Malware Analysis Report

2025-01-18 00:41

Sample ID 240613-mbxs7avbjf
Target a50b40f07de0cbdc20b08479b86c6f40_JaffaCakes118
SHA256 185a874879dc14b69fe0b69c79c6198f98032aa57a1bf2af07909db05e47811a
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

185a874879dc14b69fe0b69c79c6198f98032aa57a1bf2af07909db05e47811a

Threat Level: No (potentially) malicious behavior was detected

The file a50b40f07de0cbdc20b08479b86c6f40_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 10:18

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 10:18

Reported

2024-06-13 10:20

Platform

win10v2004-20240226-en

Max time kernel

147s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50b40f07de0cbdc20b08479b86c6f40_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50b40f07de0cbdc20b08479b86c6f40_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4848 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4572 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5792 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3752 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=3696 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5912 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4860 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5316 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.9.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 google-statik.pw udp
US 8.8.8.8:53 google-statik.pw udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
GB 142.250.187.202:445 fonts.googleapis.com tcp
SE 185.130.44.165:80 google-statik.pw tcp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
SE 185.130.44.165:80 google-statik.pw tcp
BE 104.90.25.175:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 131.238.35.23.in-addr.arpa udp
US 104.18.10.207:443 netdna.bootstrapcdn.com udp
US 104.18.10.207:443 netdna.bootstrapcdn.com tcp
US 2.20.12.87:443 bzib.nelreports.net tcp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 www.idraulico-riccione.it udp
US 8.8.8.8:53 www.idraulico-riccione.it udp
US 8.8.8.8:53 www.idraulico-riccione.it udp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 165.44.130.185.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 87.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 www.idraulico-riccione.it udp
GB 142.250.187.202:139 fonts.googleapis.com tcp
US 8.8.8.8:53 www.idraulico-riccione.it udp
US 8.8.8.8:53 nibirumail.com udp
US 8.8.8.8:53 nibirumail.com udp
IT 46.28.2.29:443 nibirumail.com tcp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
GB 172.217.16.238:443 apis.google.com tcp
US 8.8.8.8:53 29.2.28.46.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 84.177.190.20.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.65.92:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 104.22.71.197:443 static.addtoany.com udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 197.71.22.104.in-addr.arpa udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 104.18.10.207:443 netdna.bootstrapcdn.com udp
GB 172.217.16.238:443 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.16.238:443 apis.google.com tcp
GB 172.217.16.238:443 apis.google.com tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 104.22.71.197:443 static.addtoany.com udp
GB 216.58.201.110:80 developers.google.com tcp
US 104.22.70.197:443 static.addtoany.com udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 197.70.22.104.in-addr.arpa udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.16.238:443 apis.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
NL 23.62.61.89:443 www.bing.com tcp
US 8.8.8.8:53 89.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
NL 23.62.61.160:443 www.bing.com tcp
US 8.8.8.8:53 160.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 10:18

