Malware Analysis Report

2025-04-14 03:28

Sample ID 240612-skmmgazbpe
Target a11b183094f9a76f3e2de9bec6820008_JaffaCakes118
SHA256 de324c08350ceeae5064f44a7ad4c6eef8a8eeeec2dab88c990ae1bd475c0ec4
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

de324c08350ceeae5064f44a7ad4c6eef8a8eeeec2dab88c990ae1bd475c0ec4

Threat Level: No (potentially) malicious behavior was detected

The file a11b183094f9a76f3e2de9bec6820008_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 15:11

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 15:11

Reported

2024-06-12 15:13

Platform

win10v2004-20240611-en

Max time kernel

145s

Max time network

148s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a11b183094f9a76f3e2de9bec6820008_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5020 wrote to memory of 5084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 5084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a11b183094f9a76f3e2de9bec6820008_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc111646f8,0x7ffc11164708,0x7ffc11164718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,10222712677819703160,3852304097470405693,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,10222712677819703160,3852304097470405693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,10222712677819703160,3852304097470405693,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10222712677819703160,3852304097470405693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10222712677819703160,3852304097470405693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10222712677819703160,3852304097470405693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10222712677819703160,3852304097470405693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10222712677819703160,3852304097470405693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10222712677819703160,3852304097470405693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10222712677819703160,3852304097470405693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,10222712677819703160,3852304097470405693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,10222712677819703160,3852304097470405693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10222712677819703160,3852304097470405693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10222712677819703160,3852304097470405693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10222712677819703160,3852304097470405693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10222712677819703160,3852304097470405693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,10222712677819703160,3852304097470405693,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4104 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.9:443 www.blogger.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 apps.identrust.com udp
IE 2.18.24.24:80 apps.identrust.com tcp
US 8.8.8.8:53 ads.exdynsrv.com udp
GB 142.250.178.9:443 www.blogger.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 js.foxpush.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 89.187.167.3:443 ads.exdynsrv.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
US 172.67.73.22:445 js.foxpush.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.180.1:443 1.bp.blogspot.com udp
GB 142.250.180.1:443 1.bp.blogspot.com udp
US 8.8.8.8:53 ad.a-ads.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 syndication.exdynsrv.com udp
DE 148.251.13.139:445 ad.a-ads.com tcp
NL 95.211.229.247:443 syndication.exdynsrv.com tcp
NL 95.211.229.247:443 syndication.exdynsrv.com tcp
NL 95.211.229.247:443 syndication.exdynsrv.com tcp
NL 95.211.229.247:443 syndication.exdynsrv.com tcp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 hayegy.blogspot.com udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 3.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 24.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 247.229.211.95.in-addr.arpa udp
GB 142.250.200.1:80 hayegy.blogspot.com tcp
GB 142.250.200.1:80 hayegy.blogspot.com tcp
GB 142.250.200.1:443 hayegy.blogspot.com tcp
US 104.26.4.93:445 js.foxpush.com tcp
US 104.26.5.93:445 js.foxpush.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 142.250.200.1:443 hayegy.blogspot.com udp
GB 172.217.16.225:443 themes.googleusercontent.com tcp
GB 142.250.178.9:443 resources.blogblog.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
BE 2.17.196.122:443 www.bing.com tcp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 masrna.com udp
US 104.21.64.43:443 masrna.com tcp
US 104.21.64.43:443 masrna.com tcp
US 8.8.8.8:53 js.foxpush.com udp
US 8.8.8.8:53 122.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 43.64.21.104.in-addr.arpa udp
US 8.8.8.8:53 www.masrna.com udp
US 8.8.8.8:53 ad.a-ads.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b704c9ca0493bd4548ac9c69dc4a4f27
SHA1 a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA256 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA512 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

