Analysis Overview
SHA256
d44af9b48f81c4bdd072b8c31d062511bf046f25abfd75a7e0eb6de4e1a6e8fe
Threat Level: No (potentially) malicious behavior was detected
The file a3519e0480d2847dcd75f838a2eb591f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:14
Reported
2024-06-13 01:17
Platform
win7-20231129-en
Max time kernel
144s
Max time network
148s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004db0c947560db0458e2eca046d7f5b570000000002000000000010660000000100002000000077c70ffec17d629e634e6a9dc22b991fc81ea2cf3f167c908583606244d154f7000000000e80000000020000200000006f83e89a7e9e1cca130800a7f55c7ec5b14e63ebd05ce2fc22cbcd4b48701ae92000000038cade52d7f75e72ff473ce3f10b7203f6896454a0b36adb9f91e0386aec057840000000b8c49665562e44e8c3e9aba3e8907b324f64c684707c398cf2986a67d069f613b0a60594cb297002c32ba901fac339613f217c8f9da6823cdd57a8725d5e8ce9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004db0c947560db0458e2eca046d7f5b57000000000200000000001066000000010000200000000d7eba95f6ea9c128576b0a622025be63bf694af0582de68c865c4f68795a096000000000e800000000200002000000048cc03a026a6317767f9df3974c5a3f44d21831dc6096b22134c4bed7297cc2490000000d3579b2fe873cbb008c3bd5e31763696d0bb42c15bd02c8066fa0344192968eff809cbca936604155f866e98d18306be0753b8e8fabdcdb7971c62df086e9185282b647c3981fc62cd98877ecccff86cf1145e330811cbe2e752529fad582125890c2baa13f523abdf4fa9701c17f9c852b68b610c73a63dac0d0f6c8ecb2d84ddcc48843342d7135c49f4601b333af9400000001578ccb6f1ca35cef1cc2e71726878b22d02a2f7fc24158410c111f87ca5aa12decc9164ab3438b6cff1dfd1217c6b6f03efec9962159596f1af41bc704f1ae9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{588FBA81-2922-11EF-910D-CE7E212FECBD} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403164" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60d377312fbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2220 wrote to memory of 2372 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2220 wrote to memory of 2372 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2220 wrote to memory of 2372 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2220 wrote to memory of 2372 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3519e0480d2847dcd75f838a2eb591f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | ads.voipnewswire.net | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 192.0.73.2:80 | s.gravatar.com | tcp |
| US | 192.0.73.2:80 | s.gravatar.com | tcp |
| US | 192.0.77.32:443 | s0.wp.com | tcp |
| US | 192.0.77.32:443 | s0.wp.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 192.0.73.2:443 | s.gravatar.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 18.245.175.46:443 | static.hotjar.com | tcp |
| US | 18.245.175.46:443 | static.hotjar.com | tcp |
| US | 18.245.175.46:443 | static.hotjar.com | tcp |
| US | 18.245.175.46:443 | static.hotjar.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 18.245.175.46:443 | static.hotjar.com | tcp |
| US | 18.245.175.46:443 | static.hotjar.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 18.245.175.46:443 | static.hotjar.com | tcp |
| US | 18.245.175.46:443 | static.hotjar.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| US | 67.20.112.14:80 | digifarsi.com | tcp |
