Malware Analysis Report

2025-01-18 01:14

Sample ID 240613-g2xm8axbqe
Target a42ab7185a7f18a436fd06a9d359e09c_JaffaCakes118
SHA256 b403fe61447e911aa18b646ec5c79a204eea99abbbb4c8f2d3afaacc1fc16858
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

b403fe61447e911aa18b646ec5c79a204eea99abbbb4c8f2d3afaacc1fc16858

Threat Level: No (potentially) malicious behavior was detected

The file a42ab7185a7f18a436fd06a9d359e09c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:18

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:18

Reported

2024-06-13 06:21

Platform

win10v2004-20240611-en

Max time kernel

145s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a42ab7185a7f18a436fd06a9d359e09c_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2952 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 2968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2952 wrote to memory of 4480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a42ab7185a7f18a436fd06a9d359e09c_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3e5846f8,0x7ffe3e584708,0x7ffe3e584718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,17346404005297278789,7234402871906764895,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 js.trafficanalytics.online udp
US 8.8.8.8:53 pekerreklam.com udp
US 154.62.106.68:80 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 68.106.62.154.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.73:443 www.bing.com tcp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 73.61.62.23.in-addr.arpa udp
US 154.62.106.68:80 pekerreklam.com tcp
US 8.8.8.8:53 js.trafficanalytics.online udp
US 8.8.8.8:53 keit.staticweb.tk udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.buylandingpagedesign.com udp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 216.225.197.236:80 www.buylandingpagedesign.com tcp
US 216.225.197.236:443 www.buylandingpagedesign.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 236.197.225.216.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56067634f68231081c4bd5bdbfcc202f
SHA1 5582776da6ffc75bb0973840fc3d15598bc09eb1
SHA256 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512 c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

\??\pipe\LOCAL\crashpad_2952_YCWCTKXRPDSMCVUG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 81e892ca5c5683efdf9135fe0f2adb15
SHA1 39159b30226d98a465ece1da28dc87088b20ecad
SHA256 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512 c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bf7795c9c0a4021486d66b526581a3b2
SHA1 1a2ca59c21081a660c6bbcc70a6c6599edf06820
SHA256 9f8b6a449a4494c8bcc1de51230739982898d368644181ef0684fcfd3e2b03e7
SHA512 2dcb603b06c39afe6973557650fb143b6fe9a9b23b9e65f4a5e4ab37d27e075605d5e56a2dbab2d44bec1b1c6a2a8d21c9f48af8eb1850b5583092fcbb6f732c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a616419e2016e3a801574e014cdb9945
SHA1 c7794bfc5c63d4d50020b4bcf855536e65c27af3
SHA256 7edbda14f7dcc173483dd9f1a2ac04588ef33b3f012a99127c86e14f62faac26
SHA512 a12c17a8db9e8619f13a563365657b944695cbcc5fbbf9907fc220da0556f5931867a6be611b91313145f9e6b7753b38aa7ae1d108306133a117b938394a9637

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fd448f7dbf1783fab46adbf232a8361f
SHA1 a6e8f3a33b421abb9c572e577d0673aa5500534d
SHA256 01086cd58ca9437b27c0871d18747e63ab372b047d13133f131ecde9491be26b
SHA512 eb4430e77500941372e2387eefcedcbd5a86ffefb307d88c48192488c19d8aab9060018dabf85432aaf0bce68f7091889e8f44312845b5f54fbc5ead8f74a818

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c5a4c2d7a997de3a7505852455045c29
SHA1 5aa1e9a141af39bcfc92ccc02ca9f0986cb94e80
SHA256 a5f41a8962213e863afb149254e8836719dec9df4ecf64b14268e9f166367bcd
SHA512 de70f34c9c01b35b20509b27b9f4816c43102a17a845dc4cf64065abf051fe73a6ce301c33f4e630de13f4d79fdf70343a7ecd74ef628fada003f6e4515a21b9

