Analysis Overview
SHA256
583bea7cbf5e15db369a2cac0157d2736ee7bfffb52f3e7c6f2aeaf77bc8c326
Threat Level: Known bad
The file c67f94edb272ecee5b7a3164d24ea985_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
njRAT/Bladabindi
Suspicious use of SetThreadContext
System Location Discovery: System Language Discovery
Browser Information Discovery
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-28 08:23
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-28 08:23
Reported
2024-08-28 08:26
Platform
win10v2004-20240802-en
Max time kernel
140s
Max time network
149s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, C:\\Users\\Admin\\AppData\\Local\\Temp\\userinit.exe" | C:\Users\Admin\AppData\Local\Temp\c67f94edb272ecee5b7a3164d24ea985_JaffaCakes118.exe | N/A |
njRAT/Bladabindi
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5016 set thread context of 216 | N/A | C:\Users\Admin\AppData\Local\Temp\c67f94edb272ecee5b7a3164d24ea985_JaffaCakes118.exe | C:\Windows\SysWOW64\svchost.exe |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\c67f94edb272ecee5b7a3164d24ea985_JaffaCakes118.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\c67f94edb272ecee5b7a3164d24ea985_JaffaCakes118.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c67f94edb272ecee5b7a3164d24ea985_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c67f94edb272ecee5b7a3164d24ea985_JaffaCakes118.exe"
C:\Windows\SysWOW64\svchost.exe
"C:\Windows\system32\svchost.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x100,0x104,0xe4,0x108,0x7ffd8bdb46f8,0x7ffd8bdb4708,0x7ffd8bdb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,9968258410213421673,17585546995622063711,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,9968258410213421673,17585546995622063711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,9968258410213421673,17585546995622063711,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9968258410213421673,17585546995622063711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9968258410213421673,17585546995622063711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9968258410213421673,17585546995622063711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,9968258410213421673,17585546995622063711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,9968258410213421673,17585546995622063711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9968258410213421673,17585546995622063711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9968258410213421673,17585546995622063711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9968258410213421673,17585546995622063711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9968258410213421673,17585546995622063711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8bdb46f8,0x7ffd8bdb4708,0x7ffd8bdb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9968258410213421673,17585546995622063711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9968258410213421673,17585546995622063711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,9968258410213421673,17585546995622063711,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2828 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 2.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| GB | 95.100.246.21:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.246.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| NL | 20.50.201.195:443 | browser.events.data.microsoft.com | tcp |
| NL | 20.50.201.195:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.201.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
memory/5016-0-0x00000000750D2000-0x00000000750D3000-memory.dmp
