Malware Analysis Report

2025-04-03 14:25

Sample ID 241214-pkjc9stkfq
Target eebe3078ebf405cc8808fa995f23b0a8_JaffaCakes118
SHA256 a337351adad3f687b21d0b776a27516fd12ff62ba0d7864fb72cccc06d252465
Tags
discovery socgholish downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a337351adad3f687b21d0b776a27516fd12ff62ba0d7864fb72cccc06d252465

Threat Level: Known bad

The file eebe3078ebf405cc8808fa995f23b0a8_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

discovery socgholish downloader

SocGholish

Socgholish family

Legitimate hosting services abused for malware hosting/C2

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-14 12:23

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-14 12:23

Reported

2024-12-14 12:25

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\eebe3078ebf405cc8808fa995f23b0a8_JaffaCakes118.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1520 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 2396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1520 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\eebe3078ebf405cc8808fa995f23b0a8_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfcd946f8,0x7ffcfcd94708,0x7ffcfcd94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2540 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
FR 216.58.214.169:443 www.blogger.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.214.78:443 sites.google.com tcp
FR 216.58.214.78:443 sites.google.com tcp
FR 142.250.179.78:445 apis.google.com tcp
FR 216.58.214.169:443 www.blogger.com udp
US 8.8.8.8:53 www.facebook.com udp
FR 142.250.179.78:443 apis.google.com udp
FR 142.250.178.130:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 admaster.heyos.com udp
NL 157.240.201.35:80 www.facebook.com tcp
US 8.8.8.8:53 optimized-by.simply.com udp
US 8.8.8.8:53 px.smowtion.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 controls.scambiobannergratis.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 player.ebuzzing.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 blogblog.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 tools.net-parade.it udp
US 69.16.230.226:80 px.smowtion.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 142.250.75.233:80 blogblog.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
NL 157.240.201.35:443 www.facebook.com tcp
FR 216.58.214.169:80 www.blogblog.com tcp
US 8.8.8.8:53 labs.ebuzzing.it udp
IT 31.11.35.212:80 tools.net-parade.it tcp
US 8.8.8.8:53 img2.blogblog.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 img1.blogblog.com udp
IT 31.11.35.212:443 tools.net-parade.it tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 ww1.smowtion.com udp
DE 64.190.63.136:80 ww1.smowtion.com tcp
US 8.8.8.8:53 translate.google.com udp
FR 216.58.214.169:443 img1.blogblog.com udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 142.250.179.78:139 translate.google.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 adserver.pubblicitaonline.it udp
US 8.8.8.8:53 www.yourpage.it udp
US 8.8.8.8:53 img413.imageshack.us udp
CH 185.101.159.238:80 adserver.pubblicitaonline.it tcp
US 38.99.77.17:80 img413.imageshack.us tcp
US 199.59.243.227:80 www.yourpage.it tcp
US 8.8.8.8:53 130.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 images.ilbloggatore.com udp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 233.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.230.16.69.in-addr.arpa udp
US 8.8.8.8:53 212.35.11.31.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 65.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 136.63.190.64.in-addr.arpa udp
IT 46.252.158.159:80 images.ilbloggatore.com tcp
US 8.8.8.8:53 zazoom.it udp
US 8.8.8.8:53 widgets.5z5.com udp
CH 185.101.159.238:443 adserver.pubblicitaonline.it tcp
US 8.8.8.8:53 www.segnalafeed.it udp
US 172.67.141.15:80 zazoom.it tcp
US 8.8.8.8:53 i.creativecommons.org udp
US 8.8.8.8:53 www.we-news.com udp
US 172.67.1.191:80 i.creativecommons.org tcp
US 8.8.8.8:53 www.doveconviene.it udp
IT 217.64.195.242:80 www.segnalafeed.it tcp
