Malware Analysis Report

2024-10-19 02:44

Sample ID 240825-ynec6asakd
Target c1748706b569ecd0ef9982fee5a194d4_JaffaCakes118
SHA256 8836f7fe582bbeecd66f3bb10d077e9cf1674cfd17fcc3c678b95c11f1b14259
Tags
discovery socgholish downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8836f7fe582bbeecd66f3bb10d077e9cf1674cfd17fcc3c678b95c11f1b14259

Threat Level: Known bad

The file c1748706b569ecd0ef9982fee5a194d4_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

discovery socgholish downloader

SocGholish

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 19:55

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-25 19:55

Reported

2024-08-25 19:58

Platform

win10v2004-20240802-en

Max time kernel

148s

Max time network

154s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c1748706b569ecd0ef9982fee5a194d4_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1232 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 2676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 4220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1232 wrote to memory of 3476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c1748706b569ecd0ef9982fee5a194d4_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa928946f8,0x7ffa92894708,0x7ffa92894718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6996 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6996 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5628 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 nusacode.googlecode.com udp
US 8.8.8.8:53 javascript-share.googlecode.com udp
US 8.8.8.8:53 drooid-today-script.googlecode.com udp
US 8.8.8.8:53 domassistant.googlecode.com udp
US 8.8.8.8:53 bdv.bidvertiser.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.178.129:445 lh3.googleusercontent.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 82.116.253.172.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 109.51.241.54.in-addr.arpa udp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.179.105:443 www.blogger.com udp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 g.bing.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.68:80 www.google.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
FR 142.250.178.129:139 lh3.googleusercontent.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
US 8.8.8.8:53 xslt.alexa.com udp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
FR 142.250.179.105:80 www.blogger.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 bdv.bidvertiser.com udp
GB 163.70.147.35:80 www.facebook.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 142.250.179.105:443 resources.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.blogtoplist.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 images.dmca.com udp
US 8.8.8.8:53 i1259.photobucket.com udp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 150.171.27.10:443 g.bing.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
GB 216.137.44.119:80 i1259.photobucket.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
GB 143.244.38.136:80 images.dmca.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 stats.topofblogs.com udp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
GB 143.244.38.136:80 images.dmca.com tcp
GB 216.137.44.119:80 i1259.photobucket.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
US 54.241.51.109:445 bdv.bidvertiser.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
GB 216.137.44.119:443 i1259.photobucket.com tcp
US 8.8.8.8:53 img846.imageshack.us udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 119.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
FR 172.217.20.174:80 www.google-analytics.com tcp
GB 216.137.44.119:443 i1259.photobucket.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
FR 142.250.179.105:443 resources.blogblog.com udp
US 38.99.77.16:80 img846.imageshack.us tcp
US 8.8.8.8:53 i50.tinypic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 s10.histats.com udp
US 8.8.8.8:53 16.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 54.241.51.109:139 bdv.bidvertiser.com tcp
US 8.8.8.8:53 43.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 172.66.132.118:80 s10.histats.com tcp
US 8.8.8.8:53 world.popadscdn.net udp
US 8.8.8.8:53 s4.histats.com udp
CA 149.56.240.31:443 s4.histats.com tcp
NL 190.2.139.23:80 world.popadscdn.net tcp
CA 149.56.240.31:443 s4.histats.com tcp
NL 190.2.139.23:80 world.popadscdn.net tcp
US 8.8.8.8:53 118.132.66.172.in-addr.arpa udp
US 8.8.8.8:53 statinside.com udp
US 104.21.57.149:443 statinside.com tcp
US 8.8.8.8:53 23.139.2.190.in-addr.arpa udp
FI 65.21.240.245:80 stats.topofblogs.com tcp
FI 65.21.240.245:80 stats.topofblogs.com tcp
US 104.21.57.149:443 statinside.com tcp
US 8.8.8.8:53 149.57.21.104.in-addr.arpa udp
US 8.8.8.8:53 245.240.21.65.in-addr.arpa udp
US 8.8.8.8:53 31.240.56.149.in-addr.arpa udp
US 172.66.132.118:443 s10.histats.com tcp
US 172.66.132.118:443 s10.histats.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
FR 142.250.179.97:445 4.bp.blogspot.com tcp
FR 142.250.179.97:139 4.bp.blogspot.com tcp
FR 142.250.179.105:443 resources.blogblog.com udp
IE 74.125.193.84:443 accounts.google.com udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 27304926d60324abe74d7a4b571c35ea
SHA1 78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1
SHA256 7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de
SHA512 f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

