Malware Analysis Report

2025-04-03 14:22

Sample ID 241211-h27zmaxldm
Target e0673fa03ec05fa04a716b377eda1dc9_JaffaCakes118
SHA256 ec762686bb237af348580dbe261c79caf6b35243228fd5084b3e6dd21171a919
Tags
discovery socgholish downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ec762686bb237af348580dbe261c79caf6b35243228fd5084b3e6dd21171a919

Threat Level: Known bad

The file e0673fa03ec05fa04a716b377eda1dc9_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

discovery socgholish downloader

SocGholish

Socgholish family

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-11 07:15

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-11 07:15

Reported

2024-12-11 07:17

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

139s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e0673fa03ec05fa04a716b377eda1dc9_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4316 wrote to memory of 804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e0673fa03ec05fa04a716b377eda1dc9_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc4cf46f8,0x7ffbc4cf4708,0x7ffbc4cf4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8300910231641627931,5242140330601875696,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,8300910231641627931,5242140330601875696,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,8300910231641627931,5242140330601875696,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8300910231641627931,5242140330601875696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8300910231641627931,5242140330601875696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8300910231641627931,5242140330601875696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8300910231641627931,5242140330601875696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8300910231641627931,5242140330601875696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8300910231641627931,5242140330601875696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8300910231641627931,5242140330601875696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,8300910231641627931,5242140330601875696,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,8300910231641627931,5242140330601875696,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8300910231641627931,5242140330601875696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8300910231641627931,5242140330601875696,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8300910231641627931,5242140330601875696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8300910231641627931,5242140330601875696,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8300910231641627931,5242140330601875696,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5124 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
FR 142.250.179.106:443 ajax.googleapis.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:443 www.blogger.com udp
US 8.8.8.8:53 adsensecamp.com udp
FR 142.250.179.78:443 apis.google.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 widgets.twimg.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i1128.photobucket.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 bloggerpeer.googlecode.com udp
ID 103.30.145.12:80 adsensecamp.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 images.detik.com udp
IE 52.213.115.130:80 g2.gumgum.com tcp
FR 142.250.178.130:445 pagead2.googlesyndication.com tcp
NL 18.239.18.21:80 i1128.photobucket.com tcp
NL 18.239.18.21:80 i1128.photobucket.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 www.blogblog.com udp
FR 216.58.214.169:443 www.blogblog.com tcp
NL 108.177.96.82:80 bloggerpeer.googlecode.com tcp
ID 203.190.242.102:80 images.detik.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 172.217.20.164:80 www.google.com tcp
NL 18.239.18.21:80 i1128.photobucket.com tcp
US 8.8.8.8:53 twitter-badges.s3.amazonaws.com udp
US 3.5.28.121:80 twitter-badges.s3.amazonaws.com tcp
FR 216.58.214.169:80 www.blogblog.com tcp
NL 18.239.18.21:443 i1128.photobucket.com tcp
NL 18.239.18.21:443 i1128.photobucket.com tcp
US 8.8.8.8:53 js.gumgum.com udp
NL 18.239.18.21:443 i1128.photobucket.com tcp
NL 18.239.83.32:443 js.gumgum.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
ID 203.190.242.102:80 images.detik.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 106.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 21.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 130.115.213.52.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 82.96.177.108.in-addr.arpa udp
US 8.8.8.8:53 12.145.30.103.in-addr.arpa udp
US 8.8.8.8:53 121.28.5.3.in-addr.arpa udp
US 8.8.8.8:53 32.83.239.18.in-addr.arpa udp
ID 103.30.145.12:443 adsensecamp.com tcp
FR 216.58.214.169:443 www.blogblog.com udp
US 8.8.8.8:53 www.linksalpha.com udp
FR 142.250.178.130:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 102.242.190.203.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 aba.gumgum.com udp
IE 52.213.115.130:443 g2.gumgum.com tcp
US 8.8.8.8:53 c.gumgum.com udp
US 8.8.8.8:53 gumgum.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 18.239.36.108:443 c.gumgum.com tcp
NL 18.239.83.32:443 js.gumgum.com tcp
NL 18.239.50.47:443 aba.gumgum.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
NL 18.239.36.98:443 gumgum.com tcp
FR 172.217.20.164:80 www.google.com tcp
US 8.8.8.8:53 widgets.amung.us udp
GB 157.240.221.35:443 www.facebook.com tcp
US 104.22.75.171:80 widgets.amung.us tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
NL 18.239.83.27:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 t.dtscout.com udp
US 141.101.120.11:443 t.dtscout.com tcp
NL 108.177.96.82:80 bloggerpeer.googlecode.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 108.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 47.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 98.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 171.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 27.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 11.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 27.27.240.157.in-addr.arpa udp
IE 52.213.115.130:443 g2.gumgum.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.27.27:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.27.27:139 connect.facebook.net tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 172.67.8.141:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 104.22.74.171:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
FR 216.58.214.169:443 www.blogblog.com udp
US 8.8.8.8:53 kencew-unix.blogspot.com udp
FR 216.58.213.65:80 kencew-unix.blogspot.com tcp
US 8.8.8.8:53 65.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 61cef8e38cd95bf003f5fdd1dc37dae1
SHA1 11f2f79ecb349344c143eea9a0fed41891a3467f
SHA256 ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA512 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

