Malware Analysis Report

2025-04-03 14:22

Sample ID 241212-2hlrts1phm
Target e89703007362470e63372631ca381961_JaffaCakes118
SHA256 84872f2ab3e03074e5f62b5f7424c83035783845780db6018a38d08bf4a0f571
Tags
discovery socgholish downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

84872f2ab3e03074e5f62b5f7424c83035783845780db6018a38d08bf4a0f571

Threat Level: Known bad

The file e89703007362470e63372631ca381961_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

discovery socgholish downloader

SocGholish

Socgholish family

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-12 22:34

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-12 22:34

Reported

2024-12-12 22:37

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

146s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e89703007362470e63372631ca381961_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4904 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 4768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 2240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4904 wrote to memory of 3768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e89703007362470e63372631ca381961_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbb3346f8,0x7ffbbb334708,0x7ffbbb334718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17342156588336090635,17845031456726072338,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6312 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 translate.google.com udp
FR 142.250.179.78:443 translate.google.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 142.250.179.78:445 translate.google.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
FR 216.58.214.169:443 www.blogger.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 static.ak.connect.facebook.com udp
FR 142.250.179.78:443 translate.google.com udp
US 8.8.8.8:53 rcm-eu.amazon-adsystem.com udp
US 8.8.8.8:53 contadores.miarroba.es udp
US 8.8.8.8:53 zbox.zanox.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.tqlkg.com udp
NL 89.207.16.75:80 www.tqlkg.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 172.67.184.36:80 contadores.miarroba.es tcp
US 8.8.8.8:53 www.awltovhc.com udp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 track.webgains.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
NL 89.207.16.75:80 www.awltovhc.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
GB 35.176.75.42:80 track.webgains.com tcp
GB 35.176.75.42:80 track.webgains.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 36.184.67.172.in-addr.arpa udp
US 8.8.8.8:53 75.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
GB 35.176.75.42:443 track.webgains.com tcp
GB 35.176.75.42:443 track.webgains.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 www.yceml.net udp
GB 2.22.107.241:80 www.yceml.net tcp
GB 2.22.107.241:80 www.yceml.net tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.214.169:443 resources.blogblog.com udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 ad.zanox.com udp
DE 195.216.249.67:80 ad.zanox.com tcp
FR 142.250.179.78:139 translate.google.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
DE 195.216.249.67:80 ad.zanox.com tcp
US 8.8.8.8:53 42.75.176.35.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 113.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 241.107.22.2.in-addr.arpa udp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
DE 195.216.249.67:80 ad.zanox.com tcp
US 8.8.8.8:53 www.ftjcfx.com udp
NL 89.207.16.75:80 www.ftjcfx.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 rcm-eu.amazon-adsystem.com udp
FR 172.217.20.194:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 74.125.71.84:443 accounts.google.com tcp
US 8.8.8.8:53 84.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 142.250.179.78:443 translate.google.com udp
FR 142.250.179.97:443 lh3.googleusercontent.com tcp
FR 142.250.179.99:443 ssl.gstatic.com tcp
FR 216.58.214.162:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 195.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 86.49.80.91.in-addr.arpa udp
FR 172.217.20.163:445 fonts.gstatic.com tcp
FR 172.217.20.163:139 fonts.gstatic.com tcp
US 8.8.8.8:53 play.google.com udp
FR 216.58.214.174:443 play.google.com tcp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 138.136.73.23.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
GB 151.101.188.157:445 platform.twitter.com tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 199.232.56.157:139 platform.twitter.com tcp
FR 216.58.214.169:443 resources.blogblog.com udp
US 8.8.8.8:53 regalosfreaks.blogspot.com udp
FR 216.58.213.65:80 regalosfreaks.blogspot.com tcp
US 8.8.8.8:53 65.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36988ca14952e1848e81a959880ea217
SHA1 a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256 d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512 d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

