Malware Analysis Report

2025-01-18 02:03

Sample ID 240613-jdnrhstckq
Target a471945aa1ee98772bf9299aff879dfb_JaffaCakes118
SHA256 266c1de2880205b583d8ad3204957dc7576848d49bd0cf72328d7cd86e4f3469
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

266c1de2880205b583d8ad3204957dc7576848d49bd0cf72328d7cd86e4f3469

Threat Level: No (potentially) malicious behavior was detected

The file a471945aa1ee98772bf9299aff879dfb_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:33

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:33

Reported

2024-06-13 07:35

Platform

win10v2004-20240611-en

Max time kernel

133s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a471945aa1ee98772bf9299aff879dfb_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a471945aa1ee98772bf9299aff879dfb_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=5024,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=1040,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=2676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=5260,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5420,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5444,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3940,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=5984,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=6156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=3812,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 142.250.180.1:445 2.bp.blogspot.com tcp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 104.90.25.175:443 www.microsoft.com tcp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 172.217.16.225:443 lh4.googleusercontent.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 142.250.178.9:443 www.blogger.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
GB 142.250.200.14:443 apis.google.com udp
NL 23.62.61.193:443 www.bing.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 193.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
GB 142.250.180.1:139 2.bp.blogspot.com tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
NL 23.62.61.168:443 www.bing.com udp
US 8.8.8.8:53 168.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 s30.sitemeter.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.187.202:445 ajax.googleapis.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 172.217.16.234:139 ajax.googleapis.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 cjh829-easy-read-more.googlecode.com udp
NL 142.250.102.82:445 cjh829-easy-read-more.googlecode.com tcp
US 8.8.8.8:53 cjh829-easy-read-more.googlecode.com udp
NL 142.250.102.82:139 cjh829-easy-read-more.googlecode.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 widgets.amung.us udp
US 104.22.75.171:445 widgets.amung.us tcp
US 172.67.8.141:445 widgets.amung.us tcp
US 104.22.74.171:445 widgets.amung.us tcp
NL 23.62.61.177:443 www.bing.com tcp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 177.61.62.23.in-addr.arpa udp
GB 142.250.180.1:445 2.bp.blogspot.com tcp
GB 142.250.180.1:139 2.bp.blogspot.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.9:445 www.blogger.com tcp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.180.2:445 pagead2.googlesyndication.com tcp
GB 216.58.204.66:139 pagead2.googlesyndication.com tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:33

Reported

2024-06-13 07:35

Platform

win7-20240220-en

Max time kernel

134s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a471945aa1ee98772bf9299aff879dfb_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b5ea1a654fe077409f6e5315ba09965100000000020000000000106600000001000020000000897281b815ce70f9488e6e4a22c2e5723c689fb1d261d6ea4b8fa0b35e4e4a46000000000e8000000002000020000000a7126214b745c6f715f04d7050f7fb088ac84c54cb06b374a9395718fb63773f90000000863b5601f8704eb2da8b7906ebcea8cc4429b622b83415ae43c1f0a178c836ceadf47cf1d553f25d735dd6dc027ad4993c00c7e3f49f55d13f2ec83518f6f3466c3f3f4912ad02a14342649fe1a525f1003f2d822f83048bbed9d4e98f62b9636d4c43e72ad203716bcc50efd4d1e393f8d69e58392a20d95675570ced1d92642b313f265d2e7030eaf523bb3d189d5f400000001c29e52fdfe8b1ae4a251b671a858d96023c62a3e7ced0cbed774278198677a5f0e5522b27b5499b6576ab0094b32eb8f96807acd25edf3692c701365e0582fd C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b5ea1a654fe077409f6e5315ba0996510000000002000000000010660000000100002000000081ab41406aa8e21608654ccfb382e787b2c2297fc3b964e01cbb720c275b7934000000000e800000000200002000000011564170c43fc6523dc1764a84e9b0f668bc16c71e1e06d80f6ae580499d704b20000000c88a9ab2377526f5c58801e25ee0c9836568a3e33c844b15c48eef825547708740000000ef056bec48dba5eff0e5c2bad50d128a59a243cfec821106dee12c82d910921495cd71f0bf5043b7c46b2a898c9329a7b932ebe29b3c27dcb0e7c5d9bb5dc3a4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3495C1D1-2957-11EF-8547-E6D98B7EB028} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424425867" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4011060a64bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a471945aa1ee98772bf9299aff879dfb_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1640 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 172.217.16.225:443 lh4.googleusercontent.com tcp
GB 172.217.16.225:443 lh4.googleusercontent.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 0b97e405e60639bc46fb60f909ec33ea
SHA1 2868b62afc188a4e832001e507c26e85be0c4fa0
SHA256 1efc0d0a676418d647e58a4761053b2039facbf1e54882180192e0e563e8fe5f
SHA512 5dc088d3133639309364a90f77a6bac8d5603922cd1743710099686ad8f44ca34c8ee0d57207bffcb054cb804a76f4b58835d1b36bd98af1331927ab6b40935a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 47ccca507ca1cf1f0905ae27f39001e5
SHA1 4acb95e09cd6685dfeddf933689b497667a41f79
SHA256 a3bb4d10e620c9c8452f9cb409f45e41d618f0987e3e28e42404b2e693d60a33
SHA512 30579249af1fd191c5bf91e32783537f745be9cf02e6d0a741152d4c2f9476575724397b05b70d16c28a335a72efe308e0f9c089030786a6ee67d3fcc906ee10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 a4c3e4b3f212ccf9719236eaa8f728be
SHA1 e017a18974a9969ca60ca2499ac54b464d91a2ef
SHA256 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a
SHA512 c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\platform_gapi.iframes.style.common[1].js