Reported

2024-06-13 10:20

Platform

win7-20240221-en

Max time kernel

143s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50b40f07de0cbdc20b08479b86c6f40_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435751" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{37F39391-296E-11EF-822E-56D57A935C49} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003585e3ed40648849a2db125fc8d2a7ae00000000020000000000106600000001000020000000f6ca4e791b2356af09083a2439a419d66718ead9144f09ea2f934473abb3314a000000000e8000000002000020000000035d28900a10d3e0d0ffb94e4c6afd9ddca3ae4536a69e743d2fd1a168b49ca9200000001eb59afad52f59a5bdd94bf6deef222963642a0135c9301f6ce4e464b2b9b26e40000000ebab5dfc3e9c4baef43c7e0919ab1f477178d75f090933adff7674b66cf0a684273495958335ce132c25f6116a710ecbfb075f20d3c082a36b251e5b3ec3eebc C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f058b20d7bbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003585e3ed40648849a2db125fc8d2a7ae0000000002000000000010660000000100002000000092baf22081e2dda7223852c372adf72414a79235726edacbecd700cef6e5c83a000000000e800000000200002000000070aecc03697a2f430da16b5e41cff3e612d8bba99d456a39c9923a256a7e015390000000d56634ab19b0f615806835389131d156c65ad8f49f4df4587714ae09331ac4cfcffacb0bec6f08cb3ee95061dde4ef28867d0985f8a90302d61ddb224798cac95e6215cf4c9fa9666ee6afcd8f1f124fe07b591df0af138cca9c00ccfd83b5a5b39c360d9aa0cb538558660f4cb262392ac03d586f47dba2f21de9d0c0e7f41f90e9b86b70bbe568201a03701651827940000000fc1954bee45012281ad2dff8eefbc73e47eb67bae6b859d7670b1249ded747a28e4b5e2942345f4b92aaa1778af61a32800c9b54f38b974b7491f2afae906519 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50b40f07de0cbdc20b08479b86c6f40_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1504 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 google-statik.pw udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 8.8.8.8:53 www.idraulico-riccione.it udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 nibirumail.com udp
IT 46.28.2.29:443 nibirumail.com tcp
US 104.18.11.207:443 netdna.bootstrapcdn.com tcp
US 104.18.11.207:443 netdna.bootstrapcdn.com tcp
IT 46.28.2.29:443 nibirumail.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 172.217.16.238:443 apis.google.com tcp
SE 185.130.44.165:80 google-statik.pw tcp
SE 185.130.44.165:80 google-statik.pw tcp
US 8.8.8.8:53 static.addtoany.com udp
US 172.67.39.148:443 static.addtoany.com tcp
US 172.67.39.148:443 static.addtoany.com tcp
GB 172.217.16.238:443 apis.google.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 developers.google.com udp
IE 2.18.24.9:80 apps.identrust.com tcp
IE 2.18.24.9:80 apps.identrust.com tcp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d2a18d02aaf3efe7eefb435129eb652f
SHA1 6b71a2b8f96f9e47570a9c7f00d5b62ec574a6cc
SHA256 0d96288236885ef3282219d0de76b67a69d57f7c729d0d1508ee84ecae2985c7
SHA512 d9bc15328c87abe2b70fe850d3a9334244077737253c0b647e8b151a48047151d6975c4977ccfd1cd12d1ad777c70c96eb8188517a0f4dc5d55cb29f16c37d69

C:\Users\Admin\AppData\Local\Temp\Cab202E.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7456c3bf18b625d90043f60f82153c24
SHA1 7fd7be6ff2f5b4103f2ab50f0533a776a25d5142
SHA256 0e0afce7598e343ae6e3246222a439f60bf74adb26b28164f318c64b890e8b38
SHA512 e31ea3260368c8839053bdc73e17114807c9c09295c9065e06c9c062c4fded5f7b3a6832d623049558dadbb37c7ab45e85c2ef991adc0cc30f6e70495f022584

C:\Users\Admin\AppData\Local\Temp\Tar2293.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2395.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5105ad148fd1fb4c0005d97ad0bafda
SHA1 82bd1c0248b657eafa89fe37273ebb9b7148d0a8
SHA256 ee5e9930439d692565ae08dc1a9bad90f287a0ebb41ddef6ebc7172498660316
SHA512 3c60af49e972a5bea72f93a209efffe1590aa3a5e984f3ec5471a6914da5612db832c94e39b459aa2ec875c2006c5a2b176e62a0c10e242e69071c91918986f8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\cb=gapi[1].js

