Analysis Overview
SHA256
b3f098854adf6cb4380baca486c6226d192c62f36d3fed84fb97806817e3f78c
Threat Level: No (potentially) malicious behavior was detected
The file a4a669cc792812db01e39a77f6f356bb_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:33
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:33
Reported
2024-06-13 08:35
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a669cc792812db01e39a77f6f356bb_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9acdc46f8,0x7ff9acdc4708,0x7ff9acdc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3593722914237032445,14467162089441293138,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1940 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | riovistamedia.org | udp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.105.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| PL | 93.184.220.66:80 | platform.twitter.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.136:443 | syndication.twitter.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 131.253.33.237:443 | g.bing.com | tcp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.33.253.131.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 225.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_2032_QLQTJFBHUZFIRFNI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6f84c2c501574745a3a834ad47fe1004 |
| SHA1 | ea2a442fdab6c636d9edbb23fe72f156188c9fe1 |
| SHA256 | 17731e58103760fc594ca65d2cd0cf93a944e003e73e1fa7739be2fa82d15333 |
| SHA512 | f6cc85f134235f834057b46ab03e7d48c24b0c5a910dac06cb417617d38ad830a5fd36929ffd06e1f8d520214a8f8eed631aeb8c69f91b879d49c70efc52b7be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 21a8e2dfeaa61514c4b423fa2d7f098e |
| SHA1 | ece0ef76bcbe900240d04ca8e9b83e5bbb79a0c7 |
| SHA256 | 71dae6298f3a4a0a72da9293c5c5694add13ffb99c858024a60227d84449795a |
| SHA512 | 3670fac953907a3d138b9c17cfb1bde014233afb6970b972bbf195e64e19fcb7d8d6ce29b03d50032c7921674791a46af4edd2d881726cb88816387b39bf7557 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1a4983d1fa24f65b8fe55c6ec2c72120 |
| SHA1 | 21a56d94df4695d1475f568b012a66adc6c9dd4c |
| SHA256 | 36b811daa51bd2b6e609b7a2cf08e31acb7503d2be752ebde4322ebd207532ba |
| SHA512 | db3992d2c88a9aa7e896cb2bbe26d3b0418add9ad0dad3f48de3e29bb9053cc6067da888cf7521543243bbd4c0400c939e26fdb8bceac94f59bff83d886c6cb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 81f9d4ec475481f867c2a33f2bdbe788 |
| SHA1 | ffe56acb06c7127c4d484de7b25e3b7c5d5cb8a9 |
| SHA256 | d55f56bc11badf63cf14bb02c30919d4dabde5f8ede313e71e15811edf7b46f1 |
| SHA512 | e1a491e8e5a7c326d49d4b9697f3078f5146bf1ee0a43b6f5474667244864de835d4f70fc22ac1e5476ffd756b970a222cadd080b3f21967b2189a5fbfaccc8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | e1c71f7c04be834f5587230db2ad24b3 |
| SHA1 | f3bab9cb99d9f343bf7ed3981aaa7450515d2424 |
| SHA256 | 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899 |
| SHA512 | 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d44efb0766a3e0c3600c6b327da74b71 |
| SHA1 | 0a0bf05a6aed68bbf34be953251f12c67fe695ef |
| SHA256 | 5ccb1b4ee2da89a4b08f2c58ae24c6bc8abf527e33b9984b9e92d4896fffa7f1 |
| SHA512 | ed8afbaab0ee913b934782b0d9d036773b89d9f29df806d17195ad4bd2747b118184e1030be664c730f54749fbd5d27d888fe9ff8c03cae8d5b7b0874b84238c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5a4a41cdf53ea267198400f958f60f14 |
| SHA1 | ec87a9b52c44fa489a30f46be892a65e5c2518ba |
| SHA256 | 624b8d5fc1d2e2fa4f3cea489e0555dd2735946baaf6d0fe363c0f66cd9140cc |