MD5 682c26af19b240f98d2cb951721fa54d
SHA1 18e58b652c7f82a55ab4b1910693686049e25d62
SHA256 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980
SHA512 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\cb=gapi[1].js

MD5 f9255a0dec7524a9a3e867a9f878a68b
SHA1 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b
SHA256 d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d
SHA512 d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25f02704ecd92ccef493c2f27d932d9c
SHA1 9da971b388b757db704f65a331382ce6e713f835
SHA256 d64ef2a62b6e1dc0c8aded648076bf1d2ee55254651958f5ebe214ca9aaf323a
SHA512 d34cb0b1ae4d9c004c850049c9d6a397fa8fca18b38427495a036f9d113f938d20a36d22d9956d67ea6083dd2582a43d38a48d55ed6d82be582fd6fb91221ea3

C:\Users\Admin\AppData\Local\Temp\Cab3610.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar3621.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3702.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 967900d784d6b0db10fe80de0688a46d
SHA1 7ac61bb662472d142cef2d348269419a9691387e
SHA256 aa0b483b9a519b52b7cf1c418ba3c200eac089802d0675f3b4e26d757c99264a
SHA512 6e9fdc19f096e43645a3f192a9d888b416d337ebe10ec972c962b91ac89dc762836ce13018d640d06a65453d1af6855984f0bbbdcc29d3af9c509da17b5feed5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f9b8fecfd5e3516019657f64b20ef33
SHA1 b1938ee61744690125ba018d9d637dfa1159eb55
SHA256 2a8f021a62e6c4e352d3a0c5403fafb1e3663565a621ca4de9ac2f6e81da8444
SHA512 231ce7495b4346b52cb5dc20aa862608ab200cb97f09ae073cb0ea7edae468249f110ec53ee1a426020ce86bd9b0126fe280aee29cf6ad0e243ec1bebe60fd32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9585a966d9ed21bfcf9c778f2b8ea090
SHA1 d8bd9908769b5f80a2447c31404ebd6484c25d19
SHA256 2dec14e8372c2d15bb8c99e99ed8d5fd6886fa8ea46077e63126b1f436cd21e9
SHA512 d1e0184b3eea5985a4ecd08a889e3d309d4952f671c374d604dc0e78bc5396963afa8d5e84758f43122725d94329cc46baa6cb3925ba6ffde91a7adaddde2b46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6dea5e443511a49508c0aa82626f7d7
SHA1 95d9d34257bc52a25b8ad43e3295d0100e7a5788
SHA256 92540c16adbdaf71e662aa607f31cd96a6af9dd47c6c199cd7a3212ed61ae6bf
SHA512 e033aa59c98de6cb8f663a05e5fd5ad2c91f7e1a81c651875bb3b33c7765965d195938acb6884605006312fd26298069f0b8ffd2b982b9e21694378d475112ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1c64d79a31b63b1bd756f696ad3cf9b
SHA1 39a36e20ea1f9d2abc91fecfff7ec4975cde444a
SHA256 b76d136179e6f10170dbe3b781d6db32a982718ee5cf25c7af272d55c6f8bfc1
SHA512 9f1b2f1ec7138ab3c51e72c5f660681a3640e98553363de753a0ac77e29384ea7cb5ee9879c7409381b311a9d1f0a7e0e4760e6a261a7c6877e6153ea213ad22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9ec213898ad79373b2845b4c78b898f
SHA1 37650dc7c1d7998725c368b075503f260efac7d2
SHA256 3a9491c88a3a8a8b9edf08e3c2b9b866db523a94d446e7975e0e3c1a5ae89e2a
SHA512 b68266fb8ffa7f3465093e74e21ce7d7e91b7ad18a3d690a3fbb6224833ecb6323aa8d173b511c1c85fbd551d936e608c1a79279fd7736f92b77fb6e805bd249