\??\pipe\LOCAL\crashpad_5020_ZRERJKCEGJEGCTKE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 477462b6ad8eaaf8d38f5e3a4daf17b0
SHA1 86174e670c44767c08a39cc2a53c09c318326201
SHA256 e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512 a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 09803bdd90c3fbb7294d89758e2f1f9b
SHA1 fd8fe948ff121d0d76aad78524a567acebb928f4
SHA256 0a0f81c38feaa952298d9f4ad05acfe26aaf1fa1d7883195156c3b40c6985506
SHA512 4367ab97e2a8a473125c6d28969c137750b053bfe42df961d60347c158b7a018fa0914ea34072d1ce7c482822fc57129f0fa234105b1792c677a19b2afe47b7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ea33a15cca7adb492bcbb933037e2a15
SHA1 027a917f80e2d95cb793db1f4c463ae43212f3d9
SHA256 9e65c7d1174c28f98aad509fe94ac6403b43fa8e29cc603f306cee22c80455eb
SHA512 36d657b19f1401218a4a2297b51a61bd63cb63114dec634af0c999eff5cb0237f60fe3b4f0066e84e3ff547f59d50093d9a940b0b2938359b1b8359abec6600e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 34e7083b543376f791656b913250b572
SHA1 b781f1ca6fd58b597c12c20c6876185901edb55e
SHA256 a801f7eb3910795d5b06db479a40001710092e3ed6ef54fb9e094ef8f9c20d97
SHA512 150d3645caa4c28a8570b705169bd402f9eee5967d472f43701b1d06d17b73616f0242a7f8916ca5b3ba01934412383db2120b0d604a12897133a50b5078a87c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 69532d4cff9766790becc68a4e44b33e
SHA1 465e926fc84e00c30e009abb807c1789f2ace54c
SHA256 b35dd7e3e4f413bc548a6b79f4869ec1ac3b4e0a7593422475967e907bcb3226
SHA512 ffafa0ec456f018b64734015ec1a624949e4b9245d098e66eec342c4c7259f390bba4bd7e251b33960ac20c2a5c6df76438915ab29859689ac11d8267a3980b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9e23e9625daf8284b2c8629be206cfc2
SHA1 3026f8842dc224a8074c29665b396b31db741f99
SHA256 e6266c5028ab69b4cd5b3f59782dfc3fe490ce62bdbe7ecfdd9b246a5235d9f0
SHA512 5890ff90ef6172a6188bb6f1b0e1c0c31f43bc48c733ac5a09b6dbaa8dc5e546c73d9e228455141783ad81d8b920867735c88da164005c2ad0bf3dba588ac619

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 923e485beb653917601d9d74ec8b65a0
SHA1 a47c96a9c194f72fb7117c639d4d012793e87cae
SHA256 fe131a0b0f8981eab80ca687f87b2b1ec0f2e325fa1b123bf587e9caca96c711
SHA512 3c2378752586976a9cb4ac3c197bc9fe4eb145dfdd6fbc36331a52c59a3924edbe58adc4fac016aa7b29f5fad8b82e4c330b064d4b0e406ab3beb448853d41aa

