Malware Analysis Report

2025-06-16 07:26

Sample ID 240602-fed2xscb25
Target 8ced22c44696e6ad8eae1dde8db38966_JaffaCakes118
SHA256 54a864c007b10ab71c1dc199611196a47a10e593fae7fb55f0b0152df995a816
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

54a864c007b10ab71c1dc199611196a47a10e593fae7fb55f0b0152df995a816

Threat Level: No (potentially) malicious behavior was detected

The file 8ced22c44696e6ad8eae1dde8db38966_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 04:46

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 04:46

Reported

2024-06-02 04:49

Platform

win10v2004-20240508-en

Max time kernel

134s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ced22c44696e6ad8eae1dde8db38966_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ced22c44696e6ad8eae1dde8db38966_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3904,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=3820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3768,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=1392,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5412,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5456,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5904,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=3860,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 saltworld.net udp
US 2.17.251.21:443 bzib.nelreports.net tcp
BE 23.55.97.181:443 www.microsoft.com tcp
US 172.67.166.97:443 saltworld.net udp
US 8.8.8.8:53 gamingw.net udp
US 8.8.8.8:53 gamingw.net udp
US 172.67.160.162:443 gamingw.net udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 97.166.67.172.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 21.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 162.160.67.172.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 192.0.73.2:80 www.gravatar.com tcp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 192.0.73.2:443 www.gravatar.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
US 8.8.8.8:53 i1.wp.com udp
US 8.8.8.8:53 i1.wp.com udp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com udp
US 8.8.8.8:53 2.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 04:46

Reported

2024-06-02 04:49

Platform

win7-20240221-en

Max time kernel

117s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8ced22c44696e6ad8eae1dde8db38966_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d02998fe61711a4b9e834e9f3b84390e000000000200000000001066000000010000200000005428550689dd0211373846613c07f1919f767f21404eb58103e96839ab567481000000000e8000000002000020000000d02f132be15a04d9a57d84370cd0c0cfc54ba3ee60bb6c9b1fed71da4737113b90000000cccdb0907ec5ae05cfd6fd066d4239ab91b352cd67baa8eeddd9771fe1cbdaf821015d7515592801f536714c1ea1970d694c3fc611358ee075889cf16bfb45efffcd8cd784ffab7b745f1e1bfff6d454d29fef6db194511046adc1b78ac2f62f6c29e9e84e3a0d80f121990a2f51ee3b962bea153d2b530eb85044c3c54b9010b6a96d3cf625a9aebd191737df9573c740000000e6973b3d3152bd6678e0733615d849a103ddcc789ca1f5b65ede27111ad3337404b97fc025039d4f8732495bc5fe4ab89f6dc30e7eb010fff6f7a19a6e08043e C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2159FCE1-209B-11EF-87AA-FA8378BF1C4A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423465480" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 702e53f8a7b4da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d02998fe61711a4b9e834e9f3b84390e000000000200000000001066000000010000200000008a361b4c82911ab2a778ab48c152a7723b4b4210c17c87dfcd46597bcce6d24e000000000e8000000002000020000000adc9b2d9cdcf95e47d80d365310b845ac6d803abff96d894ec927852644f4fe8200000008b12c36bc38fecc79827b227985cf5ca60fb1511ac7cf89d4c7320b0b436b37e40000000c050b6839e01c6791488b71a07e1f3ed47860de9111e6b09937c1857a61c4d4a676d28605917bf08aaa2b535f379b311053494c2a11c717d72ca991216209d41 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8ced22c44696e6ad8eae1dde8db38966_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:832 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 coinhive.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 172.67.166.97:80 saltworld.net tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.165.117:443 coinhive.com tcp
US 172.67.165.117:443 coinhive.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 172.67.166.97:80 saltworld.net tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 8.8.8.8:53 gamingw.net udp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 8.8.8.8:53 i1.wp.com udp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1FC2.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar1FC7.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 f1fe70bd98fe88fd43d19e5afe842f25
SHA1 78465b3e2755b72e2f58ca069e5b42b471d12021
SHA256 6bd826c9ca99cceb0679c8a79cf24e0939fff912e4976b0177f19099733fa239
SHA512 4a90f434858f53a19d37a870d59afc23f79e8b4a9e6650e55d6b483fd315841c4089c4bd038150af8288fe993d162f418f28baae66b3135015007ac6ed67f8e6

C:\Users\Admin\AppData\Local\Temp\Cab20B4.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar20C9.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 146ce4fbd360802e98a49fa8d1423fc9
SHA1 6d2d9e03f6f1a086ece24b3f924fafe8d96a946a
SHA256 030ae5b627f2a469a8b208ebb96e5f2d46cdc9a28d0c3549177738c5729189c1
SHA512 1a329c09df56ef8d80d09bd5df9ce2fb5e2c417804e995e95c08d045d7c8ac3b7f0fceaa89d4a9d2331a86feb1fccf69127ee8cea987a8029f3565e0d83a38d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04988a7056126b9c0f84fce6d40d07f1
SHA1 a0903d57ec949fb606d054646b3725219c63da89
SHA256 65aa163354707c93d1b19f8ed95f3aa7bc7f2121304671fd777c5995e654fd39
SHA512 25dbd223e8414a25cb90af0df1e3fcc42ed6326c3b724609b1b044e47eff0c75c92b9056d6a22ad695dfc897c76d539325c8acf2bb87c70b010155790256bcee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c57903f93e8af93856527056880d6dfb
SHA1 5c48cb7e8127730e174dd31dd83600acca1b0113
SHA256 e07290ca5fe1352e737a9e26fdc92c75a73c4258d6898689e42c996ca8a4c05e
SHA512 7b7e831c78c08000c93f09ba1f438905952022df75fed81553c3d6f8def391e07279f73d585743f544f69e550f9055b1d24f420e3d3a469fe8f5399bba2a0323

