Analysis Overview
SHA256
dab9a5ab1c050eccaa34c37784da39b36dfc6d5f51dd9b60cfc76c419e257e67
Threat Level: Likely benign
The file c073870b541dbac1fee61645e9d3be50_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 09:35
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 09:35
Reported
2024-08-25 09:37
Platform
win10v2004-20240802-en
Max time kernel
147s
Max time network
140s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c073870b541dbac1fee61645e9d3be50_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7fffacb846f8,0x7fffacb84708,0x7fffacb84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5088116672688430830,2444619309175003461,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.turkhackteam.org | udp |
| US | 104.21.91.65:443 | www.turkhackteam.org | tcp |
| US | 104.21.91.65:443 | www.turkhackteam.org | tcp |
| US | 104.21.91.65:443 | www.turkhackteam.org | tcp |
| US | 104.21.91.65:443 | www.turkhackteam.org | tcp |
| US | 104.21.91.65:443 | www.turkhackteam.org | tcp |
| US | 104.21.91.65:443 | www.turkhackteam.org | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.91.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | i2.wp.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| US | 8.8.8.8:53 | i.hizliresim.com | udp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 199.232.192.193:80 | i.imgur.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| US | 104.21.82.74:443 | i.hizliresim.com | tcp |
| US | 104.21.82.74:443 | i.hizliresim.com | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| US | 104.21.91.65:443 | www.turkhackteam.org | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.82.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.38.239.216.in-addr.arpa | udp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
\??\pipe\LOCAL\crashpad_1372_UFNLCDBCCKCWKXTB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ce395fc45bd3c8b00d23a9c7f4b69364 |
| SHA1 | cd6d6c32c9ee5065c08a5aa25c78290452500058 |
| SHA256 | 45b79743d8538e996cffdd7b39518015cbea07f14672daf4c2f94b124b315617 |
| SHA512 | 1a9e35b485b16669029b78ed9dc16232ee848225d0bf9343ba0160112992d8b3f47ec6e553f8ad482bd18b2ea4388b124f67096f98d7d641706d8cee523096f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | fbc3e2c43d7e1f3b3b685988a08dc3bd |
| SHA1 | 23678cad902aea05ef8612300b7f571f9e7c178f |
| SHA256 | f2797ea94effeea6b06dc71a67603221bec6138f56934a73ff48c445ce924176 |
| SHA512 | af5a6796229b42e069b1d5a8e2ef1094f1ec95ddb65b33136dab9b30c84666aeea0459179c89f50ea0bf5fa53e08ff5f260a328a0d2b5e9ac9709b2aec4e577d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fb95b6f1abb375a9db0a6aeb2cb590cf |
| SHA1 | 712f99abcd79dde3b0b270fb36cf74b5f7a7290e |
| SHA256 | abf79c399971e60e41c1e695a33b215a23d3d248d8308b6a52867625054de644 |
| SHA512 | 6451746cbf59e0fce86756dcd6034285eeb9ec50b30da931be046878339006a2d5a04df8fa6acd3796ecfffe928cd0bc0469ae257416fe036864ce7089b45ca7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9e5098bcacb708f6971854b7da8c800b |
| SHA1 | d2f242d94993cc1631d852c6164ab6c901f31cad |
| SHA256 | 23dc3eff9015f6505f820b7ed5b4206b8cf034e6e618e03eb9da260de36b7e41 |