| BE | 88.221.83.187:80 | www.bing.com | tcp |
| BE | 88.221.83.187:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1758.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar175D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 7918d04bb81a0523c2d8e64f2cfc4d9b |
| SHA1 | 9bbfe9de79b56ac3115654c134242421f9ac0965 |
| SHA256 | 2301994da68954ba1b36faed2288117ef8902bae5aed2beba9827c06c2264dbf |
| SHA512 | 5933404287fa94501290d94784d9fa2ea892ef359f45d1587bbbfb81d8a607279990c7f7b3a0afda4eed8cf47cebd0ee742343cb8e073d9f756cadbaea2fcea8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ad0316b17ff995c884a5544121d5605 |
| SHA1 | 24857d37d3246d287bbd4745cdb81489e51f592e |
| SHA256 | 9c31d31a9bc4fa18d5863bda65d5d88be7ef26402ec3c8964ed1bb1b05c2de99 |
| SHA512 | d6d3ac027ad3f62cbdabebdf49b6c62d98920ae19f00fee04192d0e9b2306c9839422394f84d37bfe11868b9fb824131c92ad443423ae7596671aa4bd44172a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 1321b9758d5b80426571a3a0a2ada783 |
| SHA1 | e0834af746c060440fd32959e1e4cfa94967565f |
| SHA256 | a671f939a84496b3f638c8776e3d82c6841e4d3357a06b648577288090f28526 |
| SHA512 | 27886f6d12a8bebef5bff25ac408972888b9631246572ea1f027617e0ea428e9b655bc3080f87c3eae2887cd494edd52a28174802db0ca703d822ae5db7047ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 991a32532fc4d5e4eae1b4aa415f6c78 |
| SHA1 | 6440e3dc8a02ed76310234384757df419f914f91 |
| SHA256 | b138faca1a5b106e21cbc4929274690b65d3223f45977e21de5bb093d06d1491 |
| SHA512 | bc6c19145f35fc12cafe8ca0a1e01960c2390ad0d485ce88cc1068293368fb6bab070e5106be62a5af78adfe112225a0028416e3e6a1dd43493a52c88140adbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bcdf922444e091e8bc1201dd57fcc9e |
| SHA1 | 667a3e80af8056b90286b1989d73d0c192d8fa5c |
| SHA256 | 071bc7c854d5fccf9a73fcb26bdf6df7226c281a414e36ee9cb33ecac0c17547 |
| SHA512 | 2cc3679dfa0874849b8e5534173ce400e4a6893fd9dbdc8f5bab259ea9d3aff9ba653760083e5cea42a2255bfdf540b94af5ecb494bbc5bb44b56731123e00e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b1f079da78f42032899355086715ff5 |
| SHA1 | b01968cb7961dc9ce05a6eb6181bcc6b321615b5 |
| SHA256 | 9c82e48ff41967bd53d322826135e83ca87a6ce1e5fc31ea44309721d6277f6e |
| SHA512 | 7c11e943c4b48d4c3bde527178a3f1b6b248d145cb6d2210ef1872b99bd09003c6017ee45bb974dd2ee3326d31a72ab9e628daadecde89009c7963ec65b672af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 17b08d767727334f7c3d7dc96b94b279 |
| SHA1 | 3a993eecb92a299d8822633a1c2f3743c2816ea7 |
| SHA256 | f13b66dd7ea7b6886e20a381721b74d8e992613b409f3adbadd123e20394146f |
| SHA512 | f81778944c9cc3ede5390d46b3cca8b48a29aa56c3ce982ce0e67ffed763057c607bbf754cab455cf4cab2411cf8b25531a2f641d6ceba0d64e737ea03acaac6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 057e1799d5aa22f0f76e435c6e2819dd |
| SHA1 | fc686cea358cff1dcb48a5b6aa8902678f9cd1ed |
| SHA256 | 0d085ab90717c985767e5e94dd075c9857cdc1a7480fa1cafc7e57359205e3e3 |
| SHA512 | 96b77574740575f289a6c26e80742b19dc5a6e420d459e06183097dbbee9762b48d8ff8c7396b958b102b0a08cf8c826b5123db028d72df3db6ed14cc7d9a3ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 2c7ecdbbb063ea5981f2aabe7fcf9ac2 |
| SHA1 | 5c92e25fa96ac7eb2d432563ce62be6a11dbd232 |