\??\pipe\LOCAL\crashpad_4904_ZZTUNRZUYTTZKHJV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fab8d8d865e33fe195732aa7dcb91c30
SHA1 2637e832f38acc70af3e511f5eba80fbd7461f2c
SHA256 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA512 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 74cc4b1dd9c2aabd31df86d0313c2799
SHA1 4507b8d62ff58779b6c272c613f178e59e9f6f0a
SHA256 3348fcb5fe2723ff5cf29d31f942be0d90d4d5efaef6ba8b8bfd9ab096b31cb9
SHA512 6a45c65738257f0ccb28efbd7bf4dd1d7b8573cf9912677fa9d94cdd3d0cbb1bf11f12584d3d5cfb046edd5cff659d20fc9d2f25c2428397ca8eec9a2d79f4c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f147beb92b0833016a47a4b8e080022d
SHA1 b436fb6322d1b355444f50cb3a3411fdf017719f
SHA256 89cfd23aa6871b9019bb5c5c74ba6a925f98af232c542f4e68079f25550f2779
SHA512 719e1ff339dce770f3121f24ebfd895467ff24d7fd36319a8af1e0292d77e1119fb4565af548b3986af29e7a78b68d1589197d72114f9cc83282ca4cd474acd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4191f6bb4a81d0d2aba7957a1cfc4013
SHA1 d224da2706ff87b776c3435d77306c22574e5a53
SHA256 eb2f5806529aa665776103aab913fbc01abe3a407191f41bd132d534221a0ead
SHA512 c18eb7340f70e2e06a16826661af0120fa23939db8f03026bbb8f4e87ff5265cb268e4fd91968b4b4772db6a2f7b1918f7261335eb20dfb505dc2a868a3b0537

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a2e98b0d28624e11ee97253f9ae999ca
SHA1 f21a2f6d3817fe5659cea808fbde041954b873b9
SHA256 3c56a0f33802bfc3ecc694c3ee2b9821d897d8c958daf23eaa6d9d584aeb997c
SHA512 3ace1cc5402dc5be5967a38a1f947afc74725d6ba00c85b7fb17eb780e6d8666887fb56333d088a91bd391f0aa9cdc63c0f94dd869ab2c1a9c1436eacd9dff5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 1da8deabd421929fa1a865599f43aad8
SHA1 88af7573c39022643333f85b523a329cb6448675
SHA256 07b01330c36ae322ea1f1e2ea70e60b629b292b3f7ee7aae5a9968dcf341e685
SHA512 0be3f8d02397c3cc32164b116c807115c42a310fd70c72c94b3b523732422ea2b222d8762e81d91ef0c36a8328df4f7ae8e4570c4bc46ab94cbed5131389ea3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a3d1475f96ed250b8e1d32938eeafb98
SHA1 c12c8c26cd44c7ead775add82a131574ab155a90
SHA256 dfe724abab8d46114da354420f19749f897bad458371f8ea705b757ebfcc1d7b
SHA512 be006cb7de73f158e34bf5caafffe111f04bfff3a87082bf8d539395152a0233cd0a6411892b344b5924de7ef4f48f38dd36bdfa1926b3c69546fafd8b019a21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7736ab567725c827912b0d28f482d727
SHA1 5faf9539fb535f14e1279b57e620c6b4789c2a80
SHA256 37eeb4cd895eb5057601093e443552f9461405845ddede1e0d127dae388ab19e
SHA512 48fc7d22601a4e780630366257c8a5a434519d33135537264eff0b3930d47c630ea40f7d65f0ba2bf4d438b08082fecf7a8214528fa7fe330dbd9500054a6219