memory/5016-1-0x00000000750D0000-0x0000000075681000-memory.dmp
memory/5016-2-0x00000000750D0000-0x0000000075681000-memory.dmp
memory/5016-14-0x0000000006050000-0x000000000606D000-memory.dmp
memory/5016-12-0x0000000006050000-0x000000000606D000-memory.dmp
memory/5016-46-0x0000000006050000-0x000000000606D000-memory.dmp
memory/5016-44-0x0000000006050000-0x000000000606D000-memory.dmp
memory/216-47-0x0000000000400000-0x0000000000412000-memory.dmp
memory/5016-51-0x00000000750D0000-0x0000000075681000-memory.dmp
memory/5016-42-0x0000000006050000-0x000000000606D000-memory.dmp
memory/5016-40-0x0000000006050000-0x000000000606D000-memory.dmp
memory/5016-52-0x00000000750D0000-0x0000000075681000-memory.dmp
memory/5016-36-0x0000000006050000-0x000000000606D000-memory.dmp
memory/5016-32-0x0000000006050000-0x000000000606D000-memory.dmp
memory/5016-30-0x0000000006050000-0x000000000606D000-memory.dmp
memory/5016-28-0x0000000006050000-0x000000000606D000-memory.dmp
memory/5016-26-0x0000000006050000-0x000000000606D000-memory.dmp
memory/5016-24-0x0000000006050000-0x000000000606D000-memory.dmp
memory/5016-20-0x0000000006050000-0x000000000606D000-memory.dmp
memory/5016-18-0x0000000006050000-0x000000000606D000-memory.dmp
memory/5016-16-0x0000000006050000-0x000000000606D000-memory.dmp
memory/5016-10-0x0000000006050000-0x000000000606D000-memory.dmp
memory/5016-8-0x0000000006050000-0x000000000606D000-memory.dmp
memory/5016-6-0x0000000006050000-0x000000000606D000-memory.dmp
memory/5016-4-0x0000000006050000-0x000000000606D000-memory.dmp
memory/5016-3-0x0000000006050000-0x000000000606D000-memory.dmp
memory/5016-38-0x0000000006050000-0x000000000606D000-memory.dmp
memory/5016-34-0x0000000006050000-0x000000000606D000-memory.dmp
memory/5016-22-0x0000000006050000-0x000000000606D000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 847d47008dbea51cb1732d54861ba9c9 |
| SHA1 | f2099242027dccb88d6f05760b57f7c89d926c0d |
| SHA256 | 10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1 |
| SHA512 | bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f |
\??\pipe\LOCAL\crashpad_1288_PTEXZZKBAZSXETDB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f9664c896e19205022c094d725f820b6 |
| SHA1 | f8f1baf648df755ba64b412d512446baf88c0184 |
| SHA256 | 7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e |
| SHA512 | 3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a74bd9b946411b893533644e111a00b1 |
| SHA1 | 2e642d72fef49dc94ee631552b765a67285c3a77 |
| SHA256 | 004d4c817859d49e17328bcbf74511b7b61883e767b5ca2102d3070b671192f3 |
| SHA512 | e9d1fda0a2ebe5028afe2cfb77a5e5653cee8910dfb25dd4b15fe2c457bebfdd39cf46783640a7ad4efedb2bd886f391dcc9e16795fae8e385cc114e6371ddde |
memory/5016-100-0x00000000750D0000-0x0000000075681000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 359e6b24493ffb6fb148d81b3aac7600 |
| SHA1 | c83ff4cd1e6b411f941acee38ca2b80478fa762b |
| SHA256 | 7c4903668be8d0a54285a762c106f3c20c38f510436ac4641764da0ef8c6da4c |
| SHA512 | 49652fd2b2e0a9f18ead1caeecc309af7aab8bcdc1d5e49275c9fd9a78dce3fb3d5ae9a986ddbc66488b339403ac738d193d7613aea50b7ea626a944afa42a27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8ecd8253d19318fa7f82b566f6698130 |
| SHA1 | 3a76183e2187a7fc775367fa95be5f909a1a4611 |
| SHA256 | 104936b967d94574e12781aebdd5d3f7f6467414499cb5dd2855b2390c7c0e8b |
| SHA512 | bd226dcd31a5c5f375083c6e43df49ba357f76f3960de4da280a9f0469c3f45da84f263b00e14bf1d19ef970d2cd67003286ee663a7e2dc1d6ed5c731b22b7c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 81c000142288dbffbeb84c9a1f735624 |
| SHA1 | 3b129d25f7b9001323619bfedb1e7ba29e812945 |
| SHA256 | 5dcbdaeab1beb8ef1f3b3b57d9ec2745696e3aa0343742b83857a3595039f84f |