\??\pipe\LOCAL\crashpad_1232_XPABXRIFXFGVRBCW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9e3fc58a8fb86c93d19e1500b873ef6f
SHA1 c6aae5f4e26f5570db5e14bba8d5061867a33b56
SHA256 828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4
SHA512 e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5add84239bf937243b0d09ef419cb9a7
SHA1 1d284baeaa7fe73aa4a849ba845a44f13a3cf6a7
SHA256 221385c30720a88694a365596ce82d45b8eaa6c1c3bd4ffed892f12a2fe7f844
SHA512 725257d4d18f8cf2721a005885c65e607fa157a982e1c9cf8649fe50baafbd548c907436ce65ad8938fbc790632555c3c891d8c6009a0628d40799734ad8be5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4619794c8b1f2df9f34124c3aed1f3ed
SHA1 a14e3fd9ec33f6c89445122fb07f4803f8566f27
SHA256 15d5cddc5fb80df6c928c8f2c973e55f00551172d5c69c14d80b540a0bb54d36
SHA512 331fd0d9272a34a3c47ac9f028692b90664b5a0da785820fde505f20d39a11ce6b2cbb37c551eb6ebc438dd87ef74bf0d5c5b4f4033db4291ae754fc17f7b7c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b5dea9e6d0e2e553d4e1a0c461c361fe
SHA1 5952e42a6501b6588e1902c26a13e7863582d33c
SHA256 04e40fc5bf138c35f79c895dc287cbfae3c87c5a7c1eff12d3c34493e298712f
SHA512 ba00569f967d43dfcc087f83d214eefdaf99d595aec6d0bce3ce177dd0c60fcdbe9e83cef8a1022e7dc64ff0adf38058144480b5c99bf08a4ecb772791acfb8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8cdb3071c8100f270cad7ad3ceeb5de9
SHA1 06884208dc3600718872ab67c61b5bae5e50e35b
SHA256 2795620be7bc5567333128da4252e5d3d5862e75a1c701b6badcb79ba0d84d50
SHA512 74b32fb632d02ea242ecf3b9ad02564d8725fd7200246dd0e3a4da2734691440450b444c46a092013de4b1560ff09caf4fe5e0b95ed722c99b50574e26987ec8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e561888e9b1ee81a587c6df90234c109
SHA1 f1e47b24a2ece8123defe621cd06468183e68833
SHA256 bce030cb71c042ff8672ddec325757cf6716a279598aaab02767ca81d4f2f87c
SHA512 cd394b423e9bd02d73f79cb2a3673cf5ea2a952318344eb4aaac3b69ca6e72555a94580d7b3009063c65623fa21bdc4ed98ec1c766759b67b33d9961e9e75040

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588b82.TMP

MD5 0b83aa1697673c72598303ac96137d21
SHA1 3ef7f2b07829d804662e48f4bc16d4bfab597c5e
SHA256 3f67cae062f7afcf194971a388b1023e1bf89844b816330c089cfa38be312c47
SHA512 8b43256f15ff530211e026eaf77488f6d2c6fbc6ca99f2f3fdecbd07e386ad7a26700c36b8457cf7cc88434795757987808bace926d85358da3db39405e24e18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6e92ad0d-9dbf-4234-8e8d-1393751410d9.tmp

