Analysis Overview
SHA256
22e71a77c138de594f57c3bf891eb52035d8dadb90d6dd554b6bf6c3e603b35d
Threat Level: No (potentially) malicious behavior was detected
The file 8faa05fb2876db98cb3f31b373359b9d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 22:32
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 22:32
Reported
2024-06-02 22:34
Platform
win10v2004-20240226-en
Max time kernel
144s
Max time network
153s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8faa05fb2876db98cb3f31b373359b9d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5984 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=780 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4880 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=6052 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5404 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| GB | 104.91.71.140:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | klpuv.cn | udp |
| US | 8.8.8.8:53 | klpuv.cn | udp |
| US | 8.8.8.8:53 | klpuv.cn | udp |
| GB | 104.91.71.140:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 104.208.16.94:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 94.16.208.104.in-addr.arpa | udp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 216.58.213.10:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 22:32
Reported
2024-06-02 22:34
Platform
win7-20240508-en
Max time kernel
143s
Max time network
124s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000004db904358e8c6249dae2fafd1b3a17b4a7c4a036822230873a2e1632afae73e3000000000e8000000002000020000000c7fcdad5db7c5c9c1e20d3e4a0657a49670d03e1f819a31327fe0cfe6e33f98e200000008e0044f854bbec2a70da3f69fa71e20eadec718b124cae35e6e23c6e2f4b5e0c400000008149a1462b4126d8007f3c9d9ae2c41061bde86b9b1801fa39bcd02ce8746654442a2f9c78fb49a138c983798349129daa080f30092b9cf1ea871438f08e3ac1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00aaee103db5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F96FDCA1-212F-11EF-A233-7678A7DAE141} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423529407" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000f9bc34a83eef44e39835fcf1e086b15f102e4a09eab00bbf3247fef360d9bd63000000000e80000000020000200000002eea080275e2d08984ed81ad9ad59d5fb16700b8709ac8fa99665604219f1b0590000000e57f26c6e9e9715dd6477c70c02a4a3eeda5d0bb8be248654f1d5d964bc44539e69aad5ea6fc1cf54fe3743c5d22b1bf9f95df80df786d695af1059455f1cbba15fee283b4e67f7bdb9828279ffc9cbbae79a1a58dde00829e0e005848dca3698e4fe406e546bf327b1fd33355c6fcdcb0f72c245b9dde30eaa324fd3a57090a880e4a58f7c65e353a37ab74d267afda4000000030a4970ac9b122b319c916a14aed3f7921755917e201cf55175c50228ea0ec47af9104cf43646ec48c71e53073bdf032e6df8fc20fba6c3dada8afadd9540417 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1300 wrote to memory of 1708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1300 wrote to memory of 1708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1300 wrote to memory of 1708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1300 wrote to memory of 1708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8faa05fb2876db98cb3f31b373359b9d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1300 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | klpuv.cn | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2CCD.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2D60.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47341b30239c7e14ce9e48ce78ca209a |
