071c91918986f8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\cb=gapi[1].js
| MD5 | 0fe383a7ddb9bbaefc3105b3297f5583 |
| SHA1 | f80c9d789f251909c7560bd91a9e1b9a10c26362 |
| SHA256 | d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683 |
| SHA512 | 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bca08e83060bc33ceb59a1ed10d1a385 |
| SHA1 | 0d4be950ef4b5c998c04b2c1bd88fa99ca8d024e |
| SHA256 | 16ca9829b9635494afe7d43388ba9967bf8efd5ecd3f09b4f34793e10d71a266 |
| SHA512 | 25f1df2f5f1aac0f4c1984ec1c22e37df2c1de9a29ab4638bf067c4a8a7ec57367b8027ee1dd8411911442a589426ebcfd4ece4c9677a34c11c8d5caff83db35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77f753d1642d95d71788eade4bdb71f2 |
| SHA1 | 0c90297ddb4c2ec65e74f678f79a4c8afcb1b23f |
| SHA256 | 7d85bfcf0ef9977c45babfc40ed60fe5b680094d0401cb1a4d8dbcc94136ff29 |
| SHA512 | b64f9b3872424ca8518bbc9c0f56a8768aa7d8e847c652bc06f6be45e73934f4bc9348c3faf226827f8c5cd411279635eed2d3547ba51753ecf006334a137c01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06e6f015e513ded6c7cb4bc304c357e9 |
| SHA1 | 21486584fb3186001dd1099476fe48c3de02f19f |
| SHA256 | ce9968b074d565348e458dd8bec3befa6b7e86ce286967f1251b777288667acb |
| SHA512 | fc3383ab48c8e28ecf6935329bd55a2493d1e3436b3b4fed9b9e85e9637afef3affd69ac1144216f00b0dbe25f065016ad34ddba514255cf064d53bf53bdf85f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf8c22d49fe43462ab74321bf7570723 |
| SHA1 | 76ef4c48ed530c7f6f80aa04325eebc56076ce2c |
| SHA256 | 64ad3b68021fa9d46c982cafe364d500f9b1583d1499e7b4ba33dddca34ad539 |
| SHA512 | ad8dd601950c1faed2f7e147dc343906da8112bd0cb0726da41fb95c5e094e7ac4584bd079f562a5414e605b3162e4614ccc14a6d3adf57e302f89524740845d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f4679ccb11e18e883a201448ea7fd80 |
| SHA1 | 0fb5b4686c3ed96753724e3e1c05c13d89ef56fd |
| SHA256 | a03f4230af64598a1af3f921e7975a43fe095abdba6f3433b6a8b3761466a70a |
| SHA512 | d78c07df26932c428d804e595174062466b00819631fc41ec9e32ec3f89cd3c9b35e0f42faeb4cf8ee4a84b87d52771ca45a3052a7731e9eba1d015bd55946a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e08b4a0fc3c8294b8d5e3055b28daf7 |
| SHA1 | 51692b15affbfcf2cc3fd290aa7c442c1938b6a9 |
| SHA256 | 4429dc462d21e8e2a0503826355da6f80673b32b939ce540754eade635e7c0c3 |
| SHA512 | f45a872e9edb96c936731996a4bce00f51343f7cb5769d3367e69a0930612369d1c892225e28924e9f4e7e7a3c5dcfcb2715156bb6f8cc52bf29eb50fb60f8e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f00f4183df92f4b7521d3680854e01f5 |
| SHA1 | 558f6c477df7ea8a9894f3c47dd983625ffcdbc7 |
| SHA256 | 437a53fc68dfac351144de6ca75517f9528b3e17052a0946c12dd0ff8fc4f246 |
