Analysis Overview
SHA256
4f2a20aa7f0c1db6b5ec60eeb3fb603fe1b391334383a5e5e3a98b545cfeac68
Threat Level: No (potentially) malicious behavior was detected
The file a5107fc6311e4235469a62ac0f4f5d02_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:23
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:23
Reported
2024-06-13 10:26
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5107fc6311e4235469a62ac0f4f5d02_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8072a46f8,0x7ff8072a4708,0x7ff8072a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11001004367841470378,4397615716167456583,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,11001004367841470378,4397615716167456583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,11001004367841470378,4397615716167456583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11001004367841470378,4397615716167456583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11001004367841470378,4397615716167456583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11001004367841470378,4397615716167456583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11001004367841470378,4397615716167456583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11001004367841470378,4397615716167456583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11001004367841470378,4397615716167456583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11001004367841470378,4397615716167456583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11001004367841470378,4397615716167456583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11001004367841470378,4397615716167456583,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5664 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.11.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
\??\pipe\LOCAL\crashpad_4400_TXXZNGNLDVOPRMLP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 85cfd96344a372688daecf0040bbca22 |
| SHA1 | 752054e6c8f6952a3757b7994c0d819574076d51 |
| SHA256 | 1463e107f384493bb4f2f8c82a6f28c60bfaa0bd0c2f92607acb066ee38e0928 |
| SHA512 | e9012f6d047123cd2e9a51617f8b60c1124a9716287401840bfba37c084dc96c7ca56f25d0df11a164f7f644ccf7d9bde81ca7568866b2390181a6471dfda361 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 03e3a413d2b22046a79d6f2063909558 |
| SHA1 | 819437c42a28cf437c479810e0262ff685eec5c4 |
| SHA256 | e5b2ea8211eeb16d6c0de716caae9116fcbbb9828aa1dced883565f816d9a53b |
| SHA512 | c919f72ce4b7b152b6c06d2fbdea8267bffad45da7fd5976410020273dd74e5a7cb77d2147efc6373eb3de333e0c15a1c996b479932646df380a9c178e8843cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cddf438fef9fa264bb8e16d549060238 |
| SHA1 | f17cb918bf6b9b433039dcd0d617a766c12b011f |
| SHA256 | 34e34ecb3be51843d6358a7e8bac9d287636b9b3011000c604a9b9f88c1d587f |
| SHA512 | 4a4fe02b79ce57e711f9a6a01a27226a3538b349e24de53481a2ea27f697054b8576fe9a90740285c8b0632241a5a931291d63717c26ff81e6652683b917f867 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f45fd45d3334594f5d4ec85cfb9c6d70 |
| SHA1 | ec4b8a7b04e20ed976fcdb22b532a1eba1d31db0 |
| SHA256 | 61da67239e01072c6f260686a22a0445204b251825ebe48cd55e5a2f199dc423 |
| SHA512 | 38ca6d06eccda37a80fe93b9242431e757859125c920780b20dc0b658d9cbda3e46c9b98dfa756b32c7232d23b7e9c6efec235bf52c68ea1de326cecd5bc897e |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:23
Reported
2024-06-13 10:26
Platform
win7-20240611-en
Max time kernel
