Analysis Overview
SHA256
adbea99e7ce7e16b1b8e2c9c0928b2f488b0fa2807fbcd36a61cc0ec0b65896c
Threat Level: No (potentially) malicious behavior was detected
The file a5cd0b7a094da7ed3504a61a44a26022_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:31
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:31
Reported
2024-06-13 13:34
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5cd0b7a094da7ed3504a61a44a26022_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a8ac46f8,0x7ff9a8ac4708,0x7ff9a8ac4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,17117176702007850393,7421971763851721124,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,17117176702007850393,7421971763851721124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,17117176702007850393,7421971763851721124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17117176702007850393,7421971763851721124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17117176702007850393,7421971763851721124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17117176702007850393,7421971763851721124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,17117176702007850393,7421971763851721124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,17117176702007850393,7421971763851721124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17117176702007850393,7421971763851721124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17117176702007850393,7421971763851721124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17117176702007850393,7421971763851721124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17117176702007850393,7421971763851721124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,17117176702007850393,7421971763851721124,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3420 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | st-n.ads1-adnow.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | go.oclasrv.com | udp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | ffden-2.phys.uaf.edu | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
\??\pipe\LOCAL\crashpad_2144_VIKUCIUNAPSEAWCN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8ab9fe76ec6a403d169ec8eca8325f2d |
| SHA1 | 5418180c97661a76f45efc595efc4a3c6970ffa0 |
| SHA256 | fa711baabd0aef4ebbab616c2514a575a9c51b8e293d59b06f37687e02c53ac0 |
| SHA512 | 0387eaa4cdf8c9989737ba721a598d516c93385ac1128d84dee46039736c5cd9fc2eab5434200e1b765e93f3a496f8a9885828c623c06ae868d0112cb5cc2f4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a07ddcae57bf11a2a1209b3fd67f0693 |
| SHA1 | d03c757cf47ff454200327fef10981a0ef1eb9f5 |
| SHA256 | 799c6695c5c165c4b4740fbbd1c63e628a82337278282a248703d1f017ee2ed8 |
| SHA512 | 7ea844106eaa689546fdf45717a836e3cfbc1fb430d64f9bd70bd7c1ea6a3b39217b50e6e08eda7611b6370556836c1339812974521305d08f271e2c05b7e921 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f370a39a2ecaf350355fd2b74dcb5671 |
| SHA1 | 69ec799d765510f3eaf421d42eb8b26cfad69f53 |
| SHA256 | 53222e4b75ed5e748357570878c3b84f63732b9cc464ae051ab029c8f831caad |
| SHA512 | f925c85d4e47f84a7561465c00a6070641315a991d141fa26b0b34cec2fc41c0c9c7f509a8be94ca2a099a28ee52b972d91c395e043bccfe672191ed052f7ed5 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:31