\??\pipe\LOCAL\crashpad_4316_GTOKANCMWOQJXPDA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a9dc42e4013fc47438e96d24beb8eff
SHA1 806ab26d7eae031a58484188a7eb1adab06457fc
SHA256 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cf4b2556bc44c72cb49eed24b6e14697
SHA1 0a5da8fb0fdbf22e85d96386b1f78832f045bb2c
SHA256 a4bbe3ad3e3dce1716126695b674f01b54ec56cb137201b498a227257e1d6a0b
SHA512 6e22bb4db5e66c62a3d1b01d6011d945365fd8dfb82ad0a6f4d89e1a208fc856dbf84daccc7ecc3a75b43cdbff0cc9abf4cb94c8467004bf229be394a55bf98c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e0799ae01dd96549d086ec9c16c3c336
SHA1 560672cf6ad3f9b387f9bf81132a841ac703741c
SHA256 3c46a8326bc71bb628ca0f6c18b5f053b24cf9f04aa3ac201699c52397b0d227
SHA512 9485f186db913576e10170692cb9437eeb51dd5eddf228781fecba38dd1c544b8f34e997ee52c5116371e5b128b8eb983574ae2e42f6fce13402eb505e8dd0c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 07cedde3eac744f2a00b7f16de196cb5
SHA1 4ea0103dbcf62f83ba54de61c4ad6c3fc9ed29f2
SHA256 f80496b2821d35ed5c075e81c3523d79c56e3a96e4925b2eb4ef040c8c9500dd
SHA512 d170e1b0852a9b02d024da3fc56df227c648b46e8b4095deda1cf787ff706c0ed5ca5b600a79ac1cde30ecc3c325a021415e6c805c36b9431efc8c9e8b6c8a2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 54a1ff121c7cd31c90678eab2b2293d4
SHA1 fb6ebd5bbe4baf01b443455bbf53584f0bea1627
SHA256 1eb53bd58e278a7be0a18168d6be52d4c8a7c2ff0e092ffc3f903ac1411ce03e
SHA512 428caa1f9a025faaaacfa254e9373dfc72d16b4a3d47198e9ad686445ba627b4b00127816a6b740d0febd2202d2d6cdd67510c299f1d30265bd5f397857cc839

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 96637abf298920c8df99226cc60e5d2f
SHA1 4fab393ef64a6da0f77cf024f603b9b5ffa31092
SHA256 d66a29ae0568dacef06ed256b2043c6745cab7977ba3bf1e5fc6f0a7ca710370
SHA512 8417361d10f4632b0319075770dce65a636126b637fd7d532d38af46f0f67dd4964c9384d4c009edf7e20bc84a071bc406b032ee8ff001f34d7ff7eb0d9fc0dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 637df493f7165a725ea2581e05ae1184
SHA1 41eaa278c52a09248b0f9311376670c7e045bf7e
SHA256 402c842f13dfe2ba8112928ae51928e855c3e04e352f4879cd254af7c18a51f6
SHA512 a635f3cba2ad59704b14078c28d70ad66bfa7e9ce1621a87fb2ec902268b87641024127bd751b40f91efc7cdbf4b6a79cb7ad001f0082f06967218ed8142113d