| SHA512 | 09a68e2ce8ec2802f5dab21dc5773613c0391833b2fbd00a3691ff19fd4d02151dacdd3c31d11ef4e75e893573b9437b5b51b76cb1a55cc927598e739a29da4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9dff98acf8faed0d2a48241ce2bd7630 |
| SHA1 | edd05d46141939845ee7ff7e103f961bb4d773a4 |
| SHA256 | 7cb065a18e0f5046f6dd4a419a8a2757cc77207cb21520ad88b7233c3853f51f |
| SHA512 | c536ac1e710ded5b3327b3d98b5b64c6375dbd15bd131f80f14bf487ca35a3874627a2763d0eb4c3dcc042b2d96736bd00cd8086205e9fed13568142836a5d0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582268.TMP
| MD5 | c5bd89df7e97c48f3df40c5cce578243 |
| SHA1 | 3c4ace6cbdd3db1e03d9f73fc7f4a4e6142e5098 |
| SHA256 | fdc49ee25794489e0710e905be5b0df57c265352c36f24045b6ed6bdaa204685 |
| SHA512 | d3558d6eb99535d4dd60845cc330b89046190071ca51e19d31f1014b5414c3780bd2cd8cf3292a55e8e5dfdfba36d7c24ef32f9c7e2b3efd8775443e67c37e03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 52f3da7cafce1cf71d4bb1faef591b18 |
| SHA1 | 95c335ddd8bb488c85cd7e3ae129ac150c6475ac |
| SHA256 | dbbc25181d748ae90eccad823d9e4fa98797fff2d9cd9add3de629d0e943743b |
| SHA512 | 7c6b76c1db8f9a1e83ff6d328d94e2dbfaa6485dc98c6b9040e8996809aa442399559bb8e42e7a278dbcabee62cae3737e4afcff4c75541a61c123f43790978d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 05592d6b429a6209d372dba7629ce97c |
| SHA1 | b4d45e956e3ec9651d4e1e045b887c7ccbdde326 |
| SHA256 | 3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd |
| SHA512 | caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-28 08:23
Reported
2024-08-28 08:26
Platform
win7-20240705-en
Max time kernel
120s
Max time network
134s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, C:\\Users\\Admin\\AppData\\Local\\Temp\\userinit.exe" | C:\Users\Admin\AppData\Local\Temp\c67f94edb272ecee5b7a3164d24ea985_JaffaCakes118.exe | N/A |
njRAT/Bladabindi
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2144 set thread context of 2744 | N/A | C:\Users\Admin\AppData\Local\Temp\c67f94edb272ecee5b7a3164d24ea985_JaffaCakes118.exe | C:\Windows\SysWOW64\svchost.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\c67f94edb272ecee5b7a3164d24ea985_JaffaCakes118.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00bb67bb23f9da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5781201-6516-11EF-98EA-6ED41388558A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000004a89c26a84358941bef5076bd8827cc996819325949555bcfff0f9d8caead5e6000000000e80000000020000200000006ccaab2d998685d54c0de67eb430a18883f4d54f684e6c31d6e2a419ce1bba91200000000089fa9b1f2769bc048b0c6ed201bd78ea4dfd0e5e465eaef55455377ef3d60f4000000088f85b4982922fd15d10fb1bf0a748de013f2bef2b3bf049ff8bacabd5ffa6db01b3b40f23ab48704de3358977cfa780f6a75af8c14671b02c1e737f94092dba | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d99090000000002000000000010660000000100002000000003c9f197a4f9d8aff78812e92b02964e51a2169ded3bef50536cbfba8fabb906000000000e80000000020000200000004886df62b9b21b69df53731660f18881b39ded3ffa9f8970f8d11dbafc2a11379000000059d368d43835b36d7e04eafcac6a923e55e838024f5f9328ccb8a1e211c8446361004a6d102f4627b879c0d111341d44148f73e6a6fddfc2881b5cd9d09ab701ee73143df30ee3f44a5d3e6c8b9f898c2e43605e4bac5a53c2c5342257f5fac3f35a278056fff6d883bb76d14073bfa29623a52adc21cfefc95a427bb17a2045d85acecc9d91ccf08710830a59e21c9f400000003e83a4c38e73fdfd592e7eea02d0eb6296812930089195a35e2b7ded6bf00cefc0de4907441f1f94a7f9a1fbd30cdaef0715979791306ffb54118e8def24c9c0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430995315" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\c67f94edb272ecee5b7a3164d24ea985_JaffaCakes118.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\c67f94edb272ecee5b7a3164d24ea985_JaffaCakes118.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c67f94edb272ecee5b7a3164d24ea985_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c67f94edb272ecee5b7a3164d24ea985_JaffaCakes118.exe"