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 15:11

Reported

2024-06-12 15:13

Platform

win7-20240221-en

Max time kernel

143s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a11b183094f9a76f3e2de9bec6820008_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424366942" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\masrna.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 004906dddabcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000056f0d2782945154aa615b93ebabd0c7900000000020000000000106600000001000020000000e347dfdd8c313068e8faee80323813f50e0a4aa5640b877bca9b4ad2a5a1dfe1000000000e80000000020000200000002a10e970a15417799017467b406fd336b18ab40b1d47e8c6ba3f5a5c00dcbd0e900000005b84b34dca6ade5f6fd2697690d83c48cf3f419752a26e38ba3b2e210f6ccc7664214e10bda33b8eb771729e0a5e5172af5a36d08e94eb5e251f4d2d0e2665c5ca3c1261ec5829e40c6af4e24f3e1dde4cee0083bf6943120e09119b71a68b5e78b8ab24b29d09ef03ea60c2a49a636d4e83c443961ccc55e77aedaafc8067fb925c37e5bbf92a67c113eda226462e83400000003b355284a92b968ca7b06c110b0ed59b5084309c8efaa41f771565d10994b8b6324764ca9ff3f78073fab87bd3d074c643d8987c76ab0075183e68fae8623dcd C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{003B5871-28CE-11EF-8A46-EA263619F6CB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000056f0d2782945154aa615b93ebabd0c79000000000200000000001066000000010000200000002e0f4acdf7d33b1b6cfde8765a94f3bacc90471335d0d5beb0d40f6b0db0813f000000000e8000000002000020000000522697d5b1bbe95a3b8065aa0d6b93f4c3a98e3416307a44e5d24ef592fb51fa20000000183ab620e309e1c3c9c1a915e8c01d58f60bb51678c1ba8896ec5e974bcb18ae400000006cfbe1c9a6bf289a6207f16e8673382081e0decd1e7a871b141ec4fef5025402be0cd4cd42d208a85a5a826215225b49435dc1030293ebfdd707d2b13030b89e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\masrna.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a11b183094f9a76f3e2de9bec6820008_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 ads.exdynsrv.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 89.187.167.8:443 ads.exdynsrv.com tcp
GB 89.187.167.8:443 ads.exdynsrv.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
IE 2.18.24.24:80 apps.identrust.com tcp
IE 2.18.24.24:80 apps.identrust.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 104.90.25.32:80 x2.c.lencr.org tcp
BE 104.90.25.32:80 x2.c.lencr.org tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
US 8.8.8.8:53 syndication.exdynsrv.com udp
NL 95.211.229.247:443 syndication.exdynsrv.com tcp
NL 95.211.229.247:443 syndication.exdynsrv.com tcp
US 8.8.8.8:53 hayegy.blogspot.com udp
GB 142.250.200.1:80 hayegy.blogspot.com tcp
GB 142.250.200.1:80 hayegy.blogspot.com tcp
GB 142.250.200.1:443 hayegy.blogspot.com tcp
US 8.8.8.8:53 masrna.com udp
US 188.114.96.2:443 masrna.com tcp
US 188.114.96.2:443 masrna.com tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 172.217.16.225:443 themes.googleusercontent.com tcp
GB 172.217.16.225:443 themes.googleusercontent.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.masrna.com udp
US 188.114.97.2:443 www.masrna.com tcp
US 188.114.97.2:443 www.masrna.com tcp
US 188.114.97.2:443 www.masrna.com tcp
US 188.114.97.2:443 www.masrna.com tcp
US 188.114.97.2:443 www.masrna.com tcp
US 188.114.97.2:443 www.masrna.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 188.114.97.2:443 www.masrna.com tcp
US 188.114.97.2:443 www.masrna.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 962debf6fda6f65f06a5df811f4a7407
SHA1 f6257069f9287554248fb2e067271b77ac9a7136
SHA256 d57f0a30d35d94a2697ba14ea6bb57f2ad52b4b612a8fa5f37ec31cf08e40e6a
SHA512 8bd8b1e5d0a3995ec7bbd1a69b01c0c97d9cb436d803ebc91f691d0a91cb3ba429edc588de9d33bf2d2dc5dc2a1ce27f572989f24cf378d58480bad856af0074

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9cdfa46f312baf55dc86932df2d23190
SHA1 708257244d598ab155fb979c7e51f24e9cfda4ee
SHA256 fee472d2be4e32c2f85d4ccc5933b07d6d60220d8b427dc4a5cbb01e056c17bb
SHA512 7d0ab8f943bc7bf21f19024404b1a14e88a391a87b8b4cde3dc0b143eb36559af9c2c91d43998981e93c936b5e3c6353d8529ed5a49314ef884114a99fe65031

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 c4526ad8d58455fe956cce375eb745ea
SHA1 56b53582769f65a4818254db8133be9675ff2885
SHA256 c615df1973f800ba1bd39944a37f40f712030992029bfe4c731bd88e24182bff
SHA512 aacb4e3b9e6b5af9f511eca0a187696203f80f5ffac50db3ba2d37db64a3749d846a74f554ae9b4dcf90cb7e6c0096adf510052efeee7977f4005a8a5bfb5787

