Malware Analysis Report

2025-01-18 01:09

Sample ID 240613-g6zcls1fmn
Target a43121192c9a7498c51e1b079f808028_JaffaCakes118
SHA256 45d485ec00b4818b28ae7261b4f863d617f78b8bd3e4bdfee9adda3ee142a2e6
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

45d485ec00b4818b28ae7261b4f863d617f78b8bd3e4bdfee9adda3ee142a2e6

Threat Level: Shows suspicious behavior

The file a43121192c9a7498c51e1b079f808028_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Legitimate hosting services abused for malware hosting/C2

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:25

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:25

Reported

2024-06-13 06:28

Platform

win10v2004-20240611-en

Max time kernel

145s

Max time network

139s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43121192c9a7498c51e1b079f808028_JaffaCakes118.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4916 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 3004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 1412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4916 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43121192c9a7498c51e1b079f808028_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa405846f8,0x7ffa40584708,0x7ffa40584718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,106641042131198858,10097698673584132291,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5208 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 keyrom.googlecode.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 sites.google.com udp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.200.14:80 apis.google.com tcp
GB 142.250.179.238:443 sites.google.com tcp
NL 142.250.102.82:443 keyrom.googlecode.com tcp
GB 142.250.179.238:443 sites.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 82.102.250.142.in-addr.arpa udp
GB 142.250.178.9:443 www.blogger.com udp
NL 142.250.102.82:443 keyrom.googlecode.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 216.58.213.14:445 www.google-analytics.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 www.autohits.vn udp
US 104.21.68.246:80 www.autohits.vn tcp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
GB 216.58.213.14:139 www.google-analytics.com tcp
US 8.8.8.8:53 246.68.21.104.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
NL 23.62.61.137:443 www.bing.com tcp
US 8.8.8.8:53 137.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:139 connect.facebook.net tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 widgets.amung.us udp
GB 216.58.201.110:80 developers.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 104.22.74.171:80 widgets.amung.us tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 t.dtscout.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 whos.amung.us udp
DE 141.101.120.10:443 t.dtscout.com tcp
US 172.67.8.141:445 whos.amung.us tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 171.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 104.22.75.171:445 whos.amung.us tcp
US 104.22.74.171:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 blogphimhay41.blogspot.mx udp
GB 142.250.200.1:80 blogphimhay41.blogspot.mx tcp
US 8.8.8.8:53 blogphimhay41.blogspot.com udp
GB 142.250.200.1:80 blogphimhay41.blogspot.com tcp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b704c9ca0493bd4548ac9c69dc4a4f27
SHA1 a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA256 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA512 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

\??\pipe\LOCAL\crashpad_4916_IRCIKZGFGFELWSIX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 477462b6ad8eaaf8d38f5e3a4daf17b0
SHA1 86174e670c44767c08a39cc2a53c09c318326201
SHA256 e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512 a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ba895ff364553e42660b21f7e3c6aa91
SHA1 13c6666ade63cecd0b5b7bdc0acfe91e4c95bc1e
SHA256 53db09b8750bc8619d9f4cc6b623d2792c732469d7786f0c61a1cb294c6cda58
SHA512 7ddb0e0b37887142653fc8c87e4cdb00a7dda556dc3dd82b97e0f6408e3dd8f9b04b564a2c8f152c182653d52220b3390971ede94187627b59eec1720f6b9b37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 899a373f90fd8f9c610346d02c5d6163
SHA1 f5651bae0b65e402a58badcd8693cb2e5751be78
SHA256 f9f1889e7012cd64993805d31c377e072b325ce896f5f73dfb801d339e54fed3
SHA512 e5b955740b8f49564c49674306ba6a71adb5896b431de38b657414464eb3ea2a6cb83b00df7c31c28072ba59d36d7c00e2cf075b0c342ce5fa1dee2ae552c3ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 99b3392456d4bacfa854547d8d4fd589
SHA1 8bddb0de0bac7b366330f9e8669baa8a76b7710e
SHA256 807c77350e21c195eac61a88824b3471d3d508fdf4995fc9076b1f8ba4ae3ad9
SHA512 875ba03db9e75f5d6993e54f46090b100872a2b3bbfbebf1baa1829f34f8343c84a0ae3321313122ffb8d6296221dc5fd3b60798911ea9f5a7d3f86cac48d455