| SHA512 | 38f9e3fe052be653b4c49d3f8cd23b663de691bb62195127ad7133c1889810ef0c6c659b0c8e067d2fdbec49df836e8d9d05111b3ad81bf2fbb33a758e055db6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c08d5cbc7c1d404431bde759c778a4ce |
| SHA1 | 7b8bc2f04043951ed471fbaa43aeb312ad54da10 |
| SHA256 | 5bd16f960e735315692f337e57fbd00ad125109a3e64f47d419498cf727e938f |
| SHA512 | c1272fc7706a949e9e7d7baf0dc416dd9d2ce13f0a4b0bf849a831f8317e8d750582a752b5387518e48e8bc0190edf032b6f493ac7ad1bb424518afa40f111a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4defc13d4d85ab327f52cb5a6f6f86d2 |
| SHA1 | 5a66157bcfe8841a812ab7090b6fcd1294a389fc |
| SHA256 | 124cc9c1976b29cd00ef503544d36dc5e1376a58adb7526ded41a91cb2154f10 |
| SHA512 | 6bfcfe7e23e132ce253ea6a14f0a8222cbcf17ad8b99556d86a5b675f55b1739ae15ae3227479ed4a4472b22291cec37bbfff7ae163144261e4c2224d15f5119 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 09:35
Reported
2024-08-25 09:37
Platform
win7-20240729-en
Max time kernel
145s
Max time network
149s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c9200000000020000000000106600000001000020000000cd5ab552a2ec1353c1de923234ddebec0d000bd88cf756b5731fd62a31ab0fa5000000000e8000000002000020000000d85751c34b62a3aca8914ee26643fb2ff88ffa03a118a9450aa3f9de99a691ef20000000777b4a8809e56136d68f230718003b95ccb08566dca6b066981e7fc859b7c27340000000fed125c724268a60c45b73b0a33e1f526fe4f8fdb6c38c7dafe22767247d6fca2f04bd5e6d33394971ef4b8b5164933f2b2f3825d675c273088f364983d6ffa4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d019782ad2f6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c9200000000020000000000106600000001000020000000ec351def713714a96408935f778016d4f3ece860c20bc04ca2abcd815d137bf3000000000e8000000002000020000000c798ba8ee4f4109c03d96c12e86de4bcbd2b800f348c8ba168a7a068ed1a2be99000000004209aaeb65bf2b8ab7dea048dfaa6b4df3556c6028b87fc82652b41f26e421eb5d77cb201e0e0a6745f6970bdb70e3190947541106f2349f4a0b338872e917c142c1fab783c780b1a516e3867cb83486d8fd50917514fcfebf751a1b7ecb63cc29649474be29686b5ead319cb8423840ed0b2d071492d06ef7da5e466922e8cf80617a2d050473679926b06610afeef4000000049a77aad1194c1624a509266aed7b8b2d465bb27f59c490ebac09aba98462bd8f1b20333faaf134c6e8cd429172c8626937e8e35db753f021a996f3a303894f8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{53A33151-62C5-11EF-A17A-428A07572FD0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430740380" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2916 wrote to memory of 2740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2916 wrote to memory of 2740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2916 wrote to memory of 2740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2916 wrote to memory of 2740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c073870b541dbac1fee61645e9d3be50_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.turkhackteam.org | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | i2.wp.com | udp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| US | 8.8.8.8:53 | i.hizliresim.com | udp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 199.232.196.193:80 | i.imgur.com | tcp |