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:18

Reported

2024-06-13 06:21

Platform

win7-20240221-en

Max time kernel

143s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a42ab7185a7f18a436fd06a9d359e09c_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C5D27C71-294C-11EF-9F86-7EEA931DE775} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0d403a259bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002b3c538e8e72874e832179c2258ceac400000000020000000000106600000001000020000000ada03ef184503b31c7f503f7fb538f0c8bf41a30d24cac43ef243cf4b574e3bd000000000e80000000020000200000003186f82f9847e75927bb772418bf64df39afd6f847e36981c6b59a33288df4b920000000512153f05505f77bb99a516d42a31f4ef5e337be96837213643c8b838f2f791940000000a0e026bf7ddb618806243df12acb71ffbae5c07c8416fd83957d2ca9b368c2aaae4cd3a37a859212096f785441e627e95ff0f48a09b021a01078e7d2752b0683 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002b3c538e8e72874e832179c2258ceac40000000002000000000010660000000100002000000055353763652fb7bb9403408d02a42b1200e3591b087194db66a523e1d045bf08000000000e800000000200002000000074c644bf2e5c7a1edcc2a20d6a1e62b11661c10a923cac95ae27077e68ca48f990000000ad34d2944e98e3e3c8506471067779c6d19f02c6ac1de1b06691b37697e91b8eca5ae598e7576685b3b3ce918c296eddca28422d3cb64fe3434c82b80f3146cabef2462f37b515ee4979b6bd4444b8885a2de961398ab92d4cfc3a84c5d5cb80f3e958adcbd12fd4a485f1bdf46b5d9c8eca7b35b56924f28418475ee4f3415f79240beb9a4549c88a6ff873c208cd6040000000a3caa7bc03412092592c196ef07defa643c76ee0c3e9feaa1040c328583c8fa3dbe5b102c658842e3c97d4aebf43022e5ba5d2514ea7953844068615656ebcb0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421386" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a42ab7185a7f18a436fd06a9d359e09c_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.buylandingpagedesign.com udp
US 8.8.8.8:53 pekerreklam.com udp
US 8.8.8.8:53 js.trafficanalytics.online udp
US 216.225.197.236:80 www.buylandingpagedesign.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 216.225.197.236:80 www.buylandingpagedesign.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 216.225.197.236:443 www.buylandingpagedesign.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
US 8.8.8.8:53 eurofit.ro udp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
RO 81.181.253.2:80 eurofit.ro tcp
RO 81.181.253.2:80 eurofit.ro tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:80 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 8.8.8.8:53 keit.staticweb.tk udp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 154.62.106.68:443 pekerreklam.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\ie-fix[1].htm

MD5 5d8d79c3cb9af023240b1be6f5057aaa
SHA1 df22980677b134e83d878893f7c7984e0d78a240
SHA256 e8b101a7c7f64aad528cc734513cbeb02243c0af37930dc0f3239749cff184b6
SHA512 66f432b622cee0bcc06cbc0f833de1471ea36c295b4cd93eb848d97e69c2252acd2fc8972db51ea35475a424f4d6cb5001325525fb04f71b8704eb24de1c4008

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18a7d791b47ed5427110b5b721af43c9
SHA1 13ea4dc705bab0292d0fb8520ce2f7b43d43d6f3
SHA256 67f2af043a53f9ef1a8e10cc2525cb02dfa42337b1ec7d940502a6b26821bf81
SHA512 9d66f07c7033f0b74be6f8e107d31173845bfaa9906af3892a7456c5f756c39dba62dc58578ee45d1be390e1fbf5fc5e820ab4f6ea777ffb786a817775ee083d

C:\Users\Admin\AppData\Local\Temp\Cab7486.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar7488.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Tar7569.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81e24b6923f7195065877131355672f4
SHA1 2704165a5e04ba9cb03339d4792a1e06f0b977e0
SHA256 71ad43d88cd095247d14b6c62e8ab45592172afbb4361bb3cab34652dde2ea55
SHA512 8a9a77381ab726f615901048729246e6d879530ee4023e4e5c246dd54b1cd1e9e7c792e7816dd97051ff3079ba70978fe50f58ccb004c38346b5e7431a5a32fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2861ed3fc4a67c53ef7cce8df5756809
SHA1 d843de4b34d000c5ecf803bbe105abbe5cb97296
SHA256 d0955a7ff063a1dd9f2039d2b970944ac5b53305d898b3871db39e6380d44577
SHA512 ec7766c20fadead0771e7058d0bd768f8f75cde940d151eef64d76378effa51d8026286bbee2bd24ae327b92a553ea1df1a10147d28fa94e8db3698a2fe7a250