| SHA256 | a6420b0e8db153c246988af7382bb94364fe491631d88ca68f800e83750489c4 |
| SHA512 | 8d7258ae557ce5f5fb98fa4da2f55036df3ebe308392f656a1bc21cf09f0d335ada0b44503fb523b16e8067bc7803f7e20e5e05bdfcc9b4ef970e763975b8c93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 5fbbd11da1447361d95430e07018c9c3 |
| SHA1 | 23934454aa9c6076fe25696a8223c63ff258f496 |
| SHA256 | 9018fa7df4d8c5ac5f77c69f1a33e696bbc91e2d44a64d3b81274c510242b2ff |
| SHA512 | c3d1b0ed8493b07dbb496c8369c34011c9cd46c8020f9a693aa807baa5e375a09c0d633f14f05212d2e6ac7c4802e69bc13c186eb95086e0220a26a5523f4b7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74b66ef0a33c6f58ca40eeefafc20a1d |
| SHA1 | 9c03dbb5f512e8f58f6fade6c66db1c77b5a8f3a |
| SHA256 | 0cf577185c8c637cb8b0cafe616ededf78b00bebf93ca5c040359b3ba0570fd7 |
| SHA512 | 185dc78dbf95c8da4317887d33807767972f0dcd76dfe02bf1b72c133d1486ea721ecd4e3f9b752d0667d53465dd2eaa3ddcd6677020e5c43710376560a29fed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc55dd557d08950676a0fe26270fcbaf |
| SHA1 | 6c9377cf520bd3a020f1e225129c5ee4b4ab81ad |
| SHA256 | 0282563ff50334d46467f28fe13837eb896e3dae04577848a0fb540dd802b5e2 |
| SHA512 | 9cbc13c68f0227109e1adc039e4d96ea9a6bbf65c67e965e2e77c1ae43944fc1e661bcf8cc7be09fdbfb2e408e01fcead6d84528fd4ffab9349617d72b34b584 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fbbef2cb4a953d4897ae558e6af6ed9 |
| SHA1 | 6b5ed6ef483212673a72febecb27f816e0892c0c |
| SHA256 | 9ad1ffde16bb88ce79c75a5209016ce0f7aeb3bb044abb2f7544f57e62375d8e |
| SHA512 | 689875cf483814ffe71b3e970ab42af3b81cad45374269a26986b1dbac404c753fd905ed9b784450b0cccc64a9ee116af691532864502abde78cc9759ece934f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c600c86d79c0e9e94fc9c978c0073ab6 |
| SHA1 | 4b71a8bffa6ef591cc1364cbd51216fa8e478d0b |
| SHA256 | 07595ebb70c289aaa2f4d4a711978c340054debf6f8605739212d02532e73f95 |
| SHA512 | cef3e7cfb811853df2f6d6bd9e074f1f8103d91abd1aa431115c7814d51eb7773157c669d14a9539858964011adc09023d5299f69611482ec3f824585e5a1426 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f633f487c5426233b51b10b59ea167f0 |
| SHA1 | 6233db65f9d09fa43c176fd01691833f617a0a18 |
| SHA256 | 996489758ab8bc48a823c880789128434a740770eeb0fdb6334a4890b63c9b91 |
| SHA512 | aa11e7ba1cb5b5898063f1ff9e6b6d718a4d0f8410eba74125df1ee3bf413fcb1d1e517f1c5cb0687a71ebbbe8bb8caa164a9fd540e667df53d6cc564aa11a85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e33f9518ceea97ee4d3a939119a06a11 |
| SHA1 | 480f7b8d8ec61cae8c4b6497e5ad3e92adb16f11 |
| SHA256 | b026aba28b1813b667ccb4631f335f9ca1ae20079b9802634a9650d63a26335b |
| SHA512 | 0b1e109fbfbf64b9a5ff7fb797eb1a7ccf0ff26584d3fedbf1085c45d923728b86155ff825d52c234b44943aa6fd2f5a41efa8a3b5e7399507bedd3ae7a273f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fa72dd1cd8d68aebe20fe6da41c46a3 |
| SHA1 | 9cf2c6ce42ec92c18f35c9194e2ab0daa02754a7 |
| SHA256 | dd18776a548f8e783cfc49db9eb751056b400f91b2b95f8e7748668ff4231c7e |
| SHA512 | 2a1379ee5ab83f1eaa6e7247f1c661948c0f866172e2d2d0182a30ee206750f56be61ad48aae81cdfbf0f7b696eb389a4bc7c5dc714833689e007a3760038734 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 7340c4865a42f859d719723ce135c90d |
| SHA1 | 98d21904563232ad2e6135d3280bf6b0452cf3fe |