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8336746044f3f9153224e9294e883f40
SHA1 8218e76fc7c2aa14282f3107a2859b75265c0b15
SHA256 747e96f00020cb4949df8ca8fef43842b5785da968f8bb10b2f5c3169bf48ccc
SHA512 a18417483e4ea10f7c12fcc9c3e125142044acc7980d50eb997bc966952c87010ab29b70cc85887d9a1b4cfd5f24aa40569a5948f67170081404328ec8ab262d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d603141a037e1693c67453753e364ba0
SHA1 ccda4ed60a8a82e3c16990e05479eba8f4792894
SHA256 7d6b31428562606ac30440e010fd8e541e1f5837990d0698ce82123522b67d49
SHA512 4337fb1444592187f1b19ff47e474d0872b602cf957f6e716a518a4c4309041344a89f15b5aaf1effef87a8b504b165d8e0f1f898192389e3e85816c5685f89f

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-12 22:34

Reported

2024-12-12 22:37

Platform

win7-20241023-en

Max time kernel

141s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e89703007362470e63372631ca381961_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{527787D1-B8D9-11EF-A160-DA2FFA21DAE1} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20b08341e64cdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440204768" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf000000000200000000001066000000010000200000004943ffe843d8a9b742f3cfda5f6813a35d0873b79789363567ff4314985f0a98000000000e8000000002000020000000921c62764af276b4f3529f0be6e20a3e711d01bf704d7f6ac2e651e524690a22200000000482e8321fa187efe5d2e171f10fa7f181c9add47f863fd01ca67e77ef8c120340000000e65b9d049778da377900d8e077ef5653a2716dd37ec707a2f26f3f05c694b3716c998aba15031dbe955f1627186abd14c5e7085f89e1e7be8c5b61f7f664aee0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf00000000020000000000106600000001000020000000089e84a5f0b7929f87d458ced84ad61f4d2902d8846686b3dfee2a47bfd1a6e0000000000e8000000002000020000000e087b790eb72d767dc9449e90425e7d4b83dc6a81b5eb19ccd345c0710dd26fc90000000f356b6e71125606ef73b559b8de499425de1516e06d05b219977191d821a7ad75bd027af15b1b9cb009607195ff205acc0fce069d9322b8ce515eba1fc09dfd44244cc78b9c95d1129effb8dfc87a2dc19b64ddb715e1815cda5ec5895f7d4655581a519b19c0481cddd61d5db6e626861866cbd95d0c85c2a0a054fe321507833ff2898acca968c297798f879c62168400000002fd382e635f9ca40d8073bed9de3a00cf6eba9b46cb0e7e9b01237637f802400d6a79788fe1815494f7f59ce57742991244db97b2c1e943aeae38863115bf68b C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e89703007362470e63372631ca381961_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 authedmine.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 track.webgains.com udp
US 8.8.8.8:53 www.tqlkg.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.awltovhc.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 ad.zanox.com udp
US 8.8.8.8:53 www.ftjcfx.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 static.ak.connect.facebook.com udp
US 8.8.8.8:53 zbox.zanox.com udp
US 8.8.8.8:53 contadores.miarroba.es udp
NL 89.207.16.75:80 www.ftjcfx.com tcp
GB 18.132.32.21:80 track.webgains.com tcp
NL 89.207.16.75:80 www.ftjcfx.com tcp
NL 89.207.16.75:80 www.ftjcfx.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
NL 89.207.16.75:80 www.ftjcfx.com tcp
GB 18.132.32.21:80 track.webgains.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
DE 195.216.249.67:80 ad.zanox.com tcp
DE 195.216.249.67:80 ad.zanox.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
NL 89.207.16.75:80 www.ftjcfx.com tcp
NL 89.207.16.75:80 www.ftjcfx.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 172.67.184.36:80 contadores.miarroba.es tcp
US 172.67.184.36:80 contadores.miarroba.es tcp
GB 18.132.32.21:443 track.webgains.com tcp
US 8.8.8.8:53 www.yceml.net udp
GB 88.221.183.110:80 www.yceml.net tcp
GB 88.221.183.110:80 www.yceml.net tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
NL 18.238.246.206:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 rcm-eu.amazon-adsystem.com udp
US 8.8.8.8:53 rcm-eu.amazon-adsystem.com udp
GB 18.132.32.21:443 track.webgains.com tcp
DE 195.216.249.67:80 ad.zanox.com tcp
DE 195.216.249.67:80 ad.zanox.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 23.192.22.93:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 114b3036c6bcadf686bee8bcfce2bc48
SHA1 c66f882ff157cca64a6e184d023c059260297d85
SHA256 11badbbee7726c2d68a9e2bb9e82ca5ec1dc32c3d8420092795d01eed2f50334
SHA512 d5c3b70cc4d3ab88ab95769909b5c44e9174e4d9fbf7e7ec3f5bbc9e6db5241c79a3d90200ec242d9b05f6d2c3ee3514733a6914744ca92d2c957315bc3d535a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 84525ac2c52cedf67aa38131b3f41efb
SHA1 080afd23b33aabd0285594d580d21acde7229173
SHA256 ae524d9d757bed48d552b059f951ffd25a7d963ae44a554cb1f3a9641e524080
SHA512 d898b0913b4005bbbf22a5457ad1e86345860868bc2e53187ad8267c07824d592160a27d850978ebfe78392db784fffb80b73e27418d3a71708383d738ea1d57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 dcf68c7c89b4f4523c3c96569dcb2af4
SHA1 0d51cea59767d99ff576ed1d6b462a516b0ee4e2
SHA256 9905123b67e2b08d72cc861647937607c893d81455035435eb4ff5a221ae2b01
SHA512 a0bd4a20444e56f6dd12b49a940a8711058410e8bb3c89d3e3124abcb4be6b9907eb631d1d29f6acba6d65c546fb7bb4aebc99d34fe0502bf3363530c5c07ed7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 d4dc009c814d5f9240def72ecb67dcb2
SHA1 250c61738d79441b1ddc318c60b67b40005228c7
SHA256 af317cb9b209177f0babf1dcc9f5837201b928850361b1b8b606db4ebe7dba32
SHA512 a13ae4b4604f5a3fa007304cb33cb6acfdd7519aef53befdf70c4a3e4a64e5ccc6f0679dac97e10082ea25b07042806e01e72e902be4b627f8f0ca35e9480762

