Malware Analysis Report

2025-04-14 03:55

Sample ID 240612-wxkkesydjq
Target a1b319d7da978e3f2baaee9c11cd534c_JaffaCakes118
SHA256 71192d1e9c6c97a3e05c3e0587fcf899d18de3e6884eb7e1d33fa7e3a1a823cd
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

71192d1e9c6c97a3e05c3e0587fcf899d18de3e6884eb7e1d33fa7e3a1a823cd

Threat Level: No (potentially) malicious behavior was detected

The file a1b319d7da978e3f2baaee9c11cd534c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 18:18

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 18:18

Reported

2024-06-12 18:20

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1b319d7da978e3f2baaee9c11cd534c_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2272 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 3408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2272 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1b319d7da978e3f2baaee9c11cd534c_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf65046f8,0x7ffaf6504708,0x7ffaf6504718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,17773045541721988780,4883230907703717757,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,17773045541721988780,4883230907703717757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,17773045541721988780,4883230907703717757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,17773045541721988780,4883230907703717757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,17773045541721988780,4883230907703717757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,17773045541721988780,4883230907703717757,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2916 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ui.hub.toocle.com udp
US 8.8.8.8:53 china.toocle.com udp
US 8.8.8.8:53 wcg.nhklg.cn udp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
US 8.8.8.8:53 ui.s.toocle.com udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
BE 88.221.83.201:443 www.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 201.83.221.88.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ui.b.toocle.com udp
US 8.8.8.8:53 img.album.toocle.com udp
US 8.8.8.8:53 31.toocle.com udp
US 8.8.8.8:53 china.chemnet.com udp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 180.235.65.12:80 31.toocle.com tcp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 180.235.65.12:80 31.toocle.com tcp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 200.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56067634f68231081c4bd5bdbfcc202f
SHA1 5582776da6ffc75bb0973840fc3d15598bc09eb1
SHA256 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512 c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

\??\pipe\LOCAL\crashpad_2272_EXQBRPUINAWAKONS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 81e892ca5c5683efdf9135fe0f2adb15
SHA1 39159b30226d98a465ece1da28dc87088b20ecad
SHA256 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512 c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8db93660-8cf2-4657-9f9d-3735ff0eb6f7.tmp

MD5 229327c7ebe2cbcd28f5727f11ed125f
SHA1 4d05b3f663f3e7b46291299797b17a23e305af7b
SHA256 bbfa03ca87cf7dade8c83ad5c4471cc24b1dcc704c4250e652a0c7630d3c88c5
SHA512 9c6ac14f990aa981303f23d73d607a4aacb6aa690e62c402c964fca7881813f66c2f95fbe31d65c7ee39284e080cc98182956ee3e30c00be3983628e6c2be936

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7abc9beb5fba914c8e9d26a4aeeb7565
SHA1 16247d5272648640dcb3ac05bcf1b7f8792de1d2
SHA256 e0ff1c7cfb395710164ebb44fffc618b12ed2d232aeb4e4c5575ecd057049fdf
SHA512 696871b055543173e79834928f4d755381cc7b237d60b72fdc0c268e4108950a007f8b0b000110660094e7d52ed1d4dd8be5c9b844e66d7e3824d005277eb0b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8fc4c2718258f7a36d79520ccfddb463
SHA1 1362fa68152c0f79170df3dddebf3fe05c8d247a
SHA256 69d76f796ae437dfe8bfb38086282813f6fb50d8dd616f728926b38ea2f067f3
SHA512 d5e83c55bac0db6c66bb35c399dcada896bf9f883bbe38513c60e977b9a1706912f1d7c319e4532add025d4bff6c49eb0719dc117c3a06d76a500ecf4535cb02