C:\Users\Admin\AppData\Local\Temp\Cab232C.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar234E.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 29dc8ed13c57a9f46f1f6adf7ebf7961
SHA1 92d18aee79a199984784df674a2b127eadfd35de
SHA256 656640a4cdc36b5b0fe85aedc3df90a56e1c925d7f0f255758731893b7a0005b
SHA512 bc7d6060a89eb4b0f5c445a7a32459d8d35a9ebaddacfc4f169a7d5d7e36c58b9285abac6bee272754e910b1349d56fe757c600598b930c629ed6fc83052ad53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ed27843a295dd5d9fd962796161aa4cc
SHA1 05f3871f29dd1b1586a620733a4ffd2e01bd0a2e
SHA256 3bca236932c93a507f824179f855b3ecf57e5cf20b1c54a13fb2b7d84ccb6609
SHA512 591f8c296d9a9e602e8bf2481166c488f81cb97290eab711027ce724cccb0dea1db12a0d8b8162ae146f0b4a0bcc0bec2d7baeeeaf419bdf84d4a63364c5349a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B7BAEDF8A66155214D6AA1EDC8BB7778

MD5 37208dc012a9baf51ccf1bfc5daa30ce
SHA1 cfa83e2780b5bd1c1c3631ddde0e41799e21f975
SHA256 dcb44fac8cefd4ed24594eca49cfd0b06e3188f6cd69b7d51631928e3ab4dccf
SHA512 247465c5eb444509af3b4fe0392a9a8141ee40b608a8e0b50f9c34c39f735155d5a42de78815b51d954331c8ed657f7c2aabe9c2561ab62f51127a3fab59e195

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B7BAEDF8A66155214D6AA1EDC8BB7778

MD5 5c782286e294a33f20237afe18b06f8d
SHA1 d414345fa5d0953d378ff04e974490780a6c9e9b
SHA256 6189e036332268be7b1c4510d7e01ec9f40431b47f187af446f4275beb9c70cd
SHA512 9ab5526fb99435e8a7c018739c929943bfac57a6d79b30cf80417f93aec139faa29b8ae92aa5fb204fa11891afe6d693cd7a49d42161494385d4a31d7038b0e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B7BAEDF8A66155214D6AA1EDC8BB7778

MD5 7f171176d84919cffd54ddb4b0c0ec68
SHA1 95545f831fabd9ebfe10a8cdfb8cac343e6ada1b
SHA256 93c3126612de4b4002dc25bcebea1dc7236959e75f4733a41de18f611d1ccebb
SHA512 4b442056e6720202e54924cfa87fe66d73326971b518700668bb48c5e191dabcb0e5d8e45e568edcb1dac306dd844fe94b37c0c57fe6fb89833b6992de17c0af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B7BAEDF8A66155214D6AA1EDC8BB7778

MD5 4951b45368e88cbe3864de4ebc7fac4d
SHA1 c95c3a8ab0fe1e460211045b3db11f9177060913
SHA256 13b5a20d48b1fb4ba7a40d9842638881963f37a07f8ee2a01344ec2385d568e8
SHA512 7b81d64e7da1ad32f9d5bf0b2fa2690759ef7dbd24dbba93afea14b8fc7ad1971221f87cfb6bda6ffe24b72c624f53ba22ae6b5a2ebdfdf35f8dea64e9577d17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B7BAEDF8A66155214D6AA1EDC8BB7778

MD5 09fbb9655f4f801d18236d11148c30ee
SHA1 384839ebe712d3083d33c5aecdb613c8d15ee123
SHA256 6ffcd1c98529bb874f09428a390ac0a9a45a74441be4b6e2763d725b00e0fb0d
SHA512 d4c73feb308baa2762fd7e91d87541adf0f4f1572a8a42adc9e047420551e50209e6e29fd344658032ad76184ad4b3468d9a21a7f01be277d12db69e850cf174

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B7BAEDF8A66155214D6AA1EDC8BB7778

MD5 784fe8d6b8fa13019fa19dc483db5073
SHA1 6e9e81255509fef99f5e73e28d643bcf08b05c57
SHA256 b0926c8ea9acd51e4c13324a91904a0374d223dc48c4607b426f4dceacfad9db
SHA512 5dd9f474a0ad3200521b8cafbe55b60bb774f393e4123e524f7382b4530881259502d1740bdad91f803fd08e58af763ff677da67aecda868d8e956378bf7fd1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 a4c3e4b3f212ccf9719236eaa8f728be
SHA1 e017a18974a9969ca60ca2499ac54b464d91a2ef
SHA256 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a
SHA512 c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar246D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d20074b6144054c9384ae7e3044a7dc1
SHA1 6f3ebc3e3748a82bef360405e6f852c405f0f5b2
SHA256 665bd5ef5b3639961e52bf41da9a8b4b870c770d092292dc03e36332a80bf404
SHA512 84f9ca1cf5b10a58fd6f760f57e06e458254fcedf9cac39d4a9d8050941ce565e99ba5d99cc617e4af25ec5225211e74e148fcec667e82cbe7e2b47ef0c85733