| SHA512 | 011ea17b452156b28bfe76c61ab14346c3d7f0544a0ad86ae42f9912078d606748be0ebe81f3a6a30dc794871316e05b068ee463b97b9fbde77078c6861d191b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d0276528ad8db8baa3c001d1c1270e2 |
| SHA1 | 80915b92dfe7fc1708f2d80a474c9855ac68d15d |
| SHA256 | 481ff876fc2723f740fa0457be3abefe3b839b53f049d9e9fbfae977b41aa27d |
| SHA512 | 7731f1691989f40f3bd518d19ef5baae11d44e578e897f0dd4cac316cdd4168f0e34612214457a5be1174057076dc43e6dca11a9ac053455344b0b6b1f7b3aad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 682087dfcc40d008a0d2c9ab6aca5fe7 |
| SHA1 | 2369ffd6b1a4114cfa7c055ae0040f62de7435f0 |
| SHA256 | 5c866c767c51dd5a724477841444b111079d4c260a32415feee1d9bf149b2310 |
| SHA512 | 09632f7750bb7b0dd138c5f32176f79ffbcbb9bc7ee944be9736339afc2e5888513b5ab753047fa3d2dae744cb30bffbf5eab6a03a93720a8375a2134420c114 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c77d42dc762102a8f908a066740c5217 |
| SHA1 | ba5c14dcfb445bbf9eea99b5401260af41d7e335 |
| SHA256 | ffefc62d7fc5c05a53a0e1c58d7b16b107d16ed8f7456c34c8a2762140068190 |
| SHA512 | e3998ee8ee4a3cf0215c1f5d7a3ad4d2aaaeee535053ad8e8f96b189eb14ac88445ad99d4aa3a8e8ebc7652ac3902febc5c4425bb30b9751379cd089d0c0a412 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e58803624d4b8a0a11b899c2f34fceb |
| SHA1 | 279c5ae59881d205f903a226e0d55df9f4d89784 |
| SHA256 | 33813ca74c98e143f3e10a8b6e23424b2b532719857cf5ea87e504f3c886cf62 |
| SHA512 | 6d4cef1dcaec11dfbadfee30910ff5b7c5d1d43ecdd5e8f690307dfa420609c60e85dad2a5451a296598ae8efe74dbe7b5b5998c945987f3b15ec61500b589c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b2e19289f57fac4c26282138483c342 |
| SHA1 | 0026853c1430cf3418adb34a64cdfe6eac79793e |
| SHA256 | 8fd3238c2df93722a2cb1878b44623a8c4745106b3b87faf7163543f120f9520 |
| SHA512 | fd9662002bb5c3377d5222e2ace746a9eb2df9af8bb364e1271b9935e52821fdf0952c2b2c6d1e4bca66951e36449f08a48754df5913758efd39493c898f0c08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | c4ca212f92255f971d94290ee2e47502 |
| SHA1 | a76bc1c8a1a780c12645c5cbd0e308750a3e132b |
| SHA256 | a358410c1cb2f8a06c2d8bb9608f7654d4ec5ee07eeac84e3b6a7f7ead235cd8 |
| SHA512 | 3e340d2e29e93a49054bb0f19027c844d5df2dc72ee5c9449cc213791c58e5567161b360212c9cb21c9a657e8be015cfe9345d580461d3003f1971176b4142b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77f553c3ab7d2ed76442248498d86854 |
| SHA1 | bfff45ef1b6059c85ccec8ebd03131d9bd2d4c97 |
| SHA256 | 355552f4619bfc0e0f885d5fbc493a57d78187cc4a4a39451f24cc2cba309960 |
| SHA512 | 52912010fbd2c848dd1efa1356541ec7c9dfa7949a926c6d6daa5d8856b50881df1c8f26f6bb234e153b8b10c2fee64d99de66b2c51e6a48a87d4040ee4736af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ed2fc8ee703658da9864b3bb6072706 |
| SHA1 | 8571e507ecb732837b09cb33bdd2dd2b8dff84a0 |
