Malware Analysis Report

2025-04-14 03:47

Sample ID 240612-xeqt6azbjk
Target a1d06c82647f0ed958adb9c86270d6f4_JaffaCakes118
SHA256 8aebbd7658cf7ea13b41238ef689062a13d6896b110301fdf0d6fa4e162e1da6
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

8aebbd7658cf7ea13b41238ef689062a13d6896b110301fdf0d6fa4e162e1da6

Threat Level: No (potentially) malicious behavior was detected

The file a1d06c82647f0ed958adb9c86270d6f4_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 18:46

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 18:46

Reported

2024-06-12 18:48

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1d06c82647f0ed958adb9c86270d6f4_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1d06c82647f0ed958adb9c86270d6f4_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3516 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5364 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3960 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5880 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4992 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 corporacion3d.com udp
US 8.8.8.8:53 corporacion3d.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 70.40.217.137:80 corporacion3d.com tcp
US 70.40.217.137:80 corporacion3d.com tcp
US 70.40.217.137:80 corporacion3d.com tcp
US 70.40.217.137:80 corporacion3d.com tcp
US 70.40.217.137:80 corporacion3d.com tcp
US 70.40.217.137:80 corporacion3d.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 2.20.12.87:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 corporacion3d.com udp
US 8.8.8.8:53 corporacion3d.com udp
GB 2.21.189.233:443 www.microsoft.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 137.217.40.70.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 2.20.12.87:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 233.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 87.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 195.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 70.40.217.137:80 corporacion3d.com tcp
US 70.40.217.137:80 corporacion3d.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
GB 172.217.169.74:443 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.73.29:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 static.whatshelp.io udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 172.67.220.136:445 static.whatshelp.io tcp
GB 163.70.151.21:443 connect.facebook.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 static.whatshelp.io udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 104.21.24.205:445 static.whatshelp.io tcp
US 104.21.24.205:139 static.whatshelp.io tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 70.40.217.137:80 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
N/A 224.0.0.251:5353 udp
NL 23.62.61.89:443 www.bing.com tcp
US 8.8.8.8:53 89.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 18:46

