Malware Analysis Report

2025-01-18 01:15

Sample ID 240613-hchy7s1hmr
Target a43b13b02eceb91cdd6a1b92952c4905_JaffaCakes118
SHA256 a5dc59ec0a03ddbcffa64a79ea9fe11d2a62618b8fa5734a6f9027035e0680ee
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

a5dc59ec0a03ddbcffa64a79ea9fe11d2a62618b8fa5734a6f9027035e0680ee

Threat Level: No (potentially) malicious behavior was detected

The file a43b13b02eceb91cdd6a1b92952c4905_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:35

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:35

Reported

2024-06-13 06:37

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

146s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43b13b02eceb91cdd6a1b92952c4905_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43b13b02eceb91cdd6a1b92952c4905_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4076,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=1036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=760,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=4036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4888,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5476,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5452,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5908,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=6824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6984,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=6816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3760,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=4048 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:35

Reported

2024-06-13 06:37

Platform

win7-20240221-en

Max time kernel

122s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43b13b02eceb91cdd6a1b92952c4905_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60b2bdf35bbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000755e6eade86cd47abfcef2c02e39e9500000000020000000000106600000001000020000000b25cd00d73ee29def758b1df35da28a39bf5e50d19498728258193510f862b61000000000e8000000002000020000000c211ab14abdae7d4fd7820da5d6b743c589fa95115be6b695eaafca920f6828c90000000c8cd38681d363d7b73fa75c21a04a3a00019c702f5591696a8a972632e67410da1f3df79fcf7794733ff2c971acdaaef76d4fb24b3655d160c50edeec20fe508439402dc805c7c16e73b17f9face8707a6dc564c7ccd78a1e11c7a53ad72b40386394a660faf9c0a7398dcc0f71c0211ca63a8d2585aff49b470c3570448684ef9739d7163c80bb71ebeb38715a99b7240000000735525563d35f786241a4e83ce89134d2640e8a6b3eecfe736529c19fdf1032a746d2cd19b74004ac0d756b054f55ea0200fcd4915ae261d69c05df4943ac47e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000755e6eade86cd47abfcef2c02e39e95000000000200000000001066000000010000200000009ae26a2cfcdc296b432f1cc7db1ce7fec779d37941b803727c1c70e82b21ad65000000000e8000000002000020000000c903cdbba0b4ff2175397fb6c4bf1ce0713e3c32934329c788a4292ddeed1d80200000004b7603f6093fd5508647a80f4b1000c0a9d462b5886843f22c3f1420a8cc4c0740000000fafee5b6e5622627c19988894cda71be4849ba9e87cbd9fa03803edad36f248006823845ead8b0f4f364c0f9d2c92f6560fceb2ca2e21fc11e5ce870bced4eb4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422392" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1D5F5971-294F-11EF-9988-CEEE273A2359} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43b13b02eceb91cdd6a1b92952c4905_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:996 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 buro075.nl udp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
NL 84.244.165.144:80 buro075.nl tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\slideshow[1].htm

MD5 4f8e702cc244ec5d4de32740c0ecbd97
SHA1 3adb1f02d5b6054de0046e367c1d687b6cdf7aff
SHA256 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
SHA512 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

C:\Users\Admin\AppData\Local\Temp\Cab4B94.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar4C75.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36c3143416980919c4cad0fef422556c
SHA1 bb9ce8c47edf866882c509e2e440c52aa8b14228
SHA256 cb4ff5fcb15f624371f79bcf435f3cee41ca852ba06003f12f78d22ed3a5cb28
SHA512 5ce0064df53f6f67cd565e1bf5d11f6a3ea78f76da354ed0745386b00cd8192bdc1f0878f724387c1e21839b3869376d60cdd4bbc4b5d9eb98db3ae281897db6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ba17ce485bfc50c2c12212e824f942c
SHA1 928caa5c0d1b455c9f63143306cb1c2eeccf8871
SHA256 1d78ed1c02bf8e9d7b490ea88eb43e669c8a250e3a5a58aa22545d162f21265a
SHA512 40196a1a089dde21bb45b77957782b5319b9f2b4988a07950200e1ac11eda5de1751d44eb739cce9003f3d6668328a181cdae45abc4ce63a890737294d3c9061