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 18:18

Reported

2024-06-12 18:20

Platform

win7-20240221-en

Max time kernel

135s

Max time network

136s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1b319d7da978e3f2baaee9c11cd534c_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1C4D9951-28E8-11EF-93CC-729E5AF85804} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378152" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1b319d7da978e3f2baaee9c11cd534c_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ui.hub.toocle.com udp
US 8.8.8.8:53 wcg.nhklg.cn udp
US 8.8.8.8:53 china.toocle.com udp
US 8.8.8.8:53 img.album.toocle.com udp
US 8.8.8.8:53 ui.b.toocle.com udp
US 8.8.8.8:53 31.toocle.com udp
US 8.8.8.8:53 china.chemnet.com udp
CN 180.235.65.12:80 31.toocle.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 180.235.65.12:80 31.toocle.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 ui.s.toocle.com udp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 180.235.65.12:80 31.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 180.235.65.12:80 31.toocle.com tcp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab19E9.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1ACA.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a969db1272d2408f4b42a9b919aa4f7
SHA1 a3c7f0f29df5f1922f88260e6267dfed66c4f6ed
SHA256 524567bf345acbc4864a4788afbcb3b4e27e95cac4c5e35d7db6bf64613c1823
SHA512 b316089a4e8b587a6fa005c66eef6db2d227be98dc98b25bbb177b481a754f0b6767647da89ed1e19a9fdac93f9390f0b26fbb2c85eddb520137cbdbd2f6daba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c5fb9a0b2b6d08a8eb5b91af7fde215
SHA1 6c36d720ea66ebe551bcec45e9e493644551d6c0
SHA256 e73e880c90be674518c1b8483c42003f9f31315316d40c220f2ee008feed03e2
SHA512 0d668e264eb4f51f59f36de31e5713af33c6f118c345e1fbad0bd3a362be1345722f7b10e93f3c90be56ceec0b727c5b8f178ab55d7add9f5a6aeb24c0fd7cbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8467a9b4788568705c074b8ba4746ab
SHA1 308d37c7361834faba01f64030f3c7406a9909af
SHA256 a8ed0c6374a3b8e94c879590aeb47eaeb08d51a218a90b1036a4c193ea56cd38
SHA512 84c1eb99d5178662e754ae5bbdd9aec870a66ad4af602360604f4c9bef7813d1e986080cd33ddd224bd6eebbde9f883d3fb3d9e56ef7027a97bf29dd6688cf31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6ec293d2a7d5750c75927b37f26e2cb
SHA1 910f6d9c710dc51eb6f08e8514295bfc4bcc3177
SHA256 ffd251f3b917f8898ae6ef7ec141c4c2084d9adcfcc8e197b966e41b306fa7c8
SHA512 465a8567d0004b0dba7f68f8f18407a25ac583ba269f08b26cee999141ffa32a232cbe3b71c42d09dba00dc98f9a28dee066542ca77feaa2f8821c2d70226229

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4141fef9f4738a8390a2041400c54d2
SHA1 f250e7c573275306d5b89f59c9aa919cc4a9931d
SHA256 c73311fbebf14fd07ed685cb97792beec544a9c0e546b0cf5b65d0752a236c2b
SHA512 6f9bf75400601fa97d3cbfe74ce819f1bf4a6c5cd9b586ed4ceaf15f410cf95116e349147958b671bb7c144141a068ca91b0f47951cbe993ce22dd215f121704

