Analysis Overview
SHA256
22407dd7400b1661492bcff15d52e0faad2338039b64b053bbd29e5e49b85f76
Threat Level: Likely benign
The file JaffaCakes118_ff38c9a7d7658cf24606c99a125e204b was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand GOOGLE.
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-11 10:51
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-11 10:51
Reported
2025-01-11 10:53
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
142s
Command Line
Signatures
Detected potential entity reuse from brand GOOGLE.
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ff38c9a7d7658cf24606c99a125e204b.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdce0346f8,0x7ffdce034708,0x7ffdce034718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1111608073752492919,12638222701986231254,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6772 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | elmubarok.googlecode.com | udp |
| US | 8.8.8.8:53 | files.main.bloggerstop.net | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 64.233.166.82:80 | elmubarok.googlecode.com | tcp |
| US | 8.8.8.8:53 | bdv.bidvertiser.com | udp |
| GB | 142.250.179.233:443 | www.blogger.com | udp |
| US | 54.241.51.109:80 | bdv.bidvertiser.com | tcp |
| US | 54.241.51.109:80 | bdv.bidvertiser.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| US | 8.8.8.8:53 | adhiprimanacomtwitter.googlecode.com | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| US | 8.8.8.8:53 | sholeh4u.xtgem.com | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | adit38.files.wordpress.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 57.144.120.128:80 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 151.101.2.137:80 | code.jquery.com | tcp |
| GB | 142.250.180.2:445 | pagead2.googlesyndication.com | tcp |
| GB | 64.233.166.82:80 | adhiprimanacomtwitter.googlecode.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| US | 192.0.72.24:80 | adit38.files.wordpress.com | tcp |
| FR | 54.36.158.42:80 | sholeh4u.xtgem.com | tcp |
| FR | 54.36.158.42:80 | sholeh4u.xtgem.com | tcp |
| FR | 54.36.158.42:80 | sholeh4u.xtgem.com | tcp |
| FR | 54.36.158.42:80 | sholeh4u.xtgem.com | tcp |
| FR | 54.36.158.42:80 | sholeh4u.xtgem.com | tcp |
| FR | 54.36.158.42:80 | sholeh4u.xtgem.com | tcp |
| GB | 142.250.200.33:80 | themes.googleusercontent.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| GB | 142.250.179.233:80 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| US | 192.0.72.24:443 | adit38.files.wordpress.com | tcp |
| US | 57.144.120.128:443 | connect.facebook.net | tcp |
| GB | 142.250.200.33:443 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.sms-online.web.id | udp |
| US | 8.8.8.8:53 | bdv.bidvertiser.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.179.233:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | ilmuphotoshop.com | udp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.169.14:80 | www.youtube.com | tcp |
| US | 54.241.51.109:445 | bdv.bidvertiser.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| CA | 104.152.168.42:80 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:80 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:80 | ilmuphotoshop.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.51.241.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www6.cbox.ws | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.120.144.57.in-addr.arpa | udp |
| GB | 157.240.214.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.72.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.158.36.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| CA | 104.152.168.42:80 | ilmuphotoshop.com | tcp |
| US | 108.181.41.161:80 | www6.cbox.ws | tcp |
| US | 108.181.41.161:80 | www6.cbox.ws | tcp |
| US | 8.8.8.8:53 | kumpulblogger.com | udp |
| US | 8.8.8.8:53 | adit38.wordpress.com | udp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | lh4.ggpht.com | udp |
| CA | 104.152.168.42:80 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:80 | ilmuphotoshop.com | tcp |