Reported

2024-06-12 18:48

Platform

win7-20240220-en

Max time kernel

144s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1d06c82647f0ed958adb9c86270d6f4_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000069e186ac6555ed4e9caf9bd1e663834a00000000020000000000106600000001000020000000946fe04ab151b18e814ca8c3eb88821845a2af17ddea8f1e0a9b547e66ab5ec7000000000e800000000200002000000038c0a565037fc5bfc9911744e135bc921804a4dca383a45f6191a474d12b8922900000003e85e150b4baf047d9418b02824706e2021b59376cc221c558c96edb1ff8353ce8413e71a8026af3451536ceab19356a25f45bf8b7cc8c1270cd875b8816d57856b1644407bbb72eff389759841410493096b4475b9035f7db59fca8bca3ae3fac5019e6f0b377541220856bb2455396ece75beb00299cb35e27901e45642e3d9efee862541fc7b6e2868a50ba59379a40000000cbbdc8c80b669c38445b13a0b6c0bd9c5573c1cfc6684c92784bb401eff05c112c47fa9e858cb589f87f665f224ada4cf26603f8aee8e71e6a0c6553de0de740 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80fd96e5f8bcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000069e186ac6555ed4e9caf9bd1e663834a000000000200000000001066000000010000200000007767d03d3d7cd0c92f2739e41205d3390434a6944f0c75059c578678b3deeb11000000000e80000000020000200000003a84c3054aa0a9e9ef17a30ce0f6a0f63e17f07e6abf07ab4a82a4f5fdd637bf20000000fcbca345914a5deb79ef8c4a9ba3b0755d8753b24cc939d3c6e10783a68efaa5400000002ab9e1f8053d4feb8056af659a81979821adb25b9f51d7a116ef632437f3b894f82239f9c30f9d99f1f65d26853d6c6282e78ca553abd5d6cdd7fab398e6ec2a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424379846" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0DF4C281-28EC-11EF-8A5C-CE787CD1CA6F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1d06c82647f0ed958adb9c86270d6f4_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 corporacion3d.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 70.40.217.137:80 corporacion3d.com tcp
US 70.40.217.137:80 corporacion3d.com tcp
US 70.40.217.137:80 corporacion3d.com tcp
US 70.40.217.137:80 corporacion3d.com tcp
US 70.40.217.137:80 corporacion3d.com tcp
US 70.40.217.137:80 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:80 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:80 corporacion3d.com tcp
US 70.40.217.137:80 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:80 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:80 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 70.40.217.137:443 corporacion3d.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 70.40.217.137:443 corporacion3d.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab259C.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar25AF.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b02f587ddbb6d25db09a687f0f1280c
SHA1 a0773f67c57588af3398643e89e37b50269b5033
SHA256 257844819b4a2a69e25fea932015555ba0939419d686249113feaafc3be357b9
SHA512 f9344c6a27c81e19db11a82153637bb60b0d105d2a9d9c68d216bf79c15e3c92ccb29749df5ac615f827ca24ccbc0172f59dd868e5f7ad039d994ebdff2fe8ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar269F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e212956cba92d868267de866dfefb28
SHA1 bb9b6af00dc4f897fc2ae8afd6d8caa62b3db8ab
SHA256 a74e88082eebe40cc1a02f831cdf6de4babdbf30bbf09ab7b8141683b46a90fe
SHA512 ae92e28f36ded42a06ba9db5192deeb5090b5729503d57e5c5bc5fb4feaa1d666a3eb1b92b72b04e85d47a9f86a64be952069f0eb9ee9928e39d22eb3225e1db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d06a00d6edf2979e3b9e6e590faacd3c
SHA1 b317b12b4cb6685a198f908affba4fc357e78474
SHA256 492a0aaa78fe6328622f0efb93a772e0de2f801d230331c5d71387d3113ea593
SHA512 458dbe39950d38bcec9c04dd03a048ed2135b73ebeaa3a5a8555dc0416550aeba9def985db2863ecdf4f838ffba3db57826d722526b0863b922602dd709d7704

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0dfd27491cf87ead466beb3751dac59
SHA1 0970f4589aa35f1c09d8e37aa0df3c13c2b2e868
SHA256 42cc7d4b10c21ee7e8d7085015804d1b801b60ed1d69e70b165900fe2eac87ce
SHA512 3811f0da732295944d8076dd32d83ee9b5e50fd942189cfd03bb8584a9cac3ab3e6466a1e3167399eb38c19298d7818f1ba7ead718a76be6300ed81e066c41ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 871fc69c0ecb35496461daa4908826fa
SHA1 0e90d47f270f0a489629a0edf40343aeb5940dfa
SHA256 ca23377adbfc5823b8844c7dcac8f1068e6231247d4b4a1cb054f284fd7ae9a6
SHA512 a3b7d2737b8856dee1e06feca1a57fa562d2c41c6c3a4dbd24df0084eb2ef5115766b1bd423618e82628e7d00ea6bc5981f4a325822f7dc999421d9c4ce0bd7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d10ceffcd26613c883c8d46fdf0c56e0
SHA1 2752c711079bcc11a0ba4fc81f3aabfdc94e0bd2
SHA256 5e13ef26756fc6bb5940d5689ce63035a97d5e6e2ea2c2e7aac210dd66ed52d1
SHA512 7f36b221820ef1168951e0c53bdcedb837e4c814c008116602dff8511b548372bb2c84b11449cda6c63a22e9cae9dff7e63ea1eb2e0b4433872b226e3e16c96a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0975e786c8ae313b52d7b930edfeec1e
SHA1 e82c4d581ec8139de426d5dd59937d2f2355d2e9
SHA256 307cbf613454fcb039b38d64eb35a9220571b7563f7b0aa7ff5be042206ccd87
SHA512 7b5e319d1270e0ed5de6d6579cd8749c5fe1a9ef359338b8ae7fdb6447340f0a8840fb607c4d1c4c6daf5956e62d3e95f1ffa07a949a57f348af33e871deb10e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e487a9e9c5d618c828a3c22622407d0
SHA1 9a358d9aa93f92ed6a867ee69baf05d5397e77bb
SHA256 e44c4e21c43b10ebbe9328861b5faafc07dbeb5a5348a26d5d8f0fa2f26706f4
SHA512 51c82f22d4a5e317efd48da7a14db7b9a193fc13d0fc29db13021dd22a909893fd7a880420c9ee0aa92c9fbacef4a6b81f07836ad68b6ea44d7af1a663db11f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa7498be4c71c04688245a13b277d8ca
SHA1 fdbbcb069c4382af35c8d623b446010437483321
SHA256 92203e3c43a16c3a1883e07911fb885b17a470bef09d146ba0f1bfb1e69cb3bb
SHA512 eb63960275a9f29179c836561fd6552828a65a4c1dba8c28e8b86eace13f465f8e57095a41ae2d0215aade02b491e1fe12ba1d50aaa3f5e258ee8ee4f3d50708