| US | 199.232.196.193:80 | i.imgur.com | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 104.21.82.74:443 | i.hizliresim.com | tcp |
| US | 104.21.82.74:443 | i.hizliresim.com | tcp |
| US | 199.232.196.193:443 | i.imgur.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 172.67.211.30:443 | www.turkhackteam.org | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar3E9B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab3E98.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f63e8b981fa1c1646c99089ba22fe32c |
| SHA1 | bde5a5372118e27fd9d74b5b0a63ef767665abf2 |
| SHA256 | 0e190e45a9a5a7ac76bab78ca18953c842b6dce15ff2e6bc69f5a6a8524636c9 |
| SHA512 | 55cc6c3e81adc23c9c6ac3a728961d3ef5a8ff397b8c2a652f2088fdbaacf82cacaf0f32d0d11bcd634c671fbae8e50e660c97b9578df8304dd1122395ef74c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 9cc6af7d23261540bc6f00352ca050e1 |
| SHA1 | 7e7feb8219ef1c6de109f39bd9e2fd91a76060e0 |
| SHA256 | 810cf34d4e353fa265968f686ab03ef327f6b5a769efd6fe7b19d3315ce74b59 |
| SHA512 | b6109d3deeba857c830190444f98885446bbc7ce889e46de0a28c191c95ca66fa3d513ce0c7ce9a0e10f3af4b533dceb07d715010bfe76a666ab8b5b6429d8f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 1aa607fcc86dc218e04febbf0484b0c8 |
| SHA1 | 04ff72f900cfca65306f61aabd4b6ea337740961 |
| SHA256 | 02cf8ed5e9267c2b9658c3e07951626d85e6f5ebb3eb032e58abd347bba18199 |
| SHA512 | a2f99e445d78c1107d1c000c639fa988f71faf51ebd2a35f7ae55c8fc7160798b51c3e5de69ed99b25c5bd31c31df9508b161c31ce778b548fbdeb2aafdca1c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 84e144ce2595e7330bcc255b6714451c |
| SHA1 | 0472c649e98e3c61c3b2890a952dd06de3a7b0d1 |
| SHA256 | b073b3375f8cf0ba877912cc09cde02436e09a5c81751a2d5ac00c718160f8ea |
| SHA512 | 3dfe95f67a9881e6141f7707c92f4bf9634a8a1c6dcf8f4ce25c9d9c8247db1c5372325e853b068b8c0608541d591eac6882455803ded5f16b4f063e702437c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06c2e9efe256c2c0b179a2528c39a2e0 |
| SHA1 | b4a7e87a1b8043d82f374ceac610c97aa34316bd |
| SHA256 | 8b64cc2838e822646c41735eb929cccd1e80aefc2ac1c49a006d6f55b6ff543f |
| SHA512 | 488553507ed7dcd3e2241130ae8fa040e5690d7b40697868e6fc8a3ce1b9551707a3f984627f504173af641fe239d4de7591df70799b976169c94751d97cca5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 7d5a8d1f94c03dd6fbd16eb7b1d6a49c |
| SHA1 | d359c253f0ae612687e1fb8941598c66d5ac8560 |
| SHA256 | b25775125b9b9bff4a4b6a4e64b55594a2d428a8cbb29ba6ce1cdc74a92428b8 |
| SHA512 | c47011b80ee2b1c9dd1dc19a29a50633d6736d4c158d8ad20618e88c16d7a75a0101dbd4c22caea03310b95a80bfdccf15fae138f7a052ca385ab0cd96ed005e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | b50e2529b1e53e9e3f8eeb9457b5d5d4 |
| SHA1 | 9587b74cc8637099e31e50f5f3eb3f943b249dae |
| SHA256 | 61b83ba3dfbedc56821fdd64e85fab087281d57d9882b67fef7d6cf470a93c32 |
| SHA512 | 2756fb8b1632f37f541de72657c8da89493174c37b8493bf229c9f40d6a6414e9a400b0b5f7609b40ead53d2753c3df73b3898c64e0f3c164323d499141ea0cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 971c514f84bba0785f80aa1c23edfd79 |
| SHA1 | 732acea710a87530c6b08ecdf32a110d254a54c8 |
| SHA256 | f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895 |
| SHA512 | 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | a16f9d0900da8bdb169de42a9277d3d2 |
