Analysis Overview
SHA256
3136ce595ed091adbb3c86da5b87af469967cc151bd9ab959ee6982a5cb05f36
Threat Level: No (potentially) malicious behavior was detected
The file a48e6543cc3afc69373c550a52f68fd5_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:08
Reported
2024-06-13 08:10
Platform
win7-20240611-en
Max time kernel
142s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000006963e0cd6030f7a8ef3203531517c3c2de483fe564e7b2d9015d8204d085efcc000000000e80000000020000200000006cae75f714cd68f4466aa347881f02e9484c3d11bee567abbf462743cdff7b2f20000000b731dd1c689149ac41fb3fe3c810a21f586139f9b5db2c444d7f8a2e53e54da14000000016bdc21ab985748a72a36f5a68ff4f3f39bd94d4d7e0dcb1964a24a54e30113122189e2fc960397e869159e96a55f8283368883f13aa6ac9dd025a2f882da102 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424427975" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0920e0f69bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1C83D2D1-295C-11EF-B489-E681C831DA43} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000c6915dd268b1b3d5a63ae70cd1c9b729686975035fc4d70699ad470ff0eba605000000000e800000000200002000000038c5eaf5ffa71aa7ac67dc15e3418800ecae9908c7b2d498270b787de4040b1a9000000024a1529247b84f266b310498a0d3c7c19e57b6d09841713175fcdd529610520dd8fd05e6cd99d2cf865e27e9a2626deba7abb727c6bf5df619f7cd4196ffe144d42f524504b1bd53860e7f102a49e11503fa2fa687023ec8cd82856a8e5e8fb531a7356d8fc64f983d0e92ecf02a4b8f89992605e932ce4704089b621f50d553047efb8aa9327184b4468b8aadfc6275400000007fecb2080c67e33199d2b7e4c069ad1816b4eab4d45cf486737f56723c49999f9cc578d76681d1330b1defdaeda950833a9a8de88d4f79bc4567df0f276d85d2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2264 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2264 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2264 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2264 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a48e6543cc3afc69373c550a52f68fd5_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | paivaconsult.com | udp |
| US | 8.8.8.8:53 | ns1.chatwithgreenbar.com | udp |
| US | 8.8.8.8:53 | css.developmyredflag.top | udp |
| US | 8.8.8.8:53 | traveltogandi.com | udp |
| US | 8.8.8.8:53 | getmyfreetraffic.com | udp |
| NL | 185.107.56.199:443 | traveltogandi.com | tcp |
| NL | 185.107.56.199:443 | traveltogandi.com | tcp |
| GB | 134.122.109.150:443 | css.developmyredflag.top | tcp |
| GB | 134.122.109.150:443 | css.developmyredflag.top | tcp |
| NL | 190.2.139.23:443 | getmyfreetraffic.com | tcp |
| NL | 190.2.139.23:443 | getmyfreetraffic.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| GB | 134.122.109.150:443 | css.developmyredflag.top | tcp |
| GB | 134.122.109.150:443 | css.developmyredflag.top | tcp |
| GB | 134.122.109.150:443 | css.developmyredflag.top | tcp |
| GB | 134.122.109.150:443 | css.developmyredflag.top | tcp |
| GB | 134.122.109.150:443 | css.developmyredflag.top | tcp |
| GB | 134.122.109.150:443 | css.developmyredflag.top | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 8.8.8.8:53 | statinside.com | udp |
| US | 172.67.146.166:443 | statinside.com | tcp |
| US | 172.67.146.166:443 | statinside.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | ww1.traveltogandi.com | udp |
| US | 199.59.243.226:80 | ww1.traveltogandi.com | tcp |
| US | 199.59.243.226:80 | ww1.traveltogandi.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| NL | 185.107.56.199:443 | traveltogandi.com | tcp |
| NL | 185.107.56.199:443 | traveltogandi.com | tcp |
| GB | 134.122.109.150:443 | css.developmyredflag.top | tcp |