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c4f3bcc05946c5b40a9d80b7fcf3207
SHA1 aa6f0bb16e1b164bf694e866a1f9d75a5679bd8d
SHA256 9e4d821a8f04962c964dd213bff00f35f6fadc0ad1cce90010d73b7708b965e9
SHA512 c98d161cc52aeaeee51e75c542b7b29bbd394742b6020cbbd4282cc8ead0152a60a9e4923891156543891051b9c42811c286c45ca74d493ecf136e45a22bbb72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3da4ea140f61c1125fdab4b1a503cbe5
SHA1 ef8183ea422d06cef09c360a2a08a72d20b847da
SHA256 57c47c4a021288a9f340f5dc352c6214e27ae5d77df0b2b61475cd6b5cd2a23f
SHA512 92a9a1650b72e3522d5cd9b8760933ebca4747b6dc882933674ffd497b68517e93aa40f44453e927f74fe2cea5843a988b88d8749003fd42d3799ad56d3855c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2aee1fca428b629a31f5a49d4e439e22
SHA1 d3e7bdc159bce04b9bb9d7ae6ec29ebd08f764db
SHA256 60e43c5b16302197df7d7802941d0226c8d9950c2335e612ccbb3cc16a4087e7
SHA512 546474e6e2fe78ab3f8a1437218e9fde9f6aaeb07416882489bfc7c47771980607632445e7097e8afed8090c565fec797e0f793da114fba3b3bc31dd3b6953b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e3fb43137b2c64c1ec37f8c4d664969
SHA1 5250e5f0e76b009a3b73723236d8b69ed4fac3df
SHA256 eb99473a9072f495f3149755328f2d69c2d2219ff29501f4559faafdb74a4a6a
SHA512 06c0acf733bf5ab5b000fdc74f5574eb3c86ba923549d0f95fc104b5a29b1a1354b8895cf887ba3a9e43178a61e424ca29260b7b1ad43754da79e79d30476757

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9acb6824770681c400a9ef6daf9a807c
SHA1 ecd7e7859bd4dbbd7d07b0ad8f5997b1d478b76a
SHA256 d64c108d189e6bdc82c4e84ec4739120f6d3ff9e1b4da578cc75f7bc837b9713
SHA512 26d7777ef353245e93ae72448d7efd8e50cf6cd323d7c558a55b622c0fe76788f2251228e4c19f59fc53eab5d74aeefe759a3f295fca7e7f04407cc64b070a63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79b46b02d682ad290dc9e2fafc7890db
SHA1 1bcfe1060bbee44cc6b7c4777e9c927e5dab07a1
SHA256 eaed8ba75793693e41ebbd3ca86e5ec778892889fa3cd807dacf867400bae9c7
SHA512 cea929019dbd671b8f44e63ab4efbc2aafe700f4b0d59815fe52640ac6a8e7e187679abc302f98352744b7b4cada0f14259db1c77659ccbea604e8560e646099