| SHA1 | 1ad4355020b2b59939daef5472d85b5983c2bf98 |
| SHA256 | f432e05e6caa736b2967a6d79efd8e2ad233b2b2680b843992169bd5e0309744 |
| SHA512 | 875af9bf4a38a50419e5840a93d526ffc2bd9b1180e973b24f061a56d6a1ac9387d4d2023fe5474757e3edb798df6d463f99f7d500e1d601e9681e0ff70aa421 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | d211813d3f53d4d012cb8999a971cdc6 |
| SHA1 | d5ff60b1a5daa022e1ce2ad4e50ab10ec6186158 |
| SHA256 | 01135d373a3a18d0eaadbbb875fe72fbad354c1ffa158ae6868237731fcbd780 |
| SHA512 | 3769d588c36146c8da0bcbeda02b26b2eb580f3c9c8312d88b1ab3498c0534c602588147a0ac5f943d0a3cc908fd297a79a59f7fec456907aee065d14a5d62f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | b4553037c14481bb1be90bfe45356c50 |
| SHA1 | 566b9885a8274908022d1df856833d67721b0928 |
| SHA256 | c6ae0032005a6f4a346590e5b078d0baa3db70cb6970121f8d0c9721ea2a9c2e |
| SHA512 | d4b928e4a02f77336b2291adef19e0ec01351a6fa225c8ef0081a1a01c22865edeacd5a05c141c17b98b313d1fb3c8a099f65e145536666a4f7981862deb8e76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | d5e8f7a9bc4388bd5d1117dd21f824ff |
| SHA1 | 2bae050693a200852b2127f688b50d777b9b5b6a |
| SHA256 | 9b554201d8e85d682184283e37fd1cc0d334429f29b7ff44d0d4e7bae38e251a |
| SHA512 | 4676f9eb0435c6685df530d019840b490c85a83ad79ee00f2fae0a6b721e009fb387d0f1c2710dd4676f23005835c6b87377b7484a794b72b8a43ad88b3dcb41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 61cfa749f7b753fd31357c21f5804c67 |
| SHA1 | 9570c9c9c60364c34bb388eb7a5b368a0c5c75d0 |
| SHA256 | 456f3caeb8352822e158ca305ee1e32e76a7be3fad1c63820278ba273df5f16e |
| SHA512 | 9643686f2ae4e8c6912c545a9e37bfeb55cca9e002c0bcb74ddfc0ae43b7ef6ff7e05b9b83bd14b251100372094dc6e4e6ec4d3206d52dcb29e02233c2e2fa11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 7fb5fa1534dcf77f2125b2403b30a0ee |
| SHA1 | 365d96812a69ac0a4611ea4b70a3f306576cc3ea |
| SHA256 | 33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f |
| SHA512 | a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q98GZSGI\recaptcha__en[1].js
| MD5 | 70306d36ce9dbcbd8e5d1c9913a5210f |
| SHA1 | 04949ad636f8cd09bf91059bc4aaf1973c92a15f |
| SHA256 | 1425b3dc4e809e5488aae10e2eb2511f652c6a9c3845c98c3fe69f07fe0c9e2b |
| SHA512 | a7f00ba83fee80e7f2006c9e1f0121e2e515f4956182924e67c95a8c5522f30735f7bf4a6f7dcf3cbd29a685e967b1c4ddfd72d7f1f4cefbe55326becdacb275 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a621673c22e942662d81d71b4a98f5e4 |
| SHA1 | 12765c6e1bc4dd0205fa9110999df439cce9cf68 |
| SHA256 | 47d041bdb5669b43af9417825505c54fb6f41f8f142e2c75239e2935b9b7e056 |
| SHA512 | 5991de8a6b9b8e2d6cfee4abb28dfa19499a772b0653f0ce6f7e99ab18abf60eaca28d9181843e70243305862ec27fc3cbe70bb778719bf34afc551fcc233598 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22c21d149c7f3e0588eaf6881650672d |
| SHA1 | e8d158dd35afc4d23cb25e7eef834555a185833c |
| SHA256 | e266560b058302acff1c8dc91151fab4d4d93268a23d5650dd41d9ebdf086556 |
| SHA512 | eb27f3ab3c72e5ff15bb9ec1d5178634c655167572f3261268c9a34429deb989788c83cf8c83fd99af94217d7af8874d3d6c84407b01ea26bfa457d0137d2d68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7549aa3d181816252e212bb0efed471 |