C:\Windows\SysWOW64\svchost.exe
"C:\Windows\system32\svchost.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2896 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| GB | 95.100.246.21:443 | learn.microsoft.com | tcp |
| GB | 95.100.246.21:443 | learn.microsoft.com | tcp |
| GB | 95.100.246.21:443 | learn.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2144-0-0x00000000747D1000-0x00000000747D2000-memory.dmp
memory/2144-1-0x00000000747D0000-0x0000000074D7B000-memory.dmp
memory/2144-2-0x00000000747D0000-0x0000000074D7B000-memory.dmp
memory/2144-3-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-20-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-8-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-46-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-44-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-42-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-40-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-38-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-36-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-34-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-32-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-30-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-28-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-26-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-24-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-22-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-18-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-16-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-14-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-12-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-10-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-6-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-4-0x00000000004F0000-0x000000000050D000-memory.dmp
memory/2144-47-0x00000000747D0000-0x0000000074D7B000-memory.dmp
memory/2744-48-0x0000000000400000-0x0000000000412000-memory.dmp
memory/2744-58-0x0000000000400000-0x0000000000412000-memory.dmp
memory/2744-56-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2744-54-0x0000000000400000-0x0000000000412000-memory.dmp
memory/2744-52-0x0000000000400000-0x0000000000412000-memory.dmp
memory/2744-50-0x0000000000400000-0x0000000000412000-memory.dmp
memory/2144-65-0x00000000747D0000-0x0000000074D7B000-memory.dmp
memory/2744-64-0x0000000000400000-0x0000000000412000-memory.dmp
memory/2744-62-0x0000000000400000-0x0000000000412000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab1556.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar15C7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d016ee133a751cb056cd4e869a7f6409 |
| SHA1 | cd88e5e3c312b842aa4445ef4e6fe7d9832c588f |
| SHA256 | 2bc72ad0f59a27ebbb9bbf015d51b26dd979e5c0f79c912e955a0f9f4da0b53f |
| SHA512 | 3ec88c392ad460becde621146a5393b2ff5f0cab41a596c81cf415852b006cf088d7af9d55b1b98f92a98a32587f6546c02b904c13a0e0fa328712097f36c4b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46e939a6fbefdd75080a9f0b3df1027b |
| SHA1 | 430a72c8465ac80158b0b7313087f48ce635c43b |
| SHA256 | b7c5a00389c32ac6f7c7ef45dedf5521efd5be1d1252fffd5f1b6d349197567f |
| SHA512 | 19420f051e52f440e18d908d3d4709aec8b5fbfae8aa5cdca85313e77a052237422a7ba818ac7d68a3f70b884c5ded8660a90af31a88898b4ac08efd13a35cfa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10083828c6c4ee2d75815fa459efe0d6 |