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84ef1896b593c970e94c70ec1d7be577
SHA1 c31250b936f5aae572720d6b1d53c2097932e1d3
SHA256 55c1cee40bba40dc9b60efedb53762b8335331725eb1710259de1694e51a05ae
SHA512 0b027885ccbfb8450a944dc4b16e953d02adbdc9dad8269fa1ed9db8ae1d1b7fa246c9d354d7ed7c7751c288ab748a7e0f2ead72a12d875d377b08970534496c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 379becc5a86cd89464ada620764e7d3d
SHA1 5627a983a6d76c58d39b54487fc45e9bd24d3999
SHA256 acb6d83e7dd36b5023c71c52110e0888239471e9ae5c00355d89432f8a0e7fb9
SHA512 4c75625ac7f694a39dafc9294ea6acbcd33d070bf48c40f52aa5f80ae7ba84772e679b314b53a2261b15a804298b8971d10c8e8f348b413dfbc41bbec781457d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a829993c2c11efa31642ee95f909a2f
SHA1 1b2ded6035d693d7eaf29d7d29e595abb190f8bf
SHA256 caab00d02d1e9a64455c86f2231b0ca9aa27fcbef92e7d8f4568f18d8763cb7b
SHA512 43ca50867cd3a7058943bbf88ccb1b7a95969575ffd34a362204742985b3501b47c5d6b752a2a04a1d990dec6768124886dde4d24ba98dfe2b00662b14ab5e14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 227f0f41e6e1549429dfbbf9b7e781fd
SHA1 382f97929af1954dd39001e1de3cc59f6405de24
SHA256 72e178ea174dccb268b0f072c6f604691322e45cec24bd1f42ca0cc69c0e2e63
SHA512 a4a7c2e5b17077dd001cc8cd8f77de53d50b255114ee01a67ecc5df9640afedf261f9107c63da8302e31bab93f72475d347bfe33b9025d14a48d44aa2329d938

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5ae822784ae9968581cc3ef118a86f4
SHA1 5b8b5a18416eb4b5f022952821bf13a3d6a24e25
SHA256 bea33f356566dfe1cc67a7f55eabb0fa20451b5190b685dc782c5a511cf2e01e
SHA512 4892595a3b66f990feb8959c18b3802748b260c751339fac7966c9458793c79586b199eb2289aaabd570689eac6851e8546d1867b87572140cbc0d9c8aeb1e8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66a0bfc893d232e44065f4c1a538713c
SHA1 79826e4f10f6c34c9284e4987ce0ac6627397fc2
SHA256 0f6f747c414e2dec6406b85fad3f126f474d51b411156745dcd9be33e565d845
SHA512 388185e02ba92284c20b16e63027e1574f33c7f6f23767ffebf6ab6b9e2a0de05254a5eba092ccc451396751bea5ecae2da4ff39425a6eff7a4315b15bf69211

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35f1ac8a8eed890cab6d4567e7d0a1b9
SHA1 e9ec4127507092143db60b1f616266286ba228c5
SHA256 ad3050e3032ce343d7c56d83199b3c6b624a3db1e7312e861bf54b9c6791c3b4
SHA512 4d366a6e0d91d6786c9a1168a3ca297e268fa218cdbec49248086ddaab35b015875fb0f1279ae720afa5f05eaeb669efe4eda1343844a44997aff253992f4288

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 309c94033e785c8be27faced60b7bd4c
SHA1 c1202c7625f0cf9d9899eec467e17468dcbb2e3e
SHA256 581b9750ddab3bfc0dd44cb309bb16b7d85033b99a785d02b7e96bd15e28b3c9
SHA512 5bed88630a7dfdaf75e269cc25bd1b821e9b3cab29351bc98e481f430a857a6bbec604efd29d0d444f267a3515abf823b608a4670e440b730f7263520760bfb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 929cd2deb78a53fc1700a20376243256
SHA1 27613090cfded250918bc9d96407273b8e072cce
SHA256 f5fac19bf31d9dfc2a003ac139a20e0410ab01017f40af0bbd13fc0f17f9d9a3
SHA512 c73e6236dccd59865d8e35f23f4e2fd374d31df8f97045e77794402d0a93ba056144d8430850277076b267bd049a69a633e2c993670af09caf13f871bf045bc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8dd0a9b92ece1879421034cdda8ce7e5
SHA1 f9e3a5f43b43824cae6e4d9481328f50866c376e
SHA256 b492cafd1f35078af484c9d246ae2ff830ef369b857da8b9b1504b4cd7499267
SHA512 c340ca322a761cb31484c115e19c1732c029a42739c72e93d14e781727ea9053204c74bdb5922c512ea267afa9591c2fae792aa383a83916f0560178cadaf1aa