MD5 fcc6e09d755ddb548585cccf1576d4bc
SHA1 83c3004d34361f273596938605de73523d474440
SHA256 6daddd9671702a7bc60247302d83633d970b2875af103fc6dc2dcfeffb8aecc1
SHA512 9098b77265b595a710b71e30c8f3f4a9142731443012395a082ad5c48a5294aa09cd5052db9e385142e2b0bb869cf0d216ec787be6eb3eb9dc28dd27c621092b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0ba5acc1c99b36f53f7e355ca8944266
SHA1 fc66175f4ed8e851dc67aa37f896bfd92bdbfe5a
SHA256 1c39637fee156d4a4f7808106b799e9119fca7bdf2d6da09e59ea3f09763373b
SHA512 3706eb5cd907fc067a714ff9727f953d5bd11c9dfc4c1b91a733b6909e60f143e4ebfe50e3bd9e3308710ba83833e2d21434abd511fd89e0be8bd1da95f02bfe

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 19:55

Reported

2024-08-25 19:58

Platform

win7-20240704-en

Max time kernel

144s

Max time network

152s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1748706b569ecd0ef9982fee5a194d4_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430777615" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000b760117c6d27a1317c3ae57ff10f8c0cb8d9b6889ba910698e7e969f97d6174d000000000e8000000002000020000000969ee93cd0edfdb02dc5adea36d641d04d7626b3f226c75217c4f798039483e220000000e5cfbb8684b556c54aa3f350e0e2278f03f9fe4d1913dc26b3813df797c315cf400000001f758a80ac98d3c4f7982f81d48f34849a6abf57f53ca68aca4f159e94996cadccdf55478fe25a2632637a15b250bb4bb1cea0ca794154fa0753f244c0ed15db C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10de1aeb28f7da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{027F9AF1-631C-11EF-B29C-DA2B18D38280} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000d4f768744082ea5664e0cadddb24c0b05b2cf1b3fe5d07c1a995d44632b08546000000000e8000000002000020000000ac11ab1198e27fd463e729495ddb7149a46f513b49103fde8248ab433529f5d89000000024d54dbcb8685100f80bdd53e49e9ac11cd40fc128536a242e6a9230ea2c99dd8d579d12bb8ef7a1b6240e4ae44d83506b522c26a869ba502f327783f5b38f037df6c6c7d45bba1aefcfb15a9c771bb744a6e6dd2214e2c4d32010275ee39b383208f94d46db82f0eb6647fde9428b0d11df4d3cb447678733471bd4053fcd6afa0565935c4f69ad56409877d5fc20db40000000ef22273da227e40f08ee0f7f3d69e6d6aa1b33af488c0d8058f5fef9ce64fd1bf7e6811ed12ddd32b6b19d485d622c3bfa694f02ed5d1f7db496115b71760ed5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1748706b569ecd0ef9982fee5a194d4_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2388 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 nusacode.googlecode.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 domassistant.googlecode.com udp
US 8.8.8.8:53 javascript-share.googlecode.com udp
US 8.8.8.8:53 drooid-today-script.googlecode.com udp
US 8.8.8.8:53 bdv.bidvertiser.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 images.dmca.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 www.blogtoplist.com udp
US 8.8.8.8:53 stats.topofblogs.com udp
FR 142.250.179.68:80 www.google.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.68:80 www.google.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
GB 143.244.38.136:80 images.dmca.com tcp
GB 143.244.38.136:80 images.dmca.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
IE 172.253.116.82:80 drooid-today-script.googlecode.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
IE 172.253.116.82:80 drooid-today-script.googlecode.com tcp
IE 172.253.116.82:80 drooid-today-script.googlecode.com tcp
FR 142.250.179.105:80 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
IE 172.253.116.82:80 drooid-today-script.googlecode.com tcp
IE 172.253.116.82:80 drooid-today-script.googlecode.com tcp
IE 172.253.116.82:80 drooid-today-script.googlecode.com tcp
IE 172.253.116.82:80 drooid-today-script.googlecode.com tcp
IE 172.253.116.82:80 drooid-today-script.googlecode.com tcp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
DE 162.55.172.212:80 stats.topofblogs.com tcp