FR 142.250.179.110:80 www.google-analytics.com tcp
FR 3.165.113.77:80 www.doveconviene.it tcp
FR 78.40.11.88:80 www.we-news.com tcp
US 172.67.141.15:443 zazoom.it tcp
FR 3.165.113.77:443 www.doveconviene.it tcp
US 8.8.8.8:53 licensebuttons.net udp
US 8.8.8.8:53 www.zazoom.it udp
US 172.67.7.63:443 licensebuttons.net tcp
US 104.21.41.2:80 www.zazoom.it tcp
US 8.8.8.8:53 227.243.59.199.in-addr.arpa udp
US 8.8.8.8:53 238.159.101.185.in-addr.arpa udp
US 8.8.8.8:53 159.158.252.46.in-addr.arpa udp
US 8.8.8.8:53 17.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 15.141.67.172.in-addr.arpa udp
US 8.8.8.8:53 191.1.67.172.in-addr.arpa udp
US 8.8.8.8:53 77.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 88.11.40.78.in-addr.arpa udp
US 8.8.8.8:53 242.195.64.217.in-addr.arpa udp
US 8.8.8.8:53 we-news.com udp
FR 78.40.11.88:80 we-news.com tcp
US 8.8.8.8:53 17.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 2.41.21.104.in-addr.arpa udp
US 8.8.8.8:53 63.7.67.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 optimized-by.simply.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.27.84:443 accounts.google.com tcp
FR 142.250.201.162:445 pagead2.googlesyndication.com tcp
FR 142.250.75.238:445 www.youtube.com tcp
FR 216.58.213.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.213.58.216.in-addr.arpa udp
FR 142.250.179.78:445 www.youtube.com tcp
FR 142.250.179.110:445 www.youtube.com tcp
FR 172.217.20.206:445 www.youtube.com tcp
FR 142.250.74.238:445 www.youtube.com tcp
FR 172.217.20.174:445 www.youtube.com tcp
FR 172.217.18.206:445 www.youtube.com tcp
FR 216.58.215.46:445 www.youtube.com tcp
FR 142.250.178.130:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
FR 216.58.214.174:445 www.youtube.com tcp
US 8.8.8.8:53 connect.facebook.net udp
FR 216.58.214.78:445 www.youtube.com tcp
FR 142.250.178.142:445 www.youtube.com tcp
FR 142.250.201.174:445 www.youtube.com tcp
NL 157.240.201.15:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
NL 157.240.201.15:139 connect.facebook.net tcp
US 8.8.8.8:53 www.youtube.com udp
FR 172.217.20.163:445 fonts.gstatic.com tcp
FR 172.217.20.163:139 fonts.gstatic.com tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 201.64.52.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f426165d1e5f7df1b7a3758c306cd4ae
SHA1 59ef728fbbb5c4197600f61daec48556fec651c1
SHA256 b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA512 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6960857d16aadfa79d36df8ebbf0e423
SHA1 e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256 f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA512 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 732c5b3ea47c3cbe96af04128b286c84
SHA1 9e4beaf12b8fd024ebe439eec1d337547fbd07a7
SHA256 7a512a1519572594b3e1d50d3039d5f395a2f437136ce03ef818ed3a37fceb37
SHA512 e467e6de3704e9f0116960a1d088c897b1a353e0a4d6455c20cf35ab7672dca16e1f4357603f7b694253a8818b5b90f3b3459db97a578651191e2107e93361f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e36feb6076f515dabd8fd3ab89f3aace
SHA1 0d6f1630926e5f1183bbd9f9fcd770c66b169868
SHA256 ad524760ba68e506a70218bbcbb2607c72737530a26c94bd074146d0cabfb610
SHA512 d092ccb57bad912eea45366a04835944ba0fd8dfb0cbec9650a220567c6a449c25bd91afb2a140e4cad8d179af9dc7d09c594431b338f59371890f88a512ae8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bc7fb91adcdb4f82322d07b42b251ac4
SHA1 d22b2bd2e9613ac3e2011e2e1c301be5093414ed
SHA256 576f667f884383d98f179f2f878988dfcc69d34a8080f1167d7a39ee1c5e7dec
SHA512 4199581a9cc6146b12d99777bb4c03c08d018c2dff2a4fdac2b7aeae71d92bfc7821a1eae9c9e29043b9b89c8ba8d0dfd9dc9241e76500c8360a2bf3ed7c892b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6b4aa078b407bf65b5825f85806662b9
SHA1 3add348a570f602bb965a32b168b214ec5aa38a6
SHA256 3759afa80a4549d0050dc3dca55eeff2df7ef14f0701d2648e711d6a443893ca
SHA512 90d30fe423dafb6f603c20d01a8fd890db6d316a7d4d51d22a4f1edfb006cb676bfe6f99c44803011867ba6e0d88219ccf0c02e5b2c01a08704129a5e7156aa1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583469.TMP

