Analysis Overview
SHA256
6458fc166f5dea867237ded207571f1bc50f9ccf04aa31467776a729224ebfbf
Threat Level: Known bad
The file a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Locky family
Locky
Locky_osiris family
Locky (Osiris variant)
Deletes itself
Indicator Removal: File Deletion
Sets desktop wallpaper using registry
Enumerates physical storage devices
Browser Information Discovery
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Modifies Control Panel
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-26 16:08
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-26 16:08
Reported
2024-11-26 16:10
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
147s
Command Line
Signatures
Locky
Locky (Osiris variant)
Locky family
Locky_osiris family
Indicator Removal: File Deletion
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\DesktopOSIRIS.bmp" | C:\Users\Admin\AppData\Local\Temp\a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\PowerCfg | C:\Users\Admin\AppData\Local\Temp\a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\Desktop\WallpaperStyle = "0" | C:\Users\Admin\AppData\Local\Temp\a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\Desktop\TileWallpaper = "0" | C:\Users\Admin\AppData\Local\Temp\a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\DesktopOSIRIS.htm
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd817746f8,0x7ffd81774708,0x7ffd81774718
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,1817668484443414178,14088413689020156868,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,1817668484443414178,14088413689020156868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,1817668484443414178,14088413689020156868,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,1817668484443414178,14088413689020156868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,1817668484443414178,14088413689020156868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,1817668484443414178,14088413689020156868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,1817668484443414178,14088413689020156868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,1817668484443414178,14088413689020156868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,1817668484443414178,14088413689020156868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,1817668484443414178,14088413689020156868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,1817668484443414178,14088413689020156868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,1817668484443414178,14088413689020156868,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| TR | 194.31.59.5:80 | 194.31.59.5 | tcp |
| US | 8.8.8.8:53 | 5.59.31.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
memory/428-0-0x0000000006A70000-0x0000000006AE2000-memory.dmp
memory/428-1-0x0000000002250000-0x0000000002251000-memory.dmp
memory/428-2-0x0000000002250000-0x0000000002251000-memory.dmp
memory/428-3-0x0000000002250000-0x0000000002251000-memory.dmp
memory/428-4-0x0000000006A70000-0x0000000006AE2000-memory.dmp
memory/428-5-0x0000000002250000-0x0000000002251000-memory.dmp
memory/428-6-0x0000000002250000-0x0000000002251000-memory.dmp
memory/428-7-0x0000000000400000-0x0000000000458000-memory.dmp
memory/428-9-0x0000000002250000-0x0000000002251000-memory.dmp
memory/428-10-0x0000000000400000-0x0000000000458000-memory.dmp
memory/428-11-0x0000000002290000-0x00000000022B7000-memory.dmp