MD5 0fe383a7ddb9bbaefc3105b3297f5583
SHA1 f80c9d789f251909c7560bd91a9e1b9a10c26362
SHA256 d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683
SHA512 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bca08e83060bc33ceb59a1ed10d1a385
SHA1 0d4be950ef4b5c998c04b2c1bd88fa99ca8d024e
SHA256 16ca9829b9635494afe7d43388ba9967bf8efd5ecd3f09b4f34793e10d71a266
SHA512 25f1df2f5f1aac0f4c1984ec1c22e37df2c1de9a29ab4638bf067c4a8a7ec57367b8027ee1dd8411911442a589426ebcfd4ece4c9677a34c11c8d5caff83db35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77f753d1642d95d71788eade4bdb71f2
SHA1 0c90297ddb4c2ec65e74f678f79a4c8afcb1b23f
SHA256 7d85bfcf0ef9977c45babfc40ed60fe5b680094d0401cb1a4d8dbcc94136ff29
SHA512 b64f9b3872424ca8518bbc9c0f56a8768aa7d8e847c652bc06f6be45e73934f4bc9348c3faf226827f8c5cd411279635eed2d3547ba51753ecf006334a137c01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06e6f015e513ded6c7cb4bc304c357e9
SHA1 21486584fb3186001dd1099476fe48c3de02f19f
SHA256 ce9968b074d565348e458dd8bec3befa6b7e86ce286967f1251b777288667acb
SHA512 fc3383ab48c8e28ecf6935329bd55a2493d1e3436b3b4fed9b9e85e9637afef3affd69ac1144216f00b0dbe25f065016ad34ddba514255cf064d53bf53bdf85f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf8c22d49fe43462ab74321bf7570723
SHA1 76ef4c48ed530c7f6f80aa04325eebc56076ce2c
SHA256 64ad3b68021fa9d46c982cafe364d500f9b1583d1499e7b4ba33dddca34ad539
SHA512 ad8dd601950c1faed2f7e147dc343906da8112bd0cb0726da41fb95c5e094e7ac4584bd079f562a5414e605b3162e4614ccc14a6d3adf57e302f89524740845d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f4679ccb11e18e883a201448ea7fd80
SHA1 0fb5b4686c3ed96753724e3e1c05c13d89ef56fd
SHA256 a03f4230af64598a1af3f921e7975a43fe095abdba6f3433b6a8b3761466a70a
SHA512 d78c07df26932c428d804e595174062466b00819631fc41ec9e32ec3f89cd3c9b35e0f42faeb4cf8ee4a84b87d52771ca45a3052a7731e9eba1d015bd55946a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e08b4a0fc3c8294b8d5e3055b28daf7
SHA1 51692b15affbfcf2cc3fd290aa7c442c1938b6a9
SHA256 4429dc462d21e8e2a0503826355da6f80673b32b939ce540754eade635e7c0c3
SHA512 f45a872e9edb96c936731996a4bce00f51343f7cb5769d3367e69a0930612369d1c892225e28924e9f4e7e7a3c5dcfcb2715156bb6f8cc52bf29eb50fb60f8e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f00f4183df92f4b7521d3680854e01f5
SHA1 558f6c477df7ea8a9894f3c47dd983625ffcdbc7
SHA256 437a53fc68dfac351144de6ca75517f9528b3e17052a0946c12dd0ff8fc4f246
SHA512 011ea17b452156b28bfe76c61ab14346c3d7f0544a0ad86ae42f9912078d606748be0ebe81f3a6a30dc794871316e05b068ee463b97b9fbde77078c6861d191b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d0276528ad8db8baa3c001d1c1270e2
SHA1 80915b92dfe7fc1708f2d80a474c9855ac68d15d
SHA256 481ff876fc2723f740fa0457be3abefe3b839b53f049d9e9fbfae977b41aa27d
SHA512 7731f1691989f40f3bd518d19ef5baae11d44e578e897f0dd4cac316cdd4168f0e34612214457a5be1174057076dc43e6dca11a9ac053455344b0b6b1f7b3aad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 682087dfcc40d008a0d2c9ab6aca5fe7
SHA1 2369ffd6b1a4114cfa7c055ae0040f62de7435f0
SHA256 5c866c767c51dd5a724477841444b111079d4c260a32415feee1d9bf149b2310
SHA512 09632f7750bb7b0dd138c5f32176f79ffbcbb9bc7ee944be9736339afc2e5888513b5ab753047fa3d2dae744cb30bffbf5eab6a03a93720a8375a2134420c114

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c77d42dc762102a8f908a066740c5217
SHA1 ba5c14dcfb445bbf9eea99b5401260af41d7e335
SHA256 ffefc62d7fc5c05a53a0e1c58d7b16b107d16ed8f7456c34c8a2762140068190
SHA512 e3998ee8ee4a3cf0215c1f5d7a3ad4d2aaaeee535053ad8e8f96b189eb14ac88445ad99d4aa3a8e8ebc7652ac3902febc5c4425bb30b9751379cd089d0c0a412