DE 162.55.172.212:80 stats.topofblogs.com tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 www.gstatic.com tcp
FR 216.58.214.163:80 www.gstatic.com tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.blogtoplist.com udp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 172.217.20.174:80 www.google-analytics.com tcp
FR 172.217.20.174:80 www.google-analytics.com tcp
US 8.8.8.8:53 i1259.photobucket.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 216.137.44.125:80 i1259.photobucket.com tcp
GB 216.137.44.125:80 i1259.photobucket.com tcp
DE 157.240.27.35:80 www.facebook.com tcp
DE 157.240.27.35:80 www.facebook.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 img846.imageshack.us udp
GB 216.137.44.125:443 i1259.photobucket.com tcp
US 38.99.77.17:80 img846.imageshack.us tcp
US 38.99.77.17:80 img846.imageshack.us tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
DE 157.240.27.35:443 www.facebook.com tcp
DE 157.240.27.35:443 www.facebook.com tcp
US 8.8.8.8:53 s10.histats.com udp
US 8.8.8.8:53 i50.tinypic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 172.66.132.118:80 s10.histats.com tcp
US 172.66.132.118:80 s10.histats.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 world.popadscdn.net udp
CA 149.56.240.130:443 s4.histats.com tcp
CA 149.56.240.130:443 s4.histats.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.135.113:80 r11.o.lencr.org tcp
NL 190.2.139.23:80 world.popadscdn.net tcp
NL 190.2.139.23:80 world.popadscdn.net tcp
US 172.66.132.118:443 s10.histats.com tcp
US 8.8.8.8:53 statinside.com udp
US 172.67.146.166:443 statinside.com tcp
US 172.67.146.166:443 statinside.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
GB 88.221.135.113:80 r11.o.lencr.org tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.71:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CA 149.56.240.130:443 s4.histats.com tcp
CA 149.56.240.130:443 s4.histats.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\Local\Temp\TarA8E2.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\CabA8E1.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b85a1bc6c02017fa1faa0a9c64895896
SHA1 02e9b37c6d51d4e64bfe051c230d1af5b8a5491a
SHA256 169e01dfb2829ea14878456383241e2d92000e93193063ccbdf6d20234ea1955
SHA512 77c2cad7c055764941e52b069847f90dd1c61a051adadb36aedb4b37cbe6797ee6ed4627e9f60a74c11dcced4674e48c1b8dc126463d1ee70b6d08cf4b618dbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1eca3d414ac13d12272b7410f923232d
SHA1 25710d3d09505729039e08e9f56586716e5d0b40
SHA256 a31ae8beed60e2a9787ecc7838ff1d426d49cccb3f43944185203d8a7ca3c88e
SHA512 19b9b201b6650c4c562e0bdfa58d80f2094bf621785ebd7a61e942ba8a4853efd8e534955c4325594e072e52f4f5620f9c7d4f1713213573a0f49e242c40589b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25ac3a928c57961fbb98b67438a2df87
SHA1 ce0a01992987c370082299071f42afc165793def
SHA256 8031c4d7b3fa1156557b562a112a569763a265765e16241b7c5076375ee90207
SHA512 7ae8f97d059ffacc2de7e8b7e17eb5f419e7317ff6b64e8a3c44fc134c8d31644bf4291a623e129eee1fdc46491bb01b8f409805a7bb8865dc86a7003a432a00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13797a7e67bc67b77c059104f1e6df0e
SHA1 62b05f3d9dabcbf0f8ab118f118196bd08d808b8
SHA256 21ad902f1a151d6f744601466042ed4d597988d527e0e2e43e403c72916afbd5
SHA512 4cbbab30cabdc02f2d825d46296cb79dc55cea69f87f46420e4846be8c4e63b29c0a9790b605f216d2259d7597c53995f267cd2f04762250a177a395a678bdbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0643e95b4c65874e6d364251ce1b2379
SHA1 6302dd36d51074dcd9a46983ba5f86087433d2bc
SHA256 efa42907e88f897fb0ac9eaa978cfa6b929bc89efcd4849feb6540df7401912f
SHA512 b27ec42e53f41ed11e4d608704483252f523fd656c5bea6622e89425030decea1995392248c34fc09fe1f663c06d23befb428cbf147e4febdd3ee8922743a651

