Malware Analysis Report

2024-12-06 03:21

Sample ID 241028-ctbnkaydml
Target 77302aad4be17293f406a0d0987b23d4_JaffaCakes118
SHA256 9d7ae5a2007d487967ccc8c86b2c6b235f8bafbc2f210bf4e4efed4a5a4a64ec
Tags
discovery socgholish downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9d7ae5a2007d487967ccc8c86b2c6b235f8bafbc2f210bf4e4efed4a5a4a64ec

Threat Level: Known bad

The file 77302aad4be17293f406a0d0987b23d4_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

discovery socgholish downloader

Socgholish family

SocGholish

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-28 02:21

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-28 02:21

Reported

2024-10-28 02:24

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

146s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\77302aad4be17293f406a0d0987b23d4_JaffaCakes118.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2008 wrote to memory of 2600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2008 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\77302aad4be17293f406a0d0987b23d4_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b00e46f8,0x7ff9b00e4708,0x7ff9b00e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5152 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2f4 0x2ec

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.9:445 www.blogger.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 synad2.nuffnang.com.my udp
GB 142.250.200.46:443 apis.google.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 st2.freeonlineusers.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 172.217.16.234:80 ajax.googleapis.com tcp
US 8.8.8.8:53 sites.google.com udp
GB 216.58.204.78:443 sites.google.com tcp
GB 216.58.204.78:443 sites.google.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 www.guablog.com udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
NL 95.211.75.25:80 www.guablog.com tcp
US 8.8.8.8:53 busuk.org udp
US 8.8.8.8:53 www.ohbelog.com udp
US 172.67.139.115:80 busuk.org tcp
US 8.8.8.8:53 busuk.my udp
US 104.21.15.216:443 busuk.my tcp
US 173.232.92.169:80 www.ohbelog.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 115.139.67.172.in-addr.arpa udp
US 8.8.8.8:53 25.75.211.95.in-addr.arpa udp
US 8.8.8.8:53 216.15.21.104.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 169.92.232.173.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.blingblingeyes.com.my udp
US 8.8.8.8:53 img1.blogblog.com udp
GB 142.250.178.9:80 img1.blogblog.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 img2.blogblog.com udp
GB 142.250.178.9:80 img2.blogblog.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 t3.gstatic.com udp
GB 216.58.201.100:80 t3.gstatic.com tcp
US 8.8.8.8:53 t2.gstatic.com udp
GB 142.250.200.36:80 t2.gstatic.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 badge.facebook.com udp
US 8.8.8.8:53 100.201.58.216.in-addr.arpa udp
GB 163.70.151.23:80 badge.facebook.com tcp
US 8.8.8.8:53 www.ircserv.org udp
US 8.8.8.8:53 www.auto-ping.com udp
GB 163.70.151.23:443 badge.facebook.com tcp
US 162.159.135.42:80 www.auto-ping.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 pingup.redlomo.com udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 23.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 42.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:445 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.200.46:443 apis.google.com udp
GB 172.217.16.234:445 ajax.googleapis.com tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
US 8.8.8.8:53 www.blogblog.com udp
GB 172.217.169.36:80 www.google.com tcp
GB 142.250.178.9:80 www.blogblog.com tcp
GB 142.250.200.1:80 themes.googleusercontent.com tcp
GB 142.250.200.1:443 themes.googleusercontent.com tcp
GB 142.250.178.9:80 www.blogblog.com tcp
US 8.8.8.8:53 fbstatic-a.akamaihd.net udp
US 8.8.8.8:53 synad2.nuffnang.com.my udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 36.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.16.234:139 ajax.googleapis.com tcp
GB 216.58.204.78:443 sites.google.com udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
GB 142.250.178.9:445 www.blogblog.com tcp
US 8.8.8.8:53 www4.cbox.ws udp
DE 195.201.153.71:80 www4.cbox.ws tcp
DE 195.201.153.71:80 www4.cbox.ws tcp
US 8.8.8.8:53 bcroom.netau.net udp
US 8.8.8.8:53 a.deviantart.net udp
US 8.8.8.8:53 cococokie.files.wordpress.com udp
US 8.8.8.8:53 ainkening.blogspot.com udp
US 8.8.8.8:53 www.emoticoner.com udp
US 8.8.8.8:53 emoticoner.com udp
US 8.8.8.8:53 i.imgur.com udp
US 8.8.8.8:53 bit.ly udp
US 8.8.8.8:53 static.cbox.ws udp
US 8.8.8.8:53 nnaaqua91.blogspot.com udp
US 192.0.72.25:80 cococokie.files.wordpress.com tcp
US 8.8.8.8:53 www.cute-factor.com udp
US 8.8.8.8:53 kisahcincaibuncai.blogspot.com udp
US 199.232.192.193:80 i.imgur.com tcp
US 8.8.8.8:53 www.era.fm udp
US 67.199.248.10:80 bit.ly tcp
GB 172.217.169.36:80 www.google.com tcp
US 8.8.8.8:53 www.cbox.ws udp
US 8.8.8.8:53 img135.imageshack.us udp
BE 18.239.208.3:80 a.deviantart.net tcp
BE 18.239.208.3:80 a.deviantart.net tcp
US 8.8.8.8:53 www.astrosafari.com udp
US 13.248.252.114:80 emoticoner.com tcp
US 104.21.85.24:80 www.cbox.ws tcp
US 104.21.85.24:80 www.cbox.ws tcp
US 99.83.138.213:80 emoticoner.com tcp
US 99.83.138.213:80 emoticoner.com tcp
US 172.67.133.66:80 www.cute-factor.com tcp
US 151.101.65.91:80 www.astrosafari.com tcp
US 38.99.77.17:80 img135.imageshack.us tcp
US 199.232.192.193:443 i.imgur.com tcp
US 192.0.72.25:443 cococokie.files.wordpress.com tcp
BE 18.239.208.3:443 a.deviantart.net tcp
BE 18.239.208.3:443 a.deviantart.net tcp
US 151.101.65.91:443 www.astrosafari.com tcp
US 8.8.8.8:53 wallpapers.com udp
US 199.59.243.227:80 www.era.fm tcp
NL 18.239.83.108:443 wallpapers.com tcp
US 99.83.138.213:80 emoticoner.com tcp
US 8.8.8.8:53 cococokie.wordpress.com udp
US 192.0.78.12:443 cococokie.wordpress.com tcp
US 99.83.138.213:80 emoticoner.com tcp
US 13.248.252.114:80 emoticoner.com tcp
GB 172.217.169.36:443 www.google.com tcp
US 151.101.65.91:443 www.astrosafari.com udp
US 8.8.8.8:53 www.layoutcodez.net udp
DE 217.160.0.179:80 www.layoutcodez.net tcp
DE 217.160.0.179:80 www.layoutcodez.net tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 216.58.201.110:443 syndicatedsearch.goog tcp
US 8.8.8.8:53 layoutcodez.net udp
DE 217.160.0.179:80 layoutcodez.net tcp
DE 217.160.0.179:80 layoutcodez.net tcp
US 8.8.8.8:53 71.153.201.195.in-addr.arpa udp
US 8.8.8.8:53 193.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 25.72.0.192.in-addr.arpa udp
US 8.8.8.8:53 10.248.199.67.in-addr.arpa udp
US 8.8.8.8:53 3.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 66.133.67.172.in-addr.arpa udp
US 8.8.8.8:53 24.85.21.104.in-addr.arpa udp
US 8.8.8.8:53 91.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 227.243.59.199.in-addr.arpa udp
US 8.8.8.8:53 108.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 17.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 107.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 12.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 179.0.160.217.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
GB 216.58.201.110:443 syndicatedsearch.goog udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
GB 172.217.169.36:445 www.google.com tcp
US 99.83.138.213:80 emoticoner.com tcp
US 13.248.252.114:80 emoticoner.com tcp
US 13.248.252.114:80 emoticoner.com tcp
US 13.248.252.114:80 emoticoner.com tcp
US 99.83.138.213:80 emoticoner.com tcp
US 13.248.252.114:80 emoticoner.com tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
GB 216.58.201.98:445 pagead2.googlesyndication.com tcp
GB 216.58.201.98:139 pagead2.googlesyndication.com tcp
GB 142.250.178.9:445 www.blogblog.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ba6ef346187b40694d493da98d5da979
SHA1 643c15bec043f8673943885199bb06cd1652ee37
SHA256 d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73
SHA512 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