MD5 816bd5d3c0aee3054513a9e9525d09dc
SHA1 f8c8091cecd0ea34456c84e10254d37087b4d1fc
SHA256 2fded5bb6314b0c50e787071ce790b8c16a279690cd5a60064eb3069457a813e
SHA512 26071c76c6c3e4194b09e2c4a5f783e1c054c1904464af3cc7363ef33dbda52d2bb98653ffbb8bb922bd87db69360d94b122d2b71d06e4e0ef814806053431da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fd52ae5e3520f500fc27aee679534a8f
SHA1 98014dd2269aeb0220f4038db8a224245bc1b8eb
SHA256 f34f211f8be24be6cd19643c2056b77520fb6449a7f01d5f75320367d86e85a8
SHA512 ddd5662ff4303b36ad0024b5601ab51bcb05f91f4ec2be1c8871a988c49973b776d0c25841e22f8958218de4e8e61ba120f46a752582f0d353cef3e6b3a32bfd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b8a156ec678d929d8788c71913837031
SHA1 9a04e0b63ea5448c9a0001c5b1bac8398bf628be
SHA256 0e1fa1b1f77bf2799ad3d133ec91b6fef2dd1bb5efcb017a4349bbdacf8490d8
SHA512 a72ad65f97befe21ddd730a2ffd3e54c30d2323e7a77885385f8cb882f5e1877c736e60d8c225973ad77db82f2099069006a11a994283610cf1f2679c0c9735a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 37a45fc757e54f61e503e65e5201c925
SHA1 1bc92619afb85e85fa3722a75b92670ae729777f
SHA256 b4d9e06375feb554f7fa87d151892621422c5cc24e3916d493b818441eec2a84
SHA512 6fddbe5466c191ef1d3566932a3483f712831a09e38cd0b8148bd14216a2af38ab97a4a5a4a58ef0d106389ee745543144cf277b884dbf4cf5aa7654bb7f7e78