| ID | 36.50.77.66:80 | kumpulblogger.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| GB | 172.217.16.225:80 | lh4.ggpht.com | tcp |
| US | 192.0.78.12:443 | adit38.wordpress.com | tcp |
| US | 8.8.8.8:53 | toolbarqueries.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | siteexplorer.search.yahoo.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 104.20.2.69:80 | s10.histats.com | tcp |
| GB | 87.248.114.11:80 | siteexplorer.search.yahoo.com | tcp |
| NL | 74.125.143.103:80 | toolbarqueries.google.com | tcp |
| NL | 74.125.143.103:80 | toolbarqueries.google.com | tcp |
| US | 8.8.8.8:53 | www.cbox.ws | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | search.msn.com | udp |
| ID | 36.50.77.66:80 | kumpulblogger.com | tcp |
| US | 8.8.8.8:53 | siteanalytics.compete.com | udp |
| GB | 172.217.169.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | seodigger.com | udp |
| US | 204.79.197.200:80 | search.msn.com | tcp |
| US | 166.62.112.193:80 | siteanalytics.compete.com | tcp |
| GB | 172.217.16.226:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.214.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.168.152.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.41.181.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.78.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.2.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.143.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.77.50.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.112.62.166.in-addr.arpa | udp |
| GB | 2.18.66.177:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | static.domainesia.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 104.26.15.183:443 | static.domainesia.com | tcp |
| US | 104.26.15.183:443 | static.domainesia.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| CA | 142.4.219.198:443 | s4.histats.com | tcp |
| US | 208.115.240.124:80 | seodigger.com | tcp |
| US | 208.115.240.124:80 | seodigger.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 104.26.15.183:443 | static.domainesia.com | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 172.217.16.225:443 | yt3.ggpht.com | tcp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.230:443 | static.doubleclick.net | tcp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 104.20.2.69:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 177.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.15.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.219.4.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.240.115.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| ID | 103.234.210.227:80 | www.sms-online.web.id | tcp |
| ID | 103.234.210.227:80 | www.sms-online.web.id | tcp |
| ID | 103.234.210.227:80 | www.sms-online.web.id | tcp |
| US | 8.8.8.8:53 | adminrumah.com | udp |
| US | 8.8.8.8:53 | www.karpetmasjid.id | udp |
| CA | 142.4.219.198:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | www.histats.com | udp |
| US | 8.8.8.8:53 | 227.210.234.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e.dtscout.com | udp |
| US | 141.101.120.11:80 | e.dtscout.com | tcp |
| US | 8.8.8.8:53 | dtsedge.com | udp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| US | 104.21.112.1:443 | dtsedge.com | tcp |
| US | 141.101.120.11:443 | t.dtscout.com | tcp |
| US | 8.8.8.8:53 | 11.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.112.21.104.in-addr.arpa | udp |
| US | 54.241.51.109:139 | bdv.bidvertiser.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e.dtscout.com | udp |
| US | 141.101.120.11:445 | e.dtscout.com | tcp |
| US | 141.101.120.10:445 | e.dtscout.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yzufy.blogspot.com | udp |
| GB | 172.217.16.225:80 | yzufy.blogspot.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f426165d1e5f7df1b7a3758c306cd4ae |
| SHA1 | 59ef728fbbb5c4197600f61daec48556fec651c1 |
| SHA256 | b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841 |
| SHA512 | 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6 |
