Analysis Overview
SHA256
8dda46bd66ceaab922d64fa9f991ce1fcf630ca1e183514df4496bf034d27a59
Threat Level: No (potentially) malicious behavior was detected
The file a47049b1014c584a73dada82ec8a284f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:31
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:31
Reported
2024-06-13 07:34
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47049b1014c584a73dada82ec8a284f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf84646f8,0x7ffdf8464708,0x7ffdf8464718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,16305829052390672136,12074208108044514041,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5536 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | basabasi.co | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| SG | 172.96.191.85:445 | basabasi.co | tcp |
| US | 8.8.8.8:53 | basabasi.co | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| SG | 172.96.191.85:80 | basabasi.co | tcp |
| SG | 172.96.191.85:80 | basabasi.co | tcp |
| SG | 172.96.191.85:80 | basabasi.co | tcp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.191.96.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| NL | 23.62.61.104:443 | www.bing.com | tcp |
| SG | 172.96.191.85:80 | basabasi.co | tcp |
| SG | 172.96.191.85:80 | basabasi.co | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| SG | 172.96.191.85:80 | basabasi.co | tcp |
| SG | 172.96.191.85:80 | basabasi.co | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.136:443 | syndication.twitter.com | tcp |
| US | 104.20.19.71:445 | s10.histats.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | 136.42.244.104.in-addr.arpa | udp |
| US | 104.20.18.71:445 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| SG | 172.96.191.85:80 | basabasi.co | tcp |
| SG | 172.96.191.85:80 | basabasi.co | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
\??\pipe\LOCAL\crashpad_1904_EAZRCASOWFITOHBC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2ab428bbc3939cce04b1fb7c2bddda89 |
| SHA1 | fe3693304c71fee4c1c2079210bfa0b66c6d7d37 |
| SHA256 | c9c96711dac85acbde983f4bb9cb7e1a400b91f010d05e05dac320e71f2ef35f |
| SHA512 | c574e7b2144ed0eca35d74dc089da3b4cc09b2f47567c4d61266858dad1a1e94b36b9b6d8c787d37b4d2e775a59cbccfd2b86bd5a179e67af22339c8d834c787 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1c728b8ac0d5f5597583a3c0a80081e6 |
| SHA1 | 0c9ccdd97ae875cc19ab0abae6a5340d3f9d5884 |
| SHA256 | 4a2d65a6043739f9414d411fafdd950fdc9539a9c101187c44b6f5a1acf85e08 |
| SHA512 | f451adefa405f7127835b13206c00227161845df7874ee3c9deaddc50ad6e193fc668e79c0b913fd1c943eb0ff34bf4bf54fc26aec95d0921428e04db9aeaedb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e566be066d8d947372525a7b950c7ff1 |
| SHA1 | d14c7e3d67cc56bd952d8b218cc8933ff671cd14 |
| SHA256 | 57e58a771817aa2e9c3b512cd541c95dbe9f5bf9141f523b3187368b1627827f |
| SHA512 | e0e9531a1da804d6357ea4b6dbab824887d004606c7960b471c4c0b7022ba02de713020d5fde1a02ccf70bffc8086fe19df4ab322482af204d4d48c718e106cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 62a7447eb3e5f49f3c6be64b3b447a66 |
| SHA1 | c81a81b9e554f32c15f8d0053840ed772d2a2858 |
| SHA256 | e08d8fcd66a0bce1bb15a1efe3e0c06beacc7dca903f0a45db8c9f9ac55f2484 |