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 9e623393e5fea1de03bea45c24944329
SHA1 263d942624f2d341903c58273feffd45b3b01f3e
SHA256 e9ad3def92ee840fa89eb7e58a1c24e791a2b1102de5a665e294daf405ba4df2
SHA512 6d2f9aaa7b5793c1b062995063971ed3a72bd9cec1bd9b5bb73fb273347217403465456c7f26aff3fd2b82b580ccabbf51f9798837d0cbf93dfbcd231c0bf1fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 908a58996a27a183cc7633f5787f79c6
SHA1 e89ad90e09db3a0d3f0c0e857d622e04025305b9
SHA256 843b5815f1d76fe68115416a1afe983738d7ddca69935f95e0873bb73da85f1b
SHA512 af4aeafbc7b83f13669981815110c51b6da057b6f3bf958c10ef9ac458c21614a36576b1334c6e8e72fbe4b8d64e6515eaee81d1a0b70d6f9ea4776a7b7ebb60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8da4fe5bd8d72bc3d2cc6ced9139a7f
SHA1 d7de4eb699b3687a7ded3f313c012a80d5dcc63f
SHA256 c8fbf82000ecf006a62e2d6d4ff3376ad6c3be7a6eb1a966df7ddd1ada59d494
SHA512 01c7e5800e36fbdfa88444dcf8501dec6ba582aafc93f953a9aa012603de5f52a82f433763400f5b5a29bd394c4b4b9dc84040937e1e94add5ffd52ca4d58e8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e6bc8ebb421add3e7afb293ad6c93e1
SHA1 b7ca59bd35fa8cfe27d0dd56974b6b3e196747ad
SHA256 fd0a6aef798af0fce841e71c586e72d808767a2898db63aaef78f1b401a27109
SHA512 b43630d1af517cebde3c67cad9b45f02e3ba21b32629a5bd3cae156f3ae41cd794ac7c2877c7c1f417aee7f7d3e15a7f25f66bea7f2cd5b989c1337dd04c779f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a46e3a88ab94be49c5abe46a0be3013
SHA1 11aacf82943f3c784e49a77b7a6d26bf05aa6e6b
SHA256 460810cad42245ffad49a20477affe9c6a6420dbf6195ffe7302c85e75d113be
SHA512 1b85918456d87f4fdb44b65d48748f0e55e71869c7067d38b85e6e2792ea9bf4b6bf08c5ec70f4ee32497c0e0f6a719e46bcac987581d55ed1c1072e6a4a45f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1578b1c056ce57b85c53f4679845e3bd
SHA1 1cda9b44580bdce8e3a9141f8a5245b73e0bf23e
SHA256 954c2e64ff204fae54455cffeb4f3409c676df9f4e266d12a6d6bc139778c5c1
SHA512 89c4958a63cf5697fbdad4ae6bc96cb4d721005618b4bb09b1082be6b5690dfc7cfbd64282ffa13e90951633cba61e5ec12146769441e81395ce64207a21ae55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e440ae1c099c6e746542ec035e96745
SHA1 b9306abd63d1a4c95b28ebaa1ac1bd26f185fe62
SHA256 aa5c245a1b64012171f0b32b73c8aed2c5b65fe9d09277e9d871bcd7b65b9f9a
SHA512 98cfa9e2ca43de4c62906f2a3dcb11654a32c3d88ec1937c05597b957fe2952bf235190357189a3ab4f29162181f1ff4dc86aa5b3cf739bd6d3a1dc97d479746