118s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000c287adad0b93734e2fa534f9a8ae26a1c72ae04356391efc77d4ef630143c847000000000e80000000020000200000001e4006972835d41edd3fe6459f5b8c5af2082deb0500f84556f76b59e12745d920000000d3d1e9f383140623c926715b7f83526c77e191e6080ea270bcbf4550076d587e40000000be51876a4057d7c7f6798f7d8be95702f12c6fbd46f1628523add15e8174f6536f47d62554dc103102f59d8857ed02ffeaf6951caf641de391eae4554f6d9331 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000b16b691f9c61613f1f230845509e816e3675ab42fd424f7991abfff35155b617000000000e80000000020000200000007c428bf4e8a357d94ae46f0a285cfb2017a140d56147a631664d10b6cc7bd4989000000092920df8451ca769d3126ffb777e639b4bdd27701deca8c2f061b76f13aa46879459b79cb4d544d101c18fb98707e6e8e9eb1ed418f0c2b864312a069a7cc388364b37259d6313d192c153ecde4a399c294a56f7d99a1e137c4d83bf086bc8718613ace20d4f8b21824f3a28fe00c6888326ce3a544a380b7ab35beba44c9c2d81d2a9a849681f25deb1089c721b0f05400000001e5cbecb315d29e2db0ea05054e4175e71393d7c71efe344b19df6867765bfd3cf46167142a50a9203b3af3c28984a4f77d5d8d6aeb32ee07e2b291edd752c26 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424436080" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 901481d37bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FC991941-296E-11EF-A490-4A2B752F9250} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2804 wrote to memory of 1720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2804 wrote to memory of 1720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2804 wrote to memory of 1720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2804 wrote to memory of 1720 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5107fc6311e4235469a62ac0f4f5d02_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabED2.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarEE4.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b10d015428a7f9e95ac61672f701237 |
| SHA1 | fafded73b469fd6fd822d109931d65afee7fe97b |
| SHA256 | 55dcfb52e1dd00e7ebd626923af3ba333561a8ea67c526a7b4d2f284f81e03bf |
| SHA512 | 1e6a4f79bd553ea0066b8be5475c4d6510825d93e7eaa9b0ca928ec3ff7381d5f2f4b7a282dbbc8bf4d8d26712526db5324e7c3cd52ad475b54eb81f6154e852 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c0323fdb140d208708751d9bafff860 |
| SHA1 | 0d90e8dca46314c7bf1e728c9ab9d5f57a4dd9a3 |
| SHA256 | 17ad3e901d8bbf2b056c84c11d8b211d655c3599953e829535e95ac15e9b4b59 |
| SHA512 | edcb8d3df8ec39f5a719839202697bd4496d94295b105d0d2c7eecee0fe3564ac099a3ad7c3b1bfbf9db67cd3980e236fa44fdcaa17965d5d061dad508da21b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | ccf27bbacc8c9ef5e441130e69214cac |
| SHA1 | f34c3573b056382c87356b706f31711ea91e08b5 |
| SHA256 | a0b3aee2d2e44d9343726fa176349d1a710b69af34d5776a12515f0d5225beca |
| SHA512 | 80293e8acb3a7db8972e79c544d13a9d884af065eda8db93730f8c17db7cb1167e7e9804522520b603ffe78dba684a7c6c1571d13e276606bf6b6a71c2755fcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a09a6440aa564d1cb125b0190cd71527 |
| SHA1 | 5470c1d27463bed419e019e8f4ac947c7f736e49 |
| SHA256 | 63608302408e47fa4271c8b475174d812deb9da89a1f26df52cfba025967d9e4 |
| SHA512 | d0b55d82a4bef419d18701c16919c82fea53560207e79a80cbfa08b5bcdb55f3e56d4924550d9c5c7d00fc8d10323d0a5d5b3da19cfe3b395c687d61f3b4c774 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99f3e9c013318b18f0f962666c1da67a |
| SHA1 | 5464c3bc4721539b9ae31ffaf56147f6188877b8 |
| SHA256 | 0c8904bbc5d79aa0a451441f4399652aa551fd4d97d931578eb5fd7112684eca |