| SHA512 | 83ef77b85e9449f734407e4aabe9b3ca031d3374eef11e3e748ffee762770836a9d8f40f6b149cfb36e10a876eb722f63169a08f34a904bf42005e8cbafdc55e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b3c31ac2b11c7b4da4f8ca4363cf790d |
| SHA1 | feca94542c003cb19696c4a144ff9e93f842df77 |
| SHA256 | 934ac35a82bbfe64a2650c7a1cbef8249a4078ac1b18aa85f6a7d714bd531ec7 |
| SHA512 | 4d3da2178f073d392771394e1516e60955afa41abcc1651090b34593486ac9ade595bfc268ed968b77f21f9acc06a44a4c8cbdca9b036cdea21587c30fc04e49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ab5de4c2d2ef2c14bd6d417cdef347c1 |
| SHA1 | cdf27ea99990c0b78f14531eafbe1c261ee145b6 |
| SHA256 | b9824faf211d25d843bd3e4f628246effaaef8a94597d0c028ea780db52749ff |
| SHA512 | 8ec5d5a147c271860d363935cda6743cf0f63ac6a2ca1ea9fd10a99f9f4e689426fa9107997609061755e8b5af48a58d0b6bee661784687df0cc2729463ee48f |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:31
Reported
2024-06-13 07:34
Platform
win7-20240611-en
Max time kernel
142s
Max time network
153s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000975f18ae68a8b18628b02889eee479167f07b8dece1888048c6e1845b55b64f8000000000e800000000200002000000034e3a49e92172b571e5536f80e532cec429f7c0d808aaaa0c446bf7de09f2c3790000000310a5e03cecf73a1fe193b807c5bc81147cd71dbbac2de03c60c1c910534a3fb28d937878268a3b7fc8bdd3dce1c0781595257a9686749473b3a9572a9951fd543b00f0db7f05f9affeda6361144efa6530a4ccebd03bb54020c4fb2540fdae1bf716f4d663c15319a046bfddfff7007564505ced59fd628fe7f48f59de702acb85e8cc1afe3735a4cced58715ca5df4400000005e480b4d393a60d54abef19745368d0e4f65ada2f640cd39e072e03385737da289a7b385dbda29f18aeb8458d438d9052d5fdaa35a77effd2e825807b0746aec | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000004be21239dae9f774e59a790373f82cc413657a808d59cb8a6f47d6d1f254e17f000000000e80000000020000200000000b8ee12e4fa133dd6e160f348c0088c2725ff22a3ec70e10be57a6ceffaf7f1b200000004562013d664abb874aabb401852903206c74f0e167f7c2ccd4ab661336e3dbd2400000008c3c4c1fa99160e7f980a39f36bbb3364ab1655a0ee94d3c1d26752c8ca78b0f823bfe67011146ec8f38188cc96615b9694d050123cf09045db62e56b0511905 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f00458d863bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424425783" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{012D1CD1-2957-11EF-B3FC-D2ACEE0A983D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3024 wrote to memory of 2516 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3024 wrote to memory of 2516 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3024 wrote to memory of 2516 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3024 wrote to memory of 2516 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47049b1014c584a73dada82ec8a284f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | basabasi.co | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| SG | 172.96.191.85:80 | basabasi.co | tcp |
| SG | 172.96.191.85:80 | basabasi.co | tcp |
| SG | 172.96.191.85:80 | basabasi.co | tcp |
| GB | 199.232.56.157:443 | platform.twitter.com | tcp |
| SG | 172.96.191.85:80 | basabasi.co | tcp |
| SG | 172.96.191.85:80 | basabasi.co | tcp |
| SG | 172.96.191.85:80 | basabasi.co | tcp |