\??\pipe\LOCAL\crashpad_1172_KRFYPXFGJNOFHGSI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6960857d16aadfa79d36df8ebbf0e423 |
| SHA1 | e1db43bd478274366621a8c6497e270d46c6ed4f |
| SHA256 | f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32 |
| SHA512 | 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2ca8ad475910ede616718e6b79e45508 |
| SHA1 | b58435b627595c4508e30ecfdefd7383a1a2780b |
| SHA256 | e767b46266bcd168b8c7d84b4efe6a6832319e1b3372311174dbaf377a398a86 |
| SHA512 | 7d75c8e831b5decc401f397081515679a3d4431a10adb7f2e685a2ae687bc5315db7d85daaf7245f4dd4e7a5262333f37034a6ee4f12b9429e43d43b3799f01e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b5a2b57923c35725a604273f6dbbe587 |
| SHA1 | 4f2ddbbfb0d8c1251e385b702f4e62e5732ee427 |
| SHA256 | c1191722bfad58827fe068e08e82633b525e482480c94f57a214e181e998aec6 |
| SHA512 | f22baf007a5d562123c39ca34d1bd965893b93708dfe0223cf9e941ae13900147e126e5c4b02f14ce67dfa9b08d91409b15a6bc7751adcacf7f8b8a746f3e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 21f757613ff3c54b25397730be364b23 |
| SHA1 | d797c4c1d36d831681aaf0eb22272a3d1b66d4b6 |
| SHA256 | 88623e45d499221275e2710451670ebf0e75eef90d321d71fc43e15dfb5f4424 |
| SHA512 | a85451aba4f5bce2322754f10b9545498dcd616821b58409ac007917c1e931870a0683ceb197a67094bf097f62d26abc1eaefd00a4809d93e40dc82def6d4f72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0472256460a32cc38ff3e1450ed93e30 |
| SHA1 | fbc21dde55834f0763e333cb215d04d8315f9db2 |
| SHA256 | 93d4ac6ec254ad70797d911401bd9dbd9d6dad7eaa718c8cea1c3fe45dde957e |
| SHA512 | 5deae1c74d398578df55dda63efcce0b11b0135cfeaee94a509b98e395c147464517677c183f5c07f3a1b75ac6d0f7f463750b07cdf30f3084b5c1a6b7eb3a5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0e2c06f7bd0b8d00c2e3253eb820554f |
| SHA1 | 0a96bb9e17c17257dd07830ef2ef560ce68af9c0 |
| SHA256 | 042edb61b3a4d9790f3cbb60582f94130f0034d3390070797526a1643fb783b5 |
| SHA512 | 1d3c7b01f0a0b4c9c740c9b61e00a224d4165d1248e996de5097604e7ad950d3f538293d0aaa0dad3d51055ab13cdec68fcf1cff86249a4f8d386a0a2964e7dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1c152f7b1f5791d30073e48ab5af2bc7 |
| SHA1 | 11f26df1d4b2d6e820314177587d8cb2f8ea78a8 |
| SHA256 | 5595eb7993d08c74a2411eabbd68011c50308e67f6d3fde3d314ac322dbb9805 |
| SHA512 | 5e02b1550cbbdfb9f850ed5893e8385df80c9d1cebee90ac67ece92d27d790bb384180f65833704e94273a3e27d48ebc77bc121ec4502e8e3559fd2a8227f246 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e433adb75dc19bbe74fb904e08feabdc |
| SHA1 | e824c146581a30254a1abbedae169700124336db |
| SHA256 | e7c6dda1cac063bab1f9eeba6d65a1668cfca243ed331b2e398da60b914da699 |
| SHA512 | f874e5db32b5de54c712999629ad17bc5bd759221c2a578ac0089f9e28a69310606b562a0a1a0dda139b31d55bca69b4e50563ff61ebe5b08904a2ab79c7b2b5 |
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-11 10:51
Reported
2025-01-11 10:53
Platform
win7-20241010-en
Max time kernel
69s
Max time network
155s
Command Line
Signatures
Detected potential entity reuse from brand GOOGLE.
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.sms-online.web.id\ = "137" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442754537" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F625F321-D009-11EF-96DD-F2BD923EC178} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "137" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\sms-online.web.id | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\sms-online.web.id\Total = "137" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\sms-online.web.id\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.sms-online.web.id | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2376 wrote to memory of 2940 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2376 wrote to memory of 2940 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2376 wrote to memory of 2940 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2376 wrote to memory of 2940 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ff38c9a7d7658cf24606c99a125e204b.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2376 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | elmubarok.googlecode.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 64.233.166.82:80 | elmubarok.googlecode.com | tcp |