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-14 12:23

Reported

2024-12-14 12:25

Platform

win7-20241010-en

Max time kernel

121s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eebe3078ebf405cc8808fa995f23b0a8_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{303A80D1-BA16-11EF-AB56-7227CCB080AF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440340862" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eebe3078ebf405cc8808fa995f23b0a8_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2292 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 admaster.heyos.com udp
US 8.8.8.8:53 px.smowtion.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 tools.net-parade.it udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 labs.ebuzzing.it udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 player.ebuzzing.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 www.yourpage.it udp
US 8.8.8.8:53 adserver.pubblicitaonline.it udp
US 8.8.8.8:53 img413.imageshack.us udp
US 8.8.8.8:53 images.ilbloggatore.com udp
US 8.8.8.8:53 zazoom.it udp
US 8.8.8.8:53 widgets.5z5.com udp
US 8.8.8.8:53 www.segnalafeed.it udp
US 8.8.8.8:53 i.creativecommons.org udp
US 8.8.8.8:53 www.we-news.com udp
US 8.8.8.8:53 www.doveconviene.it udp
US 8.8.8.8:53 controls.scambiobannergratis.com udp
US 8.8.8.8:53 img2.blogblog.com udp
FR 216.58.214.78:443 sites.google.com tcp
FR 216.58.214.169:443 img2.blogblog.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 142.250.75.226:80 pagead2.googlesyndication.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 142.250.75.226:80 pagead2.googlesyndication.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.214.78:443 sites.google.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.214.169:443 img2.blogblog.com tcp
FR 216.58.214.169:443 img2.blogblog.com tcp
FR 216.58.214.169:443 img2.blogblog.com tcp
FR 216.58.214.169:443 img2.blogblog.com tcp
FR 216.58.214.169:443 img2.blogblog.com tcp
IT 31.11.35.212:80 tools.net-parade.it tcp
IT 31.11.35.212:80 tools.net-parade.it tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 38.99.77.16:80 img413.imageshack.us tcp
US 38.99.77.16:80 img413.imageshack.us tcp
US 199.59.243.227:80 www.yourpage.it tcp
US 199.59.243.227:80 www.yourpage.it tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 69.16.230.226:80 px.smowtion.com tcp
US 69.16.230.226:80 px.smowtion.com tcp
FR 216.58.214.169:443 img2.blogblog.com tcp
FR 216.58.214.169:443 img2.blogblog.com tcp
FR 216.58.214.169:443 img2.blogblog.com tcp
US 172.67.1.191:80 i.creativecommons.org tcp
US 172.67.1.191:80 i.creativecommons.org tcp
US 104.21.41.2:80 zazoom.it tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 104.21.41.2:80 zazoom.it tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.214.169:443 img2.blogblog.com tcp
FR 216.58.214.169:443 img2.blogblog.com tcp
FR 78.40.11.88:80 www.we-news.com tcp
FR 78.40.11.88:80 www.we-news.com tcp
IT 46.252.158.159:80 images.ilbloggatore.com tcp
IT 46.252.158.159:80 images.ilbloggatore.com tcp
IT 217.64.195.242:80 www.segnalafeed.it tcp
IT 217.64.195.242:80 www.segnalafeed.it tcp
CH 185.101.159.238:80 adserver.pubblicitaonline.it tcp
CH 185.101.159.238:80 adserver.pubblicitaonline.it tcp
FR 3.165.113.77:80 www.doveconviene.it tcp
FR 3.165.113.77:80 www.doveconviene.it tcp
US 104.21.41.2:443 zazoom.it tcp
IT 31.11.35.212:443 tools.net-parade.it tcp
IT 31.11.35.212:443 tools.net-parade.it tcp
US 8.8.8.8:53 licensebuttons.net udp
FR 3.165.113.77:443 www.doveconviene.it tcp
CH 185.101.159.238:443 adserver.pubblicitaonline.it tcp
US 104.22.11.121:443 licensebuttons.net tcp
US 104.22.11.121:443 licensebuttons.net tcp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 ww1.smowtion.com udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 r11.o.lencr.org udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
