Analysis Overview
SHA256
87c2c3d6ecac94d885419db3e565eb9aa03ae97f45b9a5a5db4d3fea0d1fd977
Threat Level: No (potentially) malicious behavior was detected
The file a4350d650a9ee6394370667641b715d2_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:30
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:30
Reported
2024-06-13 06:32
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
149s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4350d650a9ee6394370667641b715d2_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5736 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5692 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5772 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5440 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5500 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| NL | 2.18.121.23:443 | bzib.nelreports.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | udp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 97.166.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.160.162:443 | gamingw.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 104.208.16.94:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.59:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 59.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:30
Reported
2024-06-13 06:32
Platform
win7-20240611-en
Max time kernel
119s
Max time network
132s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50dc563c5bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{659E16F1-294E-11EF-B489-E681C831DA43} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000007fce83e29591fa99959c2a518c15487ae0d07d3bbc3bd64f59734e26eb648e97000000000e8000000002000020000000593f409837585b1f4f5f2cdc36e73457db9afe5042ba3e83b39a54d33feebc0c90000000a7f4e097c3fb55bdb408511510943efc06ba646d90a72bc5ec6d0b7cf292c17f34fc36de2f6a12a97e9580325b5ece4a6fe6cd88b80531f12ea901b33cd2e346d46f18c8d5f17a98e16be7ef00c50c0cc5e4247548805f352c526995c4994dd482bc5068c5d609c4d2db5aa555768e581a1f7a1e19080dfb0c56c168bca96c0890a2c33e73cf37f64b1326d50c055a7940000000f53ecfd2b4aca1460e2926181d07fe1e8d02e2af2824d1e8314f2af3242a2d1a0f4f234fe72f129e1359699ed60a9d769e137910b6ecc9912ce6035c9dbfc396 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000005014952a98c521c7c91ecb19c96c843986cbfa289c2d34c9e98d5c15bb0846ee000000000e8000000002000020000000bfb7bdf1910dbfe56cb1f985e95d734dcc113e31b482a24ac4023581fab1581e20000000ec980fb504f2322c6bba987011ffa002cf09e590bbcfc100e707939b597b2ddb40000000615d38de12707c208928cb46bb352ecabe27d29d4a3758c5a7156880d992116a42c479e020c5d11beb7d8877dae9e132446b1290a4d2d3bcd872a25528d5c146 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422084" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1444 wrote to memory of 3052 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1444 wrote to memory of 3052 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1444 wrote to memory of 3052 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1444 wrote to memory of 3052 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4350d650a9ee6394370667641b715d2_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1444 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar73DE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab73DA.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | ceb28cf1731dac9fe726f1f9e233c5a2 |
| SHA1 | 840359eadb7603a9c67fa74c78af08d6e5678183 |
| SHA256 | 9c888655dd7c499af8c466b93ffd7d118d0d3632f551d5b5753a6a8397c10d50 |
| SHA512 | a6ce8a762037cbfe497fe1bb04457bfa7ae39bd55c5778fc22cb7df66eff8081144d8954fdf7a2d66c3531ec863d3491569e65f25edf182b7603988891f4fe37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d3bf3ec626558699ab6ef090fd2e73f |
| SHA1 | 2a3310ecce75bdff73d27d4bde9f478c1f702f64 |
| SHA256 | f702385fcb374de9e555d4938b52de714b527e6137a63fd055a71621d6e90706 |
| SHA512 | 909a84a5814a535ca705d1d01e7436a91f7652c99d7acfae96e6fc2e8814025987f9e0ecda129fa6f40bb77846ce9a4796ad47c117ca183199863e3024ded1b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46fa88254601b03b2f76e505c451917d |