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\ads[1].js

MD5 bc4f9b451a7ded4e9628ff8192c3f8fb
SHA1 fbafb6248fc64f3806a559142a35a97ea68d42e4
SHA256 e1da8a7084d3171a06501700b818317fb9c8162945a87bf184ce2abc58e3d08a
SHA512 0493d9ed40ffa84e3ddf2d0f744676795f2c1fa1268faa9d54412870625dc405c290a35c2ba6c811a44a320644782f1b474a9d48cd53d3b3587191e5d28b6427

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\800082039-indie_compiled[1].js

MD5 fd4a61374bfbe39a8a9604b84c3b0588
SHA1 54b9ddf1926fb0a144fcefa4a5f931df9c3898ff
SHA256 d189a4c871b659aadbda08737784d7cd690dcae7e8704dd466cd3b9fa344a52d
SHA512 68c21703ee77582b9c83bdd07fde06e833681bd0b08043a7f5101300c6c953c535930765fcbdae1c762d4ce33864d86c57d3be4a018c98ce02336b23e572ecde

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\IXD94U7K.htm

MD5 5cd70d63b74c02b508fb708db6ca8af1
SHA1 6b2e547dac5a382a63d076426730494efc53be66
SHA256 b16cb5de6215b9f499811f8da2be2d7efa607472af3ffc5564461b5eab84ca21
SHA512 7456f81b1f9ad308a995c1890f6a568b5a36774ef8dc38d5d20da2fad6ef8e5b874a052cc3e42c3775c05f1d2d9dfe58efcb8079152e9e7090e9901c1d9ec52b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\1-2-357x210[1].htm

MD5 fda44910deb1a460be4ac5d56d61d837
SHA1 f6d0c643351580307b2eaa6a7560e76965496bc7
SHA256 933b971c6388d594a23fa1559825db5bec8ade2db1240aa8fc9d0c684949e8c9
SHA512 57dda9aa7c29f960cd7948a4e4567844d3289fa729e9e388e7f4edcbdf16bf6a94536598b4f9ff8942849f1f96bd3c00bc24a75e748a36fbf2a145f63bf904c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37dc531952bd58758c089ad4637f6118
SHA1 260e846db6f0c93b324a53c20e88d717bfe8b8b8
SHA256 021b5e65983d4b20042802689939009417715d72184ddb2e945dedb100d3e230
SHA512 a603e06fc764d4f06d0b8902a647cd3b4a148cecf4e2c02a0bdd5c685f01d5b29645d5bc862dbfdd5fbc593ecb0f05e3909df8dca168cdf188626d0fab1edc8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f84df909e50f54d85004ac3d9625b093
SHA1 8e270cbd9f7f159c097e8e199650516d451285dc
SHA256 c8376e7ffbd623126a4783933387f7b8a11626dfad10d3ae255b88d097d53cfe
SHA512 1a03b0222ab10b673713fe14d644f165bb9e16cb148c7f51fb7cf0216fc8b3c266824074ff95c42bbc14f2e1ed0346faea668d7d8df0cbd563835518a5aa6249

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b8f7a9b99092f08cc7dffc0c5de64cc
SHA1 03d3edd8d813a763ff480750541c590c16eae3b7
SHA256 59bca7c57137bd22c9687752b7b20ce8d69948b0acfd5e38415ad615c66fb247
SHA512 3ffa2cd81dc23eb3d79118dc3394a87e446688496f0b8283dfb62283f3a685d75366b9156e15c6c6f96672aad1a02071897a41c7b516302774a56ed16ab2d1ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98fd6e2a7425395389556f07dead4755
SHA1 8950a7a15341a9b7222fd3593d7a130ec51fde6c
SHA256 26f135ffa0c7edea256dc5d5afdaf8d2996e5aff7d1c3d7bda54ff2635cc50bd
SHA512 694959fcbae6228acbbc607df715ded77543dbaa94970d355df224f6dd94ba08d5bc9aa8d5bb573172505c60d7fd17769c127db6b4cd39fe1b200230a2454382