GB 88.221.134.137:80 r11.o.lencr.org tcp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 www.zazoom.it udp
US 172.67.141.15:80 www.zazoom.it tcp
US 172.67.141.15:80 www.zazoom.it tcp
US 172.67.141.15:443 www.zazoom.it tcp
FR 142.250.179.110:80 www.google-analytics.com tcp
FR 142.250.179.110:80 www.google-analytics.com tcp
US 8.8.8.8:53 we-news.com udp
FR 78.40.11.88:80 we-news.com tcp
FR 78.40.11.88:80 we-news.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 optimized-by.simply.com udp
US 8.8.8.8:53 blogblog.com udp
NL 157.240.201.35:80 www.facebook.com tcp
NL 157.240.201.35:80 www.facebook.com tcp
FR 142.250.75.233:80 blogblog.com tcp
FR 142.250.75.233:80 blogblog.com tcp
IT 31.11.35.212:443 tools.net-parade.it tcp
DE 64.190.63.136:80 ww1.smowtion.com tcp
DE 64.190.63.136:80 ww1.smowtion.com tcp
US 8.8.8.8:53 www.blogblog.com udp
NL 157.240.201.35:443 www.facebook.com tcp
FR 216.58.214.169:80 www.blogblog.com tcp
FR 216.58.214.169:80 www.blogblog.com tcp
NL 157.240.201.35:443 www.facebook.com tcp
FR 216.58.214.169:80 www.blogblog.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 www.scambiobannergratis.com udp
US 104.22.75.171:80 widgets.amung.us tcp
US 104.22.75.171:80 widgets.amung.us tcp
US 172.67.184.45:80 www.scambiobannergratis.com tcp
US 172.67.184.45:80 www.scambiobannergratis.com tcp
US 172.67.184.45:443 www.scambiobannergratis.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabDF4A.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarE017.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37008a343ac86dbd8d2f5cee775ec993
SHA1 e9ebd9a530f35b5b03a8828334b92b4712a00d37
SHA256 6f96c5a5f9da2e0200b9b41975a91dab69061733cf616d7d84b525dbf2373ead
SHA512 4a0b2b38208257f9f30a41f6cb22c4335a3d488fa197532119950919f67fd2f87f02d5fc7929c6e093927b0f7f96b805c7b63ebbdda95403e29e55ff804ca95e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 470ab8254813ef947170f514029dcbdb
SHA1 b5dc66f55fafa23efb7a06d201957c19f3466585
SHA256 715fb3a8d6e2090fa3c4040cc516945cf55bb7db4c6ee04112f18e6cb0378724
SHA512 f57bceaccac64b6b7ef1cf6c9b3c346b845b5ae638b30a137f635f3531165597f9c4816533a8bf2da67297a96e0379f430bde4ccb8aa0fba540ce9a42c4a9a09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 abdb730a06104969b7a660d11721e01f
SHA1 2332d561c62d52593e593a909e5dd30ea41686a2
SHA256 b7ab30778840a1088f6805c42b3950cd980f0b50a6f87a5f9cc9ca0946c8697e
SHA512 f2ee053cbb05f25e9a3cb2252d9e2ba891111bc39a132fbb891dd945bd25c27e5b1f255dc8a11f65273ba65c80e07e27c87ffcc5e1e30289406b8f279542fb03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d91b26fe754d95d8019cdaf1e37679f
SHA1 841daf5ed6a21523dab7111d4c70cefa202707bb
SHA256 8ff781b11b7ecc8e47de4a34c8b375befdc947557853ebdc6888563ece997725
SHA512 51be92233f8878e786be2e7c0da784b9e73de248b010301c5452aa52968b5ae0d3a153512a40bb6115bbdf1c6dbf9f8286ee7cf17e421269f6c8d6b426199f02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 7afb5c1d9285f5d80619440f7ccfa3ee
SHA1 ade64ea1e07b67435d3fe63ba1fd0846aa15f54b
SHA256 a781cfadecac55c79cf1e14b0bb1884734d34177f113a60d491c45c4e90b9ce3
SHA512 588c57ea6c96e13f3dc25d9bb624889dee6421b660c7df0faf243b45e0c8f7f328b9d21eb7f3be664a82f47be39a0d4cd38e1b3b304186193128af2c0f40d96c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 763e5d645c39ac00fad54ec5e2280c2c
SHA1 63967a50ae89144a038ce0c2f264882ec62a0c7e
SHA256 3dbb4c2cbea616951103fba3e94e24fc8aff4db26f1b3d7bcd012c7f512f4775
SHA512 b3626293cd80569d3af305ef934f26a6510d684b36db247fc1fcc1a944dbd8d3a2bbf17cc164a9d7131db59fc2218a00d18ece6798e4c5de74c1ee88e318a48c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 da95a47bb2a974d14e02571c375455c3
SHA1 3eb0b47ebe2b738ad14db0a6f566546bf1164d48
SHA256 306b35f024c6126e8bd491540a87a5cc6f71f9f14b45a64f0b895cb6a656e317
SHA512 cd178146226ef0d17f33d3a2aca14e8702bd5d0c09ba25e7f51558442d20ff6ffd5fdd12ea62a4fc1556fcf5df2950af0cfb1ce7531f5016bf4d85d558919282