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-11 07:15

Reported

2024-12-11 07:17

Platform

win7-20240729-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e0673fa03ec05fa04a716b377eda1dc9_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A4287581-B78F-11EF-9E5F-7A7F57CBBBB1} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0da6d7b9c4bdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440063171" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000041b34c8595413b48aad52c8ec38f91f70000000002000000000010660000000100002000000057ce306d044289af2419e01c196e94f5d39e436233258c45d842656166bc3621000000000e80000000020000200000000801a354f2019dc1a608808b7ff9b47352b2790ffae921a0deb51c8af5ab712820000000fa9e64ca56d95b4a8d18173b9e104c61effb183a4abd77912c2c06fe4acfbb3840000000628cc1fa99c657a13a98dd511b797b30e9e4007cb1bda822fda40a4829c5ba49ed54e0601ebf670c91f1f91603f64b41b5354d2a6ca5bc2f0e5280a9cab8db50 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000041b34c8595413b48aad52c8ec38f91f700000000020000000000106600000001000020000000ceace61250dc55c0854c51f0d1bacea688e9733a76264f7d73c246ecd125260a000000000e8000000002000020000000822664333eb94b840bd793cac61cd1271863b567216c939713121b46a8b934cf90000000381dafbed452b084008188c3fcbe076ed37fb2fea1906dad6d7c7c07d550a8bb8eb3c75f941bf60bdb1d215ae8c31b024a82da237a7fce127ae54b0e869ab076480ef394f2911210281846d2e1b4d88798268e697f458c3b5ff6e5cd731a75b7a01b82f52991a11f5638bba31dd0b9f68bbd9e52f75c819763507d2fd5da9ff0f643d96ba8b0e7e8c71576637c17a08140000000864e299374550868878fb9cf98881b2c6e08f505d07f7f3ed73386c27b9785b9143fb98bd4c0751ce5f1d446b47724b4373f2a5fc889d50e610cbbfe0d2f0e61 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e0673fa03ec05fa04a716b377eda1dc9_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 widgets.twimg.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 i1128.photobucket.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 images.detik.com udp
US 8.8.8.8:53 twitter-badges.s3.amazonaws.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 adsensecamp.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 bloggerpeer.googlecode.com udp
IE 63.32.216.224:80 g2.gumgum.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 3.5.28.121:80 twitter-badges.s3.amazonaws.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 3.5.28.121:80 twitter-badges.s3.amazonaws.com tcp
ID 103.49.221.102:80 images.detik.com tcp
ID 103.49.221.102:80 images.detik.com tcp
NL 108.177.96.82:80 bloggerpeer.googlecode.com tcp
IE 63.32.216.224:80 g2.gumgum.com tcp
NL 108.177.96.82:80 bloggerpeer.googlecode.com tcp
FR 172.217.20.202:443 ajax.googleapis.com tcp
FR 172.217.20.202:443 ajax.googleapis.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
NL 18.239.18.50:80 i1128.photobucket.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
NL 18.239.18.50:80 i1128.photobucket.com tcp
NL 18.239.18.50:443 i1128.photobucket.com tcp
NL 18.239.18.50:443 i1128.photobucket.com tcp
US 8.8.8.8:53 js.gumgum.com udp
NL 18.239.83.15:443 js.gumgum.com tcp
NL 18.239.83.15:443 js.gumgum.com tcp
NL 18.239.83.15:443 js.gumgum.com tcp
NL 18.239.83.15:443 js.gumgum.com tcp
NL 18.239.83.15:443 js.gumgum.com tcp
NL 18.239.83.15:443 js.gumgum.com tcp
NL 18.239.83.15:443 js.gumgum.com tcp
NL 18.239.83.15:443 js.gumgum.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
ID 103.30.145.12:443 adsensecamp.com tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 www.blogblog.com udp
NL 18.239.18.50:443 i1128.photobucket.com tcp
FR 216.58.214.169:80 www.blogblog.com tcp
FR 216.58.214.169:80 www.blogblog.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 2.18.190.73:80 r10.o.lencr.org tcp
US 8.8.8.8:53 www.linksalpha.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 widgets.amung.us udp
GB 163.70.151.35:80 www.facebook.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 172.67.8.141:80 widgets.amung.us tcp
US 172.67.8.141:80 widgets.amung.us tcp
GB 163.70.151.35:443 www.facebook.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 23.192.22.93:80 www.microsoft.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.252.157:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 4f5ea2e102ef3e186d1cba273ce5a8f3
SHA1 8fdfbcabfbec6bbbf2f4e91b51726129c8d328da
SHA256 498fee9f697788f2962bfeeef32b82a584fb67e2765ae33676b951cb5cb06676
SHA512 3fc28550e13f35e612eef52ef05d7a7f563322bcab71fe6116217c932a660afc0beb704046a6108773d5fe9f287c0515c09e09884d89e8ec5bdbc6e878a66be6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 629b5efea13b701ac5ecacd4ab1486df
SHA1 db55d5c054bab3952db40073105908f0d03dfb23
SHA256 2a1af44a678dc319d80345d8b4ddc4872bced92f618850ce88beaa75d75221eb
SHA512 ff273609938cac431bfc31110719b3bb1db5a9ff1d6cee124321a0086b466ea988420439d7bd411b3ac4930f4449841386cdc76bbdedca3e1a12879808ab245c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 061cc0048bf303a308196ea38ecb56db
SHA1 21b6ae678b2ec63fdcac8d3a0692c8adc8a444ba
SHA256 437f68efbc40f8ceb24edb740b337294401061ed6bb27a51e7b4c08f69eee735
SHA512 0ffb32615bed99f79adcb84277424113844f6453b71d2f4c0ede50b3056ba144b4cdecb3d545be119d7d41e0abffa40da1fa38979dd91f770b36bf5c806053a4