| SHA512 | e2993b67ed68cd0eadb5d9f8cfc4fcb20f1cfaaec4e30eaa5f3068f3bd061d0fb76cdf019d4708174a5b6057dd5cb2a67e56fb01e72bd12f24cdbdda7f5926ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e61095f12005ddb8cc3fa4c847040b3b |
| SHA1 | 6dcd0d69ee9711e389de3dedaf0cfdf17a4ade69 |
| SHA256 | 0f5fefe250168be5d73830f44cd2e4717912a43d483b6a25a76c8b609e61c153 |
| SHA512 | fa51e6091d99dc920e2080677e0004f6c8fda433bb086dfc81da13e1ae4059348c6afb8b37a65ef63ec83704c7c9a8f1a65ee6c0aad623501693cc5ce376e343 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:33
Reported
2024-06-13 08:35
Platform
win7-20240611-en
Max time kernel
126s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424429469" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9637EC31-295F-11EF-A243-C63262D56B5F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000cc786c2b1925993caff6ec97d373479bf8a308abbb709261be3fafc8a2bdf3b1000000000e8000000002000020000000ac33928314e8b89b2b3e72bcc5448f0398878d7825ad91d6071fe70b6dc19f8f900000005fa122b7beb6831b5e1ec4bf0a249312ef76b00e6cd1d9e99c436e8345e1b42ff6d335016726d0fa9d89f21b7e921cf145aa6ba31a1c3b5956c98ccdfd643cf8812ccf5d470bf499b42559ce866f30ee5c8c1d42807b83a88d043c8b7c34bea11156139154d16e77e06f2f774eec81b03e970575cb9961301884a0e08293713b59c1ade6848f05342a3e4dd3d0c4f180400000007d01438c3bf897b071b83a77fb2588c552e3175ab5ee9be1ef7562fe9695471940b5dd2cf09612a2539801ea2adefde92222b1e4f76ca71b1e68398e132b1e3f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90a5f26c6cbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000020a49fb3010d8662b8191b3742e5f065957c8bb67b006d14bbbbb0a9dd9739e7000000000e8000000002000020000000ce9b1c251e890b119294d2a6dfdde5a9b873fc210f2883d58f9deab5ab54ab69200000000b094fbf5cc7403badacc65a65db99298e1f88dbbcf9e06f10f9793aaefedc43400000000f00e348481a2b9d14002fb7151cc23bd8ef6773476f394ef0be1e3eebf058fd0da10212d083c0e5ef94ffaad3f4deadee221e69a1c4a9a25979a5b3fa24584f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2384 wrote to memory of 2052 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2384 wrote to memory of 2052 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2384 wrote to memory of 2052 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2384 wrote to memory of 2052 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4a669cc792812db01e39a77f6f356bb_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | riovistamedia.org | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| PL | 93.184.220.66:80 | platform.twitter.com | tcp |
| PL | 93.184.220.66:80 | platform.twitter.com | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| US | 76.223.105.230:80 | riovistamedia.org | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 76.223.105.230:443 | riovistamedia.org | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\print[1].css
| MD5 | fda44910deb1a460be4ac5d56d61d837 |
| SHA1 | f6d0c643351580307b2eaa6a7560e76965496bc7 |
| SHA256 | 933b971c6388d594a23fa1559825db5bec8ade2db1240aa8fc9d0c684949e8c9 |
| SHA512 | 57dda9aa7c29f960cd7948a4e4567844d3289fa729e9e388e7f4edcbdf16bf6a94536598b4f9ff8942849f1f96bd3c00bc24a75e748a36fbf2a145f63bf904c1 |
C:\Users\Admin\AppData\Local\Temp\Cab60C8.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar6167.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\cb=gapi[1].js
| MD5 | 0fe383a7ddb9bbaefc3105b3297f5583 |
| SHA1 | f80c9d789f251909c7560bd91a9e1b9a10c26362 |
| SHA256 | d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683 |
| SHA512 | 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3fbf1a40f65dc478396f525107d0addf |
