Malware Analysis Report

2025-01-17 22:46

Sample ID 240603-pxp2ksgb67
Target 91d35a0e5c69b9a8752c49db89b23373_JaffaCakes118
SHA256 17d34773a98612389763f9769d21bfab2d52c6d2e2d5d2d793bb8fe1e2c2be46
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

17d34773a98612389763f9769d21bfab2d52c6d2e2d5d2d793bb8fe1e2c2be46

Threat Level: No (potentially) malicious behavior was detected

The file 91d35a0e5c69b9a8752c49db89b23373_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 12:42

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 12:42

Reported

2024-06-03 12:45

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

145s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91d35a0e5c69b9a8752c49db89b23373_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3476 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 5000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3476 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91d35a0e5c69b9a8752c49db89b23373_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84b6d46f8,0x7ff84b6d4708,0x7ff84b6d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10575666240731209198,5368258092429351182,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,10575666240731209198,5368258092429351182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,10575666240731209198,5368258092429351182,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10575666240731209198,5368258092429351182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10575666240731209198,5368258092429351182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10575666240731209198,5368258092429351182,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.187.202:445 fonts.googleapis.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.187.202:443 ajax.googleapis.com tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
GB 142.250.187.202:139 fonts.googleapis.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 static.graddit.com udp
US 165.227.71.229:445 static.graddit.com tcp
US 8.8.8.8:53 static.graddit.com udp
US 165.227.71.229:139 static.graddit.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.2.137:445 code.jquery.com tcp
US 151.101.66.137:445 code.jquery.com tcp
US 151.101.130.137:445 code.jquery.com tcp
US 151.101.194.137:445 code.jquery.com tcp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 yourjavascript.com udp
US 13.248.169.48:445 yourjavascript.com tcp
US 8.8.8.8:53 yourjavascript.com udp
US 76.223.54.146:445 yourjavascript.com tcp
US 13.248.169.48:139 yourjavascript.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.180.1:445 1.bp.blogspot.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.180.1:139 1.bp.blogspot.com tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.180.1:445 3.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.180.1:139 3.bp.blogspot.com tcp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.130.137:445 code.jquery.com tcp
US 151.101.66.137:445 code.jquery.com tcp
US 151.101.194.137:445 code.jquery.com tcp
US 151.101.2.137:445 code.jquery.com tcp
US 8.8.8.8:53 code.jquery.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ea98e583ad99df195d29aa066204ab56
SHA1 f89398664af0179641aa0138b337097b617cb2db
SHA256 a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512 e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

\??\pipe\LOCAL\crashpad_3476_DTKYAOMVHYYHOAJX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4f7152bc5a1a715ef481e37d1c791959
SHA1 c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA512 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f9b3690dd8f82d887096df639dadfced
SHA1 4c2cfe7a8e3ee8f2451806953c43bf22abdb999c
SHA256 b5f9c78fe38bed3c413edd6fdb21fbab5e7f779c5e20d705b0e04b72cec439fc
SHA512 9fa5c793a86750547afb47c1bc73d065c549335d9b5edef49fa8d3c34391f4b911e44042563fdaa78602f07fd563a7ffd0c84f58684e7829183c2257c83bd465

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 781e51aed7aacc071ddb49dd754e241d
SHA1 a0881bd76e52d72fc89bb83c337a4d2192821c02
SHA256 48c5a9a3005f0e88880c0a149973596cc1be42d0c95427092a897fb6bf9fd039
SHA512 7a55d61c08dd13738c24ec2de1df6b0c2f3408a2faf8c6d7b0670244ec1fe54a1cd6ca21bdfe0a4bc577c4202188b87c0c0d15881be6a81466c272054f7c202b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d7535fa056306a724b6687b5d5b4cfbe
SHA1 a319c4e8a1480f147319d72305cd4d12e216b6a0
SHA256 bd4b2e1e414eba1fb57d52141c71fcfe07a08038164251c774ae781023348c36
SHA512 80590b4bd67c5ddbebef183108bf7dc6eaad5acdbf1bbe2d55d2f0ffa4d4ec32517aa3e4079fb053f394a0861c7928ad8f3c607e2b1951e75dbb384036b2401e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 357ccd726f0861327371e6215386a4da
SHA1 150cdd753db0c0d93b662cfeef04c3002f07fd43
SHA256 ae57f6eec7a5993b87722a36827fb80ac766b58b430bf4d100f6d8219ae1c239
SHA512 4011a6404d6bc9ac72e3a0199c230b317a3ef2e9e7d8818aa3b8526729e9495e2a0355cee7838764622218e1e8a50798daaeae73e48cd2ca055e6243dd8b2fc9