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d28d00bdc39dcca58a4e2ce373ce437
SHA1 45eccb98840d6a7d0c951c7b2aac4b0233e7ca7d
SHA256 86b8a22ae0ec64c2a6ab67ca6d49b26285a6e7b1496f2db5c7b2def851056891
SHA512 5ed6ae310e791ce9af8ee5dd9b9d08c1ee0676fcbd0adeaa0e9d712a613c2e02aa61dcc648c96a0a0f1c4321846714e9a6400240f174d0b75b65f87805e5dfc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b832805bf6c67d506bd3b918fdcd5de0
SHA1 9459b04693e0d54acc2c65768dc6f3c550f3d9b5
SHA256 6a471cd2e2557d15194703cf9bbbce41791ee46746bba0223bb50926f98ee920
SHA512 e3c3a412aa418bbcb3c7cc13a122059b65c453512c29df3b8d23aa9fa27b5bf612d650e810d91bdaf51bf951c779ff165d66346a7d6ec5b7b163fe95e0cbe982

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78eb1c37d2e4b34e526607c41cf41cb4
SHA1 ba4b15d2d0e9d57b9ee8619e3ff88ad270a092f9
SHA256 cd1c63df010da5c2fdb2a8800eb7084d0035fc3c182935f2ace1382b38315c5e
SHA512 d91943edc567164bc650106f80177399f2ac114a0887cb848237a1e38723a9a1955a80b2310de8992e76546a9dfad8999c5c957b80c3adee93ef8d686f154d07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df2208267521c4dd0c303d662fea1498
SHA1 b1c0b5045c38d7dfbbce6aa873056ba522711f72
SHA256 89fa025149f1a13ee27033e3456204073b1809ee78cd58d21a03642435f84875
SHA512 5af10b2e8e89da8481300578cdae71e82109730369de61901b58540d141d69f15d874efbf62dad77f2879ff6e09867f41f713ddb118226f694cac35ebba31bec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14e8763435ce213a263ae37dd5f40312
SHA1 356fd10b8f765d368fc63ff07c4053b2c48545dd
SHA256 7810c97fcf8a83c2c8ab899265a57296d6086eca92b781149124a3c5df424a49
SHA512 f5b958192bbeafded8d4d0d151cb7622c50cd1bde14e19481a5e01a9f97e156f5942b223ae9a19d43ed1b858779f8c00b14619d3a528be07987bd2a4d183ad65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bce5138d218a03342d9cd31f2dcd1589
SHA1 c404144245e8761cba386881d548c0739b03fff7
SHA256 91d32288deb34229460953fb3d1b15700fc2d389e02d2ca017c72f00bd662e96
SHA512 c5d6459c1afd9dc45d1e9a9d436eca89cde8686166f1a9f535f422a23e10c982e08b2a47049f14f162eaf74ea4367b0e3d3f0f569f888fd88e186bb0aa7cc72b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 713ac4e6c073f0d2fc1e7b3bb423c114
SHA1 16985c068766c5f450e0f8e0c243d6e180a5ed1c
SHA256 602ea3a700c227183fe0b81068af09592a7ad60d0c037004b2ff4df6f398a952
SHA512 4294964855938fecaabba4a9b4dd18d253cb3ddd8dcb7e6282b2f9a9c1c3ad8d9ddc656ffe639b524f0930e84fd9961c47509037b188e0a87adaad3b8b014332