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cd38a540c01416305bb4a8328ae33ba4
SHA1 eab66e45e122268e592780db186df171a5752afb
SHA256 205d214094552e2f47622d21879087cab0631a03ea8596ba8a7dbff5229b3693
SHA512 87d63d94b087b7a7614d240d28e0e1eb662567f1747288cb6b8cb3bb66a975871685941570e78b08e57dd626b10fcb7ffe9b2c311a9c8ecba7216e6d5d49a550

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1acfca41acafdc4d9be11ae70151ea50
SHA1 910c726e770083ffefcaa9a8980089370f0601cf
SHA256 8bc05a3b2ab9dd692f6a70c555a81b4905e180db1e7adc6b2835bb16fb5102b6
SHA512 03fd4d2ac7c1be66e56a8525ec135adca2fc1989b5557384d135898d7359232f9b7240d82440c877e2fc8c4a2e2710a62c28106ce847ad64cce5dac86a2f2842

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5812f6.TMP

MD5 411ad4f7ec2837f97993fa2699a4699f
SHA1 d472b45f371a57302edb3982004b123ec16d9a1e
SHA256 745a80240456358d86e5aa66ee0af57bf1cc09882016cdf7d4f10af8159741c4
SHA512 04dcaf9441d5fc9427f1af3e8d9f551eca45670dc5e259ebd5e4a9be4a01d9772d9480b2b04e1336192c723752cb7669dc365957822e687e81be17b9b6b8b5d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5d168d3129b13ac9ea13a8aea6a5d455
SHA1 07f1c7445bcc7c1b796397c157ae6b6b743fa726
SHA256 0b7fe0b7072e29e71d8acf8c6c89e6636c7920f1cbeca6757edb04d007dcb80a
SHA512 72b5512709e60b8fecd5d0e3c23616b9cd26011d35a5f9163dd9b59bf16ff13cf40fa0f62e3e0a2aabb74cbdd444244b3dc8fca5625afe0c5a3b17fe585855cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e660073180d8c10ad808771430949140
SHA1 9f918a85227c0f2972c6c63e9491679cbaadb993
SHA256 ccc02b7b160a38fc88255d58f93e4565c7d9529e2c23928f3dd2fee608e7fc1e
SHA512 c166108bc7b0af3c21731b13dd3eb7595849e14066efd509b0a915c8975f52dc297af395e6edcd44164cc76fa97ffe7be649a498d8edcd33ef01b3b6fbc34483

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 40371c250b30064df2351289c3ae6fea
SHA1 a68c46191f689462c8d3a10a72a9f8d990483270
SHA256 6c20ef7e788994f16abef6e919533f0a6142ddad5bf1075e969a71dee90d8883
SHA512 493993813c946dc25a3bdba54cfe2388e9d2fb886be72a5715fbf5143757a7cd1d087859ede9d28ba2f0760fb8bd418a315925d702e47cc228b16d2b9178d1fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 e1c71f7c04be834f5587230db2ad24b3
SHA1 f3bab9cb99d9f343bf7ed3981aaa7450515d2424
SHA256 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899
SHA512 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f9bd18e64a9739e662dfcaca22aee011
SHA1 6fb1fbab45624a944a170cef1ac7555038daaba5
SHA256 f7443a74a4ed991ad85fa20236dece1ba8670b98619aaec648a73b9ee31e50a6
SHA512 8b938e0c2878f489d3bbb48b51ae73f4bb2e795570f5b5ba9465d097c415e1a173d4d63e945ec8015127a7a252c1fcedf2ed2f945dcc8e5bc7e3dfb5bd44f1d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6552b582ecb08eaaae030a3239bc3c66
SHA1 95b6a6036036a63427b2a0faedb6081f095cc1de
SHA256 040ab5dcae10edf8d848479d6b9d03f706a2cf0b127fc98130f4f2d045fe2329
SHA512 d21f721b538cadb59a60f65551968e583427813b4f707be629f29ef238099e4bf59b5ab0afa30d0927081e26c2f020c3f248f93eec4250ad50d559ab20277987

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0fb56f266c4bfad35b42955bbed2c0e6
SHA1 72500382de07ab9d384e71367d59ac5b2571ee6b
SHA256 7fb1df35f910975614128c7009d518be7dfb34245b74d8b732f8bb962b168b43
SHA512 f099f81b94553cd18091280a628331bb8320d413c5e1285279b8e15f95f8cfb48be4eb075bbfb41b4594bf9408c238f892d29abc7239511d719a780b6e91dce0