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 12:42

Reported

2024-06-03 12:45

Platform

win7-20240221-en

Max time kernel

128s

Max time network

129s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91d35a0e5c69b9a8752c49db89b23373_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f2a1dae14e9d8145a4d25786f6a1eb11000000000200000000001066000000010000200000002e65fefb54c7ab41dcc683a8b7485e30a18c5429e630670b544a07e6de599d7f000000000e8000000002000020000000467db2ac69aa8b26b6df66b6e7d33ed5303bab2b34ef9cec4b3e2e2ea9b4faf7200000009874b668b11356a59e3d661e273a19b2ab32307122b5a795274d8e198d156d024000000084f8242dbac94cc1b8946beed9cfe92f65e67cfd5afc2461f3c043c5e3a58359f1cdd326712203ce903e00a00a1652b63dfd4638e353fbd1d7aa38fccdf78269 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C6BACF51-21A6-11EF-B1D1-D2EFD46A7D0E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 705ed99eb3b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f2a1dae14e9d8145a4d25786f6a1eb110000000002000000000010660000000100002000000092c9fa2be79aa862ff61daa56140ddb58bdc283fe741bd35b7e198c93a047840000000000e800000000200002000000075b6bfca81294dfa709824d3b9e230b4be30e7682687565f64627c9d8b8e5588900000005855e7934199c488ce0bf9c797defe61dd265f895f4b5112bdba728914c84c3c4f094113302694841f0c4a3a6bd397e327fceaa3ed76d46cdf2fd7ddb46599bdda954a7cb6df4d7c0b49303d919899ed412aed819ff4921f0adb171ddf42ac7adb81cce1dda96c6ed8912f3eb4200ea304c0e983b988c0ae327928abc1bdf5314be06e315da10a5f5d01782014fdf89240000000259e5e495f9539a0b4cc9ab43323692c1f0c375ce4f0d960754b62124855488a3585fc33d39ee114e36b264feaf4793df0cc8c29341a4e5747b2a7f3ee3afe92 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423580434" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91d35a0e5c69b9a8752c49db89b23373_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1628 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 draft.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.187.202:443 ajax.googleapis.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.187.202:443 ajax.googleapis.com tcp
US 8.8.8.8:53 www.9a9.red udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 13ed5e0369cedc64c8437eb9a493a981
SHA1 880053c91809fef7b2a3d688143f554d5a05c0bd
SHA256 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454
SHA512 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2c2888ed70aab2a6218c9dc36c2bb3fe
SHA1 39468760054e8cd40b22392789e5ce4ee68ef5c7
SHA256 2411e641e8c8024e3e8ca018e4af4b68c72130ab1170a546b7df0f47ead9d6f0
SHA512 9e73050a0a3b074989514b9c20ea1083de058f2d0a338da07d84920218cedae6fa03ed05ea23aa29a1d557944c0eda5e78466f7f9282fc4a04eb26ade9ed2f8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 823a5fd2aff3a9bce631080b003f4c97
SHA1 01d5e7e238ffb0f501616eec65dcc8152779222b
SHA256 2b46441861e3fe1ee8b642b2b70fc7cce13c9142df1ca783e44c48dfc74d2104
SHA512 b0c0d5a23cfdfd492c5250b75f2fffe058c966505a1d6899071129a6cd5a601373dcea2a7af7138bfcb8ddcc280e4ec00826a4ce0de3d18a116334254d28c2d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1