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 069b13a0c412cee9236e2c6d79baec3f
SHA1 0d010e1452b134dbc4655067af8615506d7dabab
SHA256 7a673822d40024cf00f28100a0d56adc7b52502f26e44827d31e041a9fb2757b
SHA512 55f93d26c838c219bbba9558da6a960fb186e9e7aa653c9ab1eea3771f3230a7feddcc36c30e777835a1e84dcb24a437f8f75a5ceaccd4945773ec729176fff6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d170fcbf7714567e765d3aedbeabe496
SHA1 c6805df108eeb9fea6555ab89fd3714117b6cb07
SHA256 c5b89d57caddc9b7aef0a407e44d633082dcb184bc632b4be717bed5b0ea849c
SHA512 9d5441157b01adfc6db9ca0398e01b14ffed97fb36e5d486f45076a04b25b9431d700e546fca204b2d65113829e74a3604452b92f116e1942c9142d937d7adf7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f943fafe49a7f1d75c38a0a30088edc
SHA1 c6899d4b8a5ff4dd9d96a631fcf1efeca0c4d0f4
SHA256 f267490b6b9062d4dbc0c668b7058746586c31357ba41c13dd58d4e964704c31
SHA512 1802bf7ec462e9a9bc7b201ca81f9d8e1aec926d2a57e90db7a859635b5249bfda31932bb7183ddec8e82eca745488be9debb82012966a225c6c3510633cc16c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 26bf8bd1fcdc6bc83b5622f33e14e05c
SHA1 8d37b048be91041aa7ec236314954e3fd84403d0
SHA256 b881a2133cdabb9d881ac9bad5700b2372a5555b61f52a52b3a0164f99a9c051
SHA512 08ae9b4ede8456086e1a551b9e5d16671d00023be9cf6b1ca61562364b899374dd4b6bc82510658a6b7c910278c65e52a92d8a3b5385a8be2ed111781f80b674

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8524910bb805c9b844d9eab632f1cf4
SHA1 b219b0c0b5097a7b005bc02a5652918cc04b0418
SHA256 da7bc1a5741f40a458e9a51ef63a0a4a9530b36fd39de8040f4c84189feba611
SHA512 fad94dae42a15ab2ee3bc058c2be32f146165b8d5edaa7a4d9a503f9677dead34c96d0e3faea979d3bf8f77b93e2f46c10c97c3911210683b87d11a093edf98a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c13186e92d901999ae7efe95de37572
SHA1 3114932e171a5b6d23a08df618d43b354ae24ac3
SHA256 ba5172588d2cec46ad7ae518fa415209166c487fa42251b0110a80b58d36c403
SHA512 f1c5337e4e25c8f03012f485180665fdcee924592f7842297a5ab5893bc5fb01d5b7e84549e2ea9be0c1e6d26d4ff86808037b29bed70e9b3f84ccd734da6303

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f67e30150a96da92663705487c31029
SHA1 a7c0f48581bfbd1d9a8d2e82e4c7b6fb2634086e
SHA256 7fa9dbe8d144fa376ff0d31855ae49bb264c4a93f3423d423e5e7aeb84a07172
SHA512 08afdf3a12dceed20e4fe62e9afa49b75e1dae78623878cd5f426babf306d59b95ca960aaa967e281208b0ef9fa941833b5d33ad5523510064b6b00a9cd811b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95876cbf4b3d05fa225ed9f81fdf69d5
SHA1 404826931badfffc0885a7544c6187e82e953023
SHA256 aedde6b3c69eca34fc4a83cf06d75230077de8516558d65abf669106c58918af
SHA512 1a81420de1cc81cb7c000291a7c83412a5615061fa3fc0b8266236e5e0b2c9c5f86135fa0e754d70260679e9c53ef8142be1bde5ea58f2bef22ed22266eaab2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03a1e7af1dbc5741578378a84536335f
SHA1 cae39200aa37c85d1ca4dcb161483ab41819621b
SHA256 07b6f29545116e062eafd58d2675deeced69c57c1f599543b12ce852875d3270
SHA512 933f3cc66b4c3090f40580587f62d7f799991237b817a5228182f0ea1a4822e513ae5cc95f90e2329f876d3898e2b70ee5c510139ad7841d02a8e96cf8c450f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aaa8d4417bec09b87db8d69bf69d0f31
SHA1 78f5652112625c3df715cc5756f5c4efaa10b125
SHA256 61f5c210e05c8e603377e865f789250e73f05d8580d35c42b6310d5e6133f2b9
SHA512 5fe2b191a0f29d143be19aea2b16fd1aea2f05ea441a5256ede71a50f8b1cda165dc387233116da0cfc316ce2d5979042febd602dec8d7c9f646dd823dafb580