Reported
2024-06-13 13:34
Platform
win7-20240611-en
Max time kernel
143s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4B30EA51-2989-11EF-9E55-E6415F422194} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447381" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5068293996bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000a31316d80455b420d470c5961f1952debdecd330a5bf53ec9e2674d5db424f0f000000000e80000000020000200000004aa149b4d3cb7b719a7efb00580e69b6df6df8945788cc4da494a76461821882900000005c93f9a7f85fa8161fe721c298d26eddfabcbcebef778e565936194fdc22c8072adae01ea3ff835adc234bd0b99ee2726c51bc47df87d0c90ffffcd1fe84366e7ec10aad60091cb6ba94b22761a3f9f76fdbc10bbb2c47eeae81b56bc09eb63265c635f929d8a9aca99d3cf691437456ec999826efac9948d2eb121f9e70f661a0f4f08a691b799cc795e9f77f0502c840000000ef0b8c4778b8a69ef035ea924aa6aef3a4dc3e89a62f73ba5a776cc8388af46e902f579a24e568fb133c0ac5caeba9615b83e40ebf3e4da8aebd6219ffd002df | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000097cf8569211de1a5c9075c5a2975ded14d0663bd037db0f450a3beb2ae3440d8000000000e8000000002000020000000164278cfb34190426f0f12070aa9109c460c63f55ce3e2c1efc009eb3b6b393c20000000cebb3177b41096d2261a94762fe5e53f2108c3387003c37b129f47692a41798b40000000b76e60bebc647a6cf354203ba913c1aaae1bca1c46ecb280334e58628034624cd12c202df2f4b0ecbd147b918816e352b584e53e1a37cd3dc46a7ac6a4793022 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1440 wrote to memory of 2840 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1440 wrote to memory of 2840 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1440 wrote to memory of 2840 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1440 wrote to memory of 2840 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5cd0b7a094da7ed3504a61a44a26022_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1440 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| US | 8.8.8.8:53 | ffden-2.phys.uaf.edu | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 172.66.41.9:80 | resources.infolinks.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 172.66.41.9:80 | resources.infolinks.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 137.229.65.139:80 | ffden-2.phys.uaf.edu | tcp |
| US | 137.229.65.139:80 | ffden-2.phys.uaf.edu | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | router.infolinks.com | udp |
| US | 172.66.42.247:443 | router.infolinks.com | tcp |
| US | 172.66.42.247:443 | router.infolinks.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 137.229.65.139:80 | ffden-2.phys.uaf.edu | tcp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 0e028ed5f33073b939c1187b7c82984d |
| SHA1 | 8daa32a794eb7176be7e816f3bd5c3cc495b22e4 |
| SHA256 | 14a51eabb319f6d8cd12c2b407db6d6d741ff47c9aa0746cd20628344d941bf5 |
| SHA512 | 9063637993d01179f0efdc6edffe2da3a2a0eb320cf76939867f4721b5087ddfd0bdf1277e0219c631fadcfb9765ab854cdc7dac659cef79133a6cfbcf311791 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | e0c65ce11d1c0e71c9abd43fffc429f2 |
| SHA1 | f882922323506ccb6555c10123a4ee1c2cdc1e3a |