MD5 e0f1545ee061ca5eab10049a6775aa00
SHA1 e129e308a09414d40b9bff7e1e9131e4398bed7b
SHA256 b9833e696c6a8b7f76bb857f8f53a1d920f5b0ef97146975c2d0ce928d45b542
SHA512 d73ce7b2a507a7b8cb4c86574b1fadbe3a2223124ce5e3eeb325b3eff6d7e65e317c677b152de72b6c0d35f3d2f05885470bac5a9eb5aacc58f0e6fa8773ee6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1

MD5 3cbd995f8bc61a3669d6dccec2391d8a
SHA1 39e5903bb99f1d045f6b0c2429b43ea8e2d551da
SHA256 d302d7266945490d5d06e91e1c2557830688004c572f39343357dfd57ada50e5
SHA512 6335e0e9db04d46564a47818a02c3ed714ee705dbc70ecadf252f2813ef62ed14bf739ea545d69e3214d21600a2d9257013545ab3bd7eeba17fe1fb07b2a22ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3fde33cbfb6d6ac5683e90f156505ae
SHA1 69f199d8b0112deff5251428c2158b7b4ab9a29a
SHA256 145e06d746a5f212668febc205ce8e1a0617fbbfa434e79aae20c1b7f67c4107
SHA512 15fac4f69aea5a9d0cd623aed2bc829f05c5ba914154fe63194f030e3562d911046900f0ba7d6a57400044f6262af4ec1a6f66c3c038066188e8594ceafea64e

C:\Users\Admin\AppData\Local\Temp\Cab4E60.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar4E61.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab4F6F.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd76630d6df7d49660c6d59b766a2731
SHA1 dfc545ead0d07be53c80a3ad513f7b24e2d8f6fb
SHA256 e4f0d8c8ace97264ea61bd6b1bb6b3395e7a4c1bca3d230f7679fb2f9885656d
SHA512 4391985a0183e90907dd85fa4a245cfa77d732cb5f6779bea83315daa0adc90733150569398c32d9e222efcbf0929d5165c2a90d247d0fa6d7d7d469eb639da5

C:\Users\Admin\AppData\Local\Temp\Tar4FA0.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd1de4b970e0f9c885faa46d443950b6
SHA1 de4a40fa5af91c8844f9d1169eaafae33cee4401
SHA256 d819e120e60cfc1082f6d0f15420cb5aad004ebbcd3ae72081fe13028e691b06
SHA512 e4ca5c4e757c2e4d15f58420b3d90c4e32984567c47677d05f7d76f001bb277b45ba32946f94611f7780c78afcd105e68bbff6e36cede00e77e68f7b55c6c5d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c03c4efb304f9dfc421ebe73161147f0
SHA1 c882bc79f23a82cf0ae865687915493123020545
SHA256 735f32b6c367b03766142c8d6403806c3f6509ab485739006a3bf78b3f35b43c
SHA512 cc84af99682faff0fdd5217755aac54b67b5fa0b4cdae1ecfe92cd834f341f8496d96b56fc034347e1406f71b88934e4db4ebb09a6a6f6ed650f41657424a400

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d3f85171159489bb9cbe13dcb04d0b4
SHA1 357a479d9ef1aa95c75a5c68030c708af63bb2f7
SHA256 517f0b25d65aabff28e5ca3ce480de642648a68be4daee84a1173a41af2c485e
SHA512 51eea421e15eac652fcb662944ed9cee9af49b370fe66b2fd350924e60535304a0f8be478f87ff9cc213dc27e1f3f883bfbbb9b57b5dd6545653144e90486c8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33306ba91d392b7722e29ceb2ae4c134
SHA1 e872e7c63679f535f0806dc41b8b1d4d5f441028
SHA256 ba4fd6e4e6cecafacf0b1a514e71bce4c794cb4242012c47f4c8c01ae3dac92e
SHA512 5171edd956f83f0aad43e1ab112cb8c84dfb5e20b1aaf92ea3044ebfa091771ba500b038960a0e5d2bd721c8cb66e6caf40dfb41551009fc43e831932e4d3614