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 4bd287a53cd24eb24971d20ce049900b
SHA1 97c0cc10171a58fec83e8543a7ff2202344ec816
SHA256 b0242bc18715a291c880a6a36a2c3f202b7d1d0eb5388a6697d6cf1112b94265
SHA512 dedf0edb00dc6671879aad59f1ec819819deeb4823e34bd54983199d26fbcabd3890cbacef096d5b760c8ac688f1b151282f34b39c2da2911bc333d04ad775a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a33080d64deaf66b7b44eef77fdea736
SHA1 2f20a882b4ff6fb619c01d8385ee278722c2849f
SHA256 84e8350563c032a1ab8442d1fca983242e859bb447700e91cb89e2786f7f3300
SHA512 64edec1dd5b0524e185b967b711e544557c7180af375b327de218ceeb26b137084cdd3bcfaefd48e21aad96c81d40ba5722eff8813663e853a90de83aa5479ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70ec4cb0a2e19a1c49534db65c7a1040
SHA1 8f572c5526fe0738f6b9cdea5e8126568ba99975
SHA256 b60d23fed5ee0c06aba5ac9351dbe6503092322a67047ac16136366fba3e3c59
SHA512 88dc8c7be7bce666616ab8f30b8238aff114231a398c0057173f65991df37f4201335270fd24c7f229e54aae6ae6940975bb4e15eee7aa83d301a76ac7f70106

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a84f690098017529fe88c4c0feba2fb
SHA1 005e200bace27af85284a6582123d6f3e6bae39f
SHA256 d21f2db2e6359191792697885321711805068d9485bf6381fcc44f28aa72ed5a
SHA512 f0f2d94695e720ca3d9134f6f2b3aac6902fc1f1197097b7f56a521ba07b7c4f7821e05cae2cc37c8efa740f48bf8597a1e81968a26cebf9dd25397c08136bf1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13f37deb9c8c8a53be0812b87d32300f
SHA1 1478eabd205354f35f4356e0ed40ec4f12988c1e
SHA256 0f2eb2f50d0eaa2f86e2700c79eb72ba89893a335bda52ab8636dc5767aad0f7
SHA512 0e896ab4500c76eca32bb86ea871f9eb1ecebdeb9295ab6c051e6cde3710a68ca6806fefb0a13f84ed2f2147c9246d258b0e5d4e992cfb4fcb1ff789f38e6585

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e952fcfc8a4aad662c56248b5fb79f2
SHA1 8f79d9f8d0339bdba572faf04a33ab7492cce548
SHA256 37b00f3557362a49ad225bd79d3f245d27bc184363f99353effc00a3b391a1a4
SHA512 a3fa111758300ffb818403c49832b29da46626bc6dab7d3e0afdb0db4ccd574ebb25396b2a8f38a14f00989f6e508a608f67f1dca4491111bc98a099020711f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 00ab5fcc86e5bd076d50f2d72d6aa2cc
SHA1 62780372a4201c0d9a152b1063aa4d1a7ce566df
SHA256 2ed583b4b378bd37510672d537bd01894608bafb2202cebe133ffc0a46329272
SHA512 219c64e71e3a157ee184460f50c85ba49bf79c18f4ce4bd3af769c16fc1ebbdbfb1fe07c630f44213a0d33dc9f47efe330537f1e4edb13ad6f033f905f73cc38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e29e745d0a928880c3d23c39c9dbf083
SHA1 17c26f8779b3499f0b4e26010bfc6e346d11092a
SHA256 2feb4278f70c29d63e6d70ae44e2ef0619f28dec42288fa8a2fe80f2166fdd9e
SHA512 23afc9f342fa2f8c29e9fd51b82ffb2efbcdf6c995375f96cc97c7bce24fb4118838fc8594b7c4e0096946f3566b4581671d18ef0ddd16f33037ea8460b01c69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 668e1d58b8c5395533db060dc9c9baf7
SHA1 1a70672331d51f1ed5c55b4f682db72de95c6df8
SHA256 14d77b4620eab4252930196f4549f507a0f75d11c2bc58ece687d50e5214fbbc
SHA512 248bc5edc899fcc4b39a03efa2b7802907e8e09d68438d9f6d352a23c6ef4958a896002b9651772cc32393ef023aab3784c9b1b495512d1487b15306e93dde84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac83bedc1cc510c22826b97cecfe294f
SHA1 411a91e7a84a01a9a14e817aa5e4113996efc2c8
SHA256 e8a5556aca5a07cd158f62651a10cc819679bb5d9d95de6c6b3aaad323955b82
SHA512 152964aa28739120117c2f24de26c3649d0a583f5db3fb36a259d39dbae7b97000c6ada9642ced3356791f795e9aafbff5e876b85ecab674cf15c47bb87493a3