| GB | 64.233.166.82:80 | elmubarok.googlecode.com | tcp |
| US | 8.8.8.8:53 | sholeh4u.xtgem.com | udp |
| US | 8.8.8.8:53 | files.main.bloggerstop.net | udp |
| US | 8.8.8.8:53 | bdv.bidvertiser.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 54.241.51.109:80 | bdv.bidvertiser.com | tcp |
| US | 54.241.51.109:80 | bdv.bidvertiser.com | tcp |
| FR | 54.36.158.42:80 | sholeh4u.xtgem.com | tcp |
| FR | 54.36.158.42:80 | sholeh4u.xtgem.com | tcp |
| FR | 54.36.158.42:80 | sholeh4u.xtgem.com | tcp |
| FR | 54.36.158.42:80 | sholeh4u.xtgem.com | tcp |
| FR | 54.36.158.42:80 | sholeh4u.xtgem.com | tcp |
| FR | 54.36.158.42:80 | sholeh4u.xtgem.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 142.250.200.33:80 | themes.googleusercontent.com | tcp |
| GB | 142.250.200.33:80 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | adit38.files.wordpress.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | toolbarqueries.google.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | ilmuphotoshop.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | siteexplorer.search.yahoo.com | udp |
| US | 8.8.8.8:53 | search.msn.com | udp |
| US | 8.8.8.8:53 | siteanalytics.compete.com | udp |
| US | 8.8.8.8:53 | adhiprimanacomtwitter.googlecode.com | udp |
| US | 8.8.8.8:53 | seodigger.com | udp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.sms-online.web.id | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| US | 192.0.72.24:80 | adit38.files.wordpress.com | tcp |
| US | 192.0.72.24:80 | adit38.files.wordpress.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| BE | 74.125.71.106:80 | toolbarqueries.google.com | tcp |
| BE | 74.125.71.106:80 | toolbarqueries.google.com | tcp |
| US | 13.107.21.200:80 | search.msn.com | tcp |
| US | 13.107.21.200:80 | search.msn.com | tcp |
| US | 151.101.2.137:80 | code.jquery.com | tcp |
| US | 151.101.2.137:80 | code.jquery.com | tcp |
| US | 208.115.240.124:80 | seodigger.com | tcp |
| US | 208.115.240.124:80 | seodigger.com | tcp |
| GB | 216.58.212.206:80 | www.youtube.com | tcp |
| GB | 216.58.212.206:80 | www.youtube.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 87.248.114.11:80 | siteexplorer.search.yahoo.com | tcp |
| GB | 87.248.114.11:80 | siteexplorer.search.yahoo.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| US | 166.62.112.193:80 | siteanalytics.compete.com | tcp |
| US | 166.62.112.193:80 | siteanalytics.compete.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| US | 57.144.120.128:80 | connect.facebook.net | tcp |
| US | 57.144.120.128:80 | connect.facebook.net | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 64.233.166.82:80 | adhiprimanacomtwitter.googlecode.com | tcp |
| GB | 64.233.166.82:80 | adhiprimanacomtwitter.googlecode.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| CA | 104.152.168.42:80 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:80 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:80 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:80 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:80 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:80 | ilmuphotoshop.com | tcp |
| US | 192.0.72.24:443 | adit38.files.wordpress.com | tcp |
| ID | 103.234.210.227:80 | www.sms-online.web.id | tcp |
| ID | 103.234.210.227:80 | www.sms-online.web.id | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| US | 57.144.120.128:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 142.250.179.233:80 | www.blogblog.com | tcp |
| GB | 142.250.179.233:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 57.144.120.1:80 | www.facebook.com | tcp |
| US | 57.144.120.1:80 | www.facebook.com | tcp |
| CA | 104.152.168.42:80 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:80 | ilmuphotoshop.com | tcp |
| US | 8.8.8.8:53 | www6.cbox.ws | udp |
| US | 57.144.120.1:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | lh4.ggpht.com | udp |
| US | 108.181.41.161:80 | www6.cbox.ws | tcp |