| SHA256 | 45ce4c65f1e5057db5ffeedf6c058d01998f3e00552a55600e57a438efc496cf |
| SHA512 | f2fa5c312885561f9fdc8ee9855913f7a0b893c84c1e487bf338ed033a8b0e29306936c71509d707f4c1adaa6daaafb5c21d0dea150fcb9e98ddc3db2d13f4ee |
C:\Users\Admin\AppData\Local\Temp\Tar6FF7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab6FE3.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2598ddd3b13842dd09da340aa6e2e7a |
| SHA1 | 8b77453516bb11444bb35067b9498508fd5c847f |
| SHA256 | 1bc6d7c15029b5f8275de5caa77a67eb5f2457844e34160d8a13c0ca8101de63 |
| SHA512 | ac13673c410cfa38f06758b60bff64bbb0689634f2af88013b376f1e0dc285a01d3bf50aed57bd4aa849c50a75e93bb2961b7cb3920cbab6bb1fc2b70ea30e8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | 889948f69507ed4fd8cd5e6e734b023b |
| SHA1 | 676ce0021f3e79dc9547541ce1f3f4f389eec7ca |
| SHA256 | a7618269f5ea73cbf534b4b3c08d1f9bd498ddc20d7460f22585ecebf347b1e3 |
| SHA512 | c1355db574a7ca00e805c24d6d813d531ee41c19b6d70aa64fd128c6114b7751978cd67985be1becb93da3c3a5fb09a9d0a78e9b796a7963eb179f34d6d21034 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | f445bdfeacdfbe0001976d22ab0a4b37 |
| SHA1 | a1af11ac5abfbd15d024480779b430eb6be272e8 |
| SHA256 | 248235b5af92d64019750d0bea84b7278f7130eb2e22657bcb548e36cf91e2d0 |
| SHA512 | c6c015f014bc64f6425d6b7f1b46f664b9bfa8377f21698aa15f4c0f7c0b87f548ba41fb905abecb4572ff0e45d357798591058455c7d7eb5890277f3a47701d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\platform_gapi.iframes.style.common[1].js
| MD5 | 682c26af19b240f98d2cb951721fa54d |
| SHA1 | 18e58b652c7f82a55ab4b1910693686049e25d62 |
| SHA256 | 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980 |
| SHA512 | 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\cb=gapi[3].js
| MD5 | f9255a0dec7524a9a3e867a9f878a68b |
| SHA1 | 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b |
| SHA256 | d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d |
| SHA512 | d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 820e56c693a2b9d72cee049655119f41 |
| SHA1 | b4cc248a5dc2efa72a253877567d04844bbfdaf8 |
| SHA256 | deb00a7f5f41bc50f390fcfdc7fe08d5fe40c6807213ff67689a54b494819a31 |
| SHA512 | 7bd5ac6cb467e11cf64d5758df5e7b0605991c508b85765cb3a1a0c0f7d2c88a5394c9eb2a2192082366cd6aa429e8234ba0cdb38a3bbabd2da5230b73165807 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1f6509db20103d2574c172eea7794ce |
| SHA1 | 014179ed4274e75efc198f862c2decfc65b7efcb |
| SHA256 | 4338fe18e17f40faa571161b77c3fd91ff35a60c2d52f4337cce878ffd95ccc1 |
| SHA512 | 54d3f3ae400f2ad2bf334712c777dfa4e25c10d57cfaee99c0ea8be54d0ddb4702f610b77afe79e82e80161cd982d367d579624a3dcd680e7102526d05f580b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3693723b4d67f1dd64f8abd5e287a121 |
| SHA1 | 796b3b9830edd88053b79c85ac06350f8cdc35c3 |
| SHA256 | 6ca681706c0eedd6db010905542dbbd6c0b22eff6592c0c7a4600f04e739343d |
| SHA512 | b162c92f3cedd3e08dfc5d42585c706c104624ca7e2bbffbea285026f159016de2d63eff0bb6e7237219cdd10c7ac235324bfb923fbcd47a62e0654c8b2922fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ef607aa32eb9d8a080564f0e7b87439 |
| SHA1 | e817179152586083610f9a570ee4a8e637a08af6 |