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:25

Reported

2024-06-13 06:28

Platform

win7-20240611-en

Max time kernel

142s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43121192c9a7498c51e1b079f808028_JaffaCakes118.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C535BA61-294D-11EF-B918-627D7EE66EFE} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000b5588e0ede91a4984f897dd053d03bd8c889d19d35050d211489bd7e6d99a9d4000000000e80000000020000200000002ca91e6defce6205d354798fd800673ec8c7d873ccea5d980c87d8fa3719892e2000000030eba194dc8e597f2e9487aed7d6f54a31afcd2bffaee3e08a13f4dd0a69cdd6400000002b1121b1e0580e66513211b910daa8c90898bc21675741785c51f44b342cef3d1c2241cfd08509dac2722c6889ed471e5cbf39101cadd42b7bb1e86f8d7d3704 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00735aa75abdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000796f897bf0777bce00594e189f15c8e6d778e2d09b14b85fae093d168fa3375c000000000e8000000002000020000000233fd02edeebabe53bfa08d1e9429efd1598c32f9df90c4d6e34b01738cd1dbf900000006132a6a946db01bc623fd47aba41c4074af39028408278a5463b7f2aa425fba8ee49c09f32097c0bcef9d5a1bb1fdc27f75f12ba02d2f227b12fc025c4d8917bab145698c55636e342c32e6072ccc28562c43227812aec3a71ed183e248521373fee90792568b07d7ceb110a9c2c1c6ed7803323b9404cbe8713b00f1e4a8936ae542203ecfbf4852199e73a8b20136f40000000a7e269619277aa3a11717b6c11766c41b82fb7809b8f896e9f2d94243fb2e8f411bfe13fee2852c8dbf9e4efde0b98f3c0cb26dc177e54150ba36a21a14da903 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421816" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43121192c9a7498c51e1b079f808028_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 keyrom.googlecode.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.179.238:443 sites.google.com tcp
GB 142.250.179.238:443 sites.google.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.200.14:80 apis.google.com tcp
GB 142.250.200.14:80 apis.google.com tcp
NL 142.250.102.82:443 keyrom.googlecode.com tcp
NL 142.250.102.82:443 keyrom.googlecode.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 www.autohits.vn udp
GB 142.250.200.14:443 apis.google.com tcp
US 172.67.200.130:80 www.autohits.vn tcp
US 172.67.200.130:80 www.autohits.vn tcp
US 8.8.8.8:53 widgets.amung.us udp
US 104.22.75.171:80 widgets.amung.us tcp
US 104.22.75.171:80 widgets.amung.us tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9acd70edd90b0e4931d5a13327bda224
SHA1 881cabea7c402e5f19c425bf4577f4b108e459b6
SHA256 977ade7fe5377a5ac722608ad719546f861fc47ca9208d1ab7897b1b4f53e58b
SHA512 e27bb184b0f567c4fe248934118657ee01cfdc538e9db5cf7b4cf6ed66268bcdf92e8051077bcdbefaa6cd22e6a84960a566422f40e5b2d4961d425a8116b0cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 0e28a971ced07086daea092c6f479b8a
SHA1 8bc0d0c3eec7311f3893b3cfb50e87fa037687d9
SHA256 111c848f84e06333f28264b27533647fbee3d8844355bc852e7ae9b47c6a12b8
SHA512 ef6ab0e908308a8d1a07302021ecf243bd690dbc6d1e0dcbb04a1ca4f7ab846739ae97f3426daff2f45efc29f8147c529155596ed6d0ccede118ab6330b041a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Temp\Cab5312.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar5315.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\plusone[2].js

MD5 53e032294d7b74dc7c3e47b03a045d1a
SHA1 f462da8a8f40b78d570a665668ba8d1a834960c2
SHA256 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2
SHA512 fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01312dc0393d4a9d98cb757d7900bc29
SHA1 5442e1df816bb71c864441d2923dbb499851e9d1
SHA256 96ca6d22bcd0a058e4fbf9ab942f09e330c046cbfb69047197d7f1ba9f94e134
SHA512 fc981128ed19615b12bcc57a5bc849e55be2ff82bbe293e675b4c03e895fbd53daff3d0b0594541f58386ad1bd9ebd384c540cf12dc26f75bce935780f60dace