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fa45c8c99f864507a0a0171525eb18b
SHA1 ec520968d74e75833852792426d4e08ebf1d617b
SHA256 cc7b2cff2aa4491aaebbf9b124039122918a3170aff137f71437c43284f0f56e
SHA512 ceba58fbfeadfa07cdf4f4334e068c3b122e2b2dcf7a8a8867e305300d147d466db4a67f66733fe0cce7105b76a47c3051e875e8c15ed6dbab9a8b79dc77a2ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bd61a77929f9d336f8261880e15104f
SHA1 17281d121c8dd61ca47433a80b52ae082f8a409a
SHA256 11abdb326d699a9c18ac6e2b68adf5f4661305de5a87f5aba0622b6938bc8d6d
SHA512 ef4179f896fd450d224884008db8f317c8beadb71ba42427a2d97a1ca8d4418f5e933b2bd0684941477bfebfdde49baea75f599b28f3bcd93e429d61b96b17f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01809858a12bba8ed59b1bb57033cbdf
SHA1 dbabdadbb0a350a87dd037e927f6e75f02cbc039
SHA256 c701ee6b7d590e12740dcd40d9d18bf70a96815aea2df795f29ef393ae6734a0
SHA512 b561364c7526b694fc078d4c416157ad6906ea4af0acbf2844e299e513f1e56644ddafe87619a0656054df1acd04faf8790eb62b7986edb9997c442c6bfed7bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcca55ed837ff0f4bd425ca1ab9c88e2
SHA1 baaf2eea47af29b2e3fef294900ac6fb018ddecc
SHA256 4f8abda192ea68b4ea538b7f86ae45489a0b8707ad6208ab192d142bb95abf0d
SHA512 c979ac2f91d9db5a6ff42d0dce8405153446d66964fe0e0c761f9b9e29c855f1a053730dd308e570c66081900bb91836be77a00a68fe1d993574db9f228f7823

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bac0d90415ca987e61c23363f31eed35
SHA1 74839a4e72ee374171a38f9e05e6424ac1e35f09
SHA256 62847791b8771ba0be0d4a61f553945ee312c221e22555bae6f68419ca0e08cf
SHA512 a4f9477a58b596013d21109b241c069aa5c128ea99ead2fb4d245d056563dac39e019aded596523c5189869d51b9c3308bc3cc64b4f5e92fcfd0a5511c023be5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 c7a85baf87fc4bb378f7a668162a95a6
SHA1 2d880ca48a7451a8f8ee1031082b993da3c80814
SHA256 63f46c33cfc9ddcb201e037fe66fbaf48a25393bcf3c0825f96b4a0bd1c9523c
SHA512 3f845715a26a3bf77d92f49ffb22d634ba6d9a9c6f0faf68b19111b09a79668275b513820c59874241aea74327a113bdf842b33006158ba2c4b0751b177786cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f7b2543b4da8b253ee5903c7e729046
SHA1 a27cf9def127aec9524174ee3f8925987da05c8c
SHA256 d180aad90cfb92ab61e82924b7f2993ab0a73426862bffc5ccfa3703c11feb61
SHA512 aad07f9b03e698da5aa94da895bc49264add22967af4c2e19d79ee75861c94b08c11357b3e480c9b0d9a92d046cce5a40314e8e5f6ddd43fadb81dd281aaa562

