Malware Analysis Report

2025-06-16 07:20

Sample ID 240602-b1dwtsed8z
Target 8c7ad73d63d3b470c70f4e5b0b9cd3f6_JaffaCakes118
SHA256 4504dbdfddcbe10cc43c68ee84a0b779cd92e5578553ccb9a4b5c8b484d1b9d0
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

4504dbdfddcbe10cc43c68ee84a0b779cd92e5578553ccb9a4b5c8b484d1b9d0

Threat Level: No (potentially) malicious behavior was detected

The file 8c7ad73d63d3b470c70f4e5b0b9cd3f6_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 01:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 01:36

Reported

2024-06-02 01:38

Platform

win7-20231129-en

Max time kernel

119s

Max time network

142s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c7ad73d63d3b470c70f4e5b0b9cd3f6_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004446d2f439566a4aa1fd43172c54280400000000020000000000106600000001000020000000620dad3143c19f43ad12dc09b93be111903e78f6c13e43457db69e348154d2d6000000000e80000000020000200000005717bea49d5c600644b8d2cee46dd934723756e59f39bd69569eebb578147049900000005cea9af1e571b1efe05937716c7a753795995814ae29d212080b60ac6bbc6b267dd4dd9f9ee49cbd28d2e2115c1fc2695f494ff5f893b04455ed0659002773c837db5bebe3bf6cfbffb4d99eeb4c34b7683d1b720815c3fa44778e81d9e4f78a120d3009775c0a00b4009df8988f20983f808d87b1eec4016bace2b99ae1ec6f4497ef5926bd0ef650531d217a1c951840000000d83e3074879e6c1875d62cdcb84a8fdde04e88fd884d469d582cf8c0423cf64d1b24a75cf8595c6c742e043e6f78b42a4ae6a35bb9864e1b6065b4f647375452 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 906d90718db4da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423454050" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{84898351-2080-11EF-BEA9-FE29290FA5F9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004446d2f439566a4aa1fd43172c54280400000000020000000000106600000001000020000000408375f1362a523fab35e9bdab711563b8ade95749cb37e9c3a5d8ecf7f30cc3000000000e80000000020000200000004d1a0749367cd0ea94f111f3a4b1873811a70f81245291e2fdf6535f3c5c2f722000000051fd58504632bddec3ec48cae393f93365e984071d0745aae0bbeab9cc6956a84000000096c340aa3ac60c00ac156061b41fdc14a1ed1ed8dd413d7ec92baab455371005c0b37f58f6a0d648fb0a46fc59b7ff26e076b68f39a8cc3037c820e9ea11f9e0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c7ad73d63d3b470c70f4e5b0b9cd3f6_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.pilarfraga.com udp
US 8.8.8.8:53 s0.wp.com udp
US 8.8.8.8:53 stats.wp.com udp
US 192.0.76.3:80 stats.wp.com tcp
US 192.0.77.32:80 s0.wp.com tcp
US 192.0.76.3:80 stats.wp.com tcp
US 192.0.77.32:80 s0.wp.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
US 8.8.8.8:53 lcg.tj udp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
PL 93.184.220.66:443 platform.twitter.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
NL 23.62.61.194:80 www.bing.com tcp
NL 23.62.61.194:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar5D9F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90802ec04d76e47c228897c656e267cf
SHA1 382fbbed96e0b86e707cefde500d8e9b2049e22c
SHA256 35c1dd587868634afc93344f30c9c9773f7dfe09f4fa9b6d7cb4ccb1fe6d72cd
SHA512 f3a2c7ee5cac8d1917c301b885a4c5e9780e4602fa4e34114eae91b98a65dd597fec9e0919623326d49a5c224bb14765e3106db466258f319795e9e97a65c296

