Malware Analysis Report

2025-04-03 14:26

Sample ID 241219-eyw66sxpfs
Target fe6a5c8ff1b88ab61d0082d6a5f30431_JaffaCakes118
SHA256 b6863d358a0d35f9b8fe5cee4c35e9ad19fdb51327276a3723b45fca15c6fa84
Tags
discovery phishing socgholish downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b6863d358a0d35f9b8fe5cee4c35e9ad19fdb51327276a3723b45fca15c6fa84

Threat Level: Known bad

The file fe6a5c8ff1b88ab61d0082d6a5f30431_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

discovery phishing socgholish downloader

SocGholish

Socgholish family

Detected phishing page

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-19 04:21

Signatures

Detected phishing page

phishing

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-19 04:21

Reported

2024-12-19 04:24

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\fe6a5c8ff1b88ab61d0082d6a5f30431_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1008 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 2368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1008 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\fe6a5c8ff1b88ab61d0082d6a5f30431_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ff9a4b946f8,0x7ff9a4b94708,0x7ff9a4b94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14132942245311948688,17893936657584206773,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14132942245311948688,17893936657584206773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,14132942245311948688,17893936657584206773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14132942245311948688,17893936657584206773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14132942245311948688,17893936657584206773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14132942245311948688,17893936657584206773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14132942245311948688,17893936657584206773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14132942245311948688,17893936657584206773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14132942245311948688,17893936657584206773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14132942245311948688,17893936657584206773,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 pwam.googlecode.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
NL 142.250.102.82:80 pwam.googlecode.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
FR 142.250.179.74:80 ajax.googleapis.com tcp
US 8.8.8.8:53 entrecard.s3.amazonaws.com udp
US 52.217.116.241:80 entrecard.s3.amazonaws.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 82.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 74.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.66:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:80 www.google.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 104.22.71.197:80 static.addtoany.com tcp
FR 142.250.179.78:443 www.adsensecustomsearchads.com tcp
US 104.22.71.197:443 static.addtoany.com tcp
US 8.8.8.8:53 241.116.217.52.in-addr.arpa udp
US 8.8.8.8:53 66.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.linkwithin.com udp
NL 142.250.102.82:80 pwam.googlecode.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 172.217.20.164:80 www.google.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 entrecard.com udp
US 8.8.8.8:53 blogergadgets.googlecode.com udp
NL 142.250.102.82:80 blogergadgets.googlecode.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 nwidget.networkedblogs.com udp
US 8.8.8.8:53 www.gmodules.com udp
US 8.8.8.8:53 static.99widgets.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 www.lijit.com udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 www.gmodules.com tcp
US 8.8.8.8:53 www.sitebro.net udp
US 8.8.8.8:53 choenblogspot.googlecode.com udp
US 8.8.8.8:53 track4.mybloglog.com udp
GB 18.245.253.113:80 www.lijit.com tcp
US 104.22.71.197:443 static.addtoany.com tcp
US 8.8.8.8:53 cse.google.com udp
NL 142.250.102.82:80 choenblogspot.googlecode.com tcp
FR 172.217.20.174:443 cse.google.com tcp
US 8.8.8.8:53 tweetmeme.com udp
US 8.8.8.8:53 www.stumbleupon.com udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 18.245.253.113:443 www.lijit.com tcp
US 8.8.8.8:53 d.yimg.com udp
US 44.196.255.240:80 www.stumbleupon.com tcp
US 8.8.8.8:53 orkut-share.googlecode.com udp