C:\Users\Admin\AppData\Local\Temp\Cab42EC.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar437B.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 a5b230ffc3927299103cf4116ef8c8bf
SHA1 887726750385337f288f0140ae34386a52a48fa8
SHA256 f5633e1e00f91d9017da81fa00ba4ce49cb57301de3bb523810d679cabc3e40f
SHA512 3d54816be07c8e37f8f3f2677b714c01bb6878a3bd1f44c3ca7ffb1478478d09308ffc4da82981c69391c2ad26078ed327d7f304563b24b6ecb4340143e9140d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a64af2f9ae4b3008bdb2101e453e7cba
SHA1 c3f90467aecfe0eafb8ed371a842bede83f6ff6b
SHA256 f9375bc956c0f84d06664dec8543e10661079be976a8d93d16393a320e4f3ab2
SHA512 9dfbb4813bb0cb4d87339f411a64339cc23b3b123480201ea4ad713bbb213db822672c66acb1aaa3aeefff0ef86c05987f743fbf1f3a3a22d67ff51dd85b0f38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8988e16a16479ed61e6b310cc905a31
SHA1 e58a146e143b401d4e071130d9f15d7df0d33372
SHA256 7d9765900523ffdd25a86b1f932c252f7badc527835d932c8885c37599e7dbdd
SHA512 47ed3b76d72934f22366bc12fdd572e830a39b209ac30cfa3dea94ec8e7cffadbb9ebe15c1f42c40361bbcd24558e4dea2e8d796a0318bd75946fc3e399789aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56192f000fce250db3439405792c1ba9
SHA1 563b08ef2e20f76362d46841979d6abd1cdd8663
SHA256 7925e5c552c493f4183d675da784d5bcb8d68f5b06713e6f6b4f9660e2948afc
SHA512 da680defda62822c626c15624dedfb250508575aa4f770c229bc90276842d99998be860b04d2147e88c01cd27e7391e1d2b8252f80034942bb06dbf60f1ce1be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 3ff68530e80f0188d3a9a6373ee15b4b
SHA1 6f69e0f528b0eec2354d6dc4f15c8d20dfd24679
SHA256 ff2b8d6639742e6aa04894e8645124bb1e88d1191ef2976ef90cf7a592d53af2
SHA512 7aa82d4f329059843dc459352123e133d9b16f93181ca2e14c2b3bcd156e64096344309835f5b4da4816684ff1ec2469ecb1bd17dfac4477e569c544248ebebf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 75de656defd632840ee6280b13d5ed66
SHA1 7d5df0a1f158fbdf43a19e767707acc86466b367
SHA256 05984f0b5fc82e4ae6ec1f40cc3085d7258959abd51f707b1ff340086dd7d6ce
SHA512 bc2aba609ac0a4a774bdb071fa3814a0ebfa364399fbabb352c26e09b40c05782c769f01c46ab354a6db11960d7137bbb5e69d100401b0e6668ee237e6812f1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17dbaf1f4337d35e802d8c589b6a9f63
SHA1 97eca74bc8ed05c74932d5bcfafad29eb66b42c9
SHA256 2455bf48faef203cca97de2ff0499f6b0cc54630459d9e18b3b861c429ae83a6
SHA512 590a06f0b5d587d743fac6688812e9df53155a652f500b795aec5fe8f3ad29e12ea3699b998d8d94e47281f46325e3cfeeedd38a637627bb7a2f8c0f5e27d154