memory/428-12-0x0000000002290000-0x00000000022B7000-memory.dmp
memory/428-13-0x0000000002290000-0x00000000022B7000-memory.dmp
C:\Users\Admin\Documents\OSIRIS-ae59.htm
| MD5 | cf36ae019a12dfed39874edf55115db5 |
| SHA1 | 610b9e79a5e3ae1592ddcefe2be3ba5a63bf2c5a |
| SHA256 | 0dc7b4221e0fbef2c812676100e709788a283eea01772bb1b47ec102ab97bafe |
| SHA512 | 304db2e62f92f6689c9011bcc6c72e052bed43114ed5074dc9e32de3473fc48ccc48f7aa5a02bd4e94722bed95381d611033d542b3eecbf2b483bd5c46f2505d |
memory/428-330-0x0000000002290000-0x00000000022B7000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 37f660dd4b6ddf23bc37f5c823d1c33a |
| SHA1 | 1c35538aa307a3e09d15519df6ace99674ae428b |
| SHA256 | 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8 |
| SHA512 | 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d |
\??\pipe\LOCAL\crashpad_3788_MFFMDFYTBMCUMYRQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d7cb450b1315c63b1d5d89d98ba22da5 |
| SHA1 | 694005cd9e1a4c54e0b83d0598a8a0c089df1556 |
| SHA256 | 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031 |
| SHA512 | df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8d74ee1dfde1be59227a34bc8bcd9c23 |
| SHA1 | 1d32c7f03f2dd1dd0a6bad3e2fb511dcaebb47db |
| SHA256 | 6b4dd1022ce12b5d242c4b5de9bad25675c3472755915c68fccab87d4636beb2 |
| SHA512 | 09291eeba3500e29207ce7e4c3c929175feb214e4e4a3d806dfe01f7b7a845d6e951e0f0f390b348d9e5c7b907047962ed167343098e7ea453a45f96838ab124 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fe123bd88ca0acc93381abf790f53694 |
| SHA1 | d37ef5f93420b70b9f559670c1eb138a515269b3 |
| SHA256 | 20b09d8c8c5dd3c11344e2c7e934815ace678e606a54a3e6355bf23d2efdade1 |
| SHA512 | 80d14048ea59154a6d77b5324d13763633136fed0a258f126e55724f6abb1500a43050771fafe0fe5e4fc0838695795cbf42f9e3882018ed36f4f92431585f3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | adba72c066efce2b8690fc81e1836f41 |
| SHA1 | b7dd7ef83cac0db0dfa4e5c5cd366d4767067145 |
| SHA256 | c6c5eee02369fce89503c12b2f7da991c20dbd55169847da9aa8808eb11171e5 |
| SHA512 | c9feff53c5e507ad5e82e967134340f2800a2956da8c65058650ca2092b5f382202b99e64e975f2d9731b523b85081cfaab393e515ed8a06965bd204295e534a |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-26 16:08
Reported
2024-11-26 16:10
Platform
win7-20240903-en
Max time kernel
120s
Max time network
137s
Command Line
Signatures
Locky
Locky (Osiris variant)
Locky family
Locky_osiris family
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Indicator Removal: File Deletion
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\DesktopOSIRIS.bmp" | C:\Users\Admin\AppData\Local\Temp\a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Control Panel\PowerCfg | C:\Users\Admin\AppData\Local\Temp\a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Control Panel\Desktop\WallpaperStyle = "0" | C:\Users\Admin\AppData\Local\Temp\a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Control Panel\Desktop\TileWallpaper = "0" | C:\Users\Admin\AppData\Local\Temp\a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f54200000000020000000000106600000001000020000000c390c3988a16052bf04a4ae0ffd3c9ba93dff9fa7b63fb8410d365b64dbcd7be000000000e80000000020000200000002754c34381e86a8a1a1ac79e34f9213f3ddaaa5c14d8f3d3f8b8296ddfb5fd509000000052ea2977cf582f0183f0815c1995ea42abaa08b765cf1061cfb117d640c9e8d3f1d429cd87a072e8cf796dc63938b2751e8f2f125d85dabbb7284c83bde31eca9a11956b8f5a4771543e07ba942ed807665d89c2441c8b11e6aafff22d80a7134ab57271433bd898e4d4b64f3fdac2276f37282886b89d73fee31029154620c0119f8ab10edc8ae554347e9481d856ea40000000c0434dbac63a360c9b28c2ed53120cd6d2251a2c65731e6c5b1ecbc69ab550b4d933cc1c101f004d8d0af7431a4693fdf60ae5af8f9b2ccf8265dac93c0b03b3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0dd257b1d40db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438799167" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A691C541-AC10-11EF-BDF2-7E918DD97D05} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f54200000000020000000000106600000001000020000000b6ccf5e587b5f572d9d8f2b3d22b2852b3f6049123ac69b1c59498b85bf90c0d000000000e8000000002000020000000c11a978074cec45ab69d52fe500fb2cee47761981f43841904beae0cf069ff24200000000a866946b7a6d20c5b54f96606fe43e33a4f02719df5badb2099cda567c63f0340000000bfcdb875b1edce3cfbb2c53d9e16d17931f7a4cf587a5de6a3b6e3e099a834f112f01d767c3b99bd65c1d8efb0a17e959a8dda1afaea497fbb77b5412c07ac4c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\DllHost.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\DllHost.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\DllHost.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\DesktopOSIRIS.htm
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2760 CREDAT:275457 /prefetch:2
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\a2e137b96fcf8ffe157b8d9b871c9c2f_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| TR | 194.31.59.5:80 | 194.31.59.5 | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2612-0-0x0000000001F60000-0x0000000001FD2000-memory.dmp
memory/2612-1-0x0000000000270000-0x0000000000271000-memory.dmp
memory/2612-2-0x0000000000270000-0x0000000000271000-memory.dmp
memory/2612-3-0x0000000000270000-0x0000000000271000-memory.dmp
memory/2612-4-0x0000000000270000-0x0000000000271000-memory.dmp
memory/2612-5-0x0000000001F60000-0x0000000001FD2000-memory.dmp
memory/2612-6-0x0000000000400000-0x0000000000458000-memory.dmp
memory/2612-8-0x0000000000270000-0x0000000000271000-memory.dmp
memory/2612-9-0x0000000000330000-0x0000000000357000-memory.dmp
memory/2612-11-0x0000000000330000-0x0000000000357000-memory.dmp
memory/2612-10-0x0000000000330000-0x0000000000357000-memory.dmp
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\OSIRIS-03c7.htm
| MD5 | b7eba84eff8d5142c9c6708fea75009f |
| SHA1 | ca56d3d564a596a7e9b1bdca65e646e952f9fbb4 |
| SHA256 | a1161e3900158b65a0f5189fcc21aaa5e51737964e8e4b23f72753d331455f9e |
| SHA512 | 4cdb6f756e3f6e8bdb600aaa0edb26c760ec823be685f7ec5ef7538d43c9a2be14981224af1915774edf6ad68e1fc84d1280dcc38dcaf7ec70bc20c597059ee8 |
memory/2612-358-0x0000000000330000-0x0000000000357000-memory.dmp
memory/2612-363-0x0000000008800000-0x0000000008802000-memory.dmp
memory/2820-364-0x00000000001E0000-0x00000000001E2000-memory.dmp
memory/2612-365-0x0000000000400000-0x0000000000458000-memory.dmp
C:\Users\Admin\DesktopOSIRIS.bmp
| MD5 | dad37d78b1d7d66283677860ffe7cdf9 |
| SHA1 | 409137128ccf44c0926f8e480220bcb5d12f079e |
| SHA256 | f20df1fe207fccfc088d2670d261c57fc4d4f324643fde319cba0624da483292 |
| SHA512 | 3e2a597b5b4b47c4fe2d2dbc88b687de451cc7387213dc15be52000b456ab52d74069e058fc5b5694c56cf8514571ef85b8f7a6e44fe6a6beafe5c4809e00bb7 |
C:\Users\Admin\AppData\Local\Temp\Cab20BB.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar212E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e3cb8d13f893b77b1101e03f24e01c0 |