| SHA1 | b5500cc68e2ed3439fdfdc39eccfb3159bac3075 |
| SHA256 | a57902baab12a6ea1bed28529203d8dc1b183133e6cf7b82efb92791d588918b |
| SHA512 | e0eb07f7422f4e5aaf1e8da7e449a18f3ccb1f65dcbafbd9bba847fbe8a58f0f605dadee55f57150c50795f4a9d86bda6ee50e029727de78d5f745bbdf13a257 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 926a6a50b3d25697934e43a25d0c5e4f |
| SHA1 | 010375693fc5242948093eb3b8a94f9ec48e1132 |
| SHA256 | e9fa81a471992d89b9f1f2b907715151cf79c22cf41418a9de82a0ae93ed3303 |
| SHA512 | 84ae1715caf691098b47b0e6c54675c4835601fe8595309790959e125027ffe6d49eaa018f94ff2513320441453be5f1fb3dfc0bee245382d0aa750b0cc42345 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 1a28ad8fb2cc3842f2dfc606927dbade |
| SHA1 | 3511824bd6eda72f33a9d17cf0f096cad05b2ccd |
| SHA256 | cd90ebcdf5b35906e1ef7d874ae3bc20d486333a7786dc65abf33f4366152029 |
| SHA512 | 2cebd02365e9ca3ff6420d9331d44af6a21a19aa54724c10b9ced55cc149129071090ffb4e085ba218b7d7949faae7d1a72c4396cb595dfecb325ed2a3cee448 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36fdf6a8e0e47db4bdf1409c02789820 |
| SHA1 | 1726ef04b20c25b6838e053719770a6acd973fc1 |
| SHA256 | dd2e48268a5358fe48f17131a13e6c284487621e21f425a3edba69d5c309b491 |
| SHA512 | e23119563de26a32761bbe95a97b6b860b200c28487d8043697c154c2b873f7f2f7825308b85b1ffdcc7f4f0c528660f36068ae5c0595f00a30cc93ed1d31e24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a58a4142aafbacc013cfd83be74607d |
| SHA1 | a4c51125ecc550e4fb243673e1a8dd09ed7a5054 |
| SHA256 | 7f2f5057155328357aac7dd32c78cd0fe692adbf6d6ce00f296a86d8e2415f57 |
| SHA512 | 986933205dc5df4362413734c0739f3b47c0b32eac6772862f79066f845cdd9bde49766703521edb41d69e818b9ebcbaa86691536417c6c543a04c2d996ce233 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bee185c536a320aa0ad64aa3cbb1ca8b |
| SHA1 | e46c23c6e60d51ed228438377c99bac74277c1d9 |
| SHA256 | 0c0371526335aa7948b94356327f7e0c8d721e51aee7d15573ad3b495df7ae26 |
| SHA512 | daf64882e9576e679bb0e3fa887a80f1cf83973d2c0cce918d1283f181f9c9b03efbe0a46b30d376943294c62218944d21e4c259252a3c3f0447d815c673808b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 963ed871907806f09914110ce197f590 |
| SHA1 | 98b4695664019a32451247df4d5fa91fb034249e |
| SHA256 | 47b17b52d56c29ccbe5791c574f4799a220a1873fce5d3542d72f76001c8d384 |
| SHA512 | d5b44e4a6f8d588e9103d6234b257c5a887bdb2dae7ced06c1b93cca0a241c730d891d88763d3d886d0686620300aa2dab4c273c7e560b4ce5c6a0c255ec116f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d26ff389478abcde4a52e6da774d8b33 |
| SHA1 | 2ddd1d4e386973cc7aed36ef1e8714bb28d20818 |
| SHA256 | 5efa41cb39e73a5f97d8d4028af7063c2e33e017297f932f37306532b0aad544 |
| SHA512 | f86ba41524fcb14f211da012c1acce6a6b02c1e9c780dc29367c05f5f17c836db512f283a81a179cc9ea6593f1a41f4a2f48391e25a4f41f39304ff99827b236 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d555a44f834447b7edabf3dba82ee0a |
| SHA1 | 34319ff27213ef1712ee29bd74cfccc4b471b40d |
| SHA256 | c93683e2d2cb3b35d9ca71d715c241c9e7e543d30be6b7ef2f56e84b69eb65ae |
| SHA512 | 528ee32d44075ffd3e29506b4acf74f286661e947709df6bbcc185025cef0a76627eae7f86566979202bb7151288d2f49cad2378c4e159aa931daa4fc7b5de97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3b8013dfb0c5cd6a5fb85fe10661ebd |
| SHA1 | 2ba2cebb520797b8d8b10e9224ee4cd9c8a7dee5 |
| SHA256 | 03ec3fc91fa11966d297db7cd43f7ab4efa2cbe6690343457e1f5cb15122dc79 |
| SHA512 | efab1f0bfd93f54d1fc6435ba0719c07d98751a59a94693355b545ad2054b368ac1d5c318e37256dbcbf9307f0ea0a8c43a52a3d69211a2b85369ccdabf60c79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d22a3259eb926dc90b1d72d0d138869f |
| SHA1 | c65070644b15eb50636f82b84117e5931777e4f9 |
| SHA256 | 040bf138a6e933a396dcf4924b43501e7529db86742469cf4a6be74f98845333 |
| SHA512 | 413b270c772a9d652847e2502836e3065b161ec2f5f94fb848ba3feff7b2c881e1808bbe52a66570e0c11d88eba2a25b69a2fc8c89853dfed6ef059f61009f59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ca8134f5b30b5016149dbe6a103b008 |
| SHA1 | 4b412e4ea733fea94c40102d1aaa6e486187e0e7 |
| SHA256 | a16b1ed4eacc649da045fb85ba47629cfcb4da2cc05725a1f31773ec7a5fea06 |