\??\pipe\LOCAL\crashpad_2008_GJODNBRQDFPBNRYC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b8880802fc2bb880a7a869faa01315b0
SHA1 51d1a3fa2c272f094515675d82150bfce08ee8d3
SHA256 467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812
SHA512 e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1cfcb9b35bb8d073dd7ced309ee857d3
SHA1 b72c26bfe7069e6445541f4b8bd9ace44e819221
SHA256 58c02c39d6e33bc9271594ad068af662f28283e615fbd361357bacb8145592a5
SHA512 bcd6285a4506a2e3aaee12046554e5bbc9647535839f9c8dc0f88fbffe2901a8847e356d93ee7d8dd4a2461ddce427824b41882911c0d14f53e1609b96ea6699

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 db4f0c00824573b26dfe817050530448
SHA1 af5531f97e0efe82defd1fdf4d80bda25473d0b8
SHA256 2f30e8b83caeedbeab8db05c77ccc1562a82bc9c5c98b728f5acf835ac9b4783
SHA512 ad2adada380bdcca4c6affc382a90d4ed99904a10d17540164be4f67afd45a22abc67270cb665ba18d3ba09bc0f3265426a313aa0632cd94bb7ffe24296cb3da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dcf277ec93a90a08ed01730c1e111276
SHA1 5d597c3b8cd0b542de1b6f2bd27a0fac4bffa59b
SHA256 fc894e64e7d001a3903825d4b3db3c4f76eb281377560ec46d6a764c5c4db277
SHA512 39f234db1a75092199597c993cedc9be3035eeddbc0fac351923c8b43d8e78e87dcaef21fb8b5987ef2d2835db3c3206c6f949eb2b8f9a6403cc2df913e98f34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d7318b4e538db3f369732371039787a9
SHA1 9b9656cd5e15f44072544b9a1f2ec94d14e8a68a
SHA256 addf231de38035893849ae24784bed13a50aea8d0cdac151eb1751f9aadce092
SHA512 8bba9630d6a2b1a88e2657023689a0c4647cb3aa04efc9e0ae5283b664092cc7d348bed8183bc54d51612a5704cf9fe1b23a298adf2e500b6dc05ad1f7b22a31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 38e6b86e1bea77a6f678f8f587812153
SHA1 36af92ea4b76647f778467c228f72938314203f3
SHA256 eb8b027c2fddfe3172d7489025112f449e4d5b516dae2b21b6bb662378d95af4
SHA512 3df64f4257949919f4dbf0638c553ffb44b3934102c3ab9a2608a4871987f9bc1d86ad32d74db6a4151ed227fe2678e6d6a4cbabfdd6e41da58f2cf0babec8c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ad62.TMP