C:\Users\Admin\AppData\Local\Temp\CabA0F3.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarA153.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21ca86023786a94c57c59b8a85b2a0a7
SHA1 08f508f85c0dff728f39665dd649b71f6b8b24a5
SHA256 ff296edd3b322a6f23bf8fef3953a83c506d1222929996dbd8924d6becfc3a25
SHA512 17f30ef766f7a5bb83d3eca42bf2e5d73ebbdc03e984165bd641019912c3c8c3a18c2c16f2ef925db1f4e35338ed343820e2e46e3a4fd72a7bda753849cf4ef4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 a16e149a93948efbdded015c1327ab8d
SHA1 a9a3d6e9bc7d9e7a3c59a7265d935e0c3faf8fe1
SHA256 b896ccda2b412c79e881512b6de535e42e3d1b0b2d1ef6a14184822e81e8fedf
SHA512 432d64e75cb59ff55bb32ef56a1f3c7a7c5633183b106d33baf3fe810dc1b959b2b3b178bfd61aeb71aafeadf227e67c36ac072878e74d98b0152efeafc94a0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 dc17e99bdb8da6262ab7259107274698
SHA1 6b74df5e89777501abf008fedd7e33728ba3d7ed
SHA256 3f99cd6f6fe6411023fdc66bec5d298cfffa4711fb692e139eaeb6e38e47c0fc
SHA512 426a675b2067a98e5f39f332382090d7d38464c2cd80dd550946a970cfe149fa8f8c5044cd58b1fb3b308bd0a8ed63752d7e5c61021e14c0ca53c02ac68f80ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 b7cfbce896a85ff77e0eb8e844b6d3e3
SHA1 aff3d3ab8e50acb3149e344731296f830c19892f
SHA256 b37db6af4e570922011b2a1ad9221011f238943421d0618f520f8acf0bd2f08d
SHA512 7ae62b56fcec773b8af3a78d95198470f857abdbad67b83e027d33aa678c2621c615632687fcb778f5a4a110bcdfe4e2d925199a32f42dec4c6ecbaa376174bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2ba063c092654494a41a6bde7d9b0aa
SHA1 fce8695dc60e4a5d38fb1378f73e220ad51d9db5
SHA256 e867b58706650f8cac4518a8c23673ac6da33a55d04138796ceece988665773e
SHA512 7e848323d77899107ec99e129b042bb60524f8cf2b3d3ee5f9a89a06b116d02106ab84ee2296b2f6e59341a5fe7577d5fdcfcdbcbb510e18f8fc6d6321546857