| SHA512 | cb2f72143f1e7bf8253e647c27afe6875c507f96ff0d50c103e1c782a848dcb56cd717c363e5e6c02ca532ed6fce81c1d7a71f8c880a0b3d0ffbe3976d86c3bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07903537a845a55833806b419f803216 |
| SHA1 | 82b5820c5f7d361cb094ed83c675befd9b6b0400 |
| SHA256 | 84640cb4f3a43ea1661e94b1af9f983ada5fb5b0255ad76cc733e53840da02fd |
| SHA512 | e2aa0c598b8b69f13bd5801da30e182f103d5caaf5906daef7e5e2852a21efc8f2326d8a22c8dd501cbe0325bec21505165883d9290d539765d0b7cf1fd44e33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a63ebe468be3eacb58db997c3dafbc0a |
| SHA1 | 59a7b744e4d8e55579c0f94caca3380935a8fa92 |
| SHA256 | a58a67ee48be1097d4be0d18466506eaba703f30e7d04e95de173d433d06cd18 |
| SHA512 | 5eae1290173dfc0301bf9be5bff5c5e09b0de3992323c9fc8b412afe12bc0282be775f0e434c57bd414437911eb0a8fe4351e9af2c5abd5edf9bb6ffbc26f3fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82ebb589bc4f1ebbe9ce17b0bf7cb557 |
| SHA1 | d52806bfb4d144ca79b0f9808a98866108091fab |
| SHA256 | 5527dd9ddc5c5202d2c0ad44dd4eca2c107f318627e44f47efd4b7d29e9762eb |
| SHA512 | bb2e4e062b1f265f6c7627f329da7bb18d0f45cf9522bcb50e36a7fd6bc67429427529ac2f9e5ce1f31babade7980f3f833c51814baa3d625caf8bb12dda52e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed161941b52cb32b550bbbda8c55c8ba |
| SHA1 | da3d438e06934130b28da4d1b1f896a1d326808d |
| SHA256 | a35fb6a9b05c42f5677801afbdc2834a2387ae81196998ba809e2d56d9e74082 |
| SHA512 | 2b86e8b9e9014dd6aef50c4f1004d7f7f1f052e8739a068bfcd57186b20a96d90747136b01240ff666ae15cd1fc9af95d71d5a5ecbab29467320fc06609814ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb77d68eaf73f3f99e5973d3ff8c8922 |
| SHA1 | 1203cc35ada7623c5e4a177885546319be457e0f |
| SHA256 | 29840732fa9c8396d5fee14c961c8b195f41122e5d3c8ed711fc6e21c6ae6439 |
| SHA512 | 56fc88113e11a1cf7aa2dc6b17a7454e0d1acdf2727f9c6428aad98d31c4d654357993748d31bcf0c97a06aaab3740f3581282c7c6ec3ac6266c84dd151daf2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0782ee3466205e540cd5bd8ee6c52953 |
| SHA1 | b26ccac9c5f4086557a29c5c6954f953d6bf6ef3 |
| SHA256 | c94e0d2178aeb461a4025e8defcea9dad0f4caea4982641beb07993895dd914b |
| SHA512 | 895c514145ef04ad6b275df3d55461c80d9f9f86a9faafe0ccc54386ae96c91b3e140822ded1fcf913b1c1d2105075ffd55ffdb5b1b51675a05540db3de70c5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d53cef1ff0c6a002ff32dd1f1581f26c |
| SHA1 | 580f9a0aa765a064a60a0b9c27956888a4ddc42c |
| SHA256 | fafd2cfe2dc3c651e4bee4c7a715a4c1d6da165d6e24420af270a03a2c8ca9a2 |
| SHA512 | 71642321feaecebab39cc7f98a80e3ab85ac9417ebd45abfd38d55969308d45994ccbfd5dec652469de424c83db9498ebacec27d4542d8391a56f6bb8e38accb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c423b57939fa1cbc12990e71a577ccd6 |
| SHA1 | b10951f40c5045f74ba702fbd3f7453c5f8096b1 |
| SHA256 | b2e7a85e1e298a59aadadd45171d75f5d59b2d6eb7222ccb1af73dbe04b8b128 |
| SHA512 | d3f1382212e5af5458b394e5894547d2e94668e4fc9342f48fed255c2ead74c13294b26fd828d01e8af67eaf860574644d9ebee1c83187045b166f7f63095f15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ea2b2b435faa278aa1988b128ae1a50 |
| SHA1 | c8c8fbd5b48d5161a8cabb11fa177589f232fe02 |
| SHA256 | d5ab60b7d797b2636194cd98e02e63b3c0acdbf60a4ca46f33ee0c866bc00b2e |
| SHA512 | c1da1e334167bfdafb59be10c7c93c239dd4b63e8bc1e0c8b0089a10b1b2d77f2058a9b2e36067782a80abad76dc1768fdd46ed8ddc0fa15d95ca372e634b7e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c20eb27e19bcd0c9f48aa413862daaf3 |
| SHA1 | 0e31886be9b518ae69196f7041a9748a1da714ff |