| SHA512 | 6e636fc2ff2bae37d000a859e6b6eb714b5c749866a1737aaf5149f7f20be08c8865c33714faea9eec54274dc14908dc3d8aa0c3979edea7574ff13148834ba9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee6d3a791eb1901a73eae66b364f0f4a |
| SHA1 | 49342e3d3f210a393ce4a212a993665fc050b3ed |
| SHA256 | b7cd0900c83f4114ea758d278c5561e9e409ca49b4d1a4cc9906c573ec956eb5 |
| SHA512 | e25c0e2431c4bc275499e25e9125280ee8daff4daacc169752043de6686caf783cbccb93ae5a6fa5dfa0ca5aa7fa037dd7937c48d515f48ade182229443eb488 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b3dcc54540b3b60a5756d0743bc4867 |
| SHA1 | 719a19a647857cb49e9dec97e45b701e40815dad |
| SHA256 | 5264a5185062bd2a294101ddea0f6b271fdb93c3cf7bbba7355d20fda3f6587f |
| SHA512 | 11de3fa6477a930b5d0c1fe1b75dc87ffeb64438e22010558df424cc33a5bd4c066e673d273f03beb917d2ea34a07e78ee16f9188e7dec924b618ecbd90dbd71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d1ab25bba00ff446908642dfee0ecb7 |
| SHA1 | b2f4ba7baa316a6ea614b46cba052b4bceac5948 |
| SHA256 | ee025c8be6dab8500379e459ca81bac7c588dfc0efa019c30ef9fc24e7e8d3fb |
| SHA512 | e9ee209900270a7d2fa18a21835ea413a53c47eb5e9678d50ad440deaf7d155463cf98d2d040da056d8925326f8eb812fdee744a835cda3ef571ac4a4dcfee87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe4d12e2f9ba9ed3155952ba463eae78 |
| SHA1 | 0dfa837c308ccc8915aa61f8575ac0607acd223e |
| SHA256 | 8f02970ad3bf9ecb7bde361e18f82eb47c82caf405558f252f0d906d5c4d6d80 |
| SHA512 | 3deca8f220a8879818e00788a473d62fbb184373ebaa40b833e25c0883b18c9931babb6dd1072227972b73de4896038f7ce91b8ebd286e51df9236f33dd1939c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0b797a850f1563cba13d4cbac557a1e |
| SHA1 | b0f423a666416a7630ad3b04126bce6c1d76f542 |
| SHA256 | 85f2bb924bf9ebd0068d1b15df0639dbec4497a69114aaebcc327a5808eadba2 |
| SHA512 | 1bb1348e474260dea800404ff9df8cbf97ffb94d3b696ab435519938ecdf4048c7fc129c1ac324f13a0d489b74c5c5457f9e95059420b4a67b3a0918f8ac2018 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 956579c115bd44cc08c1650622d1b985 |
| SHA1 | 69daaf56613335bd093007e09f840b3d2a9c7cb2 |
| SHA256 | 834aa7414b4ed17e789ccf3876f14bd4ace375c4487360e555396d8912861942 |
| SHA512 | 8535f4949d4c49bac480245284ee108849daca2edcacf893a974e8efcbe27e646eb126b7dde3dc1a8b8eb8fed18c84d9ba8a5fc765ee1fe755f703f36cf53cdd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 683eae344124b993de121c0b84627ce8 |
| SHA1 | cb972fb64c82a1781fb413087c7be13a1f4c4b92 |
| SHA256 | 685455edff5355d4be48433982d587054fe866733ecaadc7b4aaf9ac2ddb8d90 |
| SHA512 | 665292a06cf98ae1eb902bce5b0107e7b5fcc10c9b314717d95c4ffa34c4e6ab8153dc175e6cf555e1c67e97cbd65b46f627114c565395efa7bc7c7dc76a63e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16ab827de679a2f92704f18c7a059683 |
| SHA1 | 87701d576bd086cfc05521175b9654f71dcd7bde |
| SHA256 | c4bcf8ec201e1148975b0586bbf6f96d2c42e598c045971679141bcdc03dbebc |
| SHA512 | e85d5d4a74564f3ad8ab8d28fd8e6ee82f25b44982e5ec6d766796d6f7bc74f591a0b8c7b926240c3339c58e7fbc52cb692adc9df9d29227db2d84f3c4200aaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fecabdd9174a089ad887335e69f64b41 |
| SHA1 | 0a6873af68298b52cbfc834d18170c01c4bf9c97 |
| SHA256 | 94ac1eb19dfa7e021204aea087fd0ef7ccdca758f423a76faa3ec5d7ef944da2 |
| SHA512 | 8252556edc15f353698071f4e8f5eac7321bca48e4558e1a38b4eb23b65959d59b187124c7bd4baae81dfbf34722f2c994766cdc18e6f5e9845ff6a42fd9f36e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2d03e6138bc6d9ef58ac99c43581778 |
| SHA1 | a043a29b3e9c9c3af1101f0112fa098b3214f674 |
| SHA256 | 46b8b51a7a9c10d756d4165ca6c0526371e9406042f21cd3e94599027025757d |
| SHA512 | fbf0f76e371d68a6ccd430b7517ad3163d4070e0c5d0a15af9ec0d912080c2be1db4cfab5ae74f354a0190f3a8f2b56e8b116c55f44b084a043125bafdfbd055 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c51510b0a4f43b72a7b5777655567f6c |
| SHA1 | 0f0cfd38d4ab8fc7ca9475b528953d7d8260fed6 |
| SHA256 | 5f521eba6b0054e37cc70c3be9a69347e0a69f24a7f2e9d2784e47d7d0de766c |
| SHA512 | ced231e0b9791a0fd9699a2feb9024ca614ae920e573b06ea834c66e0f28c8e8c4520e09dacb98e4d429c33f485822d61449ecf36980d2af5e460f35c04ad567 |