FR 142.250.178.130:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 87.248.114.12:80 d.yimg.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.214.169:80 img1.blogblog.com tcp
NL 142.250.102.82:80 orkut-share.googlecode.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.214.169:443 img1.blogblog.com udp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 197.71.22.104.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 193.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 113.253.245.18.in-addr.arpa udp
US 8.8.8.8:53 195.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 130.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 12.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 240.255.196.44.in-addr.arpa udp
US 8.8.8.8:53 50.201.222.52.in-addr.arpa udp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 lh4.ggpht.com udp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
US 8.8.8.8:53 static.networkedblogs.com udp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
US 8.8.8.8:53 bloggers.com udp
US 8.8.8.8:53 image.sitebro.com udp
US 8.8.8.8:53 www.topblogarea.com udp
US 13.248.169.48:80 bloggers.com tcp
US 8.8.8.8:53 www.blogtoplist.com udp
US 8.8.8.8:53 www.topblogging.com udp
US 8.8.8.8:53 www.blogrankings.com udp
US 172.67.128.15:80 image.sitebro.com tcp
US 8.8.8.8:53 www.mynewblog.com udp
US 8.8.8.8:53 www.zimbio.com udp
US 8.8.8.8:53 www.india-topsites.com udp
US 104.21.23.102:80 www.topblogging.com tcp
US 104.21.56.47:80 www.mynewblog.com tcp
DE 116.202.86.160:80 www.india-topsites.com tcp
US 8.8.8.8:53 www.yousaytoo.com udp
US 8.8.8.8:53 img1.top.org udp
LT 79.98.26.232:80 www.yousaytoo.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.rantop.com udp
FR 216.58.213.74:443 ogads-pa.googleapis.com tcp
FR 142.250.179.78:443 apis.google.com tcp
US 3.33.243.145:80 www.rantop.com tcp
HK 47.75.130.169:80 img1.top.org tcp
HK 47.75.130.169:80 img1.top.org tcp
FR 216.58.213.74:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 www.freewebsubmission.com udp
US 74.208.47.213:80 www.freewebsubmission.com tcp
US 8.8.8.8:53 170.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 15.128.67.172.in-addr.arpa udp
US 8.8.8.8:53 102.23.21.104.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 47.56.21.104.in-addr.arpa udp
US 8.8.8.8:53 160.86.202.116.in-addr.arpa udp
US 8.8.8.8:53 232.26.98.79.in-addr.arpa udp
US 8.8.8.8:53 145.243.33.3.in-addr.arpa udp
US 8.8.8.8:53 74.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.sonicrun.com udp
US 74.208.47.213:80 www.sonicrun.com tcp
US 8.8.8.8:53 play.google.com udp
FR 216.58.214.174:443 play.google.com tcp
FR 216.58.214.174:443 play.google.com udp
US 8.8.8.8:53 213.47.208.74.in-addr.arpa udp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.links-pk.co.cc udp
US 35.91.2.62:80 www.links-pk.co.cc tcp
US 8.8.8.8:53 www.123khoj.com udp
US 198.57.150.101:80 www.123khoj.com tcp
US 198.57.150.101:80 www.123khoj.com tcp
US 8.8.8.8:53 www.hitagent.com udp
US 8.8.8.8:53 www.activesearchresults.com udp
US 173.49.115.115:80 www.activesearchresults.com tcp
US 15.197.148.33:80 www.hitagent.com tcp
US 8.8.8.8:53 www.blogtopsites.com udp
US 44.219.174.59:80 www.blogtopsites.com tcp
US 8.8.8.8:53 www.blogflare.com udp
US 8.8.8.8:53 i155.photobucket.com udp
FR 3.165.113.12:80 i155.photobucket.com tcp
US 8.8.8.8:53 www.blogrankers.com udp
US 8.8.8.8:53 62.2.91.35.in-addr.arpa udp
US 8.8.8.8:53 101.150.57.198.in-addr.arpa udp
US 8.8.8.8:53 33.148.197.15.in-addr.arpa udp
US 8.8.8.8:53 115.115.49.173.in-addr.arpa udp
US 8.8.8.8:53 59.174.219.44.in-addr.arpa udp
US 8.8.8.8:53 12.113.165.3.in-addr.arpa udp
US 209.90.91.147:80 www.blogrankers.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 8.8.8.8:53 www.wikio.com udp
US 172.67.143.68:80 www.wikio.com tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 68.143.67.172.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 180.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 443a627d539ca4eab732bad0cbe7332b
SHA1 86b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA256 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 99afa4934d1e3c56bbce114b356e8a99
SHA1 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA256 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA512 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