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 525318abb1c0d79215d712129f42a3fa
SHA1 dd11fe604e11fb67d6b363ce674e9c0f5d5d729e
SHA256 3c298775da81de23246d058e65774ed6ec2eedeb1c152cad1200e401ca248bd1
SHA512 726ef3cac14a5ee1f1f6b68fecb6218a06da1d42d923f349c2e71abf216c9b548bee726d14f9d53eae9d67dec46dc9a89857658ce9d834b8733a8e5f5e7d5766

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34131ac809c165dfc961000261772cdc
SHA1 738c1446184231caf701192f0f4acd82f228c1a4
SHA256 a3c8d9772ce6122cb12c6e8e233ffe4feb460532550305767c72cf150e7a0b14
SHA512 c424a99bcf72c1b875ab6824d34cf2118976188b7d82b88ffefa6b37e46b9c18b2248357471bd05eccde1f67a79190c9735f4ebc5b844863eb74099215c448f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 c6cf41ac53b8bff4664f10f864cc95a5
SHA1 be56d5d80353725e6b4f599e0de0634495bdf45a
SHA256 8b6506346d1a66c08b18a660256e1a9bb1f90bdd7374be5b25340cc627dd4300
SHA512 b06327d954e5139f8600f5282b8be333cd2c08852cbdaee881e725a4725e69920320aa1355a22d65386110495b131efd690c52506131d8e16f79096db7379ac1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 9e8b40381ec852178cb50de55d344ab2
SHA1 595a2844594746cd98bc894158242434731fee4f
SHA256 56249d3daa7058f5deb832266726551c8173097161b7233cee27579088d7412d
SHA512 afcc1af245bea35522258d2e17b4eae05ba3de5685438fa12a051d459947ac9645fd969e18b8d5a9d7d69a0138e2e03d8fcede62f7735aa41c263a402caeaa00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 d4b675acd62ccbfd0f817b7b19e23d51
SHA1 08f6dfae9a77a07f134e3835deb7b1c940bc52e3
SHA256 1b9f6845cd20bac5dffb584cc9bd3e13a89e7be133744468b3ad374ceb96d5ce
SHA512 bbc56cd2720eddbb7820c16448ad0441cbd66e67fd8202a4482a8494bbae4fd5a15063fc4fd7d3b0ba2a5b5f985096ddb1ef3a06dc1110749da6cbb6e3e947d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 6caa6cb558c3c9a267313c544732c740
SHA1 292b16a0f5e40f3aa479cbd4f573694ef84f45ab
SHA256 92240e1c0bcb2413f2fb6110d8030b6e53a7ce0cc259ce119694e057b77f4a34
SHA512 ffffdcdd2b5cea1b309755b8f330928bd322fdd5a6732c610ed9fd00e78fa4b2119e192aa55175467cc4685f30195d55051af5156289310dd566981a7ace7a74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c7a532c6a7200e2702de0ef84b8129d
SHA1 0dd812077d7e293f6966006d4736782595a3c943
SHA256 5e01e6f5659ca5070d282d017d42c28791fa2727e43f1440952c5fb7b7e8d85c
SHA512 96f7a2193a04b0200bd9d391dd16e99bf7b844a02063528114c6fedf4fe5ddeab0eca1d9ab38327678fab70273f39a94d9125852d4fe1e99198c5c904a7329bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 c27163b8c00a421bb83d04c88649fab3
SHA1 1d414e6f2918be27cd82977611b522306651e84d
SHA256 60ebcf015ab56d97d502f68875d4d5ac6d7ac1fe883ef6e9c76725dfdb0d15ee
SHA512 54ea5de491d0152b16ea136b4d708e94817dec2d326427baf1cae46a1b2d2a574a0bf03a667abdc4bbb23a585ac7854d96370a3352e20cfab0a734484d4fb19e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f03206c86a11b02a7a6fd91e291c389
SHA1 ecd1c22feeccd91e6ae7c3d2dd05996c4a2b2015
SHA256 bc66b9389a90a4b7089d45056a2804e796d2c28b14e6c687aba1cbef26dfb75d
SHA512 b2eb4ce5f795b666e80f4584b65eb8e8c5b3dd226a25b940d30373d2f6b13d4da103e805332c0d0e5eca9506d9e85c1840b7111201e6f2663790b2b5cc1bb2bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8638536265d8312175f726e3c23dd3b9
SHA1 962b59f15718fa0eeb976550de3517a5254a88fb
SHA256 b3924f84ef07e42e014e5afe36f5ebaa421e87a68be43df3931418782e5de78e
SHA512 edad9bdf586ee8e1f03839de18ec647e758c85330ca684f9c5d697d6938ff4ffc8370e7d08e7cb1dd365f2ac9fed69e2c16dc2e4920c7497a7755f9e0c01bf72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64df9c67e460e347a1fdddd70e4a2afe
SHA1 7f17bd400a79addd9e999dc4f751b91ddee475f2
SHA256 8e4dc0868663a3fd606e8e240ae1038d05f8ecbe620c2e38d43ed756dea2ad60
SHA512 c8de3d7463fef44d30ccf2e3382363b746de3cbf47f43e5c7edf694e16200d666fc4496672d0d0af51ca650b393f6cf7ca103d4cc84777f12622a5237f389e6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca78d55834f61fafbaed043951f791ad
SHA1 448147f04011447ccdc3954a796f66eb5b53e23b
SHA256 83025ab4d814d1cc5cca9d760ada05ae52e5622a7f798a35f42df2e758f8568b
SHA512 cb24188e2135c0d6f792a61111ab7037fe118d7d82280439a0327e1dd76dfcf06a5f2bd02ecd4cc30ea6d8fd81210dc78bc79d4f52466767ce62474dd159d34a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37fc0d1d5565cb30e565a2ce611ae8d6
SHA1 30447d744ac7573ee5e3e4614d435922a074e7cb
SHA256 49e9f862e835f3d494230873f88684bd5d008aa5b9c61c97ed8fee305f5bbdf7
SHA512 54d55933cc77a54d0bb62096318f5b4a3d5a48fc5cdf48f0b7e2fa16438933136f5d8e8c066c607fa67c86125efa1e52da0507b502569e5fb68605a0341415d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bae9eba1b89019b6fbf652d65f219e6
SHA1 75c7d0477d3d93ce66d0bac9ea78248dc24f70de
SHA256 263d9ae83a31e8e1dbc86d2359375f740efd00a0e5d57de4074a4bf975ea9ae1
SHA512 a11530dac223f48e7918d96891a939d4f20ac610bef0187a444bc3c3f9b37cfabd75cd9e3f18f2b54642d7bb3d958798a3b8e348022c2cc2ea7043958fb07562