| US | 108.181.41.161:80 | www6.cbox.ws | tcp |
| US | 8.8.8.8:53 | kumpulblogger.com | udp |
| ID | 103.234.210.227:80 | www.sms-online.web.id | tcp |
| GB | 172.217.16.225:80 | lh4.ggpht.com | tcp |
| GB | 172.217.16.225:80 | lh4.ggpht.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 104.20.2.69:80 | s10.histats.com | tcp |
| US | 104.20.2.69:80 | s10.histats.com | tcp |
| ID | 36.50.77.66:80 | kumpulblogger.com | tcp |
| ID | 36.50.77.66:80 | kumpulblogger.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| CA | 104.152.168.42:80 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:80 | ilmuphotoshop.com | tcp |
| US | 8.8.8.8:53 | adit38.wordpress.com | udp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| US | 192.0.78.13:443 | adit38.wordpress.com | tcp |
| US | 192.0.78.13:443 | adit38.wordpress.com | tcp |
| CA | 149.56.240.129:443 | s4.histats.com | tcp |
| CA | 149.56.240.129:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | static.domainesia.com | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 104.26.15.183:443 | static.domainesia.com | tcp |
| US | 104.26.15.183:443 | static.domainesia.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| NL | 88.221.255.177:80 | r11.o.lencr.org | tcp |
| GB | 88.221.134.89:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | e.dtscout.com | udp |
| US | 141.101.120.10:80 | e.dtscout.com | tcp |
| US | 141.101.120.10:80 | e.dtscout.com | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 141.101.120.11:443 | t.dtscout.com | tcp |
| US | 141.101.120.11:443 | t.dtscout.com | tcp |
| US | 104.20.2.69:443 | s10.histats.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| CA | 104.152.168.42:443 | ilmuphotoshop.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| NL | 95.101.21.33:80 | crl.microsoft.com | tcp |
| CA | 149.56.240.129:443 | s4.histats.com | tcp |
| CA | 149.56.240.129:443 | s4.histats.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabF78A.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarF8F4.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acbb1ef43a0e30833c11c752c3985ae8 |
| SHA1 | bc430da9e7289f9ea68686f5d1bed1e813b16e1e |
| SHA256 | d73f0c1f49449dd01198af493b957881fb9214b3fa63c299cf3a65beb4548de3 |
| SHA512 | 96c3ec6933e9d78745e4ec0a1c18aad83951589f547f79eb3152df7e7b8ccdc7f83c5ae3c4e3a6bfbdc4dcb548db670e8b39a1fda4b743a69b13b3c71452e984 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4a43db46122267dd5fb1336f5640bd1 |
| SHA1 | 6434abfa245c32b97f757f02588d60aca0fd729c |
| SHA256 | 398f4030ed4c45820259561d5153a40d4e1b776239685131f1a9fd00d3426c41 |
| SHA512 | c175f9227ffa3d87086cf52436ffdab6481e7a33fea8f968c6e8786b6b7a97092fbfca8b0b85181f6e01e1269cfcdd2df53c11b2bb2b3f75715c9b15dffe808b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1db4cfdcfdf9daa31bd7369c5ce6bc64 |
| SHA1 | 3eebee09a6d1deab13e122213d8d5df897332266 |
| SHA256 | 6b72b49bded2134cff2d6e3f6ad9ee587db7671927958ce0f72bc9a089280c53 |
| SHA512 | 775eab05bd13c5fc86ec71ec8c8cd1ae26f55900045c011dfce2a6dcacf2c677c67bf8a57dcc0d4bf64322357108c3c4e07fca439a24127cbb287798017ec51b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\js15[1].js
| MD5 | 4beb0b1c8bbca69316e6eadcd83b1bf0 |
| SHA1 | 602491c5f60960bf4ba7c3d2e600681a06ffcaa1 |
| SHA256 | 429e7004f3f8fbe42cacb984c36a9cda33efdacc100a276b12e82c6ab78bf7ec |
| SHA512 | 3bc8560d56f39ba09da8a3582587b9ca727dd9fa60582892a2a8a2d7de42fa0fa057b28986a0975b84589d8e9ef320f976b3731a19ea17c83388c1309041b8f9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\BidVertiser[1].htm
| MD5 | 6c60754af27389e2778b3584bf10f3a1 |
| SHA1 | 196be0cdc74708ee01c01f86a648c16573e18fc6 |
| SHA256 | ff2485a3dc35082ae7e3799388665929ffd72227191bf24b7c01033bfe19ddd9 |
| SHA512 | 36724f44d31c798e9c641567f282807f4cb357dc7ed4a9ef8ba633d8c2f14477dac67f4afb3f1f131dd16489d615114486eddc2cc34eff9e0d3b3cc443fa464f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca423c5f282b7b5a61fac2298e644afd |
| SHA1 | f8dc7a5bc1def3f45d138cd76a409ed6da743b85 |
| SHA256 | 7c606b0f77e37ad7f5614d7c3ced3ed8eac21647f79b702e35da42de5498410b |