| SHA256 | cbc17a7cf74eef25ccb921244bec92872a1381257304360d6227777167644f12 |
| SHA512 | c2bc650402994a7f8068748ddc55ec6adba1cd7efbf819ed49c11a34d2a5852ce15c621bbbdd21e8f791cabd3f26bfc299b3ccb96a8bfd0c36d2dafc4f9b3dc6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 106c525b02daa2097de149d7047a7fe5 |
| SHA1 | db19fb768cb7b716f99658c673b1d14e475c37e7 |
| SHA256 | f98980b748ed93512f092b3a75f83a9ff9717254d45242ab80629832f477e60e |
| SHA512 | 389d0befa42e1e35222b7ee78ec79413efad79687f18a19485fd82516d9cd04c4628e313bcf35ee85d39cd79349833615260d0813307d56d3ec88161ec71404d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3dffb80c780de63fed6714e48fc7bcca |
| SHA1 | e240c7812e4ceff27497a18049a9947981e08256 |
| SHA256 | 8ec135c47f4da79dc484c9b94491b8983738d1525983fe454b04e175a21f8282 |
| SHA512 | 1f2a72c04f8198ed823e8b9675fabbe1dbce66972c8bbdfc4ce669986b122a831cdf2cc44b97c05f8c1f98f3f4e0d1eb9f0ff27190752f00d893b917e2a99a88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51ec1d3a0ad81b51e3b95ec494bcaac2 |
| SHA1 | eea1df9d0f06158c42c0282f08e817d442813634 |
| SHA256 | 12323f70b4a538123a45c59a9ac6a5311a6c0f8aa053bcb97dbdfba6c799112d |
| SHA512 | acfbf1360eb9d394a6fbcb3b87b86b34b9037fa5f044b0010faae1cb1ac2cf06b469e2ed56a617b10c03022d45ad8d35c6d70f731250f8c3048e97dfa1e8139d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2469806cca8aab107d962bd4e724fb0b |
| SHA1 | eefe1537ecd08be97290da86ae2f1e264496fe39 |
| SHA256 | 1aa5af72e5e6794984e61070fd382958328d7840cf7bd13930bc3715a5872f33 |
| SHA512 | 108dd2f64621e7ecfb21271f7e0cd11c46ff2fce9c5d8471a468d5344f73e1ae4855402573c68a9dd000754ff9c477f9f1dd5e66fe9bff4ccc7bffb4e0ad158a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d02e8dcdb9ddabe05b95154795dd180 |
| SHA1 | dfe09e88fdb3cc7d0cc8c8f82acfd8c7968e4327 |
| SHA256 | 33bd4380c5832217886027c51a3ccc2ea6c2f3f994d19d724746f5605ee47ec2 |
| SHA512 | b8ff6f6c8dfe2639c47fc99107ae15d537cd8415d43ab4f5b6033d4f77791e95fd6f83ab65d4f267b1c299643788ffe8cc9b0534843b431921df9232d1e293e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bbaaab197ce3b574c07410ec2597df41 |
| SHA1 | 631a887d37bc476640e7c30ce0f3aa3dc16d93ae |
| SHA256 | 932493b494b44b47036b723e4cb08f63c6b4fe5239248acc558899f45e9c6805 |
| SHA512 | 8fd1fbed47d63a767e4ecf64109a145d17fb254bcefb82a47f6c8fa7674c84a786929045b77946f5631063d0705ed52f06a67e7e47307e864918f6ed63c9ccac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e8e6b349ddeefb4609422b4f414d5dc |
| SHA1 | 96415d14a7e2046e4672a94e08a331b8ab7138c9 |
| SHA256 | 7be83c6692d9893583e801a7fb2fb70049242378a99b90e28b8121d183cb2b8b |
| SHA512 | 8e36e75aeb067692feb040d23d52a1c30c7b168b42cbd1d09818915df0b4e33755e8a22e49a0c6d4bbdc7652e3448603e3cb785aa77c28ec9781f1b133310ed3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8558074678be01047d63027d43ac8fd3 |
| SHA1 | 18773eb3fa41c076d569932e2aeba3ade6301efa |
| SHA256 | 27909ea084fa1da0526ea4d2053e5d7b36acc2ba3606e2d921b7fa5875c6f4b6 |
| SHA512 | ffcfd7208de9fd337bcf50af8a452fd38317d9d569e9a3a998cc77107e19511a6bcd7635c8b47580879df179f06147e3636dc4dee4a761575776213964f7a930 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21eacfbe410a2ce46672bfc19faf29ee |