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

MD5 ab367d85e5f2a63d507ad4420dc89323
SHA1 742b5a22945f264d9b9474fcc11b049ba9715140
SHA256 9a070a5abda15b650ad35ac3cc5583757ae8a578085dd585610be13b4c899d65
SHA512 5a6664c0511aa160619186a307f8037cac564d7d0020813e4ab836ce270ebf3d98db4a7d1a0ea5258aa71d01992e9f159443978d2da293996da9f6e4107792ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e3f5b40bd0bfdce088d5ef2d19c8511
SHA1 7fbcfea3ba126ca15ee98414b4756fbaf864e978
SHA256 5cffeee04462d13ae662802e8b91bf9a327adfa7453418878147df21d2ce0db0
SHA512 460f12868b17a685a687cc24f28af9137f9a820b29f7e0e43fe6302a17861ee7a8dae974bbe175fae8ab26cf7515e2db9ec6941ec58781cd6400b09b2caac927

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\ph5MdPgpThM[1].css

MD5 761b57a8b74f9e144fb91fb94c5de0fd
SHA1 815e4953482d33f79934fbb2ebf6ca2a2855fab8
SHA256 e4b6140b623a3e56b5fe8b325a8d0011afa5340c5d0f7b39f72c0c80eabf00f7
SHA512 17cd540d8ae687797d901b957d816ff5a5234143671f2dddf827ec118e72dd0f6dab274574073c35bc4b5cae842d2c30715a825b9c1800fb5c48c608550f4855

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02f7bfb32b8ed2ddb2939263fd84a74f
SHA1 b630ae4efda298d8f0f2f15fd9e4f50a78d12fe2
SHA256 08b631dc710b2c3e6a4a5eef66cfc41662e97ec85963481e8ea9399c5fe244a9
SHA512 69e8b48096a0ee427b0b94affb5b78e29bebe2a4fc1613692228985f6ca73c21d67e9fca62e5d5c49b869220cb391ea6e7f4c63ca1fd10c8287eab30aeebc244

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7094e346598f9e91f7c3480dfa730ae9
SHA1 4599c6157526b4ecb7c74fd8f424aec87ed862c2
SHA256 13de03410c545b269551498835d9cd7aa9819735220e40ffc78f2619db581785
SHA512 0da0e43615773302eaacca4356476abd03ebbf5bca28e01c71c46e346a5bd5a435f3d093c25b4c4c5161613808584913650d03801b7ac7c406106b7cb7a80895

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7f8606453c324c8481500498ae382a8
SHA1 c3c4c274b3fa34618953191ffae209094070ba80
SHA256 c62c47024a375e7cc4b8aadb5f939439c2177c5a2d49666077b0e24b7b7c1bd3
SHA512 45148fc651d72293fd312bf48b665291116b9aab276dcf8544bcb54f6007fd5fed67dceef5f4505849edd0aef62ebe02f4a296da64bc33d01ac78b3d1f90f2f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 251799eebd0cce43dcfb3cba9d766c07
SHA1 ddf37222dece2679d8a37682958f6e50ad0be9c6
SHA256 fc5cd4af54c056f66b237226853b1e5b26a38136f2d5b35dc39fc866a8b71b70
SHA512 62174ef7eef69d910e863804a694a1915464213cfb910fec8122c11c303ee428e58f65bd0cfe92b8ee0a702dae29c464e01f9085a342d81ef2bc8d33aca3b207

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b85c119d67ff75449dbe9a01f2e3917d
SHA1 4fdd5b1cd55457effe4f4d24970f8cdf75b33614
SHA256 f669c927e17850196ab9fd2066fd2a3f7005569ea17cde1d2730afcbc819e94f
SHA512 00903e832827178af11d56a98668f99a6c3039fa0cd7ac7fe6cbddb0bfe28019ff648525037e1fb44c0e0e231b2e9ad12869bf1f70950a58e2c80341d0680aaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fdda03a815779f485f5be44cd58713e
SHA1 8b9e62fa5804d7242d115cd837eb41a6590b2e58
SHA256 18f7afce4015a4ee23a2ca550c26f33e8dc8fd2c3a866ee8932d9b1aa63b2a55
SHA512 7cfc4c0f09c185ae697bdaa795a1b0ae6c146151a819707c4b3f83ff6f1b1e95195f3f808a24195a16f3c4422fe27f4b8ce5a4fa9355fdf05b6eb6beecff724b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5882342a20664c121a9bacd13f2462c4
SHA1 30357912790e8592ff22d09c2117a5c8dd68f4e6
SHA256 b38f00418bb467f6a2a28657d517e04446bf43c4b04f306b1f966bd7749881e0
SHA512 2ffb40d1d9e1d99dcdbe180a0fd2b72688b851e9a738455c2e1fd032b1ea30f07cf0146c61e2c2d11571be4f5e864749c57d52561cf1b379ea27ff1f0c162844