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5db1b40033d56bbc3b31a0b704d5507a
SHA1 851edf147dba28721aa0b785ed2574fd9e8fba1d
SHA256 8500e5dbd69823012bdf76f7269877db833b0fff6a8122679da7d7c655031893
SHA512 2a63ec1fda6d8fb60a43b2ddd807c0ba44820a08f997f1c499912eeba342830b987b4f14bde1a0209f50e31867d8f7cd321de9db371def910874f362f2707b58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d39f0b780faef41c2e9bedf0dcfec07
SHA1 b4ab9aff80f9f514571ccd7135f0a5a19489c975
SHA256 4d78f66b110bf3005d49e604219ea4a5a728636e5c88aa894aecbe8a08b91024
SHA512 9cc74d4a6b1975f7ade277259f87a1a6f5d3a98f27d2e603f2ed9a210e83fd2be5fa1f72d016eb9cc0650a4536c48f24ef8122458a263f31c6403fe25dd00990

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f17bfa917f5408d1901a1226630c6e3
SHA1 98b0cf38b6e0eb0663f3fab4a8db095c8e674dec
SHA256 9436e949ec36fd765058881d96a65a9fbb1fc468917af27a29cb26fee3f108df
SHA512 aa113df8dc426b1f8ccff15b73d43006bc6c6796f3ad51ae86f72a60c12e5c6964c0e93fe33ccf837411a2a23dc042ae92be54298eaf537658e8c2fbdf2cf62b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cef388a2282940a5eff525753174bcc
SHA1 044aa7988e1bae2dd847b4459daa731def609869
SHA256 0b35ebb1f58cc86e434a5d4bd5f1d8cc5bc946aa6c861dce827ef964926ccd87
SHA512 cdc25e4a8100545e962ceb73f9862a86693817356286c02cd8618576fba91764110884b6106ffeded10a94a4a4b7e0810f246a38a67d315ff15f1e26d978d08a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f282de9b2d5a275e11194f07311f9ba7
SHA1 90d18586b5aa99a293b00d3118c8efe29bf16d52
SHA256 ece63abcfef83ae519978f446e5c3601d24f910536f6f0e8cff9931c45f8b8b7
SHA512 47e1d3ee83e997eb6e632525545c55daa4d32d5f749f47af843035b00d46ea7d283716de30cb6f5db0c1f1bd59e871f8885b2f5b1c027d7cf9a296cdc3f3655e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 925a6f1e2b624d87958eab9a8f250b63
SHA1 f5659df59316f9bfabb1396e63be7fea40808f98
SHA256 fa2e7f6b42af4f2b81742e101554415d4e1dc231e2a5150d743d463ddc9edee0
SHA512 0013fc0f63489fdb4aeb6a9d31def7ddd9a2d79f6d7d04588a54599fdb8b2df4f7473ac97b69a3f98e1a0fb128fd6d895a9c42f12800bd018656cc2059549b4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97d49ef8254aa9913e7f4e5185dbaa06
SHA1 1b1974356b5ace03479c70e7110c911b8130888b
SHA256 adb5332c59f1437c79b53ad2f618fcd884b471b3c3dcb182814cf1b512f6c169
SHA512 aad789c6c6458a2d0041adf72db91add62dbf31a75101e918b5e132d3501317d89de3adcc497db7212f12c5f35fbb1eb4828fa72abde2ae71a36fcb3bda48aae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff2a3dfe32dbf3d0db54389e03fc1236
SHA1 000ea9b3833bdd6e47598746d01c0fa98a78017b
SHA256 84fd4af21344af1ccab444f5645665245579dc91213e32a66d3f9ae8c46be41f
SHA512 04f054ad74b328dd65edd34c56eed63e55ded68c279bed1e899e821fecf5637ca02d2eb6d83360053dc9a23dd0fd2d4313b3fd15a7c34f2e07b8edd5407780ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ba9fd45ac95a729edec00c29c476d35
SHA1 e6c2abab2007dcfe7fa032189a14436766d0cf30
SHA256 55c160ddb451cc1fe1dcd7d1c0b6a67126f2dfa9ae3963be2ff4803c6eb27f86
SHA512 a67ce51b83688e971ab49c0ca351ef3115aefc2d3ea99c665085cbe8afe43aef9d8bfdd156c1768e82af31e66b1265a30cd7724696a3f760d878fe22fc0fad07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a4f911e6dc4356686a2f9673139a538
SHA1 638f6ea037457221055824361b775772e1563420
SHA256 0bc18160589b081bb5604f4d0df5da055d392d505ec59ec6e5f7878553bcb247
SHA512 d86bbd0572f18dbf3e766f124ecb4c8c485b67413a744e9519c21cfe08fd62d252c53856e60ee395dee228b217f334d64a33f7b1d14503e9033ccca41f13e027