| SHA1 | 07c345acff0f19b325bd0db3dd6aa106b2ab3e3f |
| SHA256 | 2c83c5a25489041d882e725a15479d50f2997936a62723524a46bb515b151a80 |
| SHA512 | b50198c8ed9cb76f88c3d95ca0929e43f2d1cb86a36b33de928fa3aaeae6806f469edf0f9b7e1040090e0ebb597c5c5ba9dba5a856ec2f0ca2c6dc25dafcf943 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76933bc3a3d57ca5db5cfd8f05b97cdb |
| SHA1 | e018d43b580679f0e8c897e7cb1dfdff8fedb180 |
| SHA256 | b5c94080689bd8ae60f0e33902478e71583b191e9c319c38ace9907195cd6a78 |
| SHA512 | 5728793191b4e7517e7d2d5b16cf3fda0f4c46b26968d0b27301bb4b4c94105da3bc5f212a6b3b47dd52c99655a770eea2f57e0f396c55cbf1d111a9fc2aac11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b5be105384f15fcf9893cd0af7a3246 |
| SHA1 | a4cdcffd5acd556ddae13b3dd66982f03bf0e2eb |
| SHA256 | c10cc643ee82462dd515de44218218026c171e4388d23d0c8b07d8c781e2942e |
| SHA512 | 1e75451dd8d1699920ad50cbd88b10000bf0e52bc63735723044ce0de276c7c257f357bb53cea706132804bc65e861b7f125f8c755870adfd298eddec57f89f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fe9dc5b1a482ee7271143f52b479ea7 |
| SHA1 | d4860e5e8eade4af59caf47e1da1aa6209b7807f |
| SHA256 | a39e91df5a4fff22fb4b1abf83c221a2cef484c1e655b6e8fc0d8ac769e70e43 |
| SHA512 | 08d77c08ad68cdf9ac930087fa0737b1324afa8a304758db4e837376776be26d36c25e6ba4ae6209a8c686df109e9c1125d4f70af6ba579404b3a1f304237ab8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
| MD5 | 66da1913a3002d63a9676d9c03d87bc1 |
| SHA1 | fb0a9a2559ea9c124da14c0eae52762e43d97edb |
| SHA256 | 0decd81f539eb6674febb5af027234f572c7d3e7a98696383f8906a6f3a37317 |
| SHA512 | bb61ddcf27986bdfa00ae73c5af790484b2fe7b85886eb4bc43e3d173ab185cd91554d04a1eb72a0f17ea493c81cc51f9f55c1c112d734047f51cad8ead0e015 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
| MD5 | f55da450a5fb287e1e0f0dcc965756ca |
| SHA1 | 7e04de896a3e666d00e687d33ffad93be83d349e |
| SHA256 | 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 |
| SHA512 | 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a29e46055478b57f0b59b86597ec6b55 |
| SHA1 | d4101f444a28389d5369e51538c0c6945f4b4b23 |
| SHA256 | 34556ec63e14ac151fc9a6ba5522d60add514a45e6dfc7d83c6ef5710c864904 |
| SHA512 | c04c314e5575f29b4aac4ab88d768564f3e3d6acd86099f8873771c6755544b85cdc816f61771538167e997421c7d9083691e3973bc916a3aca4a5c8cd5ca246 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e4438cc5197e10aeec21bf53fc50280 |
| SHA1 | 3a5105de9792987d584cb3c87d99599e712627dd |
| SHA256 | 5de5c7abd0492a9695e948b1f83edc2bacc63483ff36cb8fb1af40e895f44967 |
| SHA512 | 6d4e24c57a4aa29ce108b204529cc84d6da9a97e4855af4dfda9ecad6efe91ac7a9f1826752343e4e012286f519c2c6606ba6e405ad39f35ea183247107fb210 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f380f105b4a584f23d643e943ee5751 |
| SHA1 | f4e290df6a2d962a9ee90afcaf1e84305243a533 |
| SHA256 | c5c348ea479444524863787ab0f47ad53751f5eca676328205c4febeb0378f77 |
| SHA512 | 3f623b5f3743dee14cb49128e3d15d1cad342dae0785814bbb271aaa358b60d3411873044c2407b6a3a891a11dd09369d12283787633352868c2933098fa7fb2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d316b6ceddfdfb8963f2e86f7b56be99 |
| SHA1 | 5c34a1e96411b766fd6af18c9d6ad52ea431316b |
| SHA256 | b309bb85ed318045d6563bc9df4002b647d4a93f2c6d5b63a4ab163034113215 |
| SHA512 | be042de3a3c0939c74c81de4abd40146a81be33a65b9e472cef1610ded4a47330e902cc949d346998b995c4eff3830612f170035bea69e97ddf5df9b557b37c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89760ebf8d2c3d3d8544f9d940e9f445 |
| SHA1 | 0cc8ceb09e91abce5fa609158c927eea1f1877c4 |
| SHA256 | 93553370c90df665702e34d5d9b1759df998852ce8c59b1bc767ca87ade8c7e1 |