| SHA1 | 455f7603adaeb97c16a7628fd659dbcca88c21fe |
| SHA256 | e503548e679169a595723e75396af60af933a973e623098a422c9216decb37ab |
| SHA512 | f083023a5a1287e134fe4c9c0a621b97a3eb02261e5a6005e93263dd7e285e57748838f6566629440c6fef41b8c45a7eab795bb4013b7e666143a722b85d5807 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1381fc991ac6cd5dd20c6a35477831e |
| SHA1 | a7b9326b1c17395e8ec398b98193469dd81c9620 |
| SHA256 | fe4e62e11c0cce7584137bbd2efd9a04c99c83da89f6b680a6e24d13e436c314 |
| SHA512 | 0180284f038b407d1edd30d577491d6dec3b178d34ad47f49cb9b8f6058e7f2622068b1b1153059754e148401ef074a613e042d47c9b7b97dbf1e34464ffa18a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d7ec69f11369bece7f8c436f92b49e6 |
| SHA1 | cc06659d35d5c0b9d22c93e87d6aa14509f70ae8 |
| SHA256 | 4e40ff3df164f449cd86b71f423dbc3f27f5f9a8cec2f6446649954f56ff582d |
| SHA512 | 7a2431dd421b40543519eaa22f532c69c5f2d5a79f4dd8329c4bb965710b7ab82c04346e47737adcd9691a4d1919264206d19eec6ae42c3cbe36a139ced8e986 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2326b4d2a6583287af70631459f943cc |
| SHA1 | e05a4690585c442d04eb18c62c5304a67be0aced |
| SHA256 | e8f56705c176443cb7b350baf1d01a52cb51c197c30d94fb8d9acebe95ad11ec |
| SHA512 | 06b798f08eeaa2e07ed905c2b1200a4dbb361b77fe80c108a8f63bd44e66f54207af09d7c366009d367a9b6cd4d1a926c975bd0e78f78536cd265a723bf2820e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7948cb931b4e1b44788df38a24e83a6 |
| SHA1 | 3b6aa7f95c61e51347827646016156b8ce309f16 |
| SHA256 | ad4b8faf73f4cc8f0af6d794e0b81c09ec769fb09dd929cd7367bc2faada2430 |
| SHA512 | f433676e0e3e57f39cbc4723a151f984c5768e4dd10572d93f56ff16e49d49fd9ce70812e664ea9ded5e7e9c61afb360facea83a24e7c8ecd3dc4154bc27f253 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 947337b1fa6968bda118ec5ef34b87d4 |
| SHA1 | f2972d461e1f07af3bf88a64c888a5124723f12f |
| SHA256 | d904b31435ec413dbb8ad4a59f4079c4ac6debd3bedf824f933f3e6bdae90bb9 |
| SHA512 | 52f84ccd3435f1389e478badb5e2a1043eb4667b73062e71714e8826b741e2d7366d46e6173c34f0668ce8e88ea1c9f809931417e1762f48c37af1de5f8b382b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b9bbe40228f3391324342a3cc774a3e |
| SHA1 | 55b4462a3c6a4ec7610d37641b164d0949a4e08c |
| SHA256 | 76fefc5ab370b7ddeb41f0fa469127580f92b4c62f06578b1e61e8b77e4ea5d9 |
| SHA512 | 64346c42bbd14e7cf0046c13e21f4f0e8dbce5652197431496cd9b3eb1fba2e3641d05e9275feeb157e8219e40db61a9138f7f9bb76f1ce000527a540dded46a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 948fcfd326ee934da0dd2d091b5dac49 |
| SHA1 | c820df85f9f6b4acb31b9e58eb7ecb667b3853ea |
| SHA256 | 55f86036b3dc1739bc534075a7e364b655ec50170828343b06ef971f8bf75f13 |
| SHA512 | bc1fde82fb7237400a9c78e896683883fa2d81d54d744da73d83dd705bb7181a676c5ffee4287e36c83dadae8d4076c2d2031f19fee2e729e752c2a7991cc7a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38aecaae8dfa67e058cf08c5173a18cf |
| SHA1 | 685ca432dd9e9797c47b1f3eb33d6300a234da6c |
| SHA256 | b907db1a5d9f0015e263cb25fa4f8c39b653b3e45d1d7939eb1e96acc8fd37bc |
| SHA512 | 49b6ebe0c28d5413e019851596a120f37df2a5d5d7833e1c4108c4e6a1e3c1281b0e64f5f52367179c237a3a6455accc99951b541b8ef32cb2f4b3e8dfbd58ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 466ea0a37298077ee8da06f07a82fb6e |
| SHA1 | cc056fb60086dda9a192412540ff3d08ee064e1b |
| SHA256 | c37cadd36e9a1fd85759b508a325f2c3f0d451e4c0cbb8f11601877d8b1e10d0 |