| GB | 199.232.56.157:443 | platform.twitter.com | tcp |
| SG | 172.96.191.85:80 | basabasi.co | tcp |
| SG | 172.96.191.85:80 | basabasi.co | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 199.232.56.157:443 | platform.twitter.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5E0A.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar5EC8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69b45fcaeec18a8952152dd9a0524ada |
| SHA1 | 53ca077eebdbc5c953facf30d288b882a6856863 |
| SHA256 | 58fee1967ffb543df5ce64ea3ee1c657ed2aaa60ebe3a9e4da3e576fe98113ca |
| SHA512 | c1ad6e9adf080dfd1b35c5c504879a3e5e0a77da3df4a4110bfb051d69ada33f48ecc01f15cf58b853066f56fb70e5ec6871ae99dde55dde7b3262352446dd69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0f644ae2226e423c30cd72493274903 |
| SHA1 | 977f223ffb15ef4596cc765c669ec6f270ea5807 |
| SHA256 | e64cbd34fcc4d28383f7731b6c99f0157bdeb597a3ed618f0d796bc97ac37b1e |
| SHA512 | 5f2c0e2198b72d9fd1bed55653c46258c5d871d853ffe8937557893bd2da1d589822e926ab3aa1efad8d821ddd87508fd9c5cc2ce84921f06c4410815bff1183 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | caa3514eebb221e08dab9cb0d7cf5fa6 |
| SHA1 | e09e546e89248c6f0f8eeafa96c1e24195a32c6e |
| SHA256 | 38468908418f56f62a80c15c62b2c91c935cea0ded12c3d4c2c681c552abce25 |
| SHA512 | 17a8762a5256dfdd087b73a48cf251fcde83511ffb6a8ade0b4d85450407064fbfeabacbd3535a3514b69178f0e7d4b59a91283cd7d4dff7213627f9f3d8c114 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a14c0d3f0e40db6c284f39ecba6f0c0 |
| SHA1 | b0e96845c5f439732b2aabaaefd475fa7aa917eb |
| SHA256 | ef36118b9c01339eab0d0c5470d906be8705f1c6a5897e652cae4baa14d3a409 |
| SHA512 | 5ca3e8109c262357f97f0e9d5054e5c60701cda98f05a369649d40cf122deb6598d31809bd1c26c30ea88e80082962b9d2927378443d9c48e7ad8d76e6ef967e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a06727633b5a61041ef6ef98414ff76b |
| SHA1 | 476db2049fa2f9aded7265da01f75ae4cc545354 |
| SHA256 | 0de718280f7cbabad7ad0cc412903ffcc2a616c0390dff05ce4c1025ad85a0ed |
| SHA512 | 99c5ffc9b9ef3abca21c8cac43070b6624cdcebb67a11ee794091e1258bbf116e18954456d350ae63bd50c94e6476361d4d55554436c139ff732f226ddcfd22b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2854d7f5653a9b4898eb2484be5df61 |
| SHA1 | 80c74b059dbac4720342f7a5d85a62333ba7d747 |
| SHA256 | eef4f9b0a0a47be0f9f39e70bfac47c0a978fa9371d4dbeb4f22588318c51db7 |
| SHA512 | 5d3e0e012a4c3d691b7f27469b1ff56b2387bf4f82448d027459a63afaa1d8032805acd80a32d4088ca54e8562783780249b9090e02faac89b897ce1bf9e2a49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44734ca4c0db845e09127290ac128975 |
| SHA1 | 724a306eb688cb57330d49e7e8506b36432c2c13 |
| SHA256 | e6ef283148021879b3cad9b15f5a00489e91003c271b4cb86a343934e1a49958 |
| SHA512 | 8dd14d8fd6ade86db83aaa8e46cf8b0f76c2de23566cc541a5c00e07b0c848307bb076be46f128d24c32b5eff030eb2cb93844bb32357df0a38dec6d2d3bd864 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa72c7c33da0ecd93615ff33f4a7532c |
| SHA1 | 9291908e790cb35fa338a506d64bf1d9a5bf4d61 |
| SHA256 | 40350b36933e157016677689add162b42292f12baa7993cb24e7dc4499434eb3 |
| SHA512 | 107afe00efd18e8925d2ab2eec2ec92e41f02b6a205fa69a8574266e53c1455c147f6b39fad5bdba03d6efe20edd44f32ee40fc897388cefc1f414b0a9431245 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95696b1a4161d4d24fe140b30b98be43 |