| SHA512 | c59a0e7731632f1fd16b52c49ab99d0686b1a980f1e9ec0d6bb54aa68e2251f72cec39c5d930fa56da5389b24ea13a362a389a98d104fa7bccf672a47b78c9bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 9f0f6c9bf7642253ed69b429067f21a0 |
| SHA1 | e43ebe14454eef68addfdae3b2cbd24dcd63f680 |
| SHA256 | 011777d207a5ea9b9ae2465755dfdebf5b3ae6276f4ac4b8e2365502e1a5475e |
| SHA512 | 3916e166877c9c6d1050580ea29345128faf4717db4af643564fc760fdf869d61574d9c6a584739d4ee823a18c157e730f0d93cc7092644fb010a384839d1691 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ec7f49d3c939b9ae63cd9df08cb089d |
| SHA1 | a2641866aeacc4580c366ba26ac4bbb82cb28f6b |
| SHA256 | ab976d5a8f836899dcb0877e28199ec6c28bbcb548f1e94302f33b9f9c38e938 |
| SHA512 | 6b7087cd798b7af442139d56d74f70366f6111f2a6cf6e08256f8a22cf4ad6a097b25b784d9ccf7c6c14a0f73ff502d9e9b45dfc4e991643941523001c7cc4dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab7a13f70384eafbc572bdda4f07eb96 |
| SHA1 | 5cfbe29fee633919302e275c768be00a087b0b96 |
| SHA256 | 7dc14b1b5fa24867d00a1e92b5e60ab7660082677470f70e9b9bbde800c76d36 |
| SHA512 | 7c19f672b1ad3c29ed859a58b3b0154bc403bae7e5d92ecc4b681e29299bfac99bf2e23cbf6d95ccdd3232b79535e896eda1ff0622a1de961f9325b6861a46cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbc410404a97069f0a0401c69eaf610c |
| SHA1 | d0575909a88bb2eb8b7696cc22361eb3768d1261 |
| SHA256 | 709a55d9080786fd881529db37631b9fed9b98790b2a604ba4a74c8f610b7912 |
| SHA512 | 55cf8401ff07c5c48171a8f03cfc823de58d588518734f75fc88620aa347db863e1501d3b8e6d61b5140864bc14de112b6860116bf1b12d00a315198beed28e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86ff3fe21a66656b4ecacc4bc3043c46 |
| SHA1 | 0d9cbda3639402e02a2e5da88a6cf1a45f0c6e36 |
| SHA256 | 76e30f522b6c9ed12303d6b767167b13aa243f86166dc7d1338ad19388201584 |
| SHA512 | 5124f47b7b07c4ad9aaa706dfb9397bcaeff2406f599162bf8450f4286420e29d47b70208ed8eb4bee0f2779b7438a861479ba231c8a3ff6f6e0a041d7336ad6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 965c9c717ea51da7fe89b3800900702e |
| SHA1 | 8e6b7ed78c3554d1d7f41f793966b3f0bfda5da9 |
| SHA256 | 5024017ca900b6de83b7b6f711958c58653a277c59fe55628782ee8cc49098bd |
| SHA512 | 6ee096a61faa34a628de5c35c765ce405e521a97e118d53d7df71bfa842e2e0f3674143eec970dc67b97228f2ecf27164cea44ed13fbf1fac886d1234c13b4a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | b474eabb786754b8619539ac1a824e3f |
| SHA1 | 5c5f1f025e232557717bd74241220a438d9bf09e |
| SHA256 | c5796b19f168b51d68e41e38e0d0cf254fc0d5daa13abe42617b7627fa08aed8 |
| SHA512 | 789780b9a9ca58bc5348e1aebb9420b949080398385991d70862e50d2f22cbed231e45c1a237f6ecb749a5e318d90728cc06acdbf4c3c8f68d3b68775276cdfe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 161c8ad37c15325fc48dbc475e8aacf5 |
| SHA1 | 0d4e4025aee0a85f4f7315c41293840e324405d0 |
| SHA256 | 426605546e673576ad1036e0006fbbd13288f8152937020771d29da4b823ac0a |
| SHA512 | 299ed71f91805ae36f765dadc0d3c71748e40a8889f5d58ba60204992283467cd02e06a3ea286f37e23031eba2393a5db24c745d31dbd7ea940f30705a11416a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a483c30c0f177afaf70aec43de6424c2 |
| SHA1 | e30ae9a54e9bd52d942258dfeea2d61e27927013 |
| SHA256 | 4b3393a701c51856245584272781ff040778ee48717a1df8315fffca775f83a8 |
| SHA512 | 9efd49fb4be200a27e6e8e6f2bf063a7aa1758bedd2d9f529acc48e270f48d7714f69e5ebc6a6f2af00ef25419c03984f1ac04c9296a0a327c971088ec93b473 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c90524691709eede52d80701eee65100 |
| SHA1 | 38c64fc939ca216a84173801b2b1d2cebc6c03f4 |
| SHA256 | 635111912377e461bda7bae25beeba5f02e03749e495bc9e5d51bb2ab979fb1f |
| SHA512 | 6291050a1754beee3d23a3045974d4a47e57e11a1e2623fe8fb895c25c3c1bf1606d7ed5c423384d572ae10ef87e8749260d611eda57c2a118cab6665ab20cb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edfe4e5e47dfcb35eb8ff1b2c78bf91e |
| SHA1 | f471d88bb5002b8e7f2290846f0cd000e99b6248 |
| SHA256 | b1f16741f9bd34e0f74e30ba6edc626780e5ffdac8ec7e4b0295c6001857776c |
| SHA512 | ebb49501d2cfd6747152e6e671cf55293d3ea07af4fb7319d0904079bdd5df63c689565e66b71f8c15bb53aff4f5055f582b56e3e3b908997439fb7206447017 |