| SHA1 | 69126d024343406e861fd2d99b980891916c7426 |
| SHA256 | 046a782ec074a7708485ae6179cb5de04065ab992c0975374eb45a30b18f5c71 |
| SHA512 | ec30d26c867c9f507ba53debeea07567a1ad7ea27903dfdc6d22048b23c74f38cd72d43590093768b88997995983ccb1804096153576a5b6038884025df4f4a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e5dbd3686846a953b7bfaaeb91e68d9 |
| SHA1 | 6d7ffb4ca9dae1aa666a46afdafaaea0807b0d7b |
| SHA256 | d8e4f3ff4577d15b5694ce316e12ca9712424cafe6054ad9d7eb7e769429b63f |
| SHA512 | 0dadf296ceaa08f138622f5d3c89d8d1af8bc4911f89a177ffa3ea832d83b09d71510a45572428d3a26bd692bb94e3bda79f44934e8f847797b3bd908c7f5b0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e32e36fc603732087416791e8338fb15 |
| SHA1 | f21e9becb88882e8c3feb2cd16bb200a8afdea5d |
| SHA256 | af5bce8bee936a62f59316a7bbe2718360162dc6d8c629e83712fad711d147d9 |
| SHA512 | e23082df89e82c53eea0ad04418153c5a05de601689ee5d2538bb3326204eb733fdbe530a74fef8c2a737647cd20352fec370ea30c73abd3a87ca9f38e26c39f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ce9f56b6204fbf5626fc78e8971b4fe |
| SHA1 | 31fd0ef0354ac64759c4dded9aba5cdbca91ee9c |
| SHA256 | cd7944fbcc8f0d28b6bcb212cd106399041618af0ff80e954238b6f74d226874 |
| SHA512 | 86923242bcaef2fcde05c4dba18d083ed656746f13317afb8e8b49961a0e8970fcedb072f8716b215c4ee81e29dc0a2ba0145821d9ee2d6b17866929cb54fa2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fe5f764b5551623c6f4d377935c5564 |
| SHA1 | 60ec2905a6a427570287acd8626f48ca54f629b9 |
| SHA256 | e7fd5b651cb80e4720753f0bbcb06c1a3137e0d1ea708d4f13f27eb90af38b0c |
| SHA512 | f7f628adfdceb984b09e7670876ae909b860c7380c8d0fb740d2421a94b0ddf5d980e5279dc5795218d8ecef7b2bfc81132da71cc9a6723177985a6f18615d70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab8f30062410c4610b7a8e5022c606e4 |
| SHA1 | 63b740a632eaadb70f57411fd042e0b27a61385e |
| SHA256 | 6f671803dbf134f61f334f8d9dca53b937d3fd8ac789e7f131e152ab09280949 |
| SHA512 | 452166aa74b7cc8bf61cd9ebb85553e7d593b76f69c3a035929b6750437e35088da2dabecf03803532dcf76578e6aa955affb2ae6a82a54de82932cb041fcebc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0732e25aeeba074f4074ddbbbcf4096e |
| SHA1 | 37352efe92776fbc6af64883ed906cd680d247f7 |
| SHA256 | 108446de7cdb5e2c691d219c42e5ede8368d1cb85489f147d3e825f23b0507fd |
| SHA512 | bb4301a94e9441829cfaff81b64b27d39da894d72888b082ef2468aa0b7d4291c2ddd6d2639bfd691cbae0432a4ea19c11199510645e4b7a60aaf4d9223c400a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b886f9b48196ce2f787ce4a36d6b19e5 |
| SHA1 | d0db1128529c24b6f6c1be9efc3fd73f8d2043aa |
| SHA256 | 02e7bfa9fec6288e8f99ba51cae69558dc7a24cd4b73b996f76b692f1d96e175 |
| SHA512 | e37b923891215a05bedf00c979199586d43b96079b346ae8e82da72a86373f2dd3b11bebda87b2c96298bcbe0956068e40636a2322daec976de545e2dc148a13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff614f9c136ee2b8572173e5a5ff8103 |
| SHA1 | 0386ae32e80117baa26b202020c788010cf88784 |
| SHA256 | 6cd2d347bc0099b051e960ded69b40c3e0f1e66335f6b4dd02b02b224d853b93 |
| SHA512 | 0d2f33e896f67db9b42d5831f27266a5f4e753d1e61d5295b6f1f8f1d816b066d8751b81b925f7ef01b42666ff05575789c8345a238279e661ef376b21827e81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d219a0d990ca593e5fe38e2486b02eec |
| SHA1 | b60e50911a73a31d0f96b746b8c0c199caf9b265 |
| SHA256 | 58bbb23e9ec1a39b4893912a685dd5c12d8e5dc78d60c4418a02677bac283f75 |
| SHA512 | d7d62433333ab0fb59c46495ae4c24ceb2216183bc339090e138d9ec775ca362467c44ad60cb13f3f0fecbcf0c4f06545896c51cdb324494187eee239cf70d9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1910724912cc255df41dba578cfee130 |
| SHA1 | 3896d9f3851381356f64f3daabd4b046fc3f377f |
| SHA256 | 01ebcd5afabb7a9ea9b38633be767f3efd3409a6c13bab1f25428a9e04927805 |
| SHA512 | eb77c7e977438e0a2a8c336772b6ac2a522cf40609e8c83dac7cbc6422e43b323f79298bdbbedf631cf7ff547e12ca526951b39e7785fbc424952e54090037fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76ded45dc258b0b8888bb14c0b0f9dc8 |
| SHA1 | 129a7b2b2373f0356ea8d30ae22c079868de1692 |
| SHA256 | 63d8143488ed55998b81984ee1a322ec871dfdb39b6b18f0752d6b79100cd2ee |
| SHA512 | 03fd766de5b17d2d6802a19194a005b57b08c2a73cf137350db47f86d6b44f72205060371e0dcc605fa2a4bfa145df4d54bb4c302548aeb2e4409e91503a7566 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7f19546dbbe762aa10b5c6ea97a78f0 |
| SHA1 | 9a425ef1a4fa914918a2f4cfa63d27939f518213 |
| SHA256 | fdee3fc59f9ce01cbc73b497c4b24015603a35dea32fe1e09cc8242ebe6d3dcc |
| SHA512 | c8ba6188169d529227dc13fc4626241a1da77c69f5996eea279a7b11405feae67d52a7f9d315d4fd7dfd2a39c534edc2b9b8c3917d8c87b2cd1a4505c974fbb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4a96cd639d97f477c38f045ce6e5ecf |
| SHA1 | b9168bb95d10ff6ce0e50467f7f699296900363f |
| SHA256 | 180ff4d27fc38b0b9743f44df33c0af1c80168b95145356d5f613319dd68b928 |
| SHA512 | 74091572266fc5aed178dcabad46bb4237ad36eaf044f0edd07326f97a80c5af39c39cb56b9cb3c3f1c6baccde2d2e66c6ebbd81f9aaa370705eb29990170924 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ec6a6c3755cfde35832e4353df1c236 |
| SHA1 | 760afce528372485008a2da94576f501468a135b |
| SHA256 | 555a4f5cefb98da21af31565939a45bf2672782e7a29d6e471669cdbd8c01302 |
| SHA512 | d7ac11e692bfc968e70e3f9ad6068463b8f266d71dca5e84fb3f0323f6a613e445c164a237588959ea7dc37df6c1ad8da53ab97a8ed782a96b7a0828b38ac495 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1192f823c803909b7e1db3bc6039484a |
| SHA1 | 8c4f9559ad6fa58fec28c7d30c368ee7c3451ddd |
| SHA256 | 8b693890cdfbfd32f8769a09bdb5ddf594bb5d683c8c35733dc16d9c612054b0 |
| SHA512 | de325d95540085d36188579e6ad1038aae2de0e33c53813ab479143ba5046aab26921cddfebc481a7196036e8ce40592460360e3a00884f413cbe0eac15bd3f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15641e90929cce181b5d06c670f93207 |
| SHA1 | d21b2f256f1a87d19d415cbd6be7e4edb41dba5a |
| SHA256 | d345939a228f6e42614e8b57bacf69eb18015640f42db25bdfdbb5858fbe0753 |
| SHA512 | 90cfcc4e9a1d091ebac7ea178777883af7bb327f607416fd5d97fcca3d1d871c41448a8e8278bad0dd50e8eb0bd53af9f675431505d61067e3693924fbc5347c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e72e32e2222c610d7aa728b8634c5856 |
| SHA1 | 8680e7704de9e106b65f4434006257290eceef6f |
| SHA256 | e2bfa5c06d863fd7a1b624478af0893d657aa033bd68334aea9f0ff7a981fe58 |
| SHA512 | aa2a0a7faf25d96cdd043dc85d887d2b9c92b366be56dda1586750fb8ba551472cfd64d70948f8b3398634e8c7a2ccee3ba19483b0ce8ea4a363d255e9a674ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecc4430338c4e1678950ddbb09de74f9 |
| SHA1 | 6d80f25eea95948a97d033e168f614c16c67edc3 |
| SHA256 | f40e22ab10144d5dfbfa7a18470ab9b6fff2c33960cee9781d30490703a2c718 |
| SHA512 | 477915275ebe4615a3773bf201bc5520b87b68f747ff076078a41ae743dcd9984d17befc2e1ebdeb528f81f84b9fcebe9c8491fb704e0e6a6aaa74c66d9d208c |