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\rpc_shindig_random[1].js

MD5 6a90a8e611705b6e5953757cc549ce8c
SHA1 3e7416db7afe4cfdf3980daba308df560b4bede6
SHA256 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679
SHA512 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e58803624d4b8a0a11b899c2f34fceb
SHA1 279c5ae59881d205f903a226e0d55df9f4d89784
SHA256 33813ca74c98e143f3e10a8b6e23424b2b532719857cf5ea87e504f3c886cf62
SHA512 6d4cef1dcaec11dfbadfee30910ff5b7c5d1d43ecdd5e8f690307dfa420609c60e85dad2a5451a296598ae8efe74dbe7b5b5998c945987f3b15ec61500b589c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b2e19289f57fac4c26282138483c342
SHA1 0026853c1430cf3418adb34a64cdfe6eac79793e
SHA256 8fd3238c2df93722a2cb1878b44623a8c4745106b3b87faf7163543f120f9520
SHA512 fd9662002bb5c3377d5222e2ace746a9eb2df9af8bb364e1271b9935e52821fdf0952c2b2c6d1e4bca66951e36449f08a48754df5913758efd39493c898f0c08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 c4ca212f92255f971d94290ee2e47502
SHA1 a76bc1c8a1a780c12645c5cbd0e308750a3e132b
SHA256 a358410c1cb2f8a06c2d8bb9608f7654d4ec5ee07eeac84e3b6a7f7ead235cd8
SHA512 3e340d2e29e93a49054bb0f19027c844d5df2dc72ee5c9449cc213791c58e5567161b360212c9cb21c9a657e8be015cfe9345d580461d3003f1971176b4142b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77f553c3ab7d2ed76442248498d86854
SHA1 bfff45ef1b6059c85ccec8ebd03131d9bd2d4c97
SHA256 355552f4619bfc0e0f885d5fbc493a57d78187cc4a4a39451f24cc2cba309960
SHA512 52912010fbd2c848dd1efa1356541ec7c9dfa7949a926c6d6daa5d8856b50881df1c8f26f6bb234e153b8b10c2fee64d99de66b2c51e6a48a87d4040ee4736af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ed2fc8ee703658da9864b3bb6072706
SHA1 8571e507ecb732837b09cb33bdd2dd2b8dff84a0
SHA256 da7ab3c7fef48ec749b502ef9c57ba9b8efaf1ec5d3318936a40a36ec7da121c
SHA512 8fbcceb15212c12b1b659e8009f980fc3df3e64ffcb174202b2df67f596181238e15e0f63673110bfdb7db6f9660e10e466c91482c8a6ac8d2f9dde205b97bd9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb25a9b17d745b19b67bfc26f0661670
SHA1 1d8c7b6d8fd53bf3f0cbcf0f2d8ca77ad4578373
SHA256 4ee10a6700f70e80fc7fd37344e67677a39eef9415e2b66bf9dc2a0cbc3aad0d
SHA512 430de6ad831bd286e47f7611e7daa693b1dd4b8dacd1ac3cfbc508e1bfe3ddcfa020a1b3002d422d467d59e23ce31b542021b73da5e70f61f5582dc1c3ebaa8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d090f1cfca67af39f372131a3b58a7f
SHA1 7336119ccf724610ae2ca8bb5f7a2718ddb2b339
SHA256 074d4f305d926b1200119d6b522a3179553d4363584a8e867943fa36ea52bba0
SHA512 078fb89fdcbccf4c1eebe8c11d2de6eebce58acec3d4e33967218da7d2a79db19075f199d9324d7e3314f7d5bc225d21a764a201845f51b2690cf17787481a9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c616436d1e2a726f3037e20a943d898d
SHA1 147d822330b28b7f417fabbef1d6448ae6f9f59e
SHA256 331e6641cc10cf7fdd67ee4341becf604eb8d4980cd9f37c29dd10e4911a24cb
SHA512 06e7f25d8fbf483403352fb02e71a5ed5f4f47c3afef3cc9dbc9303a777802ddabc22aef5107e0a882ebc1505cdf646ca2a2fa7c750f1b38f104bcd053efa653

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 03149e9d3951983c0987c3792f881791
SHA1 ac58e4c658f0c859f580e2699ed0c3b907112b3c
SHA256 2c179f7ca312417d6565dd655aa7d4c8f1e590d0f793753a8c31787b3cc22313
SHA512 c04b2019b95f9b5c378f71baed29ed789a67065440406417eaaad51d9c6abd7c87db5b0ff2eb42a148c042fc5a0b469c9c11c3061e2c9b10190721a6dcee537f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11ec4a0d4e70ec648ecd301d15cdd45f
SHA1 b921161603aef6f2be832e004b5a3fa4c588b004
SHA256 59677514ba6945dbaa93c295d253281a53fff16408467b1a32f10d7d046c76d3
SHA512 bca483c2286d6df64051927620562ae5dd578d02d6d8c257e89c9eb12eaf6aa2f24fa7bf04845308cfc836334a8f5b4b10529a9262971846eae4481b486fbacc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 630f636fc8a2f3378c68daf6529ea2b9
SHA1 178a3e680b9ea4dd8483ba8ce16ed7148e255263
SHA256 c71f1c9819405d59e81411a49d2595bc138b794b09c7e7c04d33031baef329c4
SHA512 47c9cd20a54efe54ae03aeceb783ed06ed0df224cca0e29e4c4de33f69f817ee67881b48808785405fae433712a74a59acffd869f8f14ceb5b24177f6d98eec6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2746d5470fe40e6eeabf3ee61f7992d
SHA1 29db31bfe902e51fab3155c916eecfe79e902abe
SHA256 851191c3d292cdd162746f9475af9b2a2d922a2330f017267881d3c7679b6e85
SHA512 0ed2e2a0f0c8d28936f7e85c4000df8335c8e3d8e849ef02894b9529257f3ef5063b7be97f1386803cbc6c2e67a21a2935496d7afebf5c958fe11c906173d06d