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 1d80d0b38353afe3d375dae02116f687
SHA1 c2fa5d29c4f5393b84ec8aafbe80acecf968aa46
SHA256 fb17b046d823c4ec8ede619f7fb72383962b992d7f809ca5cf7b23d6bbc13a6e
SHA512 bf2a77067690946687f88b9a3ebb45c634813f63ff868873ff3d475e7fb7a323e418c86501b462fe9a3c9a18a73305e61f2ebecc697b81bb50341986aebb9dd9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a11404999af476ed08675a7090d0fa2d
SHA1 9bea37e0123c156f6eaa112c5110a3406437e2ab
SHA256 ef0bd6a7d02102023c9a6016d97b9ad4252a896a2719e531c118d181bc95ef88
SHA512 4b51ff89f848a36fa3df0e9b9497ceda6db7cf65ddcfac590a06e6df70f76d9f5fad2f4a0a6490cf0b54de67c915b2b79a82dcf584cddab268e99bb09c1451fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a55428ebe5de7de0dd73e4206a30670e
SHA1 4315c06a1874509df71f9ebe61877be81f3c9e9a
SHA256 8de8d88252208a7b6eae51656d5e01af66ff17af66582fedcd48ec72321888db
SHA512 354c450dda650238406404974666c51c43d461ddd4da462eacedf845d5e10b4267b4c9c455a1a047edd28c8b6a2a404deb94949567f45d6688e6e426c984fa5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6a46f49d3d373625b8e38d907f5281e
SHA1 cc165c706d482654a9c7d684a2ab7cf68f77b92d
SHA256 c547a177b242f08d9d97b6dcc7fa9062c742105871d71d2e57bd9c55a6185738
SHA512 0d417ca66de70b0c640fe7b7e5de49a74f55b226bc5a1e214ad9298640a06884aaaa862cad30004f23beab4d64705a170781c359a756dc6a3ff96703a0404be7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8bc282feea4ebe10f42e490583f1e2c3
SHA1 72e057ec6e215d46ffcafe5c3b9525546d5eacd6
SHA256 15c16c21f78aa2b4e3712157821542d842e21e06878c2c362ecaa55280f34ef1
SHA512 27ef812d1ae1a3cf043049c7b8a18e910ab270f4025a05ec510635704d092a0c89efca196c4a46b4090ac7568c1596b0668f08c9b1b1667d7a040634798de94c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd225e9beac151fa8f520856673292f0
SHA1 c57165a5d87187b5d404f456221e0fd9f31595ab
SHA256 433707f5d0f3f1e3caa83e3ba4233a9228b856be4595048a37d09990227c3616
SHA512 f0b12faf874a6df06949225ac6e849fa27e451d0ce27f504d650a9b425ff563d1766adc9931c8326e7e66a62cf88e610280d30b94199924feffa5131ebba0da9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9ee2748d2319077def53789712247c2
SHA1 fab2b2184e72213748e735b77e14864ca6931e6b
SHA256 baa7793c990fdb54b92ee0061d7d5449035d3baf5e75cded7cf27a05dfc457ec
SHA512 ae70ad1961c8810c4a7d6033f86f3a92c6e75c06c8f9d38fa16d980be4d57570370ce8993f75cfa8a3fcb914165f2646f6ba287147ff4b7d0fb41fbbaa06925f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 066e79d445b91fce8519dfdf383575a4
SHA1 e988c853be1de3503789c7b9dd89c99dedd3ac56
SHA256 39bdea449c7474c87fbdf393db30d628b69ca956620d499c55de5d130696ef6d
SHA512 2d37a8a3f4dfc6aa8e7e1c4d348aa01ec77b8613753ebcbdbbbf1b908c962ca0da24a93a4bbe8674145836201204c1aef286783206b500f3380aa2ff511d1401