MD5 83e3b1f8b17717d5f718a4fb519f4d89
SHA1 e5b94665efdf382c4c09d492ed235a20605489ef
SHA256 17db1a832baac642f0a2640f936dae9c005ef94058489b1a5a9a27c4176f9d9b
SHA512 67bf7752a00cbd30a248c413441fda97a6cbfca4488f07a5c062e66c216b88f90fe6068e177c70ece0072f651e49858fea71cc89a23732815a8a4f6e2c1a423b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0c4d7dd395cdef1bc5059fe9aded3622
SHA1 b0be34fc4b4605a7b4149f9ba4e127a0fa59c10d
SHA256 6caab040eb00279e24bb61dbb2f742d23956be50345fe25437ec25582835f368
SHA512 7e00823ebe086051925d017eb261d29ecf32231d9946e62a9c2c32f3218afa7de3c4a322f416e067c906438e9911a94ea7b0c40e2f752f078fc5ebe9225835f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 03808100473d8a1cbea2c30518971f0e
SHA1 eb49c0704a708e1e3f1d0b408b064f0f92e7d503
SHA256 d939352da263b535b484e689f5eefda807eff6e505d2bc16053baa1d4e7751a4
SHA512 9f405e7c318e8825d43292511da71ae94b0018bf1fd12e27337140998265ac9a4de5f14cedd8d627c1e17c1c670f699831e4ff5e98226b4461328088549b6f2e

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-28 02:21

Reported

2024-10-28 02:24

Platform

win7-20240903-en

Max time kernel

150s

Max time network

142s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\77302aad4be17293f406a0d0987b23d4_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.app.log C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened for modification C:\Windows\Downloaded Program Files\SETF6EC.tmp C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File created C:\Windows\Downloaded Program Files\SETF6EC.tmp C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened for modification C:\Windows\Downloaded Program Files\swflash64.inf C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000a19fb90603b29b2ad7f9e36bbc13606782db82177b51a6a7ff2f639974bdc024000000000e8000000002000020000000383f1b2e8906208568d5228c53efa548c0f240ef3b12ea5d4e5e0f3df833ca38200000005198c78d33c3126fdce127d2fbb3fe95e5532b305fbf2d499a4cb342d3791e4e400000005f9396cb0ba1f2af4a095a125dd1dd0b1b290eaa1f6ed7bf2c72456dea67fec82bcfc4a0ae68f33437d384c34e0eef39dd124873448f62dd4c6254569b2df959 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50d3063be028db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc50000000000200000000001066000000010000200000009da523857767381d78d764c19a948a5c6f6ce193c2ec0edd36435263fd0a2d05000000000e8000000002000020000000caa8688d7e43b52106fe613729aaf8188a2a5275efa3c84fbb172a9218625d4390000000fa2974a9d1e8164260f727260dcac6245f44ba2bb194394ade9aae700422ddfbea03be08d6e1302bd4fc456155da8d81f21484dc2266d43a8f04e9f1eee14a3586ba664217e1b49a023eb2e894beab2f50c7f6de39a0618a8f2cdbedfd1f0bc14b0f224242000dd85f7b55af172354d307df6fb83881bdb3da4f199770c2af5bca837ac15c515a3961252baa1159aa94400000003efcd500a5872ea7ac33f185a233249387017eeb99bbb636ca4e3da2d672fb5192461d071b1f25f99704f12866936eb0de34fd8f69749d2b8f558c960c4f4554 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436243972" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www4.cbox.ws C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www4.cbox.ws\ = "52" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws\Total = "52" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5DBBE521-94D3-11EF-809B-F2DF7204BD4F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "52" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2116 wrote to memory of 2420 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2116 wrote to memory of 2420 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2116 wrote to memory of 2420 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2116 wrote to memory of 2420 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2420 wrote to memory of 1604 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2420 wrote to memory of 1604 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2420 wrote to memory of 1604 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2420 wrote to memory of 1604 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2420 wrote to memory of 1604 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2420 wrote to memory of 1604 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2420 wrote to memory of 1604 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1604 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1604 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1604 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1604 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\77302aad4be17293f406a0d0987b23d4_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275457 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://get3.adobe.com/flashplayer/update/activex