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05a3565c8f57fe789ff2378979fc0c7e
SHA1 7ee13d920781cacf772e2949ce1d06e12fa58565
SHA256 624852ed69dfbb68ba72338e3bd5c3a81c403dfdd7d733ba2bed9ab5b4b71b81
SHA512 ab816611001cd827eb2487c63aa3bc22e1e4c5c44bb4b2bfb5d75f4ee12c3bad44cf993d2449ef0e463a97ec95307b7532baf9f048d0bda00d0157429df7d23b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ae2b93489e1790eb797f2aa681204ce
SHA1 7935fc09c95f38d7ea5752359afb842e6b8beb15
SHA256 f6638089f2368d7c0e7c9b00009876f4b849c81bd8dabc137c0600eecdf53dbe
SHA512 6870cdc80ddc9ca4bdd5b4d46e8bb09cdc8a710bf2cf5f10a4f168315b4306a3f74e3758f0d49caaa9d52fa30a94247b1e8bbf738a72d16262edceb77a854603

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 f4c625d3bb07ca6df8392c92469c286d
SHA1 9e3c030fb1b1841ef1b6b30fd29e238fe5798a7c
SHA256 bddad1b96f44ee2404a3b547a5dc0f16b3c4a3994cfb3ec317fab637dd912009
SHA512 e80bd98a3ae80c6a77d630cc458d40c17b3512810a50bbef3d6fc6b977a306b13cf3b663bc3d68a6a1a26d87936b65f45d669cd2fb2981ce3be1821ad6d4addc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 add82d4cc207a107583d30989889ee1c
SHA1 fa3ced1f5277945dcae4a32f14e0e8e0d8a13c63
SHA256 1492ee58487f2d3dd8c93308fa838ee20127681d3cf79f7d4bc0d23028897986
SHA512 b650b60454fa1f261e8fbebf10a7e3618c40866402ac5da7886cf252b103bf91d4f0a0d8108e6ab2a4070396e4ddc7737b3fb5f931af5fd3a61b96b2937562f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab2b7635127c1d03a8b71baf9760832b
SHA1 ee62ef7e0957e56437e7e14418d820cbaf23d2b4
SHA256 e6e9efbc2aef200ea6fb2151f1c42ba5e872ffd5ec2b1285bfbe4fdd60f72da4
SHA512 e0d082c991b491b7d268a5a603982ecaf8b75b504208a055f664d07c35dded3a1e4391c85fffd25496956187253645bc2867a7a562dbe7b916a0fd8c168bd537

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4edee8a2e20cd205755736f77ec0f14
SHA1 ae8e7f88fb88715f919f84f03367736028ef7538
SHA256 e0f1ab13c968ddaa7e066b657771f3e89ae4d48a147d1d68242ee3df7251ee98
SHA512 e40185dc9f70e86cbd8974891ba34fc1ef45fe61c6fa7934993617eb1088648685379f7cd573415d939e57db2b897524e090b8b967132632073814155379bf6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04b565ad896c64c8f9a78f2338b4ad12
SHA1 9e2b44aa21ecac11c9f428bae3c2bb67a23af9c2
SHA256 258f8aec2d6e1babe40bbfea6709d33d6174f0832f7b9254d8971db8086a81b5
SHA512 2754767a57a7349b6b481694a7838c39d0e26d5fa48a65d2a74f311443edcb67dec2c0a0ebc2213b8a7c8e96971c693650721a1489ccc1ef15f832db80c01169