| SHA256 | 16f455f477ae2046f2ad11465cfe1821c902f0b1feb682e0f318794981e032e0 |
| SHA512 | a95a0129328282f91f42214819542bb3d380690e2d9a9ec74be40eb5fadac063ba0b43982193009d44bab339c90a3d91cff2e5f34e72060a151429b8188564eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4394fa98f4927f86a7ae00f2a9dc84af |
| SHA1 | ec2f6c1ad14b78f68512a0377fcdc42e59c0f833 |
| SHA256 | e2473a910e9210a6365c1026c427f6724b3f1ead1e258cc9e5e40b9db2737457 |
| SHA512 | a654e55411a94d3bb7038db0ef2d0d84700068c5b8f14533f0f345bdaa4496b5a671a2f48b286eaf0a4e6ce6990b046b58ad43d170d14830cb3c0143666d5434 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f3031f26f562e36af1b17a17b61823a |
| SHA1 | 7e61ff8f7ebda57329a89324ef424a513672deef |
| SHA256 | a726b86959084050d1b47c24b405769333eac410b0dc446412016eb6cffd72a3 |
| SHA512 | 5b4e9556dabb386390e8088f53f4c9a7def8be327713248af0ddccb904bf3de442a75ff3a6828373e316cebe7b203b69dc16f8598f92e628192daa297407a8fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58a7b376108199dea39e023ba6575e6f |
| SHA1 | 488767c55e1d66c7b2852466bdc304b75fdb40a6 |
| SHA256 | 1ca9959b045174285eaf979c01871e736821d4f18cb2655994820c114bab429f |
| SHA512 | 372ae98de5e32452537e88517c067e550e7979b12747864e24a1b7a00f0e0f2d96870248d342ea6ed4b42b3c18fa8fc1fb9fffaeb22f1a392da7b4742e4af66b |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 127a32e54afaaedf4eb84eef61a89032 |
| SHA1 | e95fd4001ef028c9b5d8c68a4c6de0b7c62fcb5a |
| SHA256 | 9bc26d9665218c1e0613c3c7df0d8eabdb5a8fd3398cdbe05aa6688ec98af7fa |
| SHA512 | 65b634bf3221339b9d98e2a565127ce2df38be766f3e6a1962207ff4297e5afef70b71e07c07635567c77a90f05b8abd12a25d9515796d7a6feae426b0ca749b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3cb5f338aa6cfdf0daddc40e763bda98 |
| SHA1 | 4168767c3ba79bcc01b0ba0747f09e02c769233f |
| SHA256 | d337cf80cdd47f92b2b259ad06ace3c98fc72c9063b9980a27f2d4a26e792402 |
| SHA512 | ef748c7aa7bb59faa3870f1b4fbb044a479fce299acc4e0a5a3dc431cc57279320d4cf8b0c1fda8dfec13c589195e899666743d2efa64e21b02219415dc18148 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e5e561a4f21b8045967939e2f538be4 |
| SHA1 | 10657461692233030c481ef7aa94a5287374a7f3 |
| SHA256 | eb2fecdeb9f9dda851ae420a64b423073b13035c5ac78ee90faaec11ad06013b |
| SHA512 | 8d8572babefc787577487be60a87dcf4485d142e3917d95ae480478af066d314b20984bcf34963bfd8ec3647eeb50dc296e32aa58105e11ac5e04bfaf8c8bfe7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07c1aa980025ed58c221e51f5088de1d |
| SHA1 | a933229958952795907f687b09fd9eb88e9ca5c5 |
| SHA256 | b7d407158fcc9a00c278f8fdb50d4d5dff95dd7d2b2ff01b32d0f4f37fabc4b3 |
| SHA512 | 245e61a1e765b771f6b7f138bd8a8509b9d83bb6ac2a6c6698bdbcde5b91e31e3811e40107fa93fafc226981f25ac5c957ead79191b0f5fb55136b2171653a56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d52f110a95567a526a90b360dac3809b |
| SHA1 | b4fc43e478dbb7eff8f7b342f90331b827538b0e |
| SHA256 | 98dc2fb944fec011bd66829a8baca9a2e70859313a160c78053497d6b6c6fdbc |
| SHA512 | 8aaca00d8315822e6457e6a7601b0fd16650829842539a36e7620f8a3c44b0323c9be2da537c5c41862eec5819f3fd672ce094b8dc73c1bd7ef33f0bb1d04fee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e06b38895367ea2d2b97eaffbadafa7 |
| SHA1 | 3a8d32a434a002e96e73f186043808216d8d44b3 |