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:472089 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blingblingeyes.com.my udp
US 8.8.8.8:53 synad2.nuffnang.com.my udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 img1.blogblog.com udp
GB 142.250.200.46:443 apis.google.com tcp
GB 142.250.200.46:443 apis.google.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.178.9:80 img1.blogblog.com tcp
GB 142.250.178.9:80 img1.blogblog.com tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 142.250.200.1:80 themes.googleusercontent.com tcp
GB 142.250.200.1:80 themes.googleusercontent.com tcp
GB 142.250.200.1:443 themes.googleusercontent.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.blogblog.com udp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 142.250.178.9:80 www.blogblog.com tcp
GB 142.250.178.9:80 www.blogblog.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.178.9:80 www.blogger.com tcp
GB 142.250.178.9:80 www.blogger.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.178.9:80 www.blogger.com tcp
GB 142.250.178.9:80 www.blogger.com tcp
US 8.8.8.8:53 fbstatic-a.akamaihd.net udp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.178.9:80 www.blogger.com tcp
US 8.8.8.8:53 t3.gstatic.com udp
US 8.8.8.8:53 t2.gstatic.com udp
GB 142.250.178.9:80 www.blogger.com tcp
GB 142.250.178.9:80 www.blogger.com tcp
GB 216.58.201.100:80 t3.gstatic.com tcp
GB 216.58.201.100:80 t3.gstatic.com tcp
GB 142.250.200.36:80 t2.gstatic.com tcp
GB 142.250.200.36:80 t2.gstatic.com tcp
GB 142.250.178.9:80 www.blogger.com tcp
GB 142.250.200.36:80 t2.gstatic.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 st2.freeonlineusers.com udp
US 8.8.8.8:53 badge.facebook.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 163.70.151.23:80 badge.facebook.com tcp
GB 163.70.151.23:80 badge.facebook.com tcp
US 8.8.8.8:53 st2.freeonlineusers.com udp
GB 163.70.151.23:443 badge.facebook.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 www.guablog.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 busuk.org udp
US 8.8.8.8:53 www.ircserv.org udp
US 8.8.8.8:53 www.ohbelog.com udp
US 8.8.8.8:53 www.auto-ping.com udp
US 162.159.135.42:80 www.auto-ping.com tcp
US 162.159.135.42:80 www.auto-ping.com tcp
US 172.67.139.115:80 busuk.org tcp
US 172.67.139.115:80 busuk.org tcp
GB 216.58.204.78:443 sites.google.com tcp
GB 216.58.204.78:443 sites.google.com tcp
GB 172.217.16.234:80 ajax.googleapis.com tcp
GB 172.217.16.234:80 ajax.googleapis.com tcp
NL 95.211.75.25:80 www.guablog.com tcp
NL 95.211.75.25:80 www.guablog.com tcp
US 8.8.8.8:53 busuk.my udp
US 173.232.92.169:80 www.ohbelog.com tcp
US 173.232.92.169:80 www.ohbelog.com tcp
US 104.21.15.216:443 busuk.my tcp
US 104.21.15.216:443 busuk.my tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.151.35:443 m.facebook.com tcp
GB 163.70.151.35:443 m.facebook.com tcp
US 8.8.8.8:53 www4.cbox.ws udp
US 8.8.8.8:53 img135.imageshack.us udp
US 8.8.8.8:53 www.era.fm udp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 8.8.8.8:53 pingup.redlomo.com udp
DE 195.201.153.71:80 www4.cbox.ws tcp
DE 195.201.153.71:80 www4.cbox.ws tcp
US 38.99.77.17:80 img135.imageshack.us tcp
US 38.99.77.17:80 img135.imageshack.us tcp
US 199.59.243.227:80 www.era.fm tcp
US 199.59.243.227:80 www.era.fm tcp
US 8.8.8.8:53 static.cbox.ws udp
US 8.8.8.8:53 bcroom.netau.net udp
US 8.8.8.8:53 a.deviantart.net udp
US 8.8.8.8:53 emoticoner.com udp
US 8.8.8.8:53 www.emoticoner.com udp
US 8.8.8.8:53 www.cute-factor.com udp
US 8.8.8.8:53 cococokie.files.wordpress.com udp
US 8.8.8.8:53 i.imgur.com udp
US 8.8.8.8:53 www.astrosafari.com udp
US 8.8.8.8:53 bit.ly udp
US 67.199.248.10:80 bit.ly tcp
US 67.199.248.10:80 bit.ly tcp
US 199.232.192.193:80 i.imgur.com tcp
US 199.232.192.193:80 i.imgur.com tcp
US 192.0.72.25:80 cococokie.files.wordpress.com tcp
US 172.67.201.54:80 static.cbox.ws tcp
US 192.0.72.25:80 cococokie.files.wordpress.com tcp
US 172.67.201.54:80 static.cbox.ws tcp
BE 18.239.208.97:80 a.deviantart.net tcp
BE 18.239.208.97:80 a.deviantart.net tcp
US 104.21.5.95:80 www.cute-factor.com tcp
US 104.21.5.95:80 www.cute-factor.com tcp
US 99.83.138.213:80 www.emoticoner.com tcp
US 99.83.138.213:80 www.emoticoner.com tcp
US 13.248.252.114:80 www.emoticoner.com tcp
US 13.248.252.114:80 www.emoticoner.com tcp
US 151.101.193.91:80 www.astrosafari.com tcp
US 151.101.193.91:80 www.astrosafari.com tcp
US 199.232.192.193:443 i.imgur.com tcp
US 8.8.8.8:53 www.layoutcodez.net udp
US 151.101.193.91:443 www.astrosafari.com tcp
US 192.0.72.25:443 cococokie.files.wordpress.com tcp
BE 18.239.208.97:443 a.deviantart.net tcp
BE 18.239.208.97:443 a.deviantart.net tcp
US 8.8.8.8:53 wallpapers.com udp
US 192.0.72.25:443 cococokie.files.wordpress.com tcp
BE 18.239.208.97:443 a.deviantart.net tcp
US 199.232.192.193:443 i.imgur.com tcp
DE 217.160.0.179:80 www.layoutcodez.net tcp
DE 217.160.0.179:80 www.layoutcodez.net tcp
US 99.83.138.213:80 www.emoticoner.com tcp
NL 18.239.83.45:443 wallpapers.com tcp
NL 18.239.83.45:443 wallpapers.com tcp
US 151.101.193.91:443 www.astrosafari.com tcp
US 151.101.193.91:443 www.astrosafari.com tcp
BE 18.239.208.97:443 a.deviantart.net tcp
BE 18.239.208.97:443 a.deviantart.net tcp
BE 18.239.208.97:443 a.deviantart.net tcp
US 99.83.138.213:80 www.emoticoner.com tcp
US 151.101.193.91:443 www.astrosafari.com tcp
US 151.101.193.91:443 www.astrosafari.com tcp
BE 18.239.208.97:443 a.deviantart.net tcp
BE 18.239.208.97:443 a.deviantart.net tcp
BE 18.239.208.97:443 a.deviantart.net tcp
US 151.101.193.91:443 www.astrosafari.com tcp
US 151.101.193.91:443 www.astrosafari.com tcp
BE 18.239.208.97:443 a.deviantart.net tcp
BE 18.239.208.97:443 a.deviantart.net tcp
BE 18.239.208.97:443 a.deviantart.net tcp
US 151.101.193.91:443 www.astrosafari.com tcp
US 8.8.8.8:53 layoutcodez.net udp
DE 217.160.0.179:80 layoutcodez.net tcp
DE 217.160.0.179:80 layoutcodez.net tcp
US 8.8.8.8:53 cococokie.wordpress.com udp
US 192.0.78.12:443 cococokie.wordpress.com tcp
US 192.0.78.12:443 cococokie.wordpress.com tcp
US 8.8.8.8:53 download.macromedia.com udp
DE 104.73.225.111:80 download.macromedia.com tcp
DE 104.73.225.111:80 download.macromedia.com tcp
US 8.8.8.8:53 fpdownload2.macromedia.com udp
GB 2.18.190.72:80 fpdownload2.macromedia.com tcp
GB 2.18.190.72:80 fpdownload2.macromedia.com tcp
US 8.8.8.8:53 get3.adobe.com udp
GB 2.19.248.84:443 get3.adobe.com tcp
GB 2.19.248.84:443 get3.adobe.com tcp
US 8.8.8.8:53 bcroom.netau.net udp
GB 2.19.248.84:443 get3.adobe.com tcp
US 8.8.8.8:53 bcroom.netau.net udp
US 8.8.8.8:53 bcroom.netau.net udp
US 8.8.8.8:53 bcroom.netau.net udp
US 13.248.252.114:80 www.emoticoner.com tcp
US 99.83.138.213:80 www.emoticoner.com tcp
US 13.248.252.114:80 www.emoticoner.com tcp
US 99.83.138.213:80 www.emoticoner.com tcp
US 13.248.252.114:80 www.emoticoner.com tcp
US 8.8.8.8:53 bcroom.netau.net udp
US 13.248.252.114:80 www.emoticoner.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.73:80 crl.microsoft.com tcp
US 8.8.8.8:53 bcroom.netau.net udp
US 99.83.138.213:80 www.emoticoner.com tcp
US 13.248.252.114:80 www.emoticoner.com tcp
US 99.83.138.213:80 www.emoticoner.com tcp
US 99.83.138.213:80 www.emoticoner.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 13.248.252.114:80 www.emoticoner.com tcp
US 13.248.252.114:80 www.emoticoner.com tcp
US 99.83.138.213:80 www.emoticoner.com tcp
US 13.248.252.114:80 www.emoticoner.com tcp
US 99.83.138.213:80 www.emoticoner.com tcp
US 99.83.138.213:80 www.emoticoner.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabD461.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarD4F0.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4TQDAHL\http_404[1]