| SHA1 | 54cf424cdbf0975ccf4d9d52b9f9f9083f0db07b |
| SHA256 | 1e1b6540b7cec00237dd432858bb74caa680475988a7cd969608db272d5e915b |
| SHA512 | 80059dc6224526c80f52e039f7287357c620ed160aec1dcb26c305d4987d20d9bf623331cd1faf0ccc5d8a1dcec12411649c3c78452403f96109227bee7a6fdd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88bae19b801b7f13eafe9c863dea074f |
| SHA1 | dddad537b348579e3b3a22e70a577f70f3135be0 |
| SHA256 | 51e09da0740db91d2a5ddfafb209feac236f92ad80ae3390a6794df931302d6b |
| SHA512 | a1312c133bc04fc9fab39a162ae339f72583973aacc489b9838ebb0ba283798f208465efada30a83b3f4af5bcf904c795524387c738698455bfb8d44c8b1a1e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89dc5aa62092017521adb1f7cd20f3e9 |
| SHA1 | 01d832af3aee8a444a77b5d3911bc5d4b0e36b6c |
| SHA256 | 5efedb9f943251893573c0d96e21769a6f4899a5d7929a39ac3e81861edd4c82 |
| SHA512 | 5bef2a14d051ee76f9d5a3a1ab9f686aad0f3fd6bc93c5fb6708bc91c70a9a4065a4b240d379b6aba2434209dcfc2047f3748cf5824bcad40ee18fb880555e8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fa5b0d17d4168612204099aecdb75f7 |
| SHA1 | d10596c4508dfe22d27863f0860ad35bb9248409 |
| SHA256 | ce5a90799997d08dad1f69a4e61c06d160c41be57ad040638c2d54d4875a2277 |
| SHA512 | c67c8204dd7dcab8fd4b04dc7659a271277391f46aebfeca9749d515c3ba95427dccf95d86e4b5b67afcbcc2af9771623db61900ceea9a53734356aae663a0e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61e039481ab6258b1266315a5786ca66 |
| SHA1 | 9366c02277a024cd3915fd1069d985c7454976a4 |
| SHA256 | 4f9d8c1b17dcdfa4091f068d697e88936039882f67112baa23255543c6139ce0 |
| SHA512 | 6a083eb543a93dd827780f662a39415719669e7ab8b12c147d1eab4506fd985206a72099d4321a9209d2257e7014250cbd2d760b10263db158963b892c480e7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20909181ea252d4447ea5345d4ed80cc |
| SHA1 | ffec10104fa1a3980e745e9bb9919877a3b0f7d5 |
| SHA256 | d4293550708003ba368a0e58886b7b0e6866917e8ccfc0da8d6a57872618103f |
| SHA512 | 5661ad902d38e9d2036322e9eacb16a02909c339e0a4486dc192c4d89281ccb60b98d863fc58ffc00a52b990e84ebc2007dc1289ca6863c5791262e367188283 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bde04e48bc927fd808a576d4d605eb5 |
| SHA1 | b77e0e95a13d7b42faa135d086a1688f2b663580 |
| SHA256 | da569dd47f835cb0753c6ca08e99c07cfac5d81d1a122f27318172d651d6ab56 |
| SHA512 | 50811c2933b97424633c472045a154d003c4856af602aa41def19fbc56d69612328bf37ea85c92f1519a02a145ad5947f6be502d4b50266186e5b038fa16afa6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 299dc6929982497c173a71b320929eed |
| SHA1 | f752ff64c201606af1c5a355c05eda3da4ca2035 |
| SHA256 | f16aa90ab37c0e3ea85f2f47efe4856aaaf8d8ffad5995cdc7639091f76125fe |
| SHA512 | bfc98f656cce18c4b6ca0aba995b38144770b8ec35cac1c46f54bb1a578e9492ee8679d9683583c82666259e2b35586d588705ce3edd9b6701b2cafd89ff0bff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 012ba9b2525b6e0c4646cc73506bd991 |
| SHA1 | 77cca5f457e23d0da26ebe01320506145a08b544 |
| SHA256 | 2f0b9ce4f4ee281e300cdae60daec58326e0efe58e9972ac5b8fa28cc3cc6708 |
| SHA512 | 8a719fb53110e9fb7e079f38f36c7422a4dcb2f78c34b82130d00c4b1ee341c6c102375258b3f64695354719aea7d45f8ecb61631bed8e484ebeb67f7a11f695 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e4e0a5ca47d6a516ad82721ffb94a17 |