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 217c53bdac28e7e64937202133100a9a
SHA1 3f9b34445de67d25714d994062f80823158ddfee
SHA256 360759a028b17556884b1adc9995614edbf02da3dafb7cd8b76a62f874555d9e
SHA512 212196caace584ddedc27aa9a9613cfe1a8664fd902819d96a46094488985c12092160c2cabaedf7f73ca270881cb2036fea72dae9b311eabfa6db61cb5c7fd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 050a29c1835e767c17af08236b75f9c4
SHA1 ea5734ded56df319ff547bee6def59d129819032
SHA256 001450cab62c072fc658d211f8320f181dd30f7dbfaf87323c2ad0ee87559d10
SHA512 dca7a3c5dca5bcacc0b7cecb793bd0116b57991d65c63a2cf6359d560a9be87041a52ac6986cc93af1a6ed7d2bac18b9aebf21fadeca362de5448eddcd03b4b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b186f36b7274531a01a2eeb5f631491
SHA1 9853eaf01eec7d15ad273836120c63b42d48c869
SHA256 bb25b533e0250bdbc9e7352aa5f5c6a842634199c184c9c288c36571c27c449e
SHA512 781a2f178f38c957765bea999f24295bba410277f942693313d3923c2e5ddaef790d854e1be40682b48cbd1f787362e5e532e4efa02b9496d9e6654e18272325

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7874e70c344b7902d53eb6b1f9b9e824
SHA1 cc2abb4619a6c07b77aaf8ca179cc74cdd9ae94b
SHA256 c68c78c1bf00d20c4fe8cdb0e7019b7736b2778031954960e3f9edc12419ce50
SHA512 6b8e6a17e4774e688ff019825f3796f3a289fd693bb3da77e78a45d5c0064581735e1e1f21a590b31445de323bd07b0d22560a01f196cd5a586d3c705aba594c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bcf4324208ab2ecdf7b9e10d372e44c7
SHA1 2a4d6e464f0b61c2de4211781e8e526bc44782de
SHA256 c92ec286c3955d4d42a79efc5b246eeccc5c2703e0ca5ad0714d97f6cabe4b36
SHA512 896893ac0c526b8eb6a005882efad2cc9824b97c5d39795fe537233fd134c82a73409b699391c36501fb11baa672613b9c9d607802df6416777e661dd599c701