| SHA256 | 9f0095c460d9b848a88fd8e79b8e7890031f9e435862f2ff19f9c7686fd6b2d8 |
| SHA512 | 8461b7f74e0dce73ecb5458619965a07038e96b4f08e20013e271f5d5314c4eda5b5b682dd292ac89e88a5d26b931c8ceed00782d3141a838081fffa8d6f65ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94ec52b573574d94f69643f7a4892798 |
| SHA1 | d982d6d019dfb456815c10c53989cb970eabc406 |
| SHA256 | d456424fd8a6a7b80b31f9f3790e052c7371b677b2cff5a743c0fc455a917589 |
| SHA512 | 7b3fe2f9a2dc525d3c287c274bea97a4d4599ed9b793683da0869f3fa88ad6582b55e8f66466afc172b3178be30aec09262b139868cbb93e1f63fcba71d4e8fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a870d681e2fa4e9abe47ec302f10728d |
| SHA1 | f544b6b3a60af65ae8471519848edfd4ca5ff9ee |
| SHA256 | d97f71d42b0fcaff2f84bddc7453f6df328c8ddd0d98a63933a51e4fc2af9674 |
| SHA512 | 6fa7fd84ef5e612da80ed041498d5c10f7f2ecb399a44ad32e2d1815bbd66778d9b2b74a9ae1ffd9e38e699d119fea3548778b523da0cf26903227a8857afb0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da0fdeb091289806826e546d08bff56c |
| SHA1 | 12afbe35af3894491e9343a7f205d824c0d50ae7 |
| SHA256 | 4d0282f1ea30acda0570d76b3ead54427ccd003fb4d5f39d937746d6d8b10ff1 |
| SHA512 | e99db858071021f8d7b8374423dfdb11090ab630f7e356b850915a87523fa81f2aff842d8e3ad8defb7100caf1aa558312f29e193bf874afb4be2ea3bf527bad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3621c85b22785c86f4fa1656bbabedd |
| SHA1 | 06180f53cf490f7863d32734f5bfe09eb5c2911e |
| SHA256 | 5f0cae22bd20e52e394d6165206d96817258fa77b5e3b61127141fa62650d9d7 |
| SHA512 | f692171245c92dfbf636ff681b7ba963e11de5d20c13f131427bf84d22e7d776d0f3ea5fdbd6584092a81134d7a5829c356de0786a15ba86ebc0c67736131c4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1da23b5f7106fe292e24429667fd8690 |
| SHA1 | fdaa41587a995af7e142212cf38d1df4eb752b0e |
| SHA256 | 122124e0cd82b4de8b3edad74215ac440170c3b48d7e4ceb03b06cb5083e4c2d |
| SHA512 | 58e65aa5a9e494bc695dc117a2865f038a939f815d0efcb64dc3896b0c13bcb22ac7dcbf35edbeeaa3b168a8be50fc383f9c73284789a79988c016269747df69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 580fd94c0c3f07192d9e6b14f737a1f0 |
| SHA1 | 7895a15a8111476e1472e9deb628806b43181ef3 |
| SHA256 | 8e654f2037b03e8d19e0572fd25abe013a532c21801955c12fd20e74de462f93 |
| SHA512 | a406cf5835de118fd23f75d26f1971613a41a33e255062dc81b3e0984cdefa7e05053937ff00100a6669596b5e263c799c9c007201e00273c608a01d9bde7206 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05f6903614fc297bc94fe13b72a46390 |
| SHA1 | e1fd4cd208526325841f0b3729394191322e4896 |
| SHA256 | 6439335372c522d6e7423ff6d05a9f86a8ecfae7f39f6d5bd8fcdb4c2a4d8da9 |
| SHA512 | 78cc8c168092f8fb72782ef80b4ccd874022416fdbeafec540bac4e8b808d034830fae6033474793e85ee1de70d10bb4b4e6c73d5e469d7032cdeca29846d9bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40083df8c9b38688b608d0e80a1cb753 |
| SHA1 | 93d37ed1447bb88ba46d268eccbea032ebc1b52b |
| SHA256 | 61baf388a43acf4429282f768bd4407158eedb2e53994140ea687c2bc8e6679e |
| SHA512 | 3e7bec097493b991b0297e3086d3cc8c9e11096aa00f4f42125c2ac39c84a036a4e8313868b4c45b9dc12d11b32507c35b2a5b774f7cba627fab61f1c3a700c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc6d318e1f2111ddf4fc10cf40eee299 |
| SHA1 | fae8d66ca0c7ec86fe2c63a0da6d7ed2bace6d2e |
| SHA256 | 29fc40249b0d8abd78452cc41dfd397a5b54d80287a9c14865f8145e22bedd25 |
| SHA512 | 3a34c9f80c423fb064d6cff1c9c2cd33c166352c89911395a0d211952f8306d3e9c6d003a873f72782ad137ccfb72a1432d0f6c0338a506c627e73c25bbdef06 |