\??\pipe\LOCAL\crashpad_1008_QFNCXNYAAJLHLJTX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9be029cb8570dc3aaf278daa2d3cd780
SHA1 8cc979db92a099a199e5c966ef9f85e3c8afe578
SHA256 279b79fa192abc61418e26086afb17b6aa3432e4967febfc81c13c3ea0a95a8b
SHA512 02349d9bde49cb075c4b85a72393259ed579626ba529298bf2975ba6d04790ef0b44f7f99c1e3eed5975fd08b487fb0b8607a0dfeb13719dea6dc2c456333ce5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b48f51f320a53a7063dd719683bb42ef
SHA1 b65725a18fac593e1b6f1b1328043cbe6c90b759
SHA256 425324bcc70a7c97f73fea7e0b0e8acfaa459d256e22e4c40d4d0b1f86d72351
SHA512 ace85f6a023ea42e852f006abf787f908509a33864de312872357e6cb947b1377b3df0cd1c122b7de0d2fa8f949047f4113d1cae4d507bfd752307807c0a7709

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e2bd7c89c2be34372fa2965b204ff3ce
SHA1 259e3b5725f101e0c02bf5274d86709f681d17db
SHA256 fb32dbb3baa6db365a93c0be45c422a591cc260c02fb7acf71c2c6b6206b288e
SHA512 3140ea491ebe36ba81fea4c511e2966980d2b38a0ceedbec9fe4c234815f51952799d196c5293f0ea9ac0f00bc9daab1a7baa6c19a37e2f0d21eeaab4e23b22a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9f1fdc58f6a884d84a0c6192de9e361d
SHA1 3a7a04998646fda80b9934e4369566d04c3a015d
SHA256 f62e3ac44d2c8f9d9578e22eb1c2d11fcbfca565e5cda62c4d130aad6ae90795
SHA512 25bb6b950775e1a5aa7fd1e2e4262adabb75230cef9d99381161fdecc0c632864c03d546ff7dac647c19ad703398ff75dcf9aee2173325fb9b83fc40ab7ddec4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e01d7ea7b72fe9f705b8672eb5cc4168
SHA1 5bd91f46955bf8f2c176175158f98c1e6e28c09b
SHA256 cb00c3ce43ed0f699e5ca77cb7fdb4fb63a6c9aafed41001432db5b3122b82ea
SHA512 d957dfcc8d15197273304381764156f6f5f5ff8f219d6bccbe551656cfc9bfde9d902284fce4f0a0342ddfe90f7d77b636017c094dfee31d69ce0a75e5aaefce