| SHA512 | 5aa2f61bd34d2fffe3cb552d3e4b3b51fcc5ba6b2b8187c4d65c684b6313ed99446ec06a0399706a587d64f4a0bb489e5026257190e3d7aa2d18198e1d99002f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08929f51eaf5b3d07374476d6a4735e0 |
| SHA1 | b974d4b3e726446dc90229cfe1194cb53056d2d4 |
| SHA256 | eda2491beb17f2a8f1aeeacc5c049a9a9b7b702ce7ab34c41f1404ae27d3d0f3 |
| SHA512 | 718d4ab639fc87fa3990a12c93c1f34e856489874bfeafa728fa4e0c3d773fcfe435a0ee18ae5bd50c5de7a0ab6132456a5115e785e0c3411a29ad0fef501dfe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c4bd9cfc5a512d35c2e541a30cae6d1 |
| SHA1 | 9f8434bde6f5888169a879f68910191f83785b8b |
| SHA256 | dafa518d7cf7ecc952e994ed010052167203ea9e23c50a7a866a59a80c903179 |
| SHA512 | 433eb024e81cd83f6ba433a4be3f7bfcd41f7a6c707bc3c87501beb51214a7666b3c45ed25ce28743585ff12c30b860b5fa672cb001c55b47c5ddec2be97c077 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37176b3db39dfa42622482199073e1ae |
| SHA1 | 7f09dc0946ada197dc305a7ad0b30fd6c064937d |
| SHA256 | 584f7a52370ee6e6aa426a36c1e5f2b2a7b4d9f9ed862ba472d5bdfed7a4ef91 |
| SHA512 | 820dede8764bccc6114d1ab4445b8184ae557c7d6767af2c43bdfb175e7b27ab053f2ad54fdb0850bc30d35690767bfb7a9f1a514d83acd480fe3c39456abc34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d2e1292a5d0905d08f68279344cc82d |
| SHA1 | cb15f851a28d068b036ffc80c9c4efde6c9946f3 |
| SHA256 | e32f0fd88d9a6fe14233632d9645c904497f220ccda594ef04b2b11c4b0c5151 |
| SHA512 | f90a1116c380b2e04ec22f2017750e9166b6261bf0b64cdcca25f8f95c58fdbb0f3c08d03f753979eb630ebf4b2652f1d89da16c5c37415864184bcf7c36de79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfd6a3451fb76763d04e77ec48555a4a |
| SHA1 | da75bb4f6e11053afcc7daafddb6f1ad953a0a1e |
| SHA256 | ec33c84e777a8cf0753561512b0565c3dbce06bbae20b42b92157c3a3020db7c |
| SHA512 | 7176df3378815f9fcb3e0872e87f18963a31e91821f79c61364bd1e0ea03a29c64e3697acdc4b80a871ecda3d19fae2442d8b72cdfd5cdd63b89d46d549b08e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b674264f1a5070ca6e0ba9e25ea867ca |
| SHA1 | f25161991968ebc4229b5c32d02294bc6c24b9b4 |
| SHA256 | 33a1d3259e0771112cc396f71abd93cf65c3bcbcf03be019d27c7e906a4d1343 |
| SHA512 | b324af3d16461345b93b1ebc8280ac8817dd0473b716b42f34ead6b8cebd424c79756b4583651ce4343955a8e6c9c5772fdd75109f6f47ae13bd417ad3fb6bfa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af5e511a5522eee41ea7f752d16fd8ad |
| SHA1 | 3148da899785136bc1ec2c8ea4ad90fa9ec09870 |
| SHA256 | d7331f1c33655af68bba651e166ac467551b7578d2c9d26bf829908025e931aa |
| SHA512 | 6a1200abbc1b16c0ebfec4a158fde5aafe6d230ce51ee32024d079f55957b911da2229020dca49937fa28de963b4f0c42c4cd56f67c9508b27bb74724e4409fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39f38c726ad7016615c060ed1313357b |
| SHA1 | 504274b212e03a16b36523c6d248049bf90d771f |
| SHA256 | 0be286d213849aa32961e2150b17e3ffaa1686dbafc85997515a2f12a3e5c769 |
| SHA512 | 479185322303af51361ba3d73853f8bc09019e5e8ab6bfe6aa93940ee5a9d10d76fd725e95ddc160964ddbb40c02bb5e9db8d4aff0046af33a23762beaad2ffb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 067e617af007a87138f2b454d4773edd |
| SHA1 | 9fe9457c85e95570f52074e48a9001db40afba7a |
| SHA256 | ab10897d4c2cc4a76644f5ff12a6ab5971e37cd9973796afc8938bb250d49222 |
| SHA512 | 6e1745d9459d9eaad7dfd8a68249554b0f03de3ce10c1de413fa159ce0042f012b1e80fc3d06a825233f129d461a92d40edb836d88f7860740be657b3ff3bcdf |