| SHA1 | b0cea4542680c15868cc8a4151839b7018bc236b |
| SHA256 | e92f49f55b763c524462b0f0b6d355fe272f5d675a2290a91857e61bc695b3f7 |
| SHA512 | 5c18ec09794f51968575b5d572c54968923c5eb3dbbb18f6037bb8c8a2eadcd3ed417010ad7152cd855548194d62780f2a37ee6f7bac682623746b8e80e66b02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 765ac0aa06b12c6296f030cffd1a25a7 |
| SHA1 | ba81dfaff7fc0d05cc9bb1f43128c7e5b84d2179 |
| SHA256 | ac6d7e7016a88ff2970af37517483ff4a7a81785d60b7ef0a2d20e0f422f60e9 |
| SHA512 | 2fe35350a2202460570e1300f53baaf4d5addcacdfbf95b2b6fd33717f090ee4b41fc82dd6c980c4f826adf0a0ddc1794b5798823e1e9a1d95600ebef07bc7c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e996a345ccdcbb9c5000f4925baf4e6d |
| SHA1 | 4c81ebd7aa1645aa63d08d95397473b85940f651 |
| SHA256 | c2fb57f5b01e0960ef3bdcbf9b5afd3646ed8c93afc5c2fac83ef65acacfbeb8 |
| SHA512 | 99621df18e95cf11ad3173449ffa9c4b25196e26399879f2170646b6a849c70c2c6df4c13e47329d3f531284d1f780fe2c52b26e6f8f436fd996340747aaa6dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d617afee18391d5097c5b5d258071391 |
| SHA1 | 37f594d0239a0dc046cea427933dab211b80f682 |
| SHA256 | b1306b9c7ab0fb44e0da7a917a386035a8edaf21004ecf9d696b28b736e9eb0a |
| SHA512 | 453b8d56765f8b24a13b858d0fe3ba230e224110aeb4495994fe729075db167f35e5154426de2ce80534f3c9966a367ebd1397787542c44b1f6576dbbe295bdc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e449fe69c11ba553db6d356b80233361 |
| SHA1 | 9c72a937ceac4c02323dd4ef3b74186a3aa16215 |
| SHA256 | 3dc2a23b9ec1afa5ef2cec09f497eaa814b128305d78dd77b3a1fdd2e2318e39 |
| SHA512 | 6370db3e947a9a9e270f73cfbcbb17a46fdbfa3ad5df20747eb1afbf85e4428fd34e14f3e9b40d2aa5fe060c8831c2e55206a199e685d19a91c84dc23ef787d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af029fce1d174a23153b84e12f3a58c4 |
| SHA1 | bdc7c5efba6a371a6ecccddd25a297ce71202c8e |
| SHA256 | 7aa54af2c0931ceeb623deb63cb9bd02defec440b0774994fe3edf9dc4746986 |
| SHA512 | 0d41e423fa9e5bc5c7fc4184cb35a4cb78e48b8f1576205223d0089f0858027a712ea7e83aedcd7d0bfa42ec8c0025e893f6a8dbed6625316a80dfd47e7f3bcd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b138d434ec89f800fad05d284919e2e |
| SHA1 | 7a8c4ba7311db36fd99061a144af0eb7904a179f |
| SHA256 | c5c5cb49ff4fdf09324f499bbf7a844e0cd604a6220f282cc79979c4d88f2746 |
| SHA512 | ef4d00dba0029b6127a52cf0b2bfb56dee8fbb8df059c2751319d49ebfd0f3303c0d122375a8db88bfd64d8b0910a30c8111e926116c3538aec1c7dea518614a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8932cae48bd71e8201dcb684040b4e83 |
| SHA1 | 55f73b888ebd73abb5f3335f1a039ae0a97155f5 |
| SHA256 | 1def2151b95f5de541f0e5f711596ecdea155258d850b7251d54ea1102b5a2e8 |
| SHA512 | 695a99ecc56624ca763930ed540e8f178ce41ee9ca3d83104e895cce187ae89ed5142e2f30a9dc756c4cf218ccbb58f856a5c0db121c4be144c52dde8bbbcf27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a603d99a6114b0d82b4ad8d38a3b65b5 |
| SHA1 | 479c3ad07f92d4b5c8f49ae87b94ccb88d82a161 |
| SHA256 | 7fd03437220c4af0c6b3940bf8e473d4b84ce9b3232988fb2913c30deab4bdfd |
| SHA512 | 173de164552f7c383f2e40dce37c20534968c9becdd645e067cdc0e19675c0821b95781f9248e6910ced93da1f2dbf4c77642c46b8d8464a90df47e1a5aefdcc |