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-19 04:21

Reported

2024-12-19 04:24

Platform

win7-20240903-en

Max time kernel

140s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fe6a5c8ff1b88ab61d0082d6a5f30431_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B8CB1C41-BDC0-11EF-A322-62CAC36041A9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440743959" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fe6a5c8ff1b88ab61d0082d6a5f30431_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1404 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 pwam.googlecode.com udp
US 8.8.8.8:53 entrecard.s3.amazonaws.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 blogergadgets.googlecode.com udp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 lh4.ggpht.com udp
US 8.8.8.8:53 www.gmodules.com udp
US 8.8.8.8:53 static.networkedblogs.com udp
US 8.8.8.8:53 nwidget.networkedblogs.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 static.99widgets.com udp
US 8.8.8.8:53 www.lijit.com udp
US 8.8.8.8:53 bloggers.com udp
US 8.8.8.8:53 image.sitebro.com udp
US 8.8.8.8:53 www.sitebro.net udp
US 8.8.8.8:53 www.topblogarea.com udp
US 8.8.8.8:53 www.blogtoplist.com udp
US 8.8.8.8:53 www.topblogging.com udp
US 8.8.8.8:53 www.blogrankings.com udp
US 8.8.8.8:53 www.mynewblog.com udp
US 8.8.8.8:53 www.india-topsites.com udp
US 8.8.8.8:53 www.zimbio.com udp
US 8.8.8.8:53 www.yousaytoo.com udp
US 8.8.8.8:53 img1.top.org udp
US 8.8.8.8:53 www.rantop.com udp
US 8.8.8.8:53 www.freewebsubmission.com udp
US 8.8.8.8:53 www.sonicrun.com udp
US 8.8.8.8:53 www.links-pk.co.cc udp
US 8.8.8.8:53 www.123khoj.com udp
US 8.8.8.8:53 www.activesearchresults.com udp
US 8.8.8.8:53 www.hitagent.com udp
US 8.8.8.8:53 www.blogtopsites.com udp
US 8.8.8.8:53 www.blogflare.com udp
US 8.8.8.8:53 i155.photobucket.com udp
US 8.8.8.8:53 www.blogrankers.com udp
US 8.8.8.8:53 www.wikio.com udp
US 8.8.8.8:53 choenblogspot.googlecode.com udp
US 8.8.8.8:53 track4.mybloglog.com udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 tweetmeme.com udp
US 8.8.8.8:53 www.stumbleupon.com udp
US 8.8.8.8:53 d.yimg.com udp
US 8.8.8.8:53 orkut-share.googlecode.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.214.66:80 pagead2.googlesyndication.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
FR 216.58.214.66:80 pagead2.googlesyndication.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
US 16.15.177.227:80 entrecard.s3.amazonaws.com tcp
US 16.15.177.227:80 entrecard.s3.amazonaws.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
NL 142.250.102.82:80 orkut-share.googlecode.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
NL 142.250.102.82:80 orkut-share.googlecode.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.214.170:80 ajax.googleapis.com tcp
FR 216.58.214.170:80 ajax.googleapis.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
US 172.67.39.148:80 static.addtoany.com tcp
US 172.67.39.148:80 static.addtoany.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 216.58.215.33:80 lh4.ggpht.com tcp
FR 172.217.20.193:80 www.gmodules.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
FR 172.217.20.193:80 www.gmodules.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
GB 18.245.253.42:80 www.lijit.com tcp
GB 18.245.253.42:80 www.lijit.com tcp
US 173.49.115.115:80 www.activesearchresults.com tcp
US 173.49.115.115:80 www.activesearchresults.com tcp
US 172.67.128.15:80 image.sitebro.com tcp
US 172.67.128.15:80 image.sitebro.com tcp
US 13.248.169.48:80 bloggers.com tcp
US 13.248.169.48:80 bloggers.com tcp
US 104.21.56.47:80 www.mynewblog.com tcp
US 104.21.56.47:80 www.mynewblog.com tcp
FR 3.165.113.116:80 i155.photobucket.com tcp
FR 3.165.113.116:80 i155.photobucket.com tcp
NL 142.250.102.82:80 orkut-share.googlecode.com tcp
NL 142.250.102.82:80 orkut-share.googlecode.com tcp
US 104.21.23.102:80 www.topblogging.com tcp
US 104.21.23.102:80 www.topblogging.com tcp
US 44.219.174.59:80 www.blogtopsites.com tcp
US 44.219.174.59:80 www.blogtopsites.com tcp
US 172.67.143.68:80 www.wikio.com tcp
US 172.67.143.68:80 www.wikio.com tcp
US 3.33.130.190:80 www.hitagent.com tcp
US 3.33.130.190:80 www.hitagent.com tcp
US 3.33.243.145:80 www.rantop.com tcp
US 3.33.243.145:80 www.rantop.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
US 44.196.255.240:80 www.stumbleupon.com tcp
US 44.196.255.240:80 www.stumbleupon.com tcp
LT 79.98.26.232:80 www.yousaytoo.com tcp
GB 87.248.114.12:80 d.yimg.com tcp
LT 79.98.26.232:80 www.yousaytoo.com tcp
GB 87.248.114.12:80 d.yimg.com tcp
NL 142.250.102.82:80 orkut-share.googlecode.com tcp
NL 142.250.102.82:80 orkut-share.googlecode.com tcp
DE 116.202.86.160:80 www.india-topsites.com tcp
DE 116.202.86.160:80 www.india-topsites.com tcp
NL 142.250.102.82:80 orkut-share.googlecode.com tcp
NL 142.250.102.82:80 orkut-share.googlecode.com tcp