| SHA256 | dab7449e895d92df15605c2d2f9796ba34934441060f73021f86304584ba81da |
| SHA512 | 579d93d8219c398a3f50c1652a09d5ff035ea191d5ffed0af74a33a5cec1fb4715703d967ec057e5b7e196589d84316b9edd2ef651e2e5ba05d1fdbbb1cb4c39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7dd4bc42182ea6422282152816bee784 |
| SHA1 | d4f114e74132f5a5325064c07306c46550996bd9 |
| SHA256 | 59de12044a77803f250c4661c7d9d7dfdffbfb5e5f3ee8d2648382bba989f097 |
| SHA512 | c682c1fd4dd834d23a998273c35e5d1996612a37e886cf1d6e7d470cd8c57b513b335d3cb4d2eb999387ddabe1129e6de303069d20066f5c7380bd792b1f1b8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0ed434b5c3cf58ee791d57234ee6711 |
| SHA1 | 55a91d28f4cce5ec65ddab1bd996f4772fcca717 |
| SHA256 | e9b4fc6aca564428eb712dae248b39d7eab2f472b53c26c87be5208cb99a2a65 |
| SHA512 | 3e38eefc7be064baa19ee4ac83595a0d2519a834bf6c9f79ae0da91d94d4f985253a3ddb80a80d29595a4e808b47192b395aea2ff7a18d669d315252c881944a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6426240529e9469007b07c600d256138 |
| SHA1 | e4a106354425004ac4613b012420fa906a135912 |
| SHA256 | d7ca51ae68522068d9def252d50b8010b82738b3d3dade1477d53285b246cf30 |
| SHA512 | 5b90411da6c0ca2ec8e2cdc5e9a7425309edf501b27dab068c178dff607308ae33276cd1b92546d24283fabaebdcda4bed090114d86e70aeb3fb4af1b56aed0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8aa836be0ce6ea72cff04e3c88c64331 |
| SHA1 | 25ecf0935e8e425e78dd137fa32b0909e5fc2e54 |
| SHA256 | 76ae41d3830f50efdd643d79f40a588cd6dc2962e8af5183674c06e15dc9218c |
| SHA512 | bae8a4d5e2ecb1244d0c7bdb60c17f0aa4f0629898e74e7666ad39dbfca90121fe69f27321131bf0e32ded0480919548b092a89f1cc6c729532c19831bf651e4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:14
Reported
2024-06-13 01:17
Platform
win10v2004-20240508-en
Max time kernel
139s
Max time network
149s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3519e0480d2847dcd75f838a2eb591f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4152,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=4928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=5020,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=1308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=3832,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5408,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5420,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5836,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5748,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=6196 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4864,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5996 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | ads.voipnewswire.net | udp |
| US | 8.8.8.8:53 | ads.voipnewswire.net | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | ads.voipnewswire.net | udp |
| US | 8.8.8.8:53 | ads.voipnewswire.net | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | ads.voipnewswire.net | udp |
| US | 8.8.8.8:53 | ads.voipnewswire.net | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | ads.voipnewswire.net | udp |
| US | 8.8.8.8:53 | ads.voipnewswire.net | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |
| US | 8.8.8.8:53 | digifarsi.com | udp |