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 371d94d8ef553d09d6f771793b55ecb9
SHA1 e624905584cb2659598a9812f2a3583b33d216c7
SHA256 7a5e5cdab87dcac00de69045c2b53db633241ca869808ad76686f65c4acb767f
SHA512 c1a3ac5aa8dade93be556413056705003be31bbeaa49d65102005dca62205f19266226681f00809c562e6a012702a0318457162d9c6cb4b03f3d3eba5e62632a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98e789eed644c206a89a9cafc296d983
SHA1 97e36198c98d02cf210c1aefc798ea64ed7f25e5
SHA256 23057a2c1a6d02bee08fefbc0daee03232555deee53a39dd714f475300143650
SHA512 2259ca76bdcff1209b836be068e0a17ba38affd5a2e23e000135790a4402202875ce7a7f09307abde8b55cb47000b250b055951362823fe35bfcc6a8a0642a05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9115d16243df3eaface43d2b9df1a6f7
SHA1 4f742fb332a8c10f828373f58c14e0db9a4b0bd1
SHA256 7e9ed5d5526b946d32756df37454b1e56d3d8b958480e1fe1f1798b9d729c12d
SHA512 f1bb74c7a983e70af9546515ee9a7275e14b0af9003495dd5ad8068e093a44f53d6f8e123d5af18fc21122bf1a39bf112f945c752cca890b768e9da932b4df43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20075ebe18ee9f5b4f09ed23c25e63df
SHA1 8509681951d0f9a9b1e2b65b7aeeb0f563c2df5c
SHA256 6e7a3cadcbfb1c3e10838daf93666bd1045818e5233dd77e3bad7f78fde3816a
SHA512 40b53ad9777f5ecad44fc10ca482c9d25210dc81fe194a2179642ea3e3ffb9c7e9d72626ba9e4ef60f2f9b4b9daf2c7b068e32b0c0133a2ffb72684c2ebbf565

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1714c794255530b8863c089207d30eaf
SHA1 0cacccaf7b20e8ca9113b2f98076e6faf7cb53c0
SHA256 f57bd58ab81037a8f8ec0becea64779b02c4bed3d7f9078904e099c5ae2596bf
SHA512 ce919ca05a3447ce8e1fde91c66ec6e2ae029e36886a9b6c2ce1e48820a9f662e30d36a7702a221d26c1d4a0d5e8f4c6385c0055e7012c1018d155de3358fcd4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a979cdcf727066a60695d1a031062f76
SHA1 0d345c389658a36d405826edad0364992bbeae27
SHA256 8209c8804f8b448860f6936a0f03f2c179022c60c905d9e3c43fbcf4b0afa5bb
SHA512 5aa730d19483997204d4825d525b04258ac2fec23041ab29124b8a6bd0eb384980faa479994ca9243c519fbd21f8c9a5dc3c83f68bedfd2f6d17dc1b722a5783