GB 18.245.253.42:443 www.lijit.com tcp
US 172.67.39.148:443 static.addtoany.com tcp
US 172.67.39.148:443 static.addtoany.com tcp
FR 3.165.113.116:443 i155.photobucket.com tcp
US 104.21.56.47:443 www.mynewblog.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
HK 47.75.130.169:80 img1.top.org tcp
HK 47.75.130.169:80 img1.top.org tcp
US 198.57.150.101:80 www.123khoj.com tcp
US 198.57.150.101:80 www.123khoj.com tcp
GB 18.245.253.42:443 www.lijit.com tcp
GB 18.245.253.42:443 www.lijit.com tcp
US 44.196.255.240:443 www.stumbleupon.com tcp
US 173.49.115.115:443 www.activesearchresults.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 35.91.2.62:80 www.links-pk.co.cc tcp
US 35.91.2.62:80 www.links-pk.co.cc tcp
US 74.208.47.213:443 www.sonicrun.com tcp
GB 18.245.253.42:443 www.lijit.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 216.58.214.169:443 www.blogger.com tcp
US 8.8.8.8:53 india-topsites.com udp
DE 116.202.86.160:80 india-topsites.com tcp
DE 116.202.86.160:80 india-topsites.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
FR 13.249.8.192:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 entrecard.com udp
US 172.67.39.148:443 static.addtoany.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 142.250.179.99:443 ssl.gstatic.com tcp
FR 142.250.179.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 www.zimbio.com udp
US 8.8.8.8:53 entrecard.com udp
US 8.8.8.8:53 www.blogrankings.com udp
US 8.8.8.8:53 www.blogtoplist.com udp
HK 47.75.130.169:80 img1.top.org tcp
HK 47.75.130.169:80 img1.top.org tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 104.77.118.72:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 23.192.22.93:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabE810.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarE871.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de85d073a623b3a4e2ccb43566f50604
SHA1 216ec578543ad54e6fcc0eb4e27b822359693075
SHA256 10e7677d4a407947e66e5a818cf30270035abbec9055e8fa9af2d7a5974011f1
SHA512 5d4499bff9c2038e1357de77d61fbd8ce87952c8c85a5f0b4894e3f2b085748b49d8fb6be749073f7ba91eb14f7d7547f4f58353f223e25587fcff27473ae55a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8bb0383f71f70d20c9ffa586a2718ca9
SHA1 01985dc006dc0b853ec2889f490671cb2e004953
SHA256 e88913ca30368910c1d33361557c40f8cdf76d3bcb654147df1095b8bf0edee2
SHA512 6e786bd8e4bc0b201eab2ae15d81a8f0d11770e32168f98dade7a2b61f23e94db715860a5ab77582549dc56e547af57f300777f13c10fe360e808bb7b4222a7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 002d57abf053304bcef1a4b771e5d2ec
SHA1 7b9ea44267cd51d558944c9e578c8c9de78488c9
SHA256 5dc54e0a39bc309c65dbf122ca43f48c6cfee189a672c103060b2c9aa553292f
SHA512 eb84c61b4e92de495617e9a934e11380256b8a02426175385e11c1997ba69f761b99c3321b73d2f085d945a3d20ac7bbbd86136a918d0e32e04263d142fa85bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 2d561bc2817270cbaf06aad1f6700338
SHA1 f48a887715f453bca1cdfba9c3378e486410b806
SHA256 ea2a03b8c7b8fb754143eb4119cd6973a95790b4d6f46abd22b2d77f5a626660
SHA512 c6f63b69f19d9e200a769783ffb55b079252215134a23e2a32cb715b7c6af49038b64883dca020d082c3148cf0419c7809d40e0eff5422398896c3b3096d7f9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 740b15abf098922f1827fe27a8de7870
SHA1 0878629fb572d6f29be2bd3c48508626867055da
SHA256 cccc9efb372c1d1a032e8a890562887f77b51db0cced22e3fd1aa3bf2db47538
SHA512 e6fa2af64a804ce4b9467146fdd5775aa236d797ee3badca2ad3a0e6eae9c0f7b89addc9691d98cc86891da36b7fbdcdef1d9f7215e91319090dc7c14877da20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed66193af1780ee5642e591d81ed774b
SHA1 a173320958a15026e4d5b530a43ea5da7f414b8c
SHA256 10f6e125b60d0d7c893d71d0b703f162645ed35fbddc8e4f6f8c8e852d8d97e9
SHA512 9e3bfcd5cd50a509ae5c8d2c50a572728d9b1c8349a7e1eadf0c52e001fa3288bc2a5f5ab866b8c25be368446e64fe380b1944aa4ee3cda61dc681c797e423ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6da2dfd4f5e3caf3d47be3a5d88668e8
SHA1 ce0d10f34fb13fe3988f4f4d9ce70811b72a6e7d
SHA256 8955a652f1426f51ce3f52db6dedec2d497b03862ecf95de2da8e0bb3b2cec4b
SHA512 a862a48db3d44e2133fb57eaa164be78f14a9d41096ef5cb5e577e791ff76e48f483a956607d5fb14a4c78a31949c84392ec4d357d81be362a0b240e32939fd9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f55e4dfd066549e8167b8c1b89aa278e
SHA1 781a32e7380c7e1b7afccf9df27ae77552b6c4bc
SHA256 5c7685e7b8307cd1e8d732a868bfc71a45a6d257e8648be5f61f5b89bbfdf6ab
SHA512 968c9ffcd3e25f534b1f9b8bf532e71fcb56c7b5c427297b6ae01056b064b9a52f6673c9ac05dcf0bb2db15447417908413854baf2a1c283ac3fc16d1a8da5a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 654f33359c97e226dd6bf5d52525c61a
SHA1 41606bce14d54d83c04ced16313e76770d192e68
SHA256 4fa622707e0e899fec1843c0c1c8151610f4ed6587b2da996dfe7df6edd907d7
SHA512 7ace544f6c1e69a8070fc8983acac198343da335b4b7df5a183ab4033a3eba17d219f403ba0629b089e16e2f34d7f6d68d73975ae2775f09e3fcd557fd04e611