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2562a44b071faeee53f7e1481647bcda
SHA1 3bfa98530a99012f192332588ed437d6134e74e9
SHA256 3e572991adb5177d7dbb24788615536c4cae5900f63a2bead1b504ddba2b8baa
SHA512 93769022f64eac9ac01a228198908bd76e3bb51b894dbfe69573f5c5b148aa27e1a407df6681c98362da23b496406f02656a2f9dfff11ed112f5ba9638c23e0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c72d0a456bc5a89d5cf5bb58887d611a
SHA1 422e5e77f582750c9e41a92afbdf263810fe1082
SHA256 c13ad4c0b2a84f6b0c55a4a1b55953e7ddfe3ba678fc0661d72ba7df6045e6db
SHA512 26d672c35cf756a5aeb111e4a297a840792ee341d7a8e87e938e6b59ebf60820a4703d1f6f2397eaddddc7bf9027818e44120a8b46885039f2c938aafe3a78d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c64d028dca7ef7826a369b4d04308e79
SHA1 a4d348e577af2ac1170641e989b21c7fede804c8
SHA256 3996365aa23587b686601f8a0286a4bc0d765391f9e81e4298c02a033a896993
SHA512 139c4ff7fd6e731da0505bcc4cf1744267cc643c05f1df4e4c7b679665ce7be40dcad88b49221ddec7bc999495bab3e2444ffbc3da657bbb59609d12d6cad3b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fad6be7a1f8ce7eafca2351a8b573b27
SHA1 62f4662e3fec76948d75c6a1d72762244dbc2372
SHA256 686286acf23cad3032357d5e1499ca986a742303f04ba3ec6e148f7ec0cf29f4
SHA512 40ecc16f4966a00d7807eb07ca91e2253d80a15aa9276272f75833e5c15f6244e99dd0755ae8470cee3f3cba00e0e6534902c97d96adac650e2cd49ce89e2c2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5802631964967b55ec6c2817abb3aead
SHA1 08fe5b76f36a5cfd56da0c90cab04913bc3171f0
SHA256 55dec631f33ec8dbfc26288539606544570e45886530f42fa06a0f609e8bb9be
SHA512 575a2cf5c407c1ce388b903f83cb997d957d5061eacfe1bf874db39d92cce7d691bd56abaa334dad9dd519a04d1ff3c14a395ecbaed8b02430d1280cafb78bda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b20fb566b3ec95e9e4b7213c94afaf11
SHA1 3c7fc2619ffe793b5fbf6aa2ec98cff010d761bc
SHA256 6198cfcef0e5af004d1f49744f7beab0db1f333081874f8a8e3d5f67dba0f95e
SHA512 bbe066de5036541e5deb22d485f880b08159de84d11470b56b736e225c858db3b60f822dadfbeb41153f003e8b59b7414d46a0a6c37becb4e5dbf94488095492