| SHA1 | e7175a73c1e774fd52a7f0a44a10c909726f09cb |
| SHA256 | 236d03dcca28906455c5378012f4b2ef889e8da06bca31ce6415b8e89469770f |
| SHA512 | a30c6a5557a2dba8b37f1ca8fe77eef620721276af0786c509b87d458cddac8575f31ac975e8e0a49d23d043c68afabdc1885fdffc77786fe91f621985f559f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3a1628014148b43050a07d731f9c9c6 |
| SHA1 | 51158cf8ff077df444ec19508e9589755375da65 |
| SHA256 | a7ed004b7d573a265f5cd97d4e9cf71e4835b92104ba310dc4012a041655a9b7 |
| SHA512 | fd324e584ace0db994989ab82f38f333ed4309a36125e563e6aa47bbd390d6308f8abb3a28afc61b9adecac27c00a97b6106da745fdf433c3f48d0a37a37ab83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fc6b4a021dac8ccf34face2daf97a25 |
| SHA1 | f6f89ecf849b425428abf2d92b9aba58780e70a6 |
| SHA256 | 079f0266bc9b82f8e8e129b96c886df6f58015c47ed4b5ce7ce9f51064362df8 |
| SHA512 | 28e7c5c0c38011e58ea29652dbe068d54920f302984d59e2fc03f9e58d5e88daaff84b8b494522a17db5a2b6b5b7a0cf6369f968f60057f4d43a23d68342c33d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96e62a4ee821ad303e598525e0bfcf9f |
| SHA1 | 0968d231746595826316c56eb2eb861aa29eece7 |
| SHA256 | 9e5398d6f1e6480d6ae2b2576913702f713f62a250bf095b58c06041cd52d67b |
| SHA512 | 7415c67865e32b5dbe95e5fa6ae9e8bb02fd3b6526c8e56e1e7a316e51261a0976203ac0469b41fe83d3b8faf4ff24c80c4b2ca191563642f8c84ed2efa87633 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b42aa133df8248d29d07dfd5b4152f78 |
| SHA1 | a1ec9c8d36f920554c4deaa3183dc3ac7b7258d2 |
| SHA256 | 4e92b9397444b7109fb4cf15ad7fb5134e710bae278815ea897e732f72d4cfd6 |
| SHA512 | 65cbf635d6ce32735647d8f2377d6e4975b4e78280a64a5a0b810c15b108afddafd9a6836aeae3b02d47f409a9663f245e3fd7504b09f015877575f8c05541ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 264aec1fb7ee0f25c94650aa9d19350a |
| SHA1 | c39caff769ec151f31fe8196878221a46ffc102f |
| SHA256 | fd97e7c3f7045bfc368b1e3e7075f59f214a4004f3f9fe636bca0199ab01518b |
| SHA512 | 30d93d638fae89a028c672a86fbfc17504216327c344462b8ba1abb1d1a3414d486490aaa6663ac1a84e4ad250f364b5a2b31fa12a22d041bc3cc5b7a7f61e95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58398978da6dc7de1523146adc38d6b3 |
| SHA1 | f9bc4d30b2b2e4e28e2958d8341b5d2c9301c1cb |
| SHA256 | cd63b88f152873d7f5cecd2ca5766940d314783097e57cc59272d3c693498212 |
| SHA512 | 226a17142cbb7ef95009891fa100e21de8c1309e8efc43d23a793f9f569fd579e64c90b2a8938e7a36697f0213d2a15b312cb1937ca52c909ac5fe27270a38a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55d08566f39d22ee392fea6419ac741c |
| SHA1 | ded99a1396ea706f21a2d05b8f66841f7ba29ffc |
| SHA256 | 97e5e100be0e46bdd5f9c6cb0b29171d1e5496713bed2d78e1122726271683e0 |
| SHA512 | 05db66e064c030410362735904f78001334c5962b615a002414036f165ef3246ff987b47432b744bcb8ea92ba0efd7c7b077adc70839ab0da27aa6335a8b0839 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6733589b5b0f08ff738a2bac9e75c516 |
| SHA1 | de6df82b5b4eb40a27ade055de3fc39bd2bb73d7 |
| SHA256 | e17233ea6cf0058220d8417d6b39cf9fca27744ab19c9e471b424dc4165a6857 |
| SHA512 | 182f3496de3b752067189698c212763993e308abd2767c30571bf58ebc1c1806502b0e0098ee0a06006c0941f1c1f0f9091110234a6fae44dedb468d6d83928d |