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\f[1].txt

MD5 fe1b77737082c636ec1a252bd04ebb5c
SHA1 33fd71824dd24e228df5240fa198ed1c65d6c510
SHA256 d9a661b515bc07fea0f12683e5a9eafbbf38398ed4767c9f2c4ed3a155fa1bf5
SHA512 5da8275401ffc0a6a4eee020940961deb10453b884149bc83afb33ec2a7697f2840ef56be08d6998e336cd7639942e27047f59097092668b5470d80aafde64b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30f65001eb23acb7b657ea5480fe92b8
SHA1 5b27d709169f7cac41e44ff14083663844ab5645
SHA256 b4da38e7e2b3f0742b87433fc133088a370521f78429af27ecb51529853da01f
SHA512 5e0c955d46092dbf50f061cdae042b7ecfdc41ced4d1b9413acc961b746b672ddd0ad001114642b6fc5b65c90899d88392deb4608706b1e532f39c0f41fd5824

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a9f1952363962cb293c25c5591831895
SHA1 4af0558918e90b1aba246b607d80e6df6c1a9a57
SHA256 39a22a5a0da533644744226ded1844ca77b09010f4981d88f5cc3b2a3f2596bd
SHA512 58b5db27bafc752aaa7c98e549975532e05bbf5d71a076821deac4139598e17b9392365462fd72ff67146c40372d31a08cd594febc0f239d815946f9cf1b82fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eddea3443c7a2a509258c0124a9f56d4
SHA1 ea4115a83f72edaf925490ac7ccfc5139aebff90
SHA256 2973bed31b7e7c68fed17ea27775717efa0ee841466eb908c9b014da9618b194
SHA512 6980888aa228491140ebd209dbecfea3c10baa6cd06ee7551638a67e3e79a4451c77e76384c0a0236d76f4945752cf01069608c19c1ac2241a4b68f89685c762