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ca1ac25394bac491dc40742de242cf8
SHA1 7f94d83cb7a3513b0bdc11a2fd1f985d69867581
SHA256 e8979f32db3f2f39dcd47ddc74d1f372d8a5d6d01a61c6aaae2e0350157de374
SHA512 8ccd00f5c0e6d56abab933153412220d9b90a006f77e6647d71e8273e12cf74f340427dc51b7898814d57025e84835546fadcbb1643b516bd450ebf92878c07d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 759db61974c3cfd40c87190b2cefb857
SHA1 ba6e4e9601d51097120c19c5c2287a2407575289
SHA256 768944bbb6a8ff0dbbb68e825079097167465c6b1ceab0d3694b0cfeb1de4a56
SHA512 44754ad22bc84a886a02e3ddb22b7ae8fe089822c77b4bce9641bf39c4009351ae3075883c2db16627f8b8f511181c6bffd5ca74cfb0975397e52f5149d21f0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 908f4dcd420ceeea41ab3303e05be056
SHA1 682e80b9d007cffca2afb56248e021a40de6a909
SHA256 824141bce2839b349f10d1e92323fde6fbd9e574992f44c5a4df4ddb41a5d4cc
SHA512 704f48ebb2c673059eb73eddff3d8a481051e978de91dc596d137f71d05d5f23f0e65665f3a5d33bf2678da661629b13ed49616fe460a1b6315b30ec3b93c4d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f73e6dbf53ca3f7130b0a15c6502fd3b
SHA1 aefd9a41cae1ced0601098e4ed31c6c54bfee95c
SHA256 039cfcda4020efbe4aa8ceb98cb09ebe24dec62b74ec330a186331abcbda7bae
SHA512 6d441fb85b176f10dc738975811e03ce7b4f5d2bfb2f8e53c3dae7febb88862408b92a16e7da60411e7cb62944a4a80b8479a6cf6f1c711371e0195851dfbe7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64fcaccdeb715cb3f9a8b90a8de30508
SHA1 c69bfcdfc76cbc3ef3add50c510a1efafd1eeb23
SHA256 85106e09b0c506a72b9dc933698673450f6aca09bfd21d4461dc775f2c14e638
SHA512 6db1880879f4adfb7f34e3c6f1f9ea7f02637973ed9251e32f899a4cd51e88df833f0e72ef63173604e989eda5db1847c176b7bedfbba7d72087cb2252d742f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4932829096ecac4b3a350a96deeac03d
SHA1 2b07c71370abac2129496a7c25ba2aa4fa44f954
SHA256 2c86befcbbcc8569c92b0a2be13082c1530a7ce860b087bf4439093445e0403f
SHA512 adc8f33d9e8b8e7c08d1cbdf8a6cfdf19f13cd1672832974922611c8807e8089d54fb70e1341069a079d8fc63fc8746e0dba03513bf33b22311b7c0ac1932451

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dafc743039ac7ed6ecd1375f90333fbb
SHA1 3dcac584cae51e5dde9424ef424239a6e1d5801b
SHA256 99534ec9d5484d9f7129e8d78f87fbc4d0762caff90f6c9cff008d90bed19668
SHA512 3d5cfb3daf2bb0dd58416fb8a208f6149d8781265a9ef47e10580e4ff13cf136f5f032d4fb6111b7476340a15821617630c085056b804899ced2b4877625a43f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ba45362308738631c074f95178ac87b
SHA1 51db95b0663870592588eda265255502948984b4
SHA256 edfbb1bd385810e40231d399a7871cc77552ecb378ee5e264d5a4eec207c1e21
SHA512 146f69c441d0521ce4bff6fddf08dce4ded9fc35b82e93b8362c17cad0da4d818fc6e22db6522cea0752c0edcd4fefc510eb8cc2f9398661ec0d5fc19cee230d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 2cb6225230f2d8ce42739904fd130ee8
SHA1 887d3ec4dc24c767cf1188f3156bb94d2ebf37eb
SHA256 65fd4f429bcd3c9a8f88d72619ee119743239e37d7221dbaed7e25e706e484f4
SHA512 221949571ba8416f5145589768030545cc1858f4488cc8d93ce1e1783c056e2550275cb2ce743344a9f1fb5073e1db1f0b5fd230d54f3033e654e8f5ea6f819f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17bcec68a1a5b610cb081018c6bbc946
SHA1 cdca4e14c8f3af3d01a6064c6d51cee4b6570f70
SHA256 370b7fb00586593fd569cb0e719eafdf7798f56b448d1a6577ee5c0b3e1fd597
SHA512 618dd9cdab8e07f48e3440cbb21f9e97086b482d328e10931a8d2865a13153c5d29520a97b6bc59b9f5453b814a0efa0d5cfcd352285309b59f22b30a2de4c6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b48335d0ba0194b73d099466b8efa832
SHA1 d55f08070fbbd049df6d663ba5eee20ab029b26b
SHA256 789161dacfc6f1306e6e0564848d9aa77bcd21a339bb595b94801df2950a6475
SHA512 fe25ad5d4c5e1997327da2746da67861a1ee99b7a5098095791ad1236185afbd597fdf25344ceaa8d7604bdf927b301cd99cb80eabad112abbe2695ac15a1150

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5bcefd3a69b80d3c7f4eedc8b1d7ce39
SHA1 ef9a6d89dec86a313e971606af04fd15535faa93
SHA256 091ca3314cb4b1efed388c87ecdf11e771b8eea67eb89a2a6b72b110e5bd1ee5
SHA512 fa0f4926c0bc10b27b89e8118266e28d3ae5f808943b31f763a862c9f3c3c5ac0a085b6a53452507449ef05321be9a6cb968ab6da2b563cf511a07423e7a037d