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c29e713f81c2e36442a0defcee8ebc93
SHA1 5055baab17bf48d38ffe1b70f4c3cf0f3a462f3b
SHA256 cd08a9847ba76688891d9685d129e16e41f9e919260caf1a414c8944dd5a1de7
SHA512 39c9e2c1233206566f8f25ef417b8ebcc4db319aea40b14cd5da39c5a07f7c6310c677b77e8877585eeb6e1517e7e55747d0b16ea600ab9350b572c495bc5c95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b471601810223f531ed3a18c982aa6b
SHA1 d265b325c3309e028592e52f8185b3c320f76f95
SHA256 55304d4d037828fa82bdd03fd8de18e058dd37242e66b247e1cef5c4f9987f4c
SHA512 99e91617950fc56672b3873d38481d866c674cabd333db9d24b450b4e97307976e599a6b7fe37397305ba01e0b75fca35044fc6e5636b528321a8730773624d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 880dd4c173f68c33973f973c9a856784
SHA1 5b127f9cbb5155df0e520383050480fbce756d3c
SHA256 482b3ddfee692c985497012b6e5ed60dc89b50373388247928c243ad1e53457c
SHA512 9bdddffd7a1a0786c8d07b0737c0195fe0ef061087743fae9a6028a8a85b7da971148e1a398742b195cec5a33d07be2a661cb32d152b485f3e6f58d1377364ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1ebf2064e5b321ea26f113bbe884334
SHA1 62764788506bb0f124deb961e5b81508867d1907
SHA256 c27f4df54562cfd2bd3f02d3a5a2ceff6af9b5b11fe88d6262fe11b00ad63d1e
SHA512 a7013b6d017c2f13c7b91c5a7fa963cf7ffa54309db8f87b49a152cf96b228cbb904eb1edb8b10bef8dd3b6c23d6d0fdab66e62d2e0f3cbf9e44e4869a966692

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\14020288-widget_css_bundle[1].css

MD5 5ec495a540668499224a6ecc03a0e90f
SHA1 56c4b560dec53b4c20b94d14579c398ed9fcdaf4
SHA256 cab30da88a231117c2a5ec535b0c4caec1c1f86a680f3077b272ea7265b33cb0
SHA512 ed6a0629dc6f947ac190ba6c83b15704bde9669b8d7c033bbcfb61b98872778d06cbcf25e1294eb73821869fbd8b8b1d22ce4a5fa8edc234cf8e49a8a700ce5a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\jquery.min[1].js

MD5 a1a8cb16a060f6280a767187fd22e037
SHA1 7622c9ac2335be6dcd3ab8b47132e94089cef931
SHA256 d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
SHA512 252476e9f94a6db579e14cdf1197555e856e6b80dbcd78c46b9345ce6605a1cd69da0dab2a4c475b51d2103404d2c61acd18490e005d625eca06afe4d75c8a6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d319e31f58d953cef8ddc318a4def493
SHA1 878096545d980bc2d97bcd32754c227a0e80043d
SHA256 ff9c4fa553ce014eaad3d7eb6ff857938f436bd6e345122fba64384243f63592
SHA512 b3ec7d84c0f7bed460d7f81a7f260567dd6517aa964ef7d772e798d2f89e4cb59e1da0ff9667d6555e5d36a04f3bfe9c510d682e90bacd555019098b63c5c462