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 ec9682a02c054516a9265bd4f2784e1e
SHA1 ad4669042f0bff8789a87b0dfc12be34dda6b526
SHA256 7a4308c24539dda66e6f9cba0f368d9a7f4576519c8e16fb712530baea55d899
SHA512 904240d3d64acc98dc759eb089634856563f81ad4b3435f9f10d395d454c781daf8d64cc56c993489f266b6f045e49adb569c78942170c0baa7cee25e44827e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24ce141af930aff3f7b2651ccc4c2352
SHA1 7da619e4f7a734c2b4bfe4dfd67117ae5c699e5f
SHA256 a91ddd24b2fa517ccb6c6d7210e3a1593d0d967fd11314b5f2507d4ba07d79c7
SHA512 4b063fb4b204c7d95fc5a66a8a41d9cd7a7aebc18e79097c68be0c49ba462d6f5057416fc720f7396b35c6344b1922942f9debb745af986c87a35081c5140fe9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d816af2bdcb4d3d01d19185d7c0b03a9
SHA1 d0080170a2f5bcf340efeafe3561e8c6ef7fb437
SHA256 078e747e9c1bd56ac1f74c02ac46191f6a35780c7a713031f836d916be5820ab
SHA512 d020529ad4abb31b6df42a216e13bfc9718c8114e2d258bc6476188009c678982f611b92ecfab459f379bb4e1bd5cbf883cf1c3bf5e476f46a472a13080bcd48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8ca6388cd30d949de68654179a9989a
SHA1 cc1d8a900e96f8ce4a4e294a9567fc55ea43f6fe
SHA256 54013b297ce98f60e131afcdcc3da1dc385b95142be88d3b1163571d2e53862f
SHA512 e3abae0c194689e50d8b21a67d81ad2c533852e3ef26d45dcf4e58b907dc820c984b28b9f683c26a4a16c699880d4077e755c2bda2ffd792d961181235b6d643

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cde8f75b06c20699186c282a80d25476
SHA1 bc850c51f220ef6f1f89052cf9b6a09efdcaad24
SHA256 d1fb207202dccfe2666baa525b161a2277827c7265b8b78513f11439e2d1513f
SHA512 a0d960065b472e9137e5f150e19fa699db8bd3db0fdbd8231df37821aa5d742e5bb5c22bb21d490570e1aadcf7199640c2bcd15aeb7a668e13d46c40bebd6efa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54b09884b2775d8ff34a2694b0d1c712
SHA1 2d75a2e452684e8dde47df68e609760f5241e861
SHA256 0b4c6bc3265191debb0cade230848dab871976c36827b03fce7ac83e8a608b3d
SHA512 639020ecdcd330c8b19f2266af72976e5f927a16b0f741e9caec03447590654882e7c0e554a1c08b42e4601da5dcad9d3e2d6f1ce6c57e443a9b8ec7f0194a5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 3a487b384f71453d67b754ba1ff2feb7
SHA1 380a69cee8488595bcd3c08e9884a4a80b5dfd17
SHA256 2c0578e2307c0ef257fd15d9e05e40a29e3a83dfaed96673304357efcb614b96
SHA512 b2be7ff3a7c13fb5af8b44a229c01c0fdbf0ca7554bcfff7159875ebcdd27578e49d2faa616927df194369cf73d4d395bc62a740043476f2e054675d849690c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67a530533370b1224c5b2dd507715593
SHA1 f662df22361c4a69c8a3a6552793dca794f8435a
SHA256 fd3e031d48a079caf83d0eee63a03dc70dc7c623917238fdb08749d60643e48d
SHA512 f4f9a81127a9f615ce32ee8793dcea25ed4c416d6a11143c1e07953bb5aecec29fb4ac88718724dad30c7d0acbf032d1e70f16bf1c2b2970b1862f27de1fb4f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 328ce1d13cbfa239e6320ea3a42be6ce
SHA1 d6ff507b0102135ec6599e5e9cbbdd24e99e9324
SHA256 cecd6c55114adfb2b5023fe6c008305df6eeed3a36be57444c0f9d665632c486
SHA512 a405236d8f6721663396fff6a8773256edd03cf1b82b4438835eb96fc6251a3156707559114ffea8a92bf1b238ba387d76cb43696b05ce784dd1aa04b3134704

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fdbed144fe8c769136be7384736340a7
SHA1 5de1f5821f16fef9be37856059c438eba8d439b6
SHA256 d8302fdfba7d0ef166b8e8ae8bafe75f2d19f7a6842493605cc5ff165613ce90
SHA512 6b9dd559d3b6866dd3131e011ee0f01f4b5274339e4f829f2947b93ca66e52be25ba4cc76301c893ab58dfa0f922c83a08fdbc2058616de49635458cede886a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87431ff25101fe2182b72a9ac88fffc3
SHA1 5201d6803aaa66cfd90508c188f93eb39454a8ad
SHA256 d5443161679c5cd6aafbdafcbd1984569acc70a23014ddc9110b340dc3f82a60
SHA512 0f630dddc70444b593bfd1278180d361094529f419e236cb1cd118e14b7a5d1bd6a64a2f2097403f6a88d2d097f4849394588cdb1196fbc9125f41d604e88cfc