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75d9e86f9ac7d66047dd66b5826ef1bc
SHA1 40ec9f3667eb3e996ad4202ddc2456de6a9ee687
SHA256 f28ec5b32e6dc83ae9bec828ed47241e75c4942ae6f8ef12552212308b6597f1
SHA512 374a746a32142f1a24bc77f3e7b2b6279926e9fda6d48a110ab9e3d4bf17cd56b8934613ecd2c84d389b107974f42f42d7051e11f3ec9116abccbd7ea2588a2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c18c21a62b0afd741e74c6672847f29
SHA1 0480e7fcdd4eba694d8572871bf2b329bfa5d35a
SHA256 cd0aea49351a583b60d3d7f0e817a7d63bcf4684d43e0352e0d983c3347fb477
SHA512 28b61a31f013d5ad42a9d01935464ba4cfb61873d767d4ff78ab57138608fb06c95115e7ed7c86e3ab0f552efe33f7fcb207a52cd8ea1a2706f29966a3fd962e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 6e712be190e779951d3d7e8d75a79d17
SHA1 61a83b157702e5498c80b02ec2f303d813290a37
SHA256 4abfebcec6ce2023dea77087125b19fbf6a7f50955f00333b30d3f687d9c6765
SHA512 57d74a40f6893329e9b69ba6f981c05730a7a3055f6e536970d754099a840232ecfa9b674f3258743aa2e6c9875c402d7d926ad9c7133a5f17830398a9c435a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cdbb5c6fd4f154b52765bc803578421f
SHA1 d330646ab2a0b5a6f8d816eda2551deb04b162c9
SHA256 38345b2488638c97e28e74f33f59e317c95e1d49dc94c513599be20581c8b258
SHA512 44ec54c993e2bc1160a8917e76dc0433debb0cbf7b9009e9d940083a0576bb2f168ce3b5eddab2edd19e00f966a0aa7250a162b961582105918e2d8a57d44ad1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d864ac586df9b8809ae1ebaf62dc117d
SHA1 5633c4bca4057a0fc99f168f3984ae43742849c0
SHA256 9ad4dff1926ea2c5da9cee49b7a274c3341cd3b7ea270cee71ff9aee31539b92
SHA512 06ed2c62bb5aa57ba4de9e01a21d90b25d38c3d8aab37a96a617958e8bb0ae9259568bc4a011f2e5921d0f9daec99c36f9a4a29f2cec5344069775a1a9e21e02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b71febd032520944f07718378952513
SHA1 527246159626998bafd8a1e51c018ff9d8b915e3
SHA256 2795cca5336657354c6b81b4025bad2d2702a9542585cdb3fa5321eaff8e4775
SHA512 470f0c608ab3909e33949b041cd646aebbbb0a8990e10f1db1b9eeba2e2e7dae67e7ce261d88eb3cb7e9afa8872e8592315c6df0693e95c55682efb7d32a6696