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f1f8db6f9afdb142ab559f7e7f1421a
SHA1 fdd4649d6707f0d09703f1a3ba8d4070955a6edd
SHA256 b23d912798263cbe33a99b2167f688d543372a9ffa80137deacf4cca6051ee19
SHA512 f4bfd2b7237cc1b32156cfc03466fbc96400cbb46243a0df7f531cf1b7110fcebb2adb317d62232f6b19789c41d4e45a727e7dc16d592565415ec58abeef2477

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VUUZQMCA\plusone[1].js

MD5 3c91ec4a05ec32f698b60dc011298dd8
SHA1 f10f0516a67aaf4590d49159cf9d36312653a55e
SHA256 96b335b41362fd966c7e5e547db375ef0be7dcb2aec66bf3646782eeaed4b2cf
SHA512 05345e754b39e9f83514bc3e14b52f3cbf321738fd7d973da55db99035b11b4152fedce2c203eb34376cc9e18571db514ff9fbcb4174a2dd7cca7e439cd25944

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23e6e5397cba6f37e242d34e37d0530c
SHA1 891f984a23a075505f25f10717936e8c3fb1af9b
SHA256 92081d9551e972f3a91732167fa82a387afcfd22dd484546fabe261405a47dde
SHA512 2521fc28ea9556982e05703b6b72f0e976bb22676372722c1c24886f73d761b4b8560e4dcecfb74fca58d172ab079b8f530c4e021595d40958ece29b5d56559e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a48e7ae042c714eccb158c26b5048b37
SHA1 8cec40c304d4cb3b233b8e660e23844349166d05
SHA256 0996ae378c44209cf3fd9447a1f385279520e7583e149de28b51ef18cf2fd753
SHA512 7fac9a191d43b8bce08d46370ad783191313d305979bc40d841d7431732521e01ced150c59a49c5b6ac9faaea87d9a821e1c2f8c6adf4e1a637551919ee901c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8653e09c5c0558b0e4ecc6038b5945b0
SHA1 66cd0922d4d01731ab9b8592dc8e03f9d366e94e
SHA256 dfac6ee7ba7e04560d11a8becbc58ab88260ef019e13a2fc493107f735325aec
SHA512 05161eb21f1f3b0e89076af8821b62299b96e5dca480bebdce6be271f79a7cb65ce7b1213334f87be988aed3600d4a7434126e45d3ef6a9b08f5d85ab4ebd7d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7d94f85fa3d1ff0c52559403e20af95
SHA1 f485caa55e4bef66b8e8bea811b3b24dd4ee9575
SHA256 1db9bffb29bd886789b4d78a211b5cb12f0833845693230d05edb9d1e0d3f130
SHA512 92640348a5fcb76afe1f4e60644504992bef85569a77c1c2eb27255a0dcd8e194b4d0af4b21aae821e2d78acaeec9f264bec3c6e7407b5d44150f1a08cd81b14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 c742c7f9a77160dbb27d6fee5a0be98a
SHA1 6d009c2e48a8eff618d166d86d61a46c453d414f
SHA256 27ea0145d1f082309381c1507b98ec31ef4c4987b090585b8fb85ba37c030200
SHA512 d4cdcaae90c14cef6203597760d96e1047ed01241d0ba03a4a7d30280e54fe076f0adb657d6ccc24b1cc7fabf0d462f6e704e81ec58683166ce6c51f8ffc16e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6327b3207975d5c76fa900480770c88
SHA1 d44929ddb355f8aa92c8497e9dab1619f6886e55
SHA256 39c523c92fc3dfec3329f0d890ebdf965ff330901982f1aad3189424e95d98bf
SHA512 448b7e9108cdfc49fc141f2130f40d9e579f40be47d11b28b355f333dbc1ef00f7368b406f6d946f75553c0a51c455d35aeec132627690ce0ccab7274bce4f65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34f91418442c666e91171f958f30bbe8
SHA1 03db44c3c9821f342a5eb90938ada163b97f5f5e
SHA256 4eef6c0a4aaf759e915ec6b62e935d790cfc9500b398d1f195a4e6a1c297ea64
SHA512 95e205043baa6117f68bef182bef121d8d6d3bb874633efe16aa7ffa1ea7a65667db288466f9d7c9b648447415221103941acacb1e3189b5531d4e7ad6aac3b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da7fb728578e28976d22f27dd0306f4e
SHA1 ab207d29a60d732673127ba1922d8c85a196dff8
SHA256 26022e55666ee38d849aa1856fc5a8f71ed0c330d80a0f9f25e2a8e7f9b430d4
SHA512 2b9ba09bf1f24e7ad914a27573eecca57d9b6433cd8da0e0fed333d8b550017eac5f84a596820624b8978b485daa3f652a93168e1bbdd55d73c907e28d0d0925