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f242958d5945e5e0ee5beef334fd8642
SHA1 a813e8627431f0c0ad43c31843cdbc15afeeaa9d
SHA256 48b3820b0f705e7caaef17b21461f8eac8ee485118e870ef1d4eacc123dc4e5e
SHA512 84a0cac0aaae5b9d2896030a4b6bb315d674c2fb74df758e7c3fd7ff0a4e7e5d1c5fddc58d7350cc1d3e2cd2961cc274ec6cb58eb8de33d7e1123d43d7a1f3cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c0bb423dbe8e27cd8d9190a8d2803a3
SHA1 9b20fa8e63cb1defca9f33a652fe7fefd2066777
SHA256 de6b88ea004e043978c0ee5f98220283ccc1c479185e81501f69b1efc43dc120
SHA512 9327adcace4b3d70de21d89c12f3b26139ed25a244a66ef7c11b5d7688f32e878aa6cf6eee16194488c4133eb868399723f4df69f68fc0f37ebc19fab6c66aef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9fd86548ebdc41040e69e383b30e0f7
SHA1 4ae8af7ad1f2d5adf364cdd8173897a878151cb3
SHA256 f4d3aed066603baac06be9e117542b7d33e020ac6edd7da5807a54ca693db78e
SHA512 c57633b167a9cbdc36b72c509318609f06fdc991c8352b3ca02c741edc6e44435b871ed9e72c4d339e4d899d5ba5cf35a6103640cab11d6156084d8b280b674a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8b08ecbe6863a001ee525ba4a35421c
SHA1 df635e4d8144008f9808bede37c2840dbc3e1949
SHA256 e92104d79f7c8add0ff17894b325528b0507f64cd8aedc919604720e9e0d35c5
SHA512 2f70f59c095b078089549558932d61dd7a4464f855d60180ca7aa52da6f9ba20c2ed9473d56e9edb09d1b4064767ed4d94e363a6a56c217e4f3022885b85fd6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6269a0b3e64251ee2b2c82db542b6d87
SHA1 2e1eee28d229ce01a877c2b5af424bb2d9e253d5
SHA256 a6b5f47972a125c59b758f3c3f5451d8bb32c92398f957ff498ac120537d04ad
SHA512 6b1cd1d9f54a0f5a6fc2d92a8c83d132aa5723c704a88896b4b0f1f51b7e86b3237cb2201a9fbaa814682f9f47337a5e43352758b4e6be9ba56185466a9c17ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a896d3793e8b67bf6aff303c4a41c665
SHA1 5ad00743cbcd948ebc9e0d5a8e73f50ea7fa1893
SHA256 5eed979bae4daf604232e3017a2d5068349dc9423cccee85e6507b321c4376f5
SHA512 18bb7f4c470e002fca9c50d90e2b4c8fb3d468ee8d70bd60dabefaf243d239de009f693fd3190ab9c884bc66b3fdd74dc8469278136ce7f498e079e36f607c15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac6a743c2f33cb2f8f927ccd6dd8ff73
SHA1 994a1eaccc2325846eb056068107b2158270f401
SHA256 f59c6938ceb21a5ef1444718961b0b030610b55809b2c8210f9516dd66e36879
SHA512 1e1430082ac7b66543e28e480d55ba4a202694a64fe8ab0bd9e05db6b3fda00da068bd53ae061abad9c1f6f87fd3da55d7715ae30ea253184c7caf1fcb4a295d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f230b8cd6df375544a01d829370d6149
SHA1 0d92bd15f11ce488ee7b9f7d092918d32dbb085c
SHA256 1c12024495fcae2ced3628ee672c35087e426d939fd7225c84ed7f3eb98573a9
SHA512 8e45971bb044ff5f35e426c888671832927260b0c612afaf72c681131e7a3aa159526c21dcce03694187b4570fe7adf4ed34396bed59e6b5c605fb70e6182ab8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40a0681df821a7664cacd025ecf5845e
SHA1 33e5ef327f7f88e8558de8e95dba8350d0db266c
SHA256 a5dd1a7953fbbf0b5133727eb8508564a895bd5fcd758442f84470c039ae0d59
SHA512 5f9d001649068405db62b34e4a606a015f1d103641ca95c7b9dec45e5260d001afca3d7701ee0518bb21ce95024b0f10a15bb23c48ce01e1b3d1e944f3e3c32e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 246915603bac7bda3b7e3e3ffd8f51bc
SHA1 1b94edd68ab3625aa9acd1ed7f76f51ae390aece
SHA256 5f24af6953555e05ef5babcb39eb43905ac5c59b15df7f4fa8496ba2cc883b42
SHA512 2e8894ddf7aebda11f0c99e17333d851cb345b2d7964c8217abec8c2325371851ad2c0a7e4c4fba7aafc36f112d0dc0f62fc49ac780eede53fea95bd114fcc28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8e8764678c4cacbabb23589b99994e5
SHA1 8ddb7660240de4ea7eadb93c88b05b9ca9237c27
SHA256 0d46d9a9801c7c0b3d55989fef82486abe5e02d3c239da8235e4aaaf5c789b41
SHA512 29cc16ca16761f4a57311cb014677cf8ed85de311a370396cdd39dc0da1a930e10ac8b952bb5f256380294946a4b6a91a38696eab979bc220b6238974303b622

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95942a924a2dc76c1b98f470a9c116e0
SHA1 d65419445ac5afa6d493b0276031b1ba81d22f09
SHA256 dcd66b6e86d786bc46135898cc1c8ea57df93ef6debe8771f602dee96462d8f1
SHA512 ecd3e7fc699091a6fbc136fa9fa99736cdcd4490a6827b86c7b381636ef282615179ea6fe3a87762bcbc269d6f35c72b274608f68953e189f08f7198779c36de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f98f9615be2a771903c6ee5b304b0b26
SHA1 3928f2b3e51190c702a74eaf556da80ad2304591
SHA256 0be03bf8d14580ef720ebec3c46ac33db26e5b73230d755253894a27baa780ee
SHA512 4c5edc08a8411d84f80114a694e94df0660553d2e81370175096a8624194d283df9b5912d6ba4eb1ccfa14b68ad86378d6d6c36b32e4593e495d3c9a3b07202b