| GB | 134.122.109.150:443 | css.developmyredflag.top | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| GB | 134.122.109.150:443 | css.developmyredflag.top | tcp |
| GB | 134.122.109.150:443 | css.developmyredflag.top | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| GB | 134.122.109.150:443 | css.developmyredflag.top | tcp |
| GB | 134.122.109.150:443 | css.developmyredflag.top | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| GB | 134.122.109.150:443 | css.developmyredflag.top | tcp |
| GB | 134.122.109.150:443 | css.developmyredflag.top | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:80 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:443 | paivaconsult.com | tcp |
| US | 108.179.252.182:80 | paivaconsult.com | tcp |
| US | 108.179.252.182:80 | paivaconsult.com | tcp |
| US | 108.179.252.182:80 | paivaconsult.com | tcp |
| US | 108.179.252.182:80 | paivaconsult.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 5bf392653f047dc5da9989489c981c48 |
| SHA1 | 0f5aff988fd4ef6e886cf71add6040a98ab6dc4b |
| SHA256 | b58081d198d08599e8be9a5679e82a7083860f4c71472a529d0132764b3ce0d1 |
| SHA512 | fc25de060e79aacfb7788fb6d9f100cc8fc369add942052f927e1a8f41709f9c984f11a5c8765d069b2fa255c558469f1fee3d5fb0d4055408e61d4ba6193baf |
C:\Users\Admin\AppData\Local\Temp\Cab77F0.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b3af4937eda0f8b368411409de1724c |
| SHA1 | 55723d7033eccd471d881b3fd930bcd82c688214 |
| SHA256 | 7a3da59e4c4e71a93de65cfbd08cf1adaf227939a91cd65b64f39a40f2eb1b66 |
| SHA512 | c0f2c9b574d8b597cb5cbad8d4298982f08b5ab81b60d5410d5fb586d985eef5022cba2207928f285fe57e5675be6f5c3f04d26d8aef0a65b85a4a3318580582 |
C:\Users\Admin\AppData\Local\Temp\Tar7A15.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65fc205b3cf07a13eeaf8e1bbd0c3e07 |
| SHA1 | 2fc8edb829029564195e6e0eed3df096430019b0 |
| SHA256 | d529627053c5dbb41bdc293cf226dea2e4794d8cdd8808c340e4edc7cd91c27b |
| SHA512 | 6de5f65641fb9a1b55de2aae6d53458674be1fc81702f167fd440ef5d74c3b5afcd13a144f1e9373e81dc8ba5e80c9d8a681c5113a9395644e75f40d22efb8d1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\pl[1].htm
| MD5 | 555778f4bde0cd3dba70d99980ed18e2 |
| SHA1 | 5074da134e1cc750b4e0f356a82f790d59d8cc8e |
| SHA256 | 482231349094beee037e80b23005f0f03bef2954633d2d13f2408ba4f62eabaf |
| SHA512 | eedb2e163be4616359735892674ec63a084431116c25c5b46fee641ecf4099be001de969428e5c2c058cf550380ddcfa23d0d38956158efe9f6b245e0d01f785 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fb8f1c058c20763dcb65e6b7b709f24 |
| SHA1 | d3648f0f7550014391445cea7f400b9194819ecd |
| SHA256 | d26e0f9541dffa2228a7b6b47241c1817603c79df2898bb7045d145de6a57ff2 |
| SHA512 | 0fd649f8603b50b2a93ce66084bcc986adb3e5b90d5d650aeeeac1e38048cac93d81972fe7d81a4e8e834f1315f5f7a4040fe2feee5e1aa437dd9776b358d1d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fb151d0ef78d036c6404db90a6a2ab2 |
| SHA1 | 3be31c37117a4d2f604852a858ee795b8cd8432e |
| SHA256 | 19a6aeffea4772af97434bb69de3587a0938520d3fc15859f17c9d4696d69c0c |
| SHA512 | 0a0e1b540d7a9a38beb752b5e430f0b6ce65485feba1147a6133e93ef6a47b83796953e06983ec66c97d7d5b0ceaf37bbf4202c6c92eaf89613a41bd90eb92d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24730bf2827ec7e60484bb4663048a23 |
| SHA1 | 0319674fbd51f9a6a6254887c553b84de034fd07 |
| SHA256 | 086306af7489a5ac67a23e3faf05d0f7216b5eeb2448e98669c331feb6857529 |
| SHA512 | 1f111a60cbbbc88f4f20e3edb0073310f14af2f6f60d6491cfabd3d9b3e9351a95be0cff92ad9fd2b8a38acba12582abe2a099d39bd3a712f0b1999d0fdff1fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b74bedca77dd75c21b9a65dab5da0cf |
| SHA1 | 467ae71402c85595bc9ce6ca52ad38fef753acf5 |