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad7a1a877c817cc9617b0cee6bc697b9
SHA1 b57ae2f4bccf8b42686c205b34eeddafd24be5ee
SHA256 81f77d894f4cd6bf9ab6fa5e7d6484aa5cd2675232bd4fdd91453c938ee8fcf5
SHA512 ad877ab6b2fe7fd2348fbed8bfba026c04da7bc266808ba3806f28488a01ce44801b33f67cde967be149dffad2dd8381d9e6277cffde5950ef0dbf5be1d2f8df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ad2fc513a7917942006222a19f3f0dc
SHA1 03c45f30cc56a8450a7bdb960e9f1ff3e5a866f4
SHA256 eeb429b0fc4df996617ca23b5489801b402ed839c8f9d29bdace4b2ad5612545
SHA512 c07e066f18b63ecfe12da085654b28397e6634b6615ec54d7f8592adf33fd32130987e5dcc60aa5bef5b4e69aac35a39c9dc5d8d79de78933afe063d3a83b248

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 f84816b180b69ac3387fa6df99f493f3
SHA1 b67a4f2bdd3095267a194872e614afa42e5b7824
SHA256 b3d7c9fca050accca851bf73284892a534a52a93d54ea24bbd3f6e22524e6cf7
SHA512 e8caf54ed548cbe949b2df389c5c0594797b138d490951b62b3e66494e724456412db7c2bb6e8802dee77f2fd7d2493e87535744bff44f65c7623a2abeabce6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fec68ebd65a4c866de9c7f6ff1a93a29
SHA1 a7114402bb035f3500c25444477d930bdcc28824
SHA256 08a14745cd277d39f9537abb04a52da13be4ff5093cd7ce744f924b44c2209c3
SHA512 dc5213752fd1ea8f8ae851a5686adb59a313fd161974f99fd46129e668d3f83ddf387fb2696ffb796986c072d00d323b7645370834f98b282343fa2f2ee8fba9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7fe06321b386cb262771625bb7e7a335
SHA1 ec49e7d1398a3e7a852fe6b996d556a1923f15e8
SHA256 e9a0e82fd89c8023eaf2d2cc963373aedec82cfdf60c83c352828deb0288b7ec
SHA512 33c8b3f338d7ba07249cb3e5789b05361eb1acf81894c8cb2732d7b901f57d62efdea38fe38d2798da796bb6e12a872b77b672b8420e7fe7fb8f1e8fcae0a4c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7c8249b9080be32202f10c3d141d006
SHA1 b1767b7d84a9a66b6fc9eac9fbf3148e64139f5d
SHA256 afd59a0c4c6c5ec2a407b81bbf4c0525a5b4501048e53ba91bf8d72a1b1dd50d
SHA512 0455868a3a46ce001c0509fa2ad018daea20467ed85d1b0872feba1ee14ab499b17b9e31f428d87b10f5f865b85d8bb337ba7d1c6ce24c19b491a8e88e9f4b2b