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 558f81ef57060c94c652f3a54eafe11e
SHA1 c5dd652f145485ad35f98a0414ccba70713b0b0c
SHA256 f7af15062e032a3f03e2b6667bd5157045bd5e2640067abdf7b5f86155196cb5
SHA512 5650e4cad7b77a41151356e57b327371bfaacebfd9abaf159ece153507b56db9caac472dfc7620fc8ab46d83f32ceade6c087e36255b96ea7a6df70fe56fa354

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b1ef7b53f66faf6c51558aad9b38a9a
SHA1 7ca2ee92507db8463067f54f1092b15988717445
SHA256 464f507c163435753e8cb0a88db7054f0ee0be168f8c6eba7217d130bcc7e0a0
SHA512 d36b8a2da7e9085eacd749dd978c00243ecd9f9ce300c3f34abb00f0957419f8e070eabead63c35b17119315ae2c97cc043a80c90e417599bf248fd1b0a32c29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53f90369502fdf001585c242a33c80df
SHA1 192d708cd657b9293fe64e63a5121ae545427e20
SHA256 ae706f30f5401e6e5241779d92ff48bbf1859930a6d48db07a755ea2b7c38de4
SHA512 c25b18fd72470212c1d596c1e4c8ce70a646d647dd8100db6a823fa4480d682848fdd82b853b84b8bc1e900cc08d4bddca142673dab7a403cff22ff043f9e974

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2eabda0e9261d9cbea8dece122dc1d9b
SHA1 a69d1473bf35a7c5d30e77d9c577395e40518f06
SHA256 aed6874181c757f7119ecbff08930d698a25387f5ca1dae2a493351fdca3f8c7
SHA512 d94ae631721a985bb3896f4cd537aef8f88aae1dfe88234021ce611f57cccf7bbe3aabcd3a46d91636549ba53c7d9922fa6f9ca56ebac569b773822f4ed81220

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 1f63f99a934a43d0f7370168bda43663
SHA1 b6d26424e4ffcbd6f36b87a0c354cca6562ac083
SHA256 90ef4076a17d709585b2be160e84710b49b103c6efc21429ae03d82f56ad373f
SHA512 6c7bca0d9ea0a480e081035222716f6364ee5990aed60e6b14e84fa806edd4faea88dacd88f304376cab31ccdaaa45f34c207d684c9017cc70556ee9db20f20c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6479616399f0e853a2803509b049b3d5
SHA1 a5690379f5244556e03c2f56cbf45783c9dceec5
SHA256 3444793ab7beb95522e8c7f9ba1aec31b12bdb5013923d4ef31f63e57e27ab02
SHA512 5add9104109468d8ae1780ac8fa75e6c778871efed73f433710d8a43c05402c18218d554f455e225dcbdcaedbf05cab44d82bd050a791e67d152dcfafec019bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68fd459e6ff469226f3cbc98ba38fc19
SHA1 1a01abdf6e612109b3bd013c46289dc6d9941fe9
SHA256 009049c0e27c17ae73684df94fef5eefafa80af129d3db2f92de34545f5762b9
SHA512 3123eaaa0bfb6580022afda8d308fe56ada37b69a5e088cd1bb93b0e79fbbf4eefdc501dabad433e924c0cc637d394ed259d3f8839a7fe502c9d628693a1f5a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1ae258b79f13c988e16648f7ceb03a5
SHA1 ba21122caf54a56f068d3f52ec887579d744be68
SHA256 7c3cf56b908f364da7289aecf865e3fa92f5b8142f6413a3ab6b510b179d1a67
SHA512 987260ca0217cfdca27834abc0842e2eaec567fc9ff251fc5bdd00bb347c30465945d3fedf8774762a2891be6c122067afe2c61b83f8233b20dc0ec298e56fcc