MD5 f65c729dc2d457b7a1093813f1253192
SHA1 5006c9b50108cf582be308411b157574e5a893fc
SHA256 b82bfb6fa37fd5d56ac7c00536f150c0f244c81f1fc2d4fefbbdc5e175c71b4f
SHA512 717aff18f105f342103d36270d642cc17bd9921ff0dbc87e3e3c2d897f490f4ecfab29cf998d6d99c4951c3eabb356fe759c3483a33704ce9fcc1f546ebcbbc7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\errorPageStrings[1]

MD5 e3e4a98353f119b80b323302f26b78fa
SHA1 20ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA256 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512 d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4TQDAHL\httpErrorPagesScripts[1]

MD5 3f57b781cb3ef114dd0b665151571b7b
SHA1 ce6a63f996df3a1cccb81720e21204b825e0238c
SHA256 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
SHA512 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6eb7812fc2ca8631983574e00d81194b
SHA1 c3af37d3c10e23cab52f12a301af7f9fea47ffdd
SHA256 0af0eaf31a36019dc48103e95c0310c60433a66eca12df8964de062fbdabccdd
SHA512 05ba55a83bfa91aec86848a8ce87a3b3fef4afc1928d0053b08581a784b5c63e3f788e65a3549e9f03a5b28750c829cb1a1ebbce142689d66d5a146835f50061

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01fe8ab31f224bb23b9cda88c2980d54
SHA1 1862329629b4e7875a9771cef14c8ca14c51f24c
SHA256 467c83eaa5b7e8a49826a666e40e015a74ff5947aaa0f03bba01c57ca095a4b4
SHA512 e390c9b7bbe0a8f6bf7cdf980aee75c900ce1541fb3444b54f24426e98cbde4c1cc9c5f8594c215579da52731630e165a7654c51244f2bf26bb87e1f44b5c0be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f1aeb3df1838499a1e890a952b9d30e
SHA1 638f56b9884a65b9c679dadd99d336b3ed33e7fd
SHA256 8076b196487f3acc9db3d36e1705e504fb2d0f491a2e5b1667d855cc93e44a78
SHA512 c31a96b1c8184e0b947987c8ebc8181eb69d8c7d91ab3040dc266891988fe6eebf3180dd8321f7d46b161032124038ba325c9cd5fc32d302e0f429c2a3ab2499