| SHA1 | 65c013a4d006aa69407ccafea38731cc0b626266 |
| SHA256 | caae2d7c5ceb1b75826a74de47606dbfd4ba9b35ca9d4a0e57f362519793aaf7 |
| SHA512 | 016fc021cf6530114e8489041e132ac0c12faec964285195ff9e9a3ccb7f031661639b0ef4a53be3b8311899400912589986b30af8d13fbd8a53b3463f9f9fbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9705b9ce129ff8fd6462e08c1a61b992 |
| SHA1 | 35cedad67d969d488a2587bbaf90470c968cd471 |
| SHA256 | 46490328f8de1bf12bd5c670e94c033e7877a625df4c5c003d87b71e07e5da80 |
| SHA512 | dc4a075de0088013a710f2240eeefa1a19f2ce6192a418e11f1b9fbfe298de68140f115ea300af31da3245a09f8f95ef394d933cdefdcb01630156fde86923e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 724c651d39d44659dd96f93c851b0d46 |
| SHA1 | 867063d9944e323e60aa7f3eb9f7e00f912467e4 |
| SHA256 | 410d5f06a842b7efa8234b68fa8fe468a13955047654250e3ceb9d71033f0785 |
| SHA512 | c258613838e61b55930deec296e89efcb3f02f20061ec31ed09e8b754e92e84dbe00bcdb43124b129d7da830b079cdb2bf6c02d1cd14d02f15f23e5fcc4be21a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7089157770d57351d1bfec65f3088732 |
| SHA1 | 2819f0d1b0721972e781c462bcdfdcf1aa269110 |
| SHA256 | 3727166a012240bb6c304b948122a6dd7a2275ca71608c8e80bc9ef13628541b |
| SHA512 | 1a91ec7139ca877f9f6b99f6add763c7311655f96e61780741f7a47916e4216a222388dfa290d4c41ee50bf022fc180218e980206a6ca7b1398cf4a71710044f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97890484e9fdd9e6d8b98659e73bc0d7 |
| SHA1 | 2ca05cf9bd80e78ed1951979561a9b492554a7a9 |
| SHA256 | d43a73f66f5d2b537ac3a07d8c20faf97bca629f33f76bcb7f399a6b15dc8419 |
| SHA512 | 646345af039b875cb69192ab24b7d8c8a543ffa3678d811e6f368fa667beef536eec12e05f2fcf85298591d8d7c0dd83b9ad4b18805f1dba5df267f8bdcd77a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed8f59fb1beea2905bf69e21d241da77 |
| SHA1 | d27c343b995e9daccee76f2d63ab54147ac8ff7b |
| SHA256 | e88704778b60f82700497c7e106df635de343f93e61ac3527e4b41f4be59b197 |
| SHA512 | 1a2141781fb0861271595e6c6a8c26862b57d2ea00e91008b63e5a845cea2aa5ff67320aeea439a3c923ef50d4cdf9f45dfff99313b4216fa5e965ccdfd77b70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83e5748daed97fe1d9ab5fef3a65203c |
| SHA1 | ba4f7d4c92bddf079cedefba51d9e2b4dff3cb30 |
| SHA256 | 94d0a3885e3a9a55a8ea9fea8d62f6a02ec5fe5723c3c3b058a4326cb5ac931a |
| SHA512 | 123084a5f4dbdb718185321178d2f7496fc733cfc7ccb9a04b9016c7f6cd43d4820a535e96f2e481a782ecd7d2c2946c4ca78bddedceb0d5879e4245c18c6df4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f64349d164406b6b99f6d635751d11e5 |
| SHA1 | 9deadef1f663847ee3ec1dc39bbaeea750318b73 |
| SHA256 | 2bd560cc9789633c19b31f0a08c7c4bc0c144c545c76f2f8fc08b78cab553699 |
| SHA512 | f3403b70a26f11bd4981ecb9f053f6336ed4166cb8f4c4890f4d929a8204de33ae184581e19db9f909089a470bfdf8090b1584f28649bf79d7fe834a1fe70e99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43f718da402d556570db70dd03b56d53 |
| SHA1 | eaf9ed2920095c6e172e6dd87f105fa5ef96c9c4 |
| SHA256 | a6982b9a1a2b7300c6dbf98a3b99d56b16467dd968e60504e0373e8379e41bd3 |
| SHA512 | 8b4660fde7576c1950251a6f70fb2b8b0f26ec138280263afad071b0d6761d8c874e97a81c99ea0b5eeaaf0dce6f55a01b8afdad6b15c96bb1cf7698786f4e3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2805b48dff6054cea0aa0021ccff4e80 |
| SHA1 | e80140433ffdf1f34d3b8584ab20a0e4318ddba4 |
| SHA256 | 1f3e9c23bb770856755edabac7dfd708630f75731539803616c7ba1d24462768 |
| SHA512 | 1564ba3296787f7b23d368d057a5ef2c5b2db11244736d3c7b5daa9d49c267eeffbb8c4a93877d46c2076194360531247d8e69ecaae63045e09e608edf269a46 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a4fcf76e3009b99ad0afc6e604be241 |