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bca2a38bf75fa91e450c00c36ac7cc2
SHA1 06f8050e4a38d5926c948034b3371774aa9e6a2e
SHA256 36e09339f7f686dc56971761bd475222093a8a582d4a5546d0f9222bc7ede83d
SHA512 b2ce84e517e365de43c782a684851b7733f756a6ce062c732f5d36ca93f0756d6b281c9be0a66d7eae730973ff14e61ac657d973b653a6cf7d389234a4aa2a46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ca3dd94a6f2682766e681476a9168e3
SHA1 848fbc5c78bb558975276e4a79e635018a3f80b2
SHA256 f94c8fb4ca6b41460a2f9c930f52efc08cd571cba276d4782301a95f1465f9af
SHA512 5017327ff64d8b3223673f47e8d25a42cded2bd77b0c75b96b24e1968029a0eeb16834d21105fd3eacba8779030ed8b3cc25e852b4e61a19699759a2c7eec01f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d576d54176649f5a6b32d72d22415b0d
SHA1 6ba0c47efd13f61e7a3757bf1bf2b47614d5f5de
SHA256 3a46096c75a88e8ce7c7cb860893bd09485f1fd6f1fe913f3f71bd8d2dc88eea
SHA512 5e1e7e02e39d355b895fc315f146bbe3d6f951433fa5d2319553f13c5d1e39cc6ade35757e3729592205797ae6292ffd51bbc58268794e381c594d17168d78f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8d4904bd92a9917f621bf44969d25b0
SHA1 1d6ec41dab7faadd32f66f82a0fcabeb97b976cb
SHA256 65b3ead50c66aaacea092b301139a252872b217702291a67bdb34a843ef357c7
SHA512 d9db843205968ade5d5497520a09b0289ae3b82253c2e7e504dbdbc2131b38c5fc57af564296a807d9db68e50ed173dbab0964a03e845ba63361df19960fa388

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f6cc2f27ff9246cd7f7ed3acdf68dd7
SHA1 eb0d3433f8562608475423863cf7161c75e3917d
SHA256 9c1ed46c267a5130cf00cdbe8413602f9cce6599bad3660aec40c0ec18509a14
SHA512 677e0467e25518e2dcbbf0da1494ad074eaddb6a3774fbfc2a45db5df87d9a37872338e55a137fb82229d36a3f13439acfd45d9b8ec36bc9a84a73a3997227d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2fe0282df5a3c5ab112dea0e3d1b5c8
SHA1 21067f700a5fb983b68c82cfe4d140cf067af7e3
SHA256 af3b27b3d8780d68910e31660b69d68f7ecf0a82799346f16fae792093ea9cad
SHA512 08c618a3282f2643ba87dcad47f570c12f0fed2297caaa42da04b5bb7011c4b8d643313337e69021ca4e59365dbb9e2c3e3584e946d924ed7bdb3137249d37c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b9e9991898ea5c68654083515c0ee9a
SHA1 3c3fbcf005ecd0d7097f7dbdbf097e785d9ca35a
SHA256 53ce6cb9c65361e781daf9c56b8e87e293adb31d53f44ec9452db74c6e0ec7fc
SHA512 5cb4ff8a96b21a799b029b4a46987425d1bc097913703e423e66d180df50b279a61da0dcdec30f3bae2f992ea6bff19974ce4e718f3f43fe9173653d234d7049

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c0ac87b58a8fb409d6274d4fdee0573
SHA1 c74db7a7d04e514c13076e44da7c8659b8738985
SHA256 576d05e2556b0a7fa41d08895d86b564afdbf72d9c9adb941559c1278a6f6776
SHA512 ac38ac9bbe1cb62c9009e4c00f88dc69fbdcd86e226174e19b7963ffa0bed742b07b1dd8934214a10799df4f65ba2244aa1fa16d2d85170710713da56e1c037e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10675c909d3ee48762d33ad3400d5e36
SHA1 56f8dba78df8d3c166806c163d9dda3c5b65ab1e
SHA256 a127bcc13bd5d76e5e5448c9c09adcd8a500bd0a44ebca3700746db83f5c776f
SHA512 64de5ddc062c170ca3412d233549993bfe32feadef8d47947beb0da77b1eed990067cfabc5c1b576cda9f936b72cc61776ae03cd79080a99ecddb6be3f197cd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aef4020666513e2156505ccf9966e109
SHA1 c78947a4fb6c61116f3d3231bfd3f461c19056a2
SHA256 9964c3bddcf26751fddc3844512e8d4ef3f200ccedd8e2517f2d680a4d5a200f
SHA512 a8dee48dbac782750eb0074b1ed2cfb1ef70f1366f277ea6579c372024b2a83a976140754504dc19c04f66c98e271026059e87debec9b82808ec41005533ef81