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f1c43097bacb1d453ad0fa8764ba261
SHA1 6d1d03506236bbc1d1da33b8b53cc16d7bd36a50
SHA256 ae67dd220a5f170655b37654ba3848fd2c2673873fa948b2cbc9a87b00cf0e12
SHA512 1b16a3db1d20fc84560a338eedfa08f14bc306dbc1587c918c638c940679af49aac424a46c7a7c3528eb2b254132437104e4f64997f5e1acb4b985dab3fa536c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 2bddfcc55e9402e5aa19e4cb62686568
SHA1 e66cb591c880869a6d226d4597fe99772dbea050
SHA256 110e2f0276c3c75ec43e41bf3b2d731de4ea8fa447a81c5a23b9f7c040aa678b
SHA512 40b22a04405f7f891e35891da60601485253bfa4dcea1309636691c6b3379aab786fdf04f82e4642c9df92faa851f7bd73c28a7b086daf676a38aff64edbf6c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d5008da695a875372fe6a1cf0f769a3
SHA1 c95722061bdc841e3ed4a5b1774b257af0a4e8d3
SHA256 ee86d0c95b363196d6e4bbc91e1f3eb91390702ea2c3a6a06e2522e6488dfe50
SHA512 22472a2d90a438db4fa31402a58c66f80dfbf577194407a1e901d0babb88793d26afa7ce066417818af26c801cd7398ccd26945be6ef4dc52bca13cb09a63ef4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f9a68af0538926f812ff21e0a87203f
SHA1 d05dfdb0ddf85751402cdcd3c043e6dd05c08858
SHA256 25f9fad9a8e448bc8fac0d0a96b685a839e5095a84290990ec254873589fc804
SHA512 ba054bd7717c80497f9a6177c2a64ac62eba3212f8084d037754709b21b0272d895646dbfb3ad14a710a9cb48fe52b50dc7ab7e402646e36a80dbe23cf5091c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 500d4e5fbe9deee5dcd68c2e52a85955
SHA1 f9616d7514ef62689755500a1fb1b8a4e767be60
SHA256 16d33d2526a90ef600afac1591ccdadd590c061b81ab0ab867a0c684de5f0a5c
SHA512 48119e1f96e9853c49cf08c97cf0b22bb271284efad22af98910a47919c4518712d4fe815c2f0d1898e96adaf55c4a7fd29d07dfad548be5405f84a6f6c89d07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3add9a2f6f14f705ecf06462864816f9
SHA1 f6f05030fdc1eb2361488b003eb2b634b4f360e8
SHA256 3e4aa049d6987b8be5b7eea282e4426e28b89e3cf3d3b53860bceb09fcaaacea
SHA512 b8fa1d180fa7526e54e48b702084c99ad278672dd6f6ebca40b57e2c219fb4f9dc8c6415a849b122cad60dbe4e3d63571a8f511e08b1fe94db97fe411b90c686

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7af1fecf21057c13d8818906a113ccf
SHA1 7476951c9703a0c7b3395f16d921ef4400d7ba16
SHA256 adf8bd7c595e0bd7aa6193f622a31ee145847c4c1b27319863416661ff5906ff
SHA512 de7f893fedf8a90411ceb3b4db81b31145c73686fe453eeb7d7b249d63c0a639a0a55be141df4c016b151fa8324ed2ae25403df2c4863bfa1ffee8d316dacb03

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4TQDAHL\swflash[1].cab

MD5 b3e138191eeca0adcc05cb90bb4c76ff
SHA1 2d83b50b5992540e2150dfcaddd10f7c67633d2c
SHA256 eea074db3f86fed73a36d9e6c734af8080a4d2364e817eecd5cb37cb9ec9dc0b
SHA512 82b4c76201697d7d25f2e4f454aa0dd8d548cdfd3ebfa0dd91845536f74f470e57d66a73750c56409510d787ee2483839f799fef5d5a77972cd4435a157a21a4

C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\swflash64.inf

MD5 60c0b6143a14467a24e31e887954763f
SHA1 77644b4640740ac85fbb201dbc14e5dccdad33ed
SHA256 97ac49c33b06efc45061441a392a55f04548ee47dc48aa8a916de8d13dabec58
SHA512 7032669715c068de67d85d5d00f201ee84bb6edac895559b2a248509024d6ce07c0494835c8ee802dbdbe1bc0b1fb7f4a07417ef864c04ebfaa556663dfd7c7f

\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

MD5 47f240e7f969bc507334f79b42b3b718
SHA1 8ec5c3294b3854a32636529d73a5f070d5bcf627
SHA256 c8c8cff5dc0a3f205e59f0bbfe30b6ade490c10b9ecc7043f264ec67ef9b6a11
SHA512 10999161970b874db326becd51d5917f17fece7021e27b2c2dfbee42cb4e992c4d5dbeac41093a345ad098c884f6937aa941ec76fb0c9587e9470405ecb67161

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4TQDAHL\cursors[1].htm

MD5 10395d197ace1a3891136420925c17dd
SHA1 cc9c09bcd34a368cc3b8b7de8bbee26a48f7eb56
SHA256 bfbbb2d526a2c208d6296a8c0615bc09e7b3134260f4193ee4535b675561cd2e
SHA512 f8cec6452c14b3be27db461343f8cc798e0c78f3944bdf9bd96f29ef9c9ae43f711beb4710761fd8e2fee7f22828bfe40ffa54d18a773d2da4570d4ed6848e44