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ad339310ce722659a949e045cfe5068
SHA1 ce3c1a0fa2c4df939f0f0c98eae2bfb9e7ea1fe6
SHA256 c7ba667209ba777e578ccdb2173841a0a25881792b51dd20925aeae97c38b7c8
SHA512 3bae4df36f005f6c0062d80b0f9aba33cfa52f8fc6b7a90d9bdc790cf3a51017a37dc0777c271246710c9e504e68f9a847f98829d08c3ddd1db1ac79b6b58793

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 200704e574271bd39022dda7963917e3
SHA1 0f094b7dcc6e86dfac44d8c4c44dc4a0a75ee4c5
SHA256 8b4f97a945454cc072c4b24c69984c9bc882647a47b60cbb27ff145d76c912c8
SHA512 859a4808bc31aad87ccf766e844071bacf377c497da9805a1e0e21ee97f9b38df36564de5d9c2a6eef227e2d56faf3a387cc0048f5a9fc98a99111e21f801fd8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5bbf9a8dd736c845ec6ef03f899faa76
SHA1 626a562aaa65541752aa7f9f3592e2dbcba37530
SHA256 09c4d5300fb75007bfa27da8c30cdb72f1877fbcaaaf23fca74f8092d3300cb6
SHA512 2630248fc6a56aeeed6b05d1cbe9437a9e825a91a735568c13a9af547cfa0275ccd92e9796a2a27acc1b7d49138c84800e690b4e572f92a13c10be457745ccd4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fbc4bc72913f57e37627c26b7fbc9324
SHA1 f56325cedf0cc9b6cd5d84fc044646460ef41c06
SHA256 c6a421b9c94165549214e923e8712b7f21362be8f3886a28f26c1f36147d8278
SHA512 34427d4ca87526c9d02bc7298b0f056e160536629ff81db82591cf780ba9cd91c26de0a8769f56a31d79a9b0f9147aa86552aa75ac1eca0885614b8063758ee5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55ebb56ec30415a3741b33e9dbe03dc0
SHA1 8b7b40f04a1e0153dfecea218dad21844bb9b967
SHA256 a370696d055a7ab47bc28ba691914f8b23a52b8f25f1d370ca617019b6d0a0f4
SHA512 cff367ca31c32a71cafeada8c82fae579e80491f8e553fbdcca8c73521f67e5acdbebff64b996c311e39e79231f6983a7430785eede72b01d1d0313487ce0215

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 46985083ee8b9afe980be5914b3ac4ad
SHA1 d96b8c92c4111e459fa9d6a98de1ab48331cb3dc
SHA256 055d01a1dbfa110eea952b9271755f13847fbadf1423383bf508f5a6f8b21cb2
SHA512 66992b969cecf6f9e5d0feb5695ce82e8bd822355d70ec7bee94b667a93d1276e01f391e2f224b88908268a5a266726072580383d1dee627f8bbc3a17d380465

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8211f37e5dc14694f524b75afbeff4d2
SHA1 f8d514c4175de8a63f969923f4dc6a2da2e33085
SHA256 7dbd0bd6cda852193b1f3833c02931c47fd9a0b31f33f935df0ec443ad918a16
SHA512 929508c5609c674636124210778fd30f46628030a14ed590689ac853317cab2c1280745e1e92212fcf2b0eb557b9397bb8c405dc1730c5281e999196f36b8c9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bcd22a79f755beda46e8efba3e9f557d
SHA1 dd7623a5d1d086db8161dc2de135aa8e175b9774
SHA256 248df283664dd36eab53a22b629838c61041f4edb4452a0de5441237687acc63
SHA512 185959e4c6cbbf5204d6f20988cfdc1f306a70cc2f4b9ef5e3183f2104be18f6b8df5deaad8a8d7bed5095a9edbdb87e3b46c723fcd31ae2155deb2969e7d25a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a50506f7e4ae93ac391400af5f06f9f
SHA1 f9c5d6dd448e0632a6bdd412cc085af4b0433dd4
SHA256 4e8f86bcab708f6c34f2a1811232912c092cc9957dda70fc3edf08dffb213023
SHA512 2e01841111e32e5bad56f0c01e3e8f31e01197f69db6ff1e271c607946da79c958632ec7a3d92b9088781ccaf32bff250606f1efb0c91a70bb6d5d42161993b4