| SHA1 | 179b2351fae1d4a365924c3c2402292c285a93f2 |
| SHA256 | 57e32a6d65ef3761aa60504d1c577e41e66a2f716089947407410777712b28b4 |
| SHA512 | 5408d6ea7900000118d6a4e1a9b5cd4219e6c95b1003f76f896316235dddb5d2836deada7774ab4cf370660fdcfc6f2a13583cd2dfb2c2078a531f7708d4c4b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28e49194a2a5f31e151c1e0b1bb444f3 |
| SHA1 | e8aa2cc4496b435036a2c99d4144dd3adb9b0716 |
| SHA256 | 5d10393daa0293fdcebfda54380b4279f3d52215e96d0f5356ebe12823f1123a |
| SHA512 | 71d0e57983d6f56bc50b3a631bef9b615257c1ce494d59109c0ea3475b4b65e7201160a9b2084cb92cf9c3a39d57622ff98056e18eaef7da0bbb7fbe265cb5dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edbdccba342d5a3b93b444428f2d4af0 |
| SHA1 | 7e181dbcbae8a1c526f71e71b6292cd959fccb4c |
| SHA256 | db549151477cd6df73cf4135355c44425b1d1b893635f880b1266ca595193c5b |
| SHA512 | 7681e3311094dc1d25180bc714acfdf7b8d77e6f170f9960dec79644789a42b7b06ea0f9ff3f576e9dada5ec4663395798c409945390ed4c1cf1b23818762de7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 643a5988d17818cec791b0b7aa63ca75 |
| SHA1 | 2841c9555e6c4dd17993a2d757d135d6c9f38cd0 |
| SHA256 | 036323505c4390777a2e31de91101d748dfde84ec287ecc7a212eb1c1a7c66fc |
| SHA512 | fb72d5473ae6f86a05f6bf9d2348cc7bfd3f382c03a62248ad061a9ad792dd54e223190307fed5376096882cfa850745e88a148dca93637b61649f73a0560cdb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0a15f93a0a92e821cb0870561a5476f |
| SHA1 | 79f0ffae10620917f3f7cde99442667f52400006 |
| SHA256 | 7c1cd1e5a34710ac2b3530456ffe5a48eea24fbf90147aeada24979fa849209d |
| SHA512 | 3083a191abb9ec1b45e164766bf5422a0d9aada103d0d460ae7b340dc49b8b04eb9d3344c8d04acd81fa29ce1c976dfcfc3d5fa650ec02fb79f44f2e06cf0c79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ef849f0434b9e2941dd923e63049509 |
| SHA1 | 824dda24a6ac34480028aef7425580635affd6d6 |
| SHA256 | 10f83dbaed2d440793e71dc840f5b00ada29d1ea10b78a00669d9a3bc10f9ff6 |
| SHA512 | 0f577c32789101330ac69625dd85cd59d40e80cd22ce96b46b9d83fb1e760c4fd8909c06699bc2df347b541be8c47987025a992a0a2b666dc5df7598d8de583b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ed8826eb42ce73ea64c53ad0ad89af5 |
| SHA1 | ca2d45a934a332ec5177b32b889d83173b165e2f |
| SHA256 | cefa8106cf035cd405cb6ebd4018631054197cbd5f0ab6361e4f10713d7865b3 |
| SHA512 | 9da368c7eb7b2f576b36a1e73a35f2df5ffc245c11f06104892553a8295660f761297a3f41780cf0612ed806188384573a5d35057da9a9a5dd45b2f775d1e371 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1b47d258d2c99ce4ef63ca96dd79bf1 |
| SHA1 | beea644218d926572940f5213843bfa3c04bcc91 |
| SHA256 | b30a15c81ef8292a1ce86478ed0dfd57f16d60c4d82da786390f1cc6656b5593 |
| SHA512 | 5366833fbe55acea06e76f07cf122c7fe99acc1c68c2bdb1adc10efbb67bd3efd3e4373504cc971f982f081eea64ee481af72fc8bfc52ddd0cd501840d57b3e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76b8c260ed02ad2b3beacb5215f100d2 |
| SHA1 | 2406ac997cf7755cf7a152157d9b2ef9a617fe61 |
| SHA256 | e1cf94f933256989ce5e624749d92cbb98de61a517b9047f771814b901f5e5ff |
| SHA512 | 1af8f684459a7d683b0476d4be64855bb340ebcb1a03b5c0743ec1ba3bf1e01db5082ac85d5e2d6e2b164c82465e45d7fa937fc30d5773fdc02dec4f95276a4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6523fb6a27b97c0cd3e18bf11aac704c |