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15cb9b7e0c7f21532d155e6b42d3ccb1
SHA1 8df742dc37ac54e39521e8acd7e0b267cba2e190
SHA256 5614bf5d0be5dcca57850bce14fa02b0fe26812bb699947a8e8b8ef6c2e97977
SHA512 3a99eb09f38faa43c2ffbc81cd126bbda320ea6d5fe2018c6adc37341444fffc899c202d6c48f62c9f096ec17686e9b06fdb305dd66a5b9a6fc3655d9329da3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a5581d9a4c04567fa5834a382e828c3
SHA1 31c9296941e88d642b7f9677a5b3b062b9f6ab8d
SHA256 835a0d14f64853db3b7b364ed116dd6e9b7977b1c3d5456d2ea128d74cf7fc55
SHA512 bd9c841e2d167daa2a41b75c4352f8830c04ca918976c09f18d9b3e01cacbdf1b40dff9b8a9e22a4c88deb5693b4453fcc268404b7e4c5b6b50b2e1d425cdcce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b289b71a5d710c8677b40e6a825fb754
SHA1 ab67f16dedd2acda29d3d81e197d6f95bc35395d
SHA256 a397724467926df18131e2ad8c4c4e1c0e36a7eadefe62658f031e6fd95f30ec
SHA512 dccd7d02294435eb323463873c8c4654384a9cfca69d4ff0f9c3ef8d555215af4856e6bdcad55750bf07ffa8263aef5fcef583c499ce29ace747880e8a37f9b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac1ae835fe3969befeda1a5cfd609d47
SHA1 dd905fd4d975619c3b00ffdd12ff721002aa111b
SHA256 1f572091d9a0b7b66bf57c8103c63abbbc2970ebca2010178aa2e721e8259baa
SHA512 3626a33ff1c5a7c0a81b00ac3319db866467489b5e71a5b6ed0f21708d8b8d478b27299e9d484801ab7d844e3b045dadde4b782eb211b5bb53e5e4555383770d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d424843f6cdd9e1904dcf5d027dec8f7
SHA1 13c79fcc5172007fc90286b55bd9135c7f4155f4
SHA256 2975b84a87119bb2f0bcf4b21b9315fdfefb25789db01856325106927c8039e9
SHA512 2bcc05724f8605580e894ddd9b503bf98a703a560eb706c138deaaa38bfe05fb7f9e33b2c25c560884feee205e2b3d03ee146738bc8bd3a0c10ba3b10339b7bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 837ce6956ad4e08e962c69b6aa1fdd40
SHA1 418ff2e14de4014e2ac186379ae6001b16782f42
SHA256 34e72b6a8fad26f095a81d845811a6b4c67d11e1c90d620eb5255154660373e5
SHA512 b6f47077baee90c786b565ba1e47aa1cc4ba9517058da336894188a0c4690d33eb332ba2ab70a5db347a39fe1a67b50f81b661a1f5c1df063b74bd1420056ba5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d751f298d0d58f7c5b7acb0f549a6cf4
SHA1 5a0cbd7de9c16a099b2ef05cb451377d8819a93c
SHA256 5fd76bb79a00891c02a02158418ffb4bcb82fa5c7667aa55f2baf8118ae0b455
SHA512 bdc0a08f02d8334d35eb3bfede9f586e23a62be5245a4fc3ba66c71458a47e4e15e6da49d6814a5654390b0f4da852cfa3c2de27fcc3377d0c2006a7ee4ec76e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8caaa3600dc9893eda15aad78223df0f
SHA1 03bebee083ff58c058e5e3d64fff2aa264a542ba
SHA256 a901889a2d697d053c50f2c8464605e1335cd459d972ab742d5132f9e32d90fc
SHA512 39b648156ea88a2d79753d05c21d815b90afe0761b05aceb1432ea918002c17c06326dc37af4d6c09c7c1d2a658e91b1f9d0f6021b2205a74392c3d8f0733cff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24e3c1a9a84102afa20bd628c25ed1d8
SHA1 5f170045cbd2d82ec868341e792bb0c841c3d615
SHA256 24573912bb21e75313d5ee523738560b9febdb9ca01367d7e62f23cc7101aa7a
SHA512 30364227cb30870153680b3b24a4cdbaa652adca268ae4db03c1a171274a87e947b5405c96bffea8a67d71060e21c2dbc4ed1ee147457cedf282342d76b003e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b275d2ffee3ed7668afc9f3c4db47690
SHA1 97964f8ff3e19637cc83deaada4dd9a179725a69
SHA256 1149c23042f0f762e4b13bbc192dc817b511292ed273bfe4ff88403327a5fef8
SHA512 b2601170bbe578c8d366fa478d8d65b035881b27d0ac03947ced75fd659ad8f25759d4d6e8e8905e384ca2b4ac5441d663cdb6470c942bd5ff2894ad8070454f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95fef775015a597bbf267db18311c9c6
SHA1 6190b0ce5f01c8fb2363980f2f24d52753f8f6b4
SHA256 8766cacdcf5e739eac1c47445ec639062f3840777e430b277537769a3ff7ec9b
SHA512 78eede78ba313810251b4ccb2bc0cdc168a7e01f246ac18ae6642ac76669bb885d8b827fe88504e5706d3f25cb7455a16ec0119bab62131b84dd9fd7f175fd22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62001f37b7da8109bacea24f921798e8
SHA1 07fab1913cf7254182857e13985d07aa1479fb27
SHA256 8f4c0c7ba60d3a7653356134cb6ba1235c3372f982e08bb349323aef9eb8c706
SHA512 3d30de1f2c33b62fdfb8da8d5e945193186ef090879db5ed2590dcd495588faa1ac52623edd3f82f6660012060093166c1974357c88b2a10bd16a9afa7b0ac6a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a1a0b1bba1d1ca0b5cdfa4cf30b8255
SHA1 38862df2a847c7dc4e5cc029b0d4ff484fc66df5
SHA256 94552a3f33dd6be8e7d4880bf4ee6ae027dd90d3bcfd96a8a2264b5fc098b708
SHA512 c36976f0daf2ffde453b3d7f525c543cdfdb572c5b155b317a4a9640e39f16b410339e44fc179e94b0b787c1cd8f6ba0ca12dc269d571d15b33ca65d559609f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 392dd0883f43e94d9a1167d2d38e84fd
SHA1 18af127eef6f64f1878a113b8d946b268bfd72c8
SHA256 2f248092124fc0cb0e0cb816d9b69c4f5ecc22baf99f4dead71a1a3bb4d22f66
SHA512 9f3c5b5f818963125be40f9e96254fbac300339adb8be9cd9f1bcfb42aefb1243be4d8d81424e437f4716384568be187925e09f3bae37c967c2a807fbcf42ea1