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eecaccebb50dbde6e362312c3f91eefd
SHA1 b119dbea364d6a0df50489d5e580379c73410503
SHA256 c936acc494ba0bd4396838fda0cf3aa93987f8c4de1d16b741a23ff70d86761a
SHA512 690d67dfea003d8eb7bad7e40d1d0f8d2cfa665289c84a34af73122e6b4effbd3d92104fa532b1ab64201d3ea6878a2e771cff217481a85d6d294e05cddfb2ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f98b602b4083077ca570bda87783fbdf
SHA1 53c9c1b92ea1ead46b071cab2f50d9a4af14b5a5
SHA256 16319622faa5dfffe42321fa89ef62a041b710404b04cc5d9bfadc5f72cb567b
SHA512 8b86ea4ef341fbf2ff667933265931b3d23d753346c99c6f833f6e09f86225cc230a53243714b59438d0a9c6979a3e8da82b156c3df0c39c305929ace3437d64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 132fa1f9d2800782a406e73b4a2a4e34
SHA1 22e55666102f6caf50cc294d47e4149a0f1cb420
SHA256 0a626ca8861501ef994bfe8e909092e269df9e8a49edc984114f97379f516682
SHA512 836ba14394c6421d18684ece62b97824b97f80554908e621d5b9bf92fd824b91d855bfa96cc318d212be4907b1dbb12d18e8bf1f65ac6d46e664f0287dcae6f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38838dc523898c567813f51ec2b6c40e
SHA1 e14ab1322365e0b8f13bf4468f6e43ae7a92c763
SHA256 86cc4f9f0d63b3a81cc7c2f6a2882d25e7b365922832d452e2352ad893a61f98
SHA512 bbf82c71c35d4f3085ccd7baa4b939709bca94fa21b0ce0f80bb8bb4aaed230b974421d35d4e473d75c1bb5f9f5cf30eaefe92f5f92d38803633d740d4df7914

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1639e1c1cbf793775919da0bf4c9da3
SHA1 f777cb608dc9daf9267b81a315d606636efddcc9
SHA256 13355a0af87286f803a716c277cd4793b7607075c3756c516f0a4ecf7ddb5cc1
SHA512 e5b687037e7bac871825d019a0ca7b61cffeac5f0d70979d9f8e398842c8d464b67d52520405a435493989ca4343f9299034818783f8c981046bdd9909adf66d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9577e07600e146006f07ec893af0e21
SHA1 d7e0d900011c57b65378308d51472f871112060b
SHA256 e11a138fc87bbfec2ba377fa74f084b5d81cf1712b1c7fd1b0575ad2b118401a
SHA512 085e020949a309aa531ef05b7d0f6648330902fd5dab7fc62ae3e1c13c92d9617b0c45152e42d0ff8f35aabe51239d10ded710e4e718839bd9aeb3e3f564a8c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 974cb2c84cbfb01d3c53dd4c95a14f10
SHA1 7d0310c415a893416432660671d8d9dfe0bd8a48
SHA256 de5c712d7e8e59a1c14ff645d2a5fa498d886480dbfed1c709d4b2fbd220bfe3
SHA512 2aaf0e08c6ef5693849f80e6778e9b1091816a8e42a4bfc2e76ea6babd3099b45b63aadc78d7bee1aae3ab97e15b57b23b336886f7824270b03129b7578cdb79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c83364b6e48ef3a599a820eb1a04450a
SHA1 8e389cf6847a3de14e58499a1ef41246338692fc
SHA256 6fab2fdd85271eb74b156d3efd3973843eb18f98a74b56c8661bf6343eb24805
SHA512 f37e3833b9b2d0e56448300f458310176e2e0470d08174eb199632d08069cddc628fd2ed49657e93f3f7dd040c0267f4b47c487264e531bc84378c8abd83b50e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d8be681f65c9e259bd41fa8c565f2c0
SHA1 0e92c330492d4df0d498db832a0b70bae94c4c8f
SHA256 e24f433277210e7d0f9d0ad10542f31c52f621ee07cf8a5244fbce8bfd4cc0a2
SHA512 8be5a6560436335ec5ef8d213f8a7c07f166f0439819b958cb8cf3979814cd8e9f6a7261fec9f301c5001db03b551dfa391af3db26bb5e9f32d46f694742e97e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3db3d9078846f2a66e84fe60ff76d7de
SHA1 14e80ea7a8795217fe3e8e7c9ebf793f735b1e64
SHA256 5ffe0dec9330a836ceb9e07337503085f168a5344b113a3e30c55ce186ea4b99
SHA512 53eef1355bf8489d242092d7e3dab4a52bb22f4355f3489ced6eeadd7f4452b3ccc0daa2ccc116175c078784ab8d1c49ff5687d01f4161d63bc922c196bb938d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04701f7c723f61e122e970e5f456c718
SHA1 50ea0b5f00c735c7c31d5ef78b69af0fd2b04e0e
SHA256 ffbad799f45ba5146fdc28f349b128e2c343917e38a9179c16ea5e5c96720da8
SHA512 8c9e2dfe556a7fdba4ad076149e08116be6fd4b48127e228903cd6cf7d520b3f31f3126aa7501b6b2d19e49fc5549d1b973e2ffe42d605ddb31b8832d114f5ca