| SHA256 | bc21f035514e91d0e3dc4c50e7e13d153df231c28194517f6d3be9c6396b5301 |
| SHA512 | 1a36457a7a6dbb608799455ec2febd88c9c6bb9fa342f66c461d636ea8db1feabc26d40fdd86d050685f4eb5f440e2a2c2a946d45ee06d377f5ab9a4a7df6046 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f30e80ff5a00061ded74ee1cbb4f2651 |
| SHA1 | 201060343798a2066b9fa0f60c2c9f7f46945880 |
| SHA256 | f7b053d0260d3c24135a1c9ad58d424ff11e3859265be4bcd6946795052d3377 |
| SHA512 | b3417a5671308e47886035d3290d250689a2e853e9859e9df0282834264a675bc74f078370c97b69536d3eef1ad97d4855a710450c4626dbf83f651ff49d1e12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef50af7c069af208b8e2ed577569ab55 |
| SHA1 | cc3a04bf91165684597ab9469e7c89bdf57bc6fe |
| SHA256 | 619902f494781030d8b8bebf03151e18e0f68a00422738be6597f89170d8e7a7 |
| SHA512 | ce91b162c82cc6330db81a742e50647589963c2db58b35d6be523e6a812b2c5a81b25170e36afc5bf22194a8eb96ccb21eab94f1f739cf134c861a34f4cebea4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b240474cf5cad0f9eb422afbaa33f0c8 |
| SHA1 | fb1d9bc9866054f1671a84532b8db2f83a47e240 |
| SHA256 | 57a32e594ca81f5cad0d58b33c9eb28751ff5b7aa4858ed667792da539673621 |
| SHA512 | bf457212bcd044f9c89e8b68d5a30c83e83ad7ea9c0c25d4590ac4474b31e0748116b99b81ef949b8810f8f8b7f83aa86989b9acb232a225c86eed233b9976e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5138f1a8d16446965e011d2f602e9cff |
| SHA1 | ecf7e76762ce0e70c359711b8fc2b177f20104b2 |
| SHA256 | 092a69c0fc4099a8c034e287399a032e29c3e00f9c5f4465d328176118e25842 |
| SHA512 | 2bbf5c4de7eae4ec07a614367835ee0fab6e39072f9ff7360eb10c4ea82f5bb8038858fa6660b514a3aae972b1984e62cb2d6896f88aea801fc9809e3472c422 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca44946cb97b2bcbc72e8076ef0be8cf |
| SHA1 | 0214a92abea001387f2a030eb9eeca03dc426125 |
| SHA256 | 57b7c8b1bd383178e00a06c114b92e5645c4e6d8751baad27f49aaa5637eafdd |
| SHA512 | 9ef7b169ecf4460c8fc3a913c8b6beb1de2bc5b0db1cb0c28ea8f7dc7b72a430b3af4664ff9f97a7bdbe258ec575142516063dd37f072bce62b228f3fba4b81a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37fbf706076f9dfac460cd8e0a863a88 |
| SHA1 | 44768637b5c962120e6923e5e5c81142e8bc45b9 |
| SHA256 | 5606ec4eb95aac82297695c9b58012863890c65b8c4d9da05a40cbecbb94e4d2 |
| SHA512 | 4572118f04164ed00769b1f0dc1d6d64d5b9a848fd4dd9ace755659fe4221c43d63c80b81c99d1f58c63268232a7fc50aca884dad3969f7da9154c9eb2afc07d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95a1edc75563d83ad8ac91caa4376e64 |
| SHA1 | 827e9e93041708c128996412d59e6aa37ba78caf |
| SHA256 | 98cad31c8a93c350226dfa488d6170c7919e839557463647c58c4322f9042f9b |
| SHA512 | 8d3a8eb285432484c600411aa025b7b38a30270cd6fbea3de159339f3f2a3bc6970b806b56fa8e9d635aae79ba3f8683e2c0736ebf9095062d36515d968696aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07d80149dff5305408b90f4943b8e88d |
| SHA1 | a09c4ff25e30fd5e7f4446a39280781561ced503 |
| SHA256 | 266e8089bdaa2bc1b1ced39dc806ba8b058ac5c7b4e04341696acdc840b97748 |
| SHA512 | 9950b1f53b67a5ac47699eb4e7ec43768ef4847b654b4b5d8b9ecb47c89179650e85a5f7ff33a05ad6d2a9f3df81bfdb2ac8bda764fcaf6e6e82cdf8a8a5629d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac4fc1ef22e81689a9e1dfdd3ac8c5ff |
| SHA1 | 6c14fc9d57d615fcbb7de320694496310246ca6b |
| SHA256 | 3d75dce9e2450592405c7d7af71effcc93e5320ac2b7b4a02ca180c431fbe844 |
| SHA512 | e85398350e082ffd4aca14ee56048c7ddd639eb4683e46a9c06635cbf819950453d167a621ac6905a13d7035cce8fe70b1e24826caed2c4d3fc46a403442d083 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c29d46e50fc409750d6c80d2cd7a04e |
| SHA1 | 1003bd3ed5d0be31b45b476255e9f46e8152a9fc |
| SHA256 | 1964c40e309fe8b03b2b25d074002836bc09088bf63e9b2135946355af9c1be6 |