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 410e092a7195ca4dd96c988d1f20f21f
SHA1 27a60f794612bbdd9f5eebd5a7fb7d8476283977
SHA256 0bc23cf9fa43f07cdbc42a4a3daa9ad26aadbf929b6d315e05b207bdfbed269c
SHA512 911cdcc2f98cae7a2b0d77eddcd0c7b458af01db0d574ae1ca448f6432e6bfd470c2bb9cfcea95b70606eb4b6a123830a4dcc897cd46ab08ea03b26ce80bde3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a03b4a6ec3cb71af3acd4c8067b5572
SHA1 5189b61847dfc93e54fe760e7e3e0a967e5fe169
SHA256 975e56500eee6f315a1837210295bb49b5f1e7b95d7a40a299d23f2029e98412
SHA512 83dd3ec4c5f8d7da4edd88c45c980dfc92e1eb884376c2823fb008679382fcc76ac8b0b4461a6699fabcc7094f23cb74f6afa0177ec905d9959907137b9e3674

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b0d5afde0fc1b7409343bcac52a2a2d
SHA1 63022a5c9cbd14cddea662b493218a2af0ffbf36
SHA256 ed443161f5cd0f4494215f92c1c2730d1f72ae6cbde4f00a955b0feec9f3cc17
SHA512 c805beefc75a6c8eba5834a90ae072136e93c7792fa4c5933ec4f1082c6775d7fc19e052c04fdc840c544c35f647f4ccf1cc14a899366aa611f9be4c9274c74f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae7c9eafb6727f579aeb2915451e98f0
SHA1 4ee3e452b8ec914ed8aacdb5049857f6665cd84d
SHA256 4d288bbf5a121ec47677a4600db0f1e64963d02e793af4ffaf3e529f968905d2
SHA512 a8097c3d117da3d315a29d88ab1080e20ac1829d4587655ed2e552646ad51d1c019ac3a82bb1b7721e49116ffdc12278b18f8c9ab2e0872e6ff67504c1c758d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b81f94c33a06c4cdad504e823f620b9
SHA1 6220b0b33197308087d8137f20ae7540e5046b01
SHA256 9c8861dc6517e7a717811ee337f1c7fe32ab08ba088b9ba5a65a7701ea32c483
SHA512 d0d1b89626e919731f15ba5cc11085fb83240fe6f1732746b50e98f09516479dc41293301da3134784fee5bc2d8f392b22eec2588d8fbc194146631cc40e0056

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 171e57d6bd11b6cfae83ee148a7e0cab
SHA1 97cd25a5006ea8a600bf3f22a301af69b07747d0
SHA256 c912dace40038c1513a084d61ee225dd9868ed8aa3f93c2baf8518fd3ac38b7b
SHA512 070155da509fbeaf0cf9e3ee643357297cab0d87d33f6abdfcdd4c74c3aa99c8192e87d90d6065e4cad2c83ef2e89d5f461d2db87705ae8f8a2642fc911d4474

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b93f0a9c2a0a82368166c4c53ffd05c0
SHA1 0e6b68b53fe936c403056848eaa2a532f58f817c
SHA256 57a0669e806f975bced11edda8b97cca7e675a4169520f156206dbf1eab4b361
SHA512 c21b1a495ca5c80f81e08f44a4be90712145f06de2b29b7e6d264f4bf0c634e33c823d99b33f49011beecf26cde1b29d4b2748cd2d415bebaeb1485c269fa692

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 c5707105b648de7957684b94a1b5ab71
SHA1 80cdccd79d012abcc83f210653854f2c0c628fd3
SHA256 630512be5deac46a392bf7cb2cca916ef0bf0276f92730dfdb29bf0cadc05785
SHA512 91c10d6570813fbdb8358e62d85c4f28e0b742c07da20cf592a344f5171c5a6833eb62c73ab21b71cce99fa8a32ce80eca0da9aa6d43b9179141747c16b2047e