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\Tinkerbell[1].gif

MD5 a498ddf336951bd617e03ac9f905a9d4
SHA1 c51f4fefcc7809cb1e6256be57fdc5a7e911e1bd
SHA256 03c2e2c9f9ae41426e3de7871e3e54f8247a9babb9cf95a726ed45144ffd17ba
SHA512 a62da89aeffa6a0e9bce6cdec6219409f60e6b77cdf3e4a43839b927ff65c5253b73e1cf11952073d9680d1e01be29c0ce6d85aef050037e05733bb675eea5c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fecec9034eda9d197cfb0fbac87656fc
SHA1 91ba466ff745bcc3cc677cf4ca09eabefbbf222b
SHA256 11c514fe521c754e71d98130073e01a8199f4f10136436843156b68301c37dd8
SHA512 6f39366d153ef37f6b2c72a08ba612c246e60c303b7a6e5cc3cbb61c7a8340599404af1764e2a703aba65a394b483d787313ec930ea888f5951652d187035650

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c35f2c5788af196fee78608d1778977c
SHA1 c544578f4e9f42877c8a0efcd89318bc76467ae7
SHA256 7c4fc057bed0916a05f42c84d7ea7936e25ca63eb8209824b7c2dc32cba7344b
SHA512 59624489856690b77115de039bdf57c4b5b70f21ae9476f583dbce2f94126187d11f5e6c16563e09de767fbcc128166792e7103d83842712d0e00ed3ecba5402

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c3f47c72d89aed5ddb769438ae2a7ec
SHA1 656d1b9afb1748fc7653a0e8e8ce7ab1eec1efff
SHA256 870026f903cb0dbdc9abb2b3c0fba3021957deb936917f9df08d6ab7ee8acef4
SHA512 d19a69d4d760533fc3c2861440961ab9a0ad7d4ac978252c2241b9a94ad6969e54b6ed70015394990c1a708ba50e44de9136db4a8b7605c5a1727c9b1192929b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c397829e43bbadb0e989712c0301306d
SHA1 f2a265556b2db7539968bffa83fd4112548cbdb8
SHA256 f41c04a786f420705a85737f741fe3e3ee2b36f734f37264d3968081c120dc53
SHA512 ee70b26aa8934dd4d6ecff2bfdcbbc137928c064b8f1ba3c21bf4186a5b55c002d47d1ca6c0e6bc9046d8aa68a838d1deb07819706c1f26aa9a83f3981034a7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b05bcb095054e5a5d818dbc585cd9dc2
SHA1 a3296aa5e58320ca6c992185e0f6d4502b04c7ca
SHA256 3216399d58df56063ae662cfc8bbacd3c983e6b8435bb3fc0b579aff9bc52d5c
SHA512 a7a334406e417b63943c231d7087241e25441a9824359e8a9dd4386fea136584e641abe376477c2ec2087f486c80ec0881b82c720615a284f08e3087aa85f01e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d4a1f545a0346af5280086207b4561c
SHA1 ea0055415b74a56b173f9a6f77605fee5546dfc0
SHA256 8627c49c78ff903842da2af0f1911a0f6c21f85c7dfd5ef7797ff70dd1f372ee
SHA512 2b25ee3ba5fd4a798b60f53d46d922c421e6cd0d6b8b431a5ddca46b79dec6dea514d181302a8336d5f29b02e24045e4ebce047cefab5b81d4a86054a44f7923

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6255f25376e154a6fec5447698e5b4a
SHA1 a48cd04021c2ff88b3f07da9444322ff81e0e287
SHA256 0d73c5bc63717ca541130fc407bd2c39458025f31e17617046578f4da7c26666
SHA512 a2982f7374222decc4de33eb05c54c1711c3f5df6da9c3777ba824df28668e1f4612f2fabb6638b751fc4bcb6e51d8449d2f976131ce71d9e40c30df6f5cf564

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f78686256c2ec87aa7d661def02fca24
SHA1 cc7d565f9c35c9cdf7ce08b01ce7afebe336d64c
SHA256 944534c7cccdbd7bdfe4c8e3523dc0a6a9c818171163bc72c828657e62d36c45
SHA512 81ac61204d91358813ef18efc07c497835713e1f7d76721bf47388a13fa3d46668bf7975fc81a444c19039254d2d64bc8e4a2a3efebc1e6fc2af517bda7aad4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bee8b0c32000c0c79a8d7edaf46d4835
SHA1 40737f0fd9d06cb2dbd307311176f6149d0acce7
SHA256 b381419824d1baa60521d221bd4202dd76dddb8e0fe8a7ff082651d429ed8a9e
SHA512 49ad5003897f36110d54f6fdad62b6c9780bf7f7f8f1c2b61553b3cd7429c57241d8b938f146c260d5e22d9b2e1b79da6eb965e5b0845a1de3c6e4a92ba81ec4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be8d108d1efb535406983945d3a1d36e
SHA1 34def9a96fd3fa43cb8aeeb043317d02f5436a27
SHA256 3032eb0fec8a906b732b41c7e30d68a3fe3634191e23c3dccea2be14d18c4d4d
SHA512 8133fd68dfb20e476ba6f155bde2a3d2a7cbc5e7aaae1c88796086ebc31f4cb938730279004a1bd5a9486ced91d77790a8b1707de5f2ee2dae62a9152d3cb070