| SHA256 | da7ab3c7fef48ec749b502ef9c57ba9b8efaf1ec5d3318936a40a36ec7da121c |
| SHA512 | 8fbcceb15212c12b1b659e8009f980fc3df3e64ffcb174202b2df67f596181238e15e0f63673110bfdb7db6f9660e10e466c91482c8a6ac8d2f9dde205b97bd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb25a9b17d745b19b67bfc26f0661670 |
| SHA1 | 1d8c7b6d8fd53bf3f0cbcf0f2d8ca77ad4578373 |
| SHA256 | 4ee10a6700f70e80fc7fd37344e67677a39eef9415e2b66bf9dc2a0cbc3aad0d |
| SHA512 | 430de6ad831bd286e47f7611e7daa693b1dd4b8dacd1ac3cfbc508e1bfe3ddcfa020a1b3002d422d467d59e23ce31b542021b73da5e70f61f5582dc1c3ebaa8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d090f1cfca67af39f372131a3b58a7f |
| SHA1 | 7336119ccf724610ae2ca8bb5f7a2718ddb2b339 |
| SHA256 | 074d4f305d926b1200119d6b522a3179553d4363584a8e867943fa36ea52bba0 |
| SHA512 | 078fb89fdcbccf4c1eebe8c11d2de6eebce58acec3d4e33967218da7d2a79db19075f199d9324d7e3314f7d5bc225d21a764a201845f51b2690cf17787481a9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c616436d1e2a726f3037e20a943d898d |
| SHA1 | 147d822330b28b7f417fabbef1d6448ae6f9f59e |
| SHA256 | 331e6641cc10cf7fdd67ee4341becf604eb8d4980cd9f37c29dd10e4911a24cb |
| SHA512 | 06e7f25d8fbf483403352fb02e71a5ed5f4f47c3afef3cc9dbc9303a777802ddabc22aef5107e0a882ebc1505cdf646ca2a2fa7c750f1b38f104bcd053efa653 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 03149e9d3951983c0987c3792f881791 |
| SHA1 | ac58e4c658f0c859f580e2699ed0c3b907112b3c |
| SHA256 | 2c179f7ca312417d6565dd655aa7d4c8f1e590d0f793753a8c31787b3cc22313 |
| SHA512 | c04b2019b95f9b5c378f71baed29ed789a67065440406417eaaad51d9c6abd7c87db5b0ff2eb42a148c042fc5a0b469c9c11c3061e2c9b10190721a6dcee537f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11ec4a0d4e70ec648ecd301d15cdd45f |
| SHA1 | b921161603aef6f2be832e004b5a3fa4c588b004 |
| SHA256 | 59677514ba6945dbaa93c295d253281a53fff16408467b1a32f10d7d046c76d3 |
| SHA512 | bca483c2286d6df64051927620562ae5dd578d02d6d8c257e89c9eb12eaf6aa2f24fa7bf04845308cfc836334a8f5b4b10529a9262971846eae4481b486fbacc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 630f636fc8a2f3378c68daf6529ea2b9 |
| SHA1 | 178a3e680b9ea4dd8483ba8ce16ed7148e255263 |
| SHA256 | c71f1c9819405d59e81411a49d2595bc138b794b09c7e7c04d33031baef329c4 |
| SHA512 | 47c9cd20a54efe54ae03aeceb783ed06ed0df224cca0e29e4c4de33f69f817ee67881b48808785405fae433712a74a59acffd869f8f14ceb5b24177f6d98eec6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2746d5470fe40e6eeabf3ee61f7992d |
| SHA1 | 29db31bfe902e51fab3155c916eecfe79e902abe |
| SHA256 | 851191c3d292cdd162746f9475af9b2a2d922a2330f017267881d3c7679b6e85 |
| SHA512 | 0ed2e2a0f0c8d28936f7e85c4000df8335c8e3d8e849ef02894b9529257f3ef5063b7be97f1386803cbc6c2e67a21a2935496d7afebf5c958fe11c906173d06d |