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7a2b2faeee6833d54e99ceddb9a3d58
SHA1 30ca3c1b6ac5485db5d0688a2bf27e389af75599
SHA256 40ee05f3733bbfba3bc196be200f6dda86b998cc50b60eeb8fca36cadc13595b
SHA512 fb3452d4f4fe3d30241be237a0a5fea016c6131ee80f1ce13e36c9b043eb5c15c203e821f416a51895643b9f5946d220471876cb0f9e470ca86f750120cc41fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06fca421be36c393135b8d5fdb4c0853
SHA1 753f650c6c800c6f015a76c20420fe4616bb37c6
SHA256 23c22330ea8874b21b675970b6b7699bf187ea63c80ff2a37f840503270c629a
SHA512 3ff47065c79dc10c8f73e67ab41fa51bd3af7ec853d2694a906042facec5a24b2131c3b51b52ca391c938f6c995ef7115ee3463b180ce9db76b801b22303824d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5233c89bcd85be37ca7456a9e2533675
SHA1 aeb80e3e6c4b23b6f4e57fb4552582b3f46ad902
SHA256 ec345913ec3808f6a9d4b5757c3006cf2010672cd0c865cd28401a1d1d25025f
SHA512 8c7db44a88d0b26fdeec841ee1a66614f1869180298f772e2689c95eaed15f50b5819c2b28223e3cfac0f739b9c6930c9f0a859586725dd4d49d1836148701fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24ead9c015822af9710629077fec3f0e
SHA1 b7ce0cd419795c0cc9277c3c83db61664b2f3d12
SHA256 be5ebc66f1d3c1b8a22503c71b2843389f7d39a9a4378215bb1e91d84981ded1
SHA512 b1e4f436d59a9e4f1a02f9b2b9772a518443d562f5e6bae8101182efe4911e6ffcc7f993ce4bebb2a40a3fbf49db1eb6df832ddbc2e39a1e0dfab6c814cd1528

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c1b02c08133b75979fe03a9d1a77c09
SHA1 aa415d172290ea63f9f513c5b945687f38520f04
SHA256 a75507f7ccf5b4f3d0b46747282f414bdea122ddb8cff25005b1415a5ef67ad0
SHA512 052cd588cc488b19546d41d6c5810d13c3c95d822f3fb10d1424a4d3d3be4496c8f11f3c9a3c007b6522006fdd319b657f5e77a9806727be9866c14e7507a5ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bc881ef6f84b1d5bc9e5492e42ba92c
SHA1 74a07bd36b60db7ccab7ecc32d966229eafc7449
SHA256 130d8935da9881b46dd9ae4df53a68cf9f14b6b9e7e741b8eb6f6ffded987386
SHA512 f08aa12548c93fe258d295eef1186a41d6d1dee07d1cb32b7a49bd5fd15456d70f3712e24e3d14cc6e126751b492632bd3f6af1777139f2ad38139f071454f5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e86745246b514c6bc06321df6fe724c
SHA1 57cff0840158579f1e92271e5b3badd20e7a3c23
SHA256 8b4d13016cc17b4328ad9ed52ba4d934544c45be27b96f100dff40bdc3054208
SHA512 d697f304ea7acff3afc6cd0a1d2e0199fc96baf6b8b09e426b86fad39fae9e20ca46b41dcc737401561ec3261ee0e579ea7d3bf24da828be86ff210a40704dcc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43f1e42cabbc2b4d36e2fdd91c6f3aa7
SHA1 bcbf164dc24bd80b70107bb359518f3adf8893d9
SHA256 38a5bb493f7378049232b5cc833944b379eb6a2601cebc30b135a4079498383f
SHA512 66c9d07e8a23c931ed0aeee03093c11e76e5061c1aff8f96ae4bc557f9dd85f4cf0d9a7a930f64095a0e18d47624634ef58806609ccba687f97e7ef4bbee3dbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8609a5b51f3ef5367cdd3fd6e02caf5a
SHA1 5b311304c704e685bbc29c3994a63460037d9df9
SHA256 d8a9980571b2c97802a67cc34466c299b35871c83ff7cf08fa0aca73590bd4b1
SHA512 c84d9c94730f4c46fce0286acb30c2460845bf7bda4c7402e9d6ea7770a7b5cad13ed360bd371b3ce3b34d96b19380122bbb9892858b7f8e099ddefb88277962