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 d6b84bcd6295257d9445f9cb1b991c04
SHA1 e8e7a4d6d335eff7781e383efa36f19e5c64592c
SHA256 ac8849a09f366c1a608c423d0b5120ade946d3b6358c66f656470a027abc8fdc
SHA512 41d371e1ed235313a750845a2920215bd4326acca08d1e738b39c1fb239997ede6cffd04b1748472aa7934e6dc92d628241fb27bd9b0f581dc09266b1ebdf81b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42842781d2303605013641003ef22f82
SHA1 a01db7368801a1cd9eafbd51b24119469209a3fb
SHA256 4e7731e5960d5803aa83d342f105798c59cfacef5bc3479365798b4f1cdc3f21
SHA512 f0d6bfc84c9c5b2fd89d02b0eb1e81ff6cc762a35e439ac59d9606c2d4a2a995a6466f88febbf2f4d94ee97c2fd410922987f06abc1a2666ca249805d9bca7a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19d681d8605e8d1646dabf148d3d8c04
SHA1 e232de2b3a1bc15a76ccbb2cc5842b6b83ed09f8
SHA256 1b7af9b4eb1eaf915bb4ea69e429ad9a5e3976107ca5bbf274cd1cbc7a730407
SHA512 81ea7fc107e161dedbd341701558d44ee0bae5d594cebdbf95133ab861f9d9556b646150b1d5f9a6a6aba7d9c406f6858a16a6014a4890241890ade426e45204

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00c2b51a3b40bee85b891f143e0a2e87
SHA1 4864a3117ef276cb35cf5aa6639797d9208a20fa
SHA256 540a394f58300dd64f3ee09bdbe7aca5d6af85a365b1abd09938ec88266023d3
SHA512 b0b11e18cfb743d1f393efda7d1a05f4bdaf20ed2ca8fa328131e781b35a5862d6ee64557b5509f418865ea3415375c7e759cade9cfb282dfda7c5304a96d1e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c422bf5c04fb09683ab2397acb234add
SHA1 384699fd964eb7379b439dbbdb323bd3b54a7791
SHA256 317253c17ad282224876f7ada5cfc434cd1eb982edefedc9d5da86afcc36373b
SHA512 d4d3f56b77d4fb17bac0be90e83d79fb11810bd1a047507a3271e987518a2f8afe7b694310e91742b0d4910368d0fb0fe9479e37b308d7aa3a6ad7eff02cff78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69706d5a08c2310c168b57d4f782c61d
SHA1 7b0ad1327c8c36d1c643538a29f87ef882bcc7cb
SHA256 53635320230dba0667b279f3f723fb44328c02feeb724c3a29449d9755ff45bd
SHA512 783f6bd8b0120d9f93b0f0bd31065a5fd2e9157ba0e0f1210154f967443afe6f0ea5146f3a6a757b84b6a5f4390703c5ced8899fe5ca0f7b5e2128045b6caab8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70ab7761f0a8609d93b2ffb40fc7bca3
SHA1 4c66a832cbd3c4432b03de40e12669e436baede3
SHA256 02142376f50136619b87e815b601ebfd8ef952cf8c9e3b1d7ae1db0329fefa0c
SHA512 a4a7cb58957d8d4ab176e8678b3b688d6de5c8f6914e63eeeb2697db6139e14a81ee75162248407e795befd1d9f8e12bb6bd6c2d1fed75f94171fb1ac92370d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 d8f79005edf1d7745df85ffbb64cb743
SHA1 0ebef3bbdb1e51e9cf0e8c91a3248342fe4bc2e4
SHA256 d940be6f291636972c0c0dbbf8291f8ecd9291b151d60d4059b53c370cfd486e
SHA512 52f549460d1ac63ea9aeb2748facad84ee102f9302519e0c69a668dcf147d2cb541dc75882f3434be37da73d7696539fa13a93d04100d46016d688c0299278d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78c38f2cc52bdd842189a2ace30f97a1
SHA1 93e03c548d3a808f837394ad75a6b42c392cdc50
SHA256 0e370f964493802e22618477ecebb65e5da63176c3ab9a4001c06c0445a3bcd5
SHA512 f4ba12947acc4b8ee2938054780b4302f74ce83951b0e0557cb58490d7262c5d968da3a70f4e4d1091aaceda34d0690cc0a21eb7829a76dbe8a493cb94792939

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c455ae60308778331ec8751cb46d0bf
SHA1 90cc361b96ad3d42ea5e3aad8fe684b5f994daf3
SHA256 4c397b249709bff67a858cb23673f8ef82c079e36e06f689a2f663938cd60c45
SHA512 f7843d81d14c344dc717cf5b99fc911f3105791c8da31aecd0b0a6c45f49882178d865442ab04583b46ceff6ec2c729b3b49d4a8af1c9fd2895952b83383cc2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d88bfeaaf1c0675bf6bf3a9cb0be3a6
SHA1 40bdfcddc2abb9db8ccbe59bb376b6664d46c80e
SHA256 2e8b092437cc985e454872c260eccaf84a8522cd1a1d7de2958d7f6fc7d5a41b
SHA512 0dd3a513e4ac23a3ca99b96ddd7d2f0a4d2d6ad96612353a1760dd2f0620d26d2cd6a40cd9c305b6bcf10a5d35aef898d2cd9154280e50d1c2c395e7235e681e