| SHA512 | f00f54deb0d3be00e06a929bf5f1cc2104adc8f7797f46b26fc6e2c37152ee595be56314ecbe83fb587ffbb90b8f4a225237d9acef4cd3e987e9f258dae75c66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36acddadd23f0726e08222c3bfaabaef |
| SHA1 | cc8892122d5614c899bdb7a68e464fbe633ddee9 |
| SHA256 | e1573c9f7fd9f156cb9e99881aefbdd9e529938c67c895dc0418a003659b8c14 |
| SHA512 | 8437ef3a1abe5296890c99a39c5c4f87546f8058624d12653e85b39283c13d1191d075af351ff731a8397872c78ae230a9c7ba02295ce9f8c06866aba9dbf79f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88d65cf20468f57b4255175c1a2d4bd1 |
| SHA1 | 9823b18746335d37fad4d01c05abf6032658ffd0 |
| SHA256 | 4bfd947aa13ff4cfe8c71284478a87fd774307cbec187255728e1e44b21ce312 |
| SHA512 | e5445035d6f489d1df86bdb93bb7a8c7dafb5aa12343b9740601421ce800d1e28a4f865b331e14dbd9fceefaf9e56bca2e90a4892a6720bf93f7b26d95f11212 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de38c1bc30f1ff64b60684dc7d7fccc4 |
| SHA1 | a49d5f4e13e70f0a7c29492a46076fbe1d0aa14d |
| SHA256 | b60be800dbb84742eb6c430b51c3c3f39fdd9cee3a3a74c44fa4c7242bee288b |
| SHA512 | 5e428e57b463f22ccda48276a137f49d433280ddc35884c5d0a350850fa0d4e68964511212c35bd04a0a9c482dd53cd44c8d3da7e41ef6301ca22c6449d2c62a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f2163f38777fd697705a30d097964cc |
| SHA1 | 6e2b90fbf11dfd72028f64ef47142477a48e75f7 |
| SHA256 | 4de63b8cffc70266e1d7bad714e28933bd8198aa68adab5425514242ccb2d219 |
| SHA512 | e35433159218f538665aa5afe961495b4186db21e590a5ede54da826761c23eeca2a9d1975d03b0fa541db2ef896f2cd3229becf02aa7377c0bb345e61a83167 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bbc4e13deea67fbf6d8148385328c20f |
| SHA1 | 60edc7ecbcd3a5a07b0ea6aa0ae70edadb72d885 |
| SHA256 | a65213dae2b904b89773b595d5c9f6dfcc07d85414f6b7955fd82907a065e327 |
| SHA512 | cedafbfbf66c9bda302a4d1570d56bed62dc462aa84ffb763c14684f1a507180f2f86f3a2478c7fa498400d1afbb722fdcc851713f382d16082a2bdffcd06898 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:08
Reported
2024-06-13 08:10
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a48e6543cc3afc69373c550a52f68fd5_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa82ad46f8,0x7ffa82ad4708,0x7ffa82ad4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4816 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | paivaconsult.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | paivaconsult.com | udp |
| US | 8.8.8.8:53 | paivaconsult.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_2568_VORYBDGUIGIOKMDD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8c4dbdf734a446bcebe8a02ab7a41307 |
| SHA1 | 8c05db3bc666ff7272422e8722aef9d759fd0810 |
| SHA256 | 9c85e5bad9c6db337a7ba7662fd1e15016968e62d5935f5f640aa0e1cc5818d6 |
| SHA512 | d5003d6dd5f412bdbf8012e53f838b9dc205b837a010366efbf3e0105c0f238ae2b74c0d82f731c54c48654b9f08d08f72f3237293625dd4dc4c849493e1b35a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ac62ab7899d98f9d326a453382fa0f8a |
| SHA1 | 3c17f7cc9391f18528a74a998ed0b31ec64ec5ae |
| SHA256 | 89f0ab1bf5879d8905724c2216e74e5e58c5562219547b1c0b1a4ac4e86d7cb0 |
| SHA512 | 07cb8fa2a967ac56859f42bea0c36251468a4ec83d2f4289c707bcd9321a05527896d1db5ca9489bc56c8f9d51913c29176d4093dbd0066e704c09bc5371a4b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d20c222a469069db9652dd43329a07d1 |
| SHA1 | bde22606f223d4c8de30205a01a8a5f234ad71d5 |
| SHA256 | 8b5ccea1f2adc117c1d4a20d08c8c50695092d5b49c3c2fc24829ea4b6768e17 |
| SHA512 | d7f5340ff834e17807bc4156f3defaef676f056025d9711c9d1f484348c9b689a07739a1f0e6eb88b666a01aab4d7852f1ab133f9c335bb8fa0238694dd87d59 |