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c15bd44da4945eac7dd0f951c4c625e8
SHA1 cafc3948cb1c2c3f633de71f94f151ff8abdd3ef
SHA256 1a7f3a68a7b367349543c1bc5eccdbd98fdd1a79a910efdaeb67c7198a69b3b9
SHA512 1c4caeee4235d5a4087497c5a36e1bae0f33a89e0e40451d5f33aa5e7e5746e1fe2c487fb26658854e5acab36fc85dafdc7845736dc4818b0e0a29a3fde86354

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 028b7138248c17ec592d15d606e66994
SHA1 71647be1223d836b69a1d4f4e847c567927c8e3b
SHA256 5a6ce57444278374f6067248417d4e8d2231c7ddf537dc5aff6b4736ec1d0df0
SHA512 41bfbe03b52a832caddca126fdf366b039349903ffab65c5dffff4050ee66f906c0ba136f7264d1e2d480eb96f22d12bdc1fbee569e62e68234c6ae809ac90ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0022582305f66d8ed18d5760cb2c8112
SHA1 bf6de1d065bd32562a3d0651b8f00f576bcad748
SHA256 e85d42577afcf2a8f1db4fdd23acec7fcdb3cccd07dcf54d229e7083a8e994c9
SHA512 5bf06d5fc8a526237b636156c26fa6b459fa8225001219271811bc922768b96ef2c4772a60a2be2c92e3fc56a7fb2ff2e921748013f45dc4085c4e3d0d45045d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a3e44e9cabdc56f15e358d6e3d4e119e
SHA1 62a151e1feb600d7495371687aa8b16fb5103bd0
SHA256 42eec12208eb514cafe522e435415334ae9a4c3da98c6bec5bce568a6d8b6137
SHA512 5ca325771a567ec5aa389c0ef271d828ff250fe5b1847d536636459378ae5e8850e8f764654c77e861d007f0b185e1dbe8078717802fc874d079f5e4d9b1a41a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 66974f1203501f950e735248dc5ac64b
SHA1 60f772e5fe90a47acdaf8fa31158fcec8ee860c2
SHA256 0226bd82ba9f0489a4663498839085812bf5e61abcfa7dca71e670019d4f49c7
SHA512 6ea18f467b823ee545973854bcfe89e6fcfad5636e6c65299147fbf1e8e15995d968e31f550cf64c89530ab9251cf075e7b7e8cb304ceeb5f877a4f0b807dca8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc531cf621cd189af4b929d80f8303a0
SHA1 386dee245b97605fc285b6b95403dbaa38d605f2
SHA256 fd746d3c82245b9bcde2f21083a850eaf2ab1a4f0bf329acef1d50d01dee209b
SHA512 711b454633184edaec088b25d769be7992fe1c26e541401d9917e1806ba9ff02a25292f0c496e00f93f6e11d2e105fb65e92c8fed78e53340078cd91e8b76f83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2413d737ea04e7a8169919257f9730b1
SHA1 dc3cb7f21593337932bfeac9b4a22e91be0c8684
SHA256 d9efd074b190e58e94541c897d18ac61a84d15d63356c8b1945b7df618cac7f8
SHA512 233da6543c8a0e8791c421f7169193d29d1ecf964a0bd5f7a6aefb8aa52b86fbfad912d6bb979064be29f6ff61bf507a66c53310d431f3a2d2ddfdc30d51511e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c1e441b168674971cddecae44c7c469
SHA1 4d1226e3a16a97d54254b3404516247f29341247
SHA256 73edc83654a41804983a059e0d52eefed8b4139f87a36837a5a31f961974071d
SHA512 c0da3fc0eca05fc7a2e598a978cdd5532aa88d325721c8032cb0efdf897f68a93cc26b9ff6d3d943226c6b21881217ac15282167807d0e46a8627fe24e70d3eb