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 470573a92c1973bb92e28877c1f898bb
SHA1 0ceefc15d27980562027bd3c3d88aa34ab275167
SHA256 4c629c0d5a3c04a3dfeee2cad3ddd3537ec3ae0296d50fbaf13453392a63d55c
SHA512 ea8c0fe88cd93279853d1f2ea00ca2c16cd3308a7eb9315c922f431905ea11cfdf5ee1d01f8219cc394b85134b3caca286049eb605b3de7608d24d829e07f4ce

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 01:36

Reported

2024-06-02 01:38

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c7ad73d63d3b470c70f4e5b0b9cd3f6_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c7ad73d63d3b470c70f4e5b0b9cd3f6_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4672 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4544 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5756 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3980 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=3560 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5908 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.pilarfraga.com udp
US 8.8.8.8:53 www.pilarfraga.com udp
BE 23.55.97.181:443 www.microsoft.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.21:443 bzib.nelreports.net tcp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 104.18.11.207:445 netdna.bootstrapcdn.com tcp
US 2.17.251.21:443 bzib.nelreports.net tcp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 8.8.8.8:53 21.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 104.18.10.207:445 netdna.bootstrapcdn.com tcp
US 104.18.10.207:139 netdna.bootstrapcdn.com tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 13.89.179.12:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 12.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 maps.googleapis.com udp
GB 172.217.169.42:445 maps.googleapis.com tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
GB 142.250.179.234:445 maps.googleapis.com tcp
GB 142.250.180.10:445 maps.googleapis.com tcp
GB 142.250.187.202:445 maps.googleapis.com tcp
GB 142.250.187.234:445 maps.googleapis.com tcp
GB 142.250.178.10:445 maps.googleapis.com tcp
GB 172.217.16.234:445 maps.googleapis.com tcp
GB 142.250.200.10:445 maps.googleapis.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
US 8.8.8.8:53 s0.wp.com udp
US 8.8.8.8:53 s0.wp.com udp
US 192.0.77.32:80 s0.wp.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
US 8.8.8.8:53 32.77.0.192.in-addr.arpa udp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
GB 142.250.200.42:445 maps.googleapis.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
US 8.8.8.8:53 maps.googleapis.com udp
FR 145.239.35.25:80 www.pilarfraga.com tcp
GB 216.58.201.106:445 maps.googleapis.com tcp
GB 172.217.169.10:445 maps.googleapis.com tcp
GB 216.58.204.74:445 maps.googleapis.com tcp
GB 216.58.212.234:445 maps.googleapis.com tcp
GB 142.250.179.234:139 maps.googleapis.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 stats.wp.com udp
US 192.0.76.3:80 stats.wp.com tcp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 lcg.tj udp
US 8.8.8.8:53 lcg.tj udp
US 8.8.8.8:53 lcg.tj udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 connect.facebook.net udp
PL 93.184.220.66:443 platform.twitter.com tcp
GB 163.70.151.21:445 connect.facebook.net tcp
US 8.8.8.8:53 syndication.twitter.com udp
US 8.8.8.8:53 syndication.twitter.com udp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.200:443 syndication.twitter.com tcp
US 104.244.42.200:443 syndication.twitter.com tcp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
PL 93.184.220.66:443 platform.twitter.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:139 connect.facebook.net tcp
US 8.8.8.8:53 66.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 200.42.244.104.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 pixel.wp.com udp
US 192.0.76.3:445 pixel.wp.com tcp
US 8.8.8.8:53 pixel.wp.com udp
FR 145.239.35.25:80 www.pilarfraga.com tcp
FR 145.239.35.25:80 www.pilarfraga.com tcp
US 8.8.8.8:53 9.173.189.20.in-addr.arpa udp

Files

N/A