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 938727baf480f2ee8d1bca199bb0d8af
SHA1 816d0c4f8b38949e477471be161cf3d49a923967
SHA256 9a102f7663035f669d328596da91fb240238bbabf7ed6ae1af2c450555574a2f
SHA512 78cbd0624ea43b421f9b505d1ea3ca5768f83a62b526c9e420d2218cb1b3c98c50743673342bd6bb1a313874ca066189dc50a963cd527cf84a05b01433e14b92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8fb023bcbe0138f791baed7ba2d1b51
SHA1 f226604704e8ace73bb2df66201f2e8d08595dc0
SHA256 bd3a7a18f740e366de0501f7a1363020ba5db1eaa9e21e5428c534b00309431c
SHA512 aabe4f030f8d2cc6a659946e8901175472b79e87bcaec2cd822a7a4899f8d21cf3580893f48a5e3980634cb30e1c9f146084b9004e965b12d1805043d7a22c8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef1e2931bf01f53c63880d55032f1f44
SHA1 afd955c6e8480a39a83dff3f1e97c8e97a8c6045
SHA256 94810c5bfec094ca3cf475150c305c9391f8bf903a53236f794f998442364424
SHA512 c4f34ee9c5775e65255b8a034343cb60cf6afc30e4e694cff3d593b89a1e7e528626768a363f0ee4da9cdf022ccbf15bc41cc831a3f0c06a7712430217f2cfe5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc8b8271f2921b26b3448e59fd16be6d
SHA1 7f7255156da57e50c908d5f4617705de1fc5b08e
SHA256 6a36d08f15de5f6e125b16c329993b2fac11d11e500c185aca702f2e718f522a
SHA512 97dca8525c53771193e574f56a6d2ea0fb8a531e5f874048627835ca19e4045e5011b57acd911da51e286b3b28c9a1a3ccf038f30b9492aac289181f5a86ee42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d068da63a8eac75b0e4fd9fa61eb91e
SHA1 3c60647d0ffe61b64e9e1dfdca570ce90032b643
SHA256 43793e3609b0b25cbbc7d1d5abccdae16de3a9daf723fc7d98641f3dbdb4aae2
SHA512 6be4e0c40103a706f2e87c30fbc40dce912cb1b0be74a7969a8c2b1ab8326ae94ebefa29309d0d49a6925e90b33f09c1e099a06c285a3e9740ec06d7927c06fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc580391300ecfecab7bad023dd16646
SHA1 165767d0873a03f02be402deda90533871585b4e
SHA256 cb5b3612e27c21fd77416d7c262617d6c3319286764c4f8cdf40724e2f664393
SHA512 d83edbfc6c0b57888c6e6e02f4635befdecb7971edb78ce91ea6f46e200412f94868417b3278f29ad84a834cc793116e10ab33a2eabd82e7db554c1046afcb83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f181b946dafd4ff42e0a4d6c6343740
SHA1 0b22f3cb09ff1fe3c12aa56d3395bcb76ce54000
SHA256 81b7b7afe496258c1cd4971e8ece04dd30f237332fe5091b51aa72f0654af3ca
SHA512 32990f083d0c73d35a1d9e40438f226129549ab1a142f8605b1259725b5aca2684219cc4b18cd0b09867aa3cd62dea76b3706631d18db571002e56e9ddbf4b65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfb6cc820964b5b7484a93d5f7b88331
SHA1 6e7d5f9d3f631ae1d3883a9402cf89ed0c5ce33a
SHA256 77d7234bbbd29ffdb1f7e30b6a6dae4185ea9b33dca2828362decb939afaf4b1
SHA512 b30f2b988a524a8c2f4ae5be11db0119c787d8ead9081845932ab5abf2852407e6bb1c55fe493b9121b58c75520d70a6a3d1f31a356f93264b27b866604dd070

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 8fb8a2c26f5a320a530fefbfbb265119
SHA1 c97533b071c1357fbfa70198a7e7bf9fa883b210
SHA256 d5428fdbb93ab2e0aa0922542f9825e188792699b865f5d0745083a84de80fd1
SHA512 9b7565c997f19ae2cdbccc62e9a3d8efe4bdc2f63f3f52819fd362463e3f5076e27236fa39e43e52705930cac286f820e4353c82fd3dcd90761dc0239e046ad2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3ee13051678ee2e7807794f01085f48
SHA1 bfc52436fa7d0197ead5299b8017f1eecc2cb0f7
SHA256 b1464681ba5d14a23ea25e3212e8ae53a6161136c2681bc46a48698766237e22
SHA512 1f1054dbac52e03b456c95aaf8f7b9f30074298d1d443b53b4547ebabcf51664360b478796006545f3bfe12986397538033d9f59d04491ad38717301d001ad1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14221ddcedaf7104e40629a5f9fde5ba
SHA1 c734bf1591d776d662405d45a09da04df1037faf
SHA256 1f09bd3940c7e725a372dc367b3557d6d4637688bf40be2ce5117ec50f991be5
SHA512 f5f271e9669df61fa6e29b77843f5b503429522d83bf6ad1b5998a874db40b95f403d2c45efd235afd280a11f5f8ebdc2a732c5ed61e571b3217491ab26cc455