| SHA1 | 9ef851618860ad9fccae9e521c8dc95fea1496a3 |
| SHA256 | 1e3e16bb1cea3bfef0020df14ed666ab600829651fadcb755f8f9ba2938e4983 |
| SHA512 | b6de95ef0ff4a20fc4a07f1626cb2c932d2605287b9711e172752a86e6e3082c5a611f4303dac5f0dcdba5c552b9ba38eaa7d05143a1f796512510bd5c0ec49c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5bef75ea22f9aa02d1d0875319e6787 |
| SHA1 | cc4c37e9c47c703997fb5b794a057e990ca942ae |
| SHA256 | e2413c3fbc1ea2bdce8f307b2225c05c811716eb8a7c906aacb520260f8c021d |
| SHA512 | 5bba7acd89409def5fdecbe3927516e1bcd743e20a1cf2ca5093d651417a30397cff51883ab242dbcaf0c89b2e92f9b17d1f2c60a22885dcc6665d0e76f57271 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efd01cc38632e8ad4afb3e030bb9471b |
| SHA1 | 3782e7d87eba8b7b18b15b57a97fa408a41171c4 |
| SHA256 | 54ed90af9901728194fd42396afe003789026606f994cc5b8add926641ffcca2 |
| SHA512 | 878ec50b4a0f70ea0c8229ee625de9ab1160249ee671b92925b7f416db629456334344e4d93a7735cd3d7029593ab70d140d6a464747e57d9eb93e9ff079a8df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d764d64bede3f096ac8c84322c9fda8 |
| SHA1 | 2b78b91ceac2f81aad389ea84f14d4e7ec3d1a52 |
| SHA256 | 8109e09b1fe9d4ba8a0894b59ffffb34bd6f4ff6279f44b7f603f0561c53c2b4 |
| SHA512 | b1f84416bf816366453e0130785ebe34e36cd689d54c7dce65e53e04fee2f9e6f35ac759ba953ff118895d6a2ce703d3bfc0b15f7d1d91ac803468d732b42345 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f049098d4a6d8051e828b77e5fd4f5e2 |
| SHA1 | bf8a06a330c793be27f89340671b71d64e41ea23 |
| SHA256 | 76a91a4ff8093a40059169f87d7b4a1fad36c12b72280220c4293d41680f4213 |
| SHA512 | bf07e1dfabe2aefc2d804421fa7550ca61261398bd68f422e311710d03085c435cc91534f968a91564646c236d594f297528137a238ff1d86edbcde1505678e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a8ddf7db78a9534d10fd9f28cdff181 |
| SHA1 | bee94d0356a7a34eca00d6bc10449002a4adfdef |
| SHA256 | 27b4143b53254349e0b3d415df45b1776e41e92f174dd1bb15ded7196a507c16 |
| SHA512 | 6c659b2fdd3e5e576eb6be212f713a9ec06ed4b224fea066c666e6a6f41ad602957be491ddaf659bb46aa124f8663f3a4287e8fed796cca6742a6a7b8eb4ccb3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57b940f3487be2234695c68ae6ad6bcd |
| SHA1 | f33f0c7c5ddba53bfbdafacc51553f5d58e12771 |
| SHA256 | 0ed322a2243efc9a73f1d8d30727313b281aa08eff0af4a4725f474e4d46cd6e |
| SHA512 | b53479dadb273e0f549c2a9b8db63bde1e3897c36489bf7bac0855fa36669d8163aecb891a8102c50de9e33c3707502b1d79d677bba66b29653468e6ea935126 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8060d98d1e0448348d28139ca177c2bb |
| SHA1 | 464ec423511908b3648edccf5c212e99ac36454e |
| SHA256 | 130f5379734d4886d48067c154baff0e7c771c682eba2aad982fe13c3c27b3d6 |
| SHA512 | c8418ad56727ca982c0ce927b8e8667cac2f8ac14bee986e8e629ed98cde9f67c0670a5ed801669c6a94ac34ca8a1d4f8115673af5cc81a54e64bc5f3e45eac5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88f2a5e12da30e621af10920f228ac5d |
| SHA1 | 5d101973f64cbda8ce0aeedb9f6e0fa7db223038 |
| SHA256 | c51cb71f416689838dafc24a8d35deed364fd8623454ec3585300a28cb20ab47 |
| SHA512 | ac1fe5c1f0ea1bae85006f195c57085ee0d50f5da6946caf0631be5d79191785fbfe6bdf54a257115968932f2133bec5541450813a9dba8bc3ab0c4c9e4aca51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d0e37b642681fee6f1b02613caee8e5 |
| SHA1 | e48c4332c56985f6e70af346067f084f93e2890c |
| SHA256 | caa5125b00914d2829f503050e51db472fabc21a00fb1079b89303489294d6e1 |
| SHA512 | 4f373581ddd7b8888e60f31c574c1b858b1e37ec640620ce8497e447978f7f202d8f0e7f12337f92eff2abce24d8aa201b8ce1a74cb7c9eed1ef4a036a6ed9f2 |