| SHA512 | ce780c96a77c229c1dc4b57e4fd018250d69d3a2233d32db0cebeee126c040f6364c4fef08636e85f0dc01466a35c0384b80bc77bbbe5c21070de9b91eff66ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9904b108c6290a99246bf33d38092714 |
| SHA1 | f5b77f41dd753801e3c89df03e60f7873d511da0 |
| SHA256 | 1222fcaa83a344548d6c1e40d0e56a8606e6c72e5adbd02c0b3567f5b409d0ca |
| SHA512 | 583d8d3d64fdd55ecb126ab6b83d03bfbc7f1967d15365ca2c724b76e9c5ba809e6ac4510e69a61a4d7502fa0ce759297a0a2e0b0ee66999618ccb5b6c4197af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9960fa09e79ab6cba75c246f23da73a6 |
| SHA1 | 8d712b75912065a05bbb6956ac065f0810db59f6 |
| SHA256 | 43d01c7d7543e95a2b6b748c300bf1e250149a2557c5610bf36ee8b6f421491a |
| SHA512 | 40eda27a658bddab9f01d6a0b359708b26727ab1590e15ed523657eac00cfe3ce84428b01edad4937895618b6caba50c9ade8a86ecbca87a30889e79511e980d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 011b3cce2d868ef93111557816d08480 |
| SHA1 | e35954f543c96cfa173ec5baf1544386d5484502 |
| SHA256 | 667b9793df6f4e87b518a42ddf82abb9b0b47c8f51a1c60542eda1b708419bd7 |
| SHA512 | 8ad317d31ed180732a5c090bf5765f8855898fc5da703c2c0e45ca41e9671486b0a19f2164a59f9d55bf57cf0207454a3990274b5c28c05fdb6a10ec207d8012 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e4aa57765b73e174370a4d84314d118 |
| SHA1 | e71850a9e5e0b62eb1dcad4b790f1aad55a40b32 |
| SHA256 | 799f92b9c5089278980cea4a95c6310a057dd85d413fd401277607ae507e8f6c |
| SHA512 | 275c387559a134f7f6efd52f6e6991eec00e4c83578a274e1b61ba0a8596646eb63e7d7d144ba7e96c51f16a1cd84abd8904a9c187a46943453c9d6cb21990a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c40a6a9477ebb97a8c0f6cfe3b21c86 |
| SHA1 | ee5ff093141908344d0bf44539f4029b100cb5ce |
| SHA256 | d04b709a279aae369a69322f22de99c244bc236129cc7f8581966896879a4edb |
| SHA512 | 5a29f3ce55b9e78edd671dc2367ca693d0f0737a5f1aa7de683db1d008b3c28a42114f4eac38f0b769092f73bbb1b2771745640d7af977d1adcb08bc347e53a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 373b6718c2f9bedd5df36ee22212f411 |
| SHA1 | cf506d5efbc6aa1ec246b20f7237062028fd0aa6 |
| SHA256 | b0c3773a05455031c290f8604d2dc9bd865cc4aafd2f22f11f110570fc6eecfb |
| SHA512 | 65fe69f88c6946386d42a0696b81df45b844f7341d1c83aad046d502a27e49ba074fd64690b93038b7e1f4c56860bf3e4f472a2c9d0a2e6c8a545b7caf6ed267 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f39bcd45f5c314276b1747bf050ae220 |
| SHA1 | be8e1e51f8e70811b62e1fa3a3a6ace461bafde7 |
| SHA256 | e1c16b155d50cc7cc37715ef72a45769cb3d0d54e40e9ef9fb488fe2f4d202c4 |
| SHA512 | 295d60a5ce486732a2c23122fc635d374e25c3edc84af63fde4640aabecdacc6f56dcff22614b73a2158e1f40726f1aeeec0c7f5c5a7c154b4f57a7d6c44b8b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 882e2987f2ebc3a08f107384e9e103f4 |
| SHA1 | c8d25049150557a3e60a8f0f870e39aee20dbfac |
| SHA256 | da809590cc7f6a649182cf7c7148462ab5e411cf25fe5bf41492019d18c1aa26 |
| SHA512 | 97720a3f439be2ae0754c943656e73fa908493d8df4d1d679e969fe5325cb2c5a603d39e07c6c04c7e195010c86a917d22247959bb9129a195b6882ae946e488 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99bafaaf78772126aa9814e6c7438769 |
| SHA1 | d84ed3e2fe8088b6284eca8d01357d327fb49fbc |
| SHA256 | 2167e6191f8b5f098e35af3140fb24a2223b0f11b88e9cf6ff30d212a49fcfb0 |
| SHA512 | 4160c433939fcfd0e3f44308f577f32a1daae6e36b8c3557b30010b25ce7adece194630bef24b8c244626802ec742f9bbac618c67981d9b6fa4f1d386e3bffcd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68a58a0a2363c820b1cf091bf057d0a1 |
| SHA1 | 54874210463515ce625da4a174a48fdbc6d953ef |
| SHA256 | 4ee7e6619725d8b52ca57218fcbae0edcb07ae723d0e3447ed23e9a38bf22020 |