| SHA1 | 91ec6f7c471550a30dacdc0504f628b35e6b4c9e |
| SHA256 | afd2c6187158fb6164bc97e87f4f665bffe10c98ad0f81e70350613b6db7b267 |
| SHA512 | 5f5b3e2c88122e10e7bcdb4779fc56e7176b87b4ca72daaab5e22334d02ca3dcb5b33d64fed3d99827380259abb619b1c1cfdfd784952fb733347fcf3844bd44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be62b797ca3e881aa6a41367ef20d974 |
| SHA1 | bd430e8ba5c21d25625675c2346fcc0950d2a810 |
| SHA256 | 51174e95807879e3d0a80986f1450b5130db0960f7480b1d2f4e6adea1a52d40 |
| SHA512 | 3dda8d12211b53c8a83e137d69ea4b29fa22f724c8729f2b68879020012a251386a69359ac78f5c9bbab12d6de2416d91bb7adc9725cd3c3b9091eace43ad2d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e403e31b567ec5962891bec1cfff82a1 |
| SHA1 | 35fda7b1a35932d7e6a6cbb79a1999cb6bddaf3f |
| SHA256 | a38b26f3e28f35ed9b181f5160452c199a568916c3e9f8a9d1d9a41f43ac88c8 |
| SHA512 | 4e5c975a8f787b87c5aea3999f057b9fda2bd616c6803b3c55eb89706cf23f550e07c61e36628c5cbe999959bccab7b3597b95e883da1bb3f5dff508c51076ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ff8a4700dcfdbfe7f36f9b788cd14d0 |
| SHA1 | 0b05373b5ae62ec45dbb7e572dc25dfccf10d2f9 |
| SHA256 | 87cc1a50608b404b337829553bd6994b0af0e6e3535574ed16defa53baf17797 |
| SHA512 | 9ca17353bbbb5c28775fcd545e70a125ae0405584ed85a170c59dddb2ec63ebf643927b67e8f8e835aa9122df0c788c88593cbca41d904aff68208f3fad01c6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b8f2e8058d441c31db78a16eb7a8e1e |
| SHA1 | 83523d5e95f2bf86608cf008785352d2dd7aede5 |
| SHA256 | b9cbe5a61d4be322f09ea20afe814d951607c67baf7057b0e1b441b9883aca30 |
| SHA512 | e8c3e4958438ea4d6184a0888243cf9cfb9a740e4e6be5f29d252aa26d7159488d28934e546042e7d1506ee1fc5e4b037e6a2b1100319792737edc4e89d7c850 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 055b8a2545c59c1a8b0770957687de76 |
| SHA1 | b1a15ae3a6439322214d1444e07d2d1b1206ad33 |
| SHA256 | 4356f297b7f16c20b81cc752145ae55344126a96d12a57be626288f1543e6089 |
| SHA512 | b20bc9ec63bc5432dbd71b0cad9e587fdf7652f1416c42694d10b2243ff966b5167814b385c3fa38577ffeb09312f15bbb94405520959ae9047f513a16ec4584 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4575c1796788d3b119e49d17e7329659 |
| SHA1 | 48895546a2eba7659a0e2e3e1cc35f5f133b6809 |
| SHA256 | f622e76f34bee71e5d3de50d118f4943fe57d204ff46a9e40a7e23bcd38bfc84 |
| SHA512 | 4df2ec460915be19265a6c3facc6772a4415101730732ded84b9de9ccf080b6cd591eb408012fa25aec9268104297ea36e3968dbc67b7892416a6af0f82a506f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82ec6466b7e8d774685044d8b72459a9 |
| SHA1 | 1500af9ef735d54b1dc0daec9b254fa15b202eb4 |
| SHA256 | 3db09797a9a1b5471706043e88b39c29d498f78e44f4f24d9d3992a4a3c495ca |
| SHA512 | e6482a4726cecd7d397e6711d29971c2fcc3400a7b7680ebb00e1dd106256e529dd2fda5e157511bb2f6d78c1bde68ef401a02fa05ff2e64162c8c8c0b22c916 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddb08dc074581f9444ce6099af83db33 |
| SHA1 | a649c34d4b0d8aea4a79579bce8ddddaa87b5a47 |
| SHA256 | 3e35bcc1362949884ac2717d70bb1f1dd0c6d33d93e03b4fe3a51939d461764a |
| SHA512 | 5d7fa440a0e14ee23e5260e0839d58530121eb14c53ee6d9c867138733242c80920d311c303183976fd160743c6c4db1e2b13d9fd5a9aabfb3c83b48b1626538 |