| SHA512 | 60971cd815781cabee2737f163c71557c5fe1cb05544d18fd61c33aee4a91e864e40213a11dccf04434061a76aab8814c67a833c9cdca15206b976f2a33d3b47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52b11275a9da501ec3e647a01855f451 |
| SHA1 | 987552c8b421fb37caba8f8fce78a6eb8b0f10c2 |
| SHA256 | ae7d23963576891b6382be63da6a33663d515538f102b7a28403be5918985cc5 |
| SHA512 | 57822109fd011457bf7d647feeb7e130ac1bf9567069be486c52d513da6b7022bdeeff8d654f90e6eca328626e56896f31fbf4307f7fa78a74f8cca1a6947e1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10988a8684fcea127bde609ce1ae904e |
| SHA1 | 555c063af6e82aadb3bc7913b549b4bf07082275 |
| SHA256 | 7ec33f70afb6de9123a7d302774acfa079796164fd1c52474d6d156d2d5ffdc2 |
| SHA512 | 898fc920e46b001b85646af0f8076e144f17ab459acb100219c865aa92b90e0e2e8b3504ff182d0a48d217535281601da5ca14a86fbfc79bd1bcb46f6db7c3fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92d7bf3c8c377a1fe691b2f21bdbe8f1 |
| SHA1 | 4e0d24dfbcdaff370b77a09e766620ee639c8be9 |
| SHA256 | 810e40a0f78583695b13cea77eacfbadb0a213cdebf5876199d5e2f1633e8a46 |
| SHA512 | 5be894c5c193f644235fbd5442956443f2983b5761178a49e0d6b846dcbbf800009ad7a9aed773af5e676cb96c4d459461c0ae6a3c218184aef1e20cc3075080 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31da0f5995fbb21401109b1cbe149fc3 |
| SHA1 | 93cafca25f80681ff153b5f54ece3abaaf6fb6fd |
| SHA256 | c97355c4686078a1763b3c21920e4e458c0d4ed126af074b86d6a8055f203363 |
| SHA512 | 5bf25b8ee568070cf4b5f769aafdc3921edbbddcad0334af7700add15298a44cef6a867a55ed62aaf6f53388ebb922f2af95a0729c5cfbad4a4833a0a92a91cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76b4f0eaa69c2ba0659217e1292c478e |
| SHA1 | 4ed892c079e42af4d04ffb6f8d2648ea0b5bb079 |
| SHA256 | fa5920c39bdd9b1dcf0641bdfd95281b44ef9c85b6ec3c9168186f9c9f386da1 |
| SHA512 | a17083103e6c4b4eceb9e26aa5f1dd2be175598d52dca3127e178a4186baaadfdfc3cf69fea76ffb578a9e2c7d300811b61ca63e1afa10ba476d5406d6f52fcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b73a9a2534abf85c508a1296e7abde59 |
| SHA1 | 76bcbbe51c05cbcfa2c3f5473b6fde9d8781ecb7 |
| SHA256 | 071dcaa1d355094bc0aee6035756ce872500db7c761d87da4feceab7eeb786c9 |
| SHA512 | 162a8b8d603404de9a5d268675fc65b169503ea48d22d9c621b2e1e8ca44b68bbac5fcda7f63573cb9557f318f3d6dddac2d3325763b9fa5d6fe8bd643f79ada |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f47b51e643a6ec8b29ce0629383c27a |
| SHA1 | a859880a3ef096130d7ff79f443557996d575615 |
| SHA256 | c1daca9000e69e663d11ae609fdf4b3e3853800c631e02f07fdc4c8f6a8ba71c |
| SHA512 | 6858ca62dd7c4ab88a902b8679417578fc1517663b60aa9a9db8cf96c37903a18d8dd2cdc49bd90ee3eec3238f3a4f57e00f8b61d785c425d19eab86bf421d3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a88efa710a98ecc67e86d7b6abea5421 |
| SHA1 | 49df60f7e57831c9bfa3394c05389d45bd39a8e9 |
| SHA256 | 95d3f6a0fe1ff043e270998ac3229c93988b9087f8346b193ba66958f8a82a9b |
| SHA512 | f73aae533924c2eb892553d2ab0104387ec5aa546c467040de3f668a279ede9fd333bda262783016c467fc88b467db875540cbc0c36345e917c8c4928c3e0fad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 769738a7fd13401403eb7dd19591f35e |
| SHA1 | 055d10c6e0bbed846ead4b8530c3ce530742898c |
| SHA256 | e6db54f0ffc18bf8119f471e8673d17924622ef4a31f19fd9d5443091b13babf |
| SHA512 | 6b6455c599c7cd04c88e857300cc0cc500c997d77059c21971cb9e63e6a05c691fc767c12790824d362513f1b5583e140e974d78d6b0f7edb3d16a62feabdbdf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e403432273419ca53fbc258bd4e6425e |
| SHA1 | 6de681bbce2955e1c0f9f903a525401f4ad16104 |
| SHA256 | 3ea3c7b23a7a0bbf78637aa7045e4e653d7c1e22eac3cf8e26183aa5ded12068 |
| SHA512 | 5f599deafac085c84bd8cbed580b8f3bf4d601ecd569d44569855ffa957ccb5858b746d299c686359c4a